Your Students' Data Is Safe With Us

We collect only the data necessary to provide our educational services to your District. This includes:

• Student Data: Names, identifiers, IEP goals, service minutes, session notes, and behavior logs provided by or on behalf of the District.
• Staff Data: Names, email addresses, roles, and usage activity of District employees authorized to use the platform.
• Voice/Audio Data: Temporary voice recordings processed solely for transcription. Raw audio files are not permanently stored after transcription is verified, unless explicitly configured by the District.
• Usage Data: Anonymized platform usage metrics (e.g., feature adoption, session duration) used to improve the product. This data is never linked to individual students.

Voice Venture AI is a "School Official" under FERPA. We use student data strictly to fulfill our contractual obligations with the School District. We do not:

• We do not Sell student data to third parties, ever.
• We do not Use student data for targeted advertising.
• We do not Build personal profiles of students beyond authorized educational purposes.
• We do not Use student data to train, fine-tune, or improve AI models.
• We do not Share data with any party not bound by equivalent data protection obligations.

We employ enterprise-grade security measures throughout our infrastructure:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256.
• Access Controls: Strict role-based access control (RBAC) ensures only authorized staff can view sensitive student data within their organization.
• Zero Data Retention (AI): OpenAI processes requests under a signed Zero Data Retention Agreement—no data is logged, stored, or used beyond the immediate API call.
• Infrastructure: Hosted on Supabase with U.S.-based data residency, built-in Row Level Security (RLS), and continuous security monitoring.
• Audits: We conduct regular security reviews and are committed to achieving SOC 2 Type II compliance.

FERPA: We comply with the Family Educational Rights and Privacy Act (FERPA). We operate under the direct control of the School District with regard to the use and maintenance of education records, qualifying as a "School Official" with a legitimate educational interest.

COPPA: For students under 13, we rely on the School District to provide appropriate consent for the collection of personal information, as permitted by the Children's Online Privacy Protection Act (COPPA).

State Laws: We monitor state student privacy laws (including SOPIPA and applicable state-level FERPA equivalents) and update our practices to maintain compliance as regulations evolve.

In the event of a data breach that affects student personally identifiable information (PII), Voice Venture AI will notify affected District administrators within 72 hours of discovery, consistent with applicable law. Our notification will include the nature of the breach, data affected, steps taken to contain it, and recommended actions for the District.

We work with a limited number of subprocessors to deliver our service. All subprocessors are bound by data processing agreements that impose data protection obligations at least as stringent as those in this Policy:

• OpenAI: AI inference only, under a Zero Data Retention Agreement. No data is stored, logged, or used for model training.
• Supabase: Database and authentication infrastructure with U.S.-based data residency and enterprise-grade security.

We maintain an up-to-date list of subprocessors available upon request by District administrators.

We retain student data only as long as required to provide the service or as directed by the District:

• Active Contracts: Data is retained for the duration of the District's active subscription.
• Contract Termination: Upon termination or written request, all student data is securely deleted or de-identified within 60 days. A written certification of destruction is provided upon request.
• Voice/Audio Files: Temporary audio files used for transcription are deleted immediately after verified transcription, unless the District has explicitly requested otherwise.

District administrators may exercise the following rights on behalf of students and staff at any time:

• Request access to data held by Voice Venture AI
• Request correction of inaccurate data
• Request deletion of all student data
• Request a copy of the Data Processing Agreement (DPA)
• Request our current list of subprocessors

To exercise any of these rights or with questions about our privacy practices, contact our Data Protection Officer at privacy@voiceventure.ai.