Eccleston Education Consulting, LLC ("we," "us," "our," or "Company") operates IEPVue (iepvue.com), a web-based platform that provides AI-powered guidance to parents and guardians navigating individualized education plans (IEPs) and 504 plans in Maryland, Virginia, and Washington, D.C.
This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use our website and services at:
We are committed to transparent data practices and compliance with Maryland Online Data Privacy Act (MODPA), Children's Online Privacy Protection Act (COPPA), and other applicable privacy laws. This policy is written in plain language so you can understand your rights and our responsibilities.
When you create an account, we collect your name, email address, and password hash. You may authenticate using Google SSO, Microsoft SSO, or email/password. We also store your display name, subscription tier, and account role (primary or secondary).
To provide personalized guidance, you create student profile(s) for each child. We collect the student's nickname (not legal name), grade level, school level (elementary/middle/high), plan type (IEP, 504, neither, or not sure), current guidance stage, state, county, primary concerns (e.g., behavior, academics, services, placement), school name, coordinator/case manager name, principal name, and parent/guardian name. Most fields are optional. This information is non-PHI (not protected health information under HIPAA) and is used solely to tailor guidance to your student's specific context. You may have up to three student profiles per account.
Student profile data is retained for 12 months after your account is canceled, then permanently deleted.
All messages you send to IEPVue's AI guidance feature ("Conversations") are collected and retained. Your conversations are processed through Anthropic's Claude API to generate personalized responses. We retain conversation history for 12 months to support your learning and help improve our service.
After 12 months of account inactivity or account cancellation, conversation data is automatically deleted.
IEPVue allows you to upload documents (PDFs, images) such as IEPs, assessment reports, or other school materials. Document processing is ephemeral: your documents are transmitted securely to our AI processing system, analyzed in real-time, and not permanently retained by IEPVue. Processing occurs in-session only; once your session ends, the document is cleared from our systems. We do not store, index, or archive uploaded documents on our servers.
You receive a downloadable session summary (PDF) with analysis and recommendations, which you may save to your device.
Payment processing is handled entirely by Stripe. We collect subscription tier, billing email, billing cycle dates, and usage metrics (number of conversations, documents processed). Card details never touch IEPVue servers—Stripe handles all payment processing under their Payment Card Industry (PCI) compliance standards.
Payment data is retained in accordance with Stripe's retention policies and our contractual obligations.
When you submit feedback, error reports, or contact support, we collect the content of your message and any attachments. This information is used to improve our service and resolve technical issues.
We automatically collect:
We do not use third-party advertising networks or tracking pixels for targeted advertising. Analytics data is used solely to understand platform usage and improve user experience.
We use the information you provide for the following legitimate business purposes:
Important Disclosure: Sensitive Data
The disability-related concerns and health/educational information you provide in your student profile and conversations constitute sensitive personal information under Maryland's Online Data Privacy Act.
What sensitive data we collect: Disability-related concerns tagged in student profiles (e.g., behavior, academics, services, placement), educational information from uploaded documents processed ephemerally, and disability-related topics discussed in your conversations. We do not collect or store medical diagnoses, assessment scores, or clinical records.
Why we collect it: This information is strictly necessary to provide accurate, personalized IEP guidance. Without knowing your child's specific disability and circumstances, we cannot offer relevant recommendations.
Enhanced protections: Sensitive data is encrypted in transit (TLS/SSL) and at rest. We limit access to authorized personnel only. We do not sell sensitive data, share it with data brokers, or use it for targeted advertising.
No sale of sensitive data: Under MODPA, we explicitly do not sell, rent, trade, or disclose sensitive personal information for any reason other than the essential operations outlined in Section 3 above.
We work with the following vendors to operate IEPVue. Each processes only the minimum data necessary for their function:
Data shared: Your conversation messages and document content (during in-session processing only).
Purpose: Process your questions through Anthropic's Claude API to generate personalized guidance responses.
Key terms: Anthropic operates under commercial API terms and does not train on API data. Your conversations are not used to improve Anthropic's models.
Data retention: Anthropic retains API request logs for security and debugging (typically 30 days per their privacy policy).
Data shared: Subscription tier, billing email, billing cycle dates, payment method (handled directly by Stripe—card data does not touch IEPVue).
Purpose: Process subscription payments and manage your billing account.
Key terms: Stripe is PCI-DSS compliant. Your payment data is governed by Stripe's Privacy Policy (https://stripe.com/privacy).
Data shared: Email address, subscription tier, account status.
Purpose: Send transactional emails (password resets, billing confirmations, service updates, renewal reminders).
Data retention: Retained until you unsubscribe from email communications.
Data shared: All platform data (account information, student profiles, conversations, analytics, session logs).
Purpose: Host the IEPVue application, manage authentication, store data securely, provide analytics.
Data processors: Base44 acts as a data processor under our Data Processing Agreement. They maintain our infrastructure and do not use your data for their own purposes.
Data shared: Email address, name (for SSO authentication only; no other data transferred).
Purpose: Enable secure single-sign-on via Google or Microsoft accounts.
Note: We do not access your Google or Microsoft account data beyond authentication. Your email and name are the only data SSO providers share with us.
We retain your information only as long as necessary to operate the platform and comply with legal obligations. Here are specific retention timeframes by data type:
If we receive a lawful request from law enforcement or government authorities, we may retain data as required by law, even if retention would otherwise exceed the timeframes above.
Detailed Information Security and Data Retention Policies: This Privacy Policy provides our general approach. Detailed technical safeguards and data retention procedures are documented in our Information Security Program and Data Retention Policy, available upon request to [email protected].
Under Maryland's Online Data Privacy Act (MODPA) and other applicable laws, you have the following rights over your personal information:
You have the right to know what personal information we hold about you. You may request a copy of your data in a portable, machine-readable format (e.g., JSON, CSV). We will provide this within 45 days of receiving a verifiable request.
You may ask us to correct inaccurate information. You can update most of your account information directly in your account settings. For other corrections, contact [email protected].
You may request deletion of your personal information. Upon verified request, we will delete your account, student profiles, and conversation data within 45 days. Note: some data may be retained as required by law (e.g., payment records for tax purposes, legal holds).
You have the right to receive your personal information in a portable, machine-readable format (e.g., JSON, CSV) so you may transfer it to another service. To request a data export, email [email protected] with "DATA PORTABILITY REQUEST" in the subject line. We will provide your data within 45 days.
IEPVue uses AI (Anthropic Claude) to analyze your information and make recommendations (e.g., suggested next steps, identified gaps in your child's IEP). You have the right to opt out of this automated processing.
To opt out: Email [email protected] with "OPT OUT OF AUTOMATED DECISION-MAKING" in the subject line. If you opt out, you will lose access to personalized AI recommendations, but your account and stored data will remain available.
If we deny your request for access, correction, deletion, or portability, we will explain our reason in writing. You have the right to appeal our decision within 30 days. To appeal, reply to our denial email with additional information supporting your request, or contact [email protected] with "APPEAL" in the subject line.
You may authorize a third party (your lawyer, advocate, family member) to submit privacy requests on your behalf. Authorized agent requests must include:
Send authorized agent requests to [email protected] with "AUTHORIZED AGENT REQUEST" in the subject line.
IEPVue does not sell your personal information. This right does not apply to us.
IEPVue does not engage in targeted advertising or data broker activities. This right does not apply to us.
Submit requests to: [email protected]
Include "PRIVACY REQUEST" in the subject line and specify which right you are exercising (access, correct, delete, portability, automated decision-making opt-out, appeal, or authorized agent request).
Response timeframe: We will respond within 45 days. If we need additional information to verify your identity, we will contact you within 10 days.
Important: IEPVue is Not Directed at Children Under 13
IEPVue is designed for and marketed to parents, guardians, and adults 18 and older. We do not knowingly collect personal information from children under 13.
IEPVue complies with COPPA and the 2025 amendments. Key disclosures:
When you create a student profile, you are a parent or guardian providing information about your child. You are responsible for ensuring that any personal information you share about your child complies with our Terms of Service and applicable law.
Student profile data (nickname, grade level, primary concerns, school name, county) is protected under our general privacy practices. We do not collect any information directly from your child. All information is collected from and controlled by you, the parent/guardian.
You, the account holder, have full control over your student profiles and can modify or delete them at any time through your account settings.
IEPVue is not a school, school district, or educational agency subject to the Family Educational Rights and Privacy Act (FERPA). We do not maintain "education records" as defined under FERPA.
However, we acknowledge that you may upload or reference information from your child's official education records (IEPs, assessment reports, attendance records). You are responsible for ensuring that sharing this information with IEPVue complies with FERPA and your school's policies. We treat all information you share with us according to this Privacy Policy's security and retention standards.
We employ industry-standard technical and organizational safeguards to protect your personal information:
No absolute guarantee: While we maintain strong security practices, no system is 100% secure. We cannot guarantee that your data will never be accessed or disclosed through unauthorized means. If you believe your information has been compromised, contact [email protected] immediately.
IEPVue honors the Global Privacy Control (GPC) signal. If you enable GPC in your browser, we treat this as a request to opt out of targeted advertising and data sales. Note: IEPVue does not engage in targeted advertising or data sales regardless of GPC status, but we recognize and respect the signal as a privacy preference.
IEPVue may contain links to external websites (school district websites, advocacy organizations, educational resources). We are not responsible for the privacy practices of third-party websites. We recommend reviewing their privacy policies before sharing your information.
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes in one or more of the following ways:
Your continued use of IEPVue following notification of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you may cancel your account.
If you are a Maryland resident, you have additional rights under the Maryland Online Data Privacy Act (MODPA). These rights are detailed in Section 7 above, including:
All MODPA rights are available to you as described in Section 7, with a 45-day response window per MODPA requirements.
If you have questions about this Privacy Policy or our privacy practices, please contact us:
We aim to respond to all inquiries within 5-10 business days. For formal privacy requests (access, deletion, portability), see Section 7 for detailed procedures and timelines.
At IEPVue, we are committed to these core privacy principles:
Eccleston Education Consulting, LLC | New Market, MD 21774 | [email protected]
Privacy Policy effective April 1, 2026 | Last updated March 28, 2026