Privacy Policy

Privacy Policy

Privacy Policy

Deskpad Privacy Policy

Effective Date: July 16, 2025


Deskpad, Inc. ("Deskpad," "we," "our," or "us") provides an AI‑enabled writing workspace for schools in the United States. This Privacy Policy explains how we collect, use, share, and protect personal information when you (schools, teachers, students, parents, administrators, or visitors) use deskpad.ai, our web or mobile applications, and any related services (collectively, the "Services").

We are committed to full compliance with all applicable federal and state student‑data privacy laws and with recognized industry best practices.


1. Scope and Key Definitions

"Personal Information" ("PI" or "PII") – information that identifies or is reasonably capable of identifying an individual, including "Education Records" as defined by FERPA."Student Data" – PI collected about a student in the context of school use of our Services."School Customer" – a school, district, or institution that contracts with Deskpad."Authorized School Official" – an employee or agent designated by the School Customer with legitimate educational interest under FERPA.


2. Information We Collect

We only collect information necessary to provide, maintain, and improve the Services.

  • Account Information: This includes your name, email address, school affiliation, and your role (such as student, teacher, or admin). This information is provided either by you directly or by your school.

  • Classroom Content: We collect content generated through your use of the Services, such as writing drafts, AI prompts, feedback, and assignment metadata.

  • Support Interactions: If you contact us for help, we may collect messages or email correspondence as part of providing support.

  • Device and Usage Data: We automatically collect technical data like IP address, browser type, device type, pages visited, and time spent on tasks through our internal logging systems.


We do not request or knowingly collect Social Security numbers, precise geolocation, or biometric identifiers.



3. How We Use Information

  • Deliver core features of Deskpad, including AI chat, writing workspace, assignment management, and teacher dashboards.

  • Authenticate and manage user accounts.

  • Provide customer support and respond to inquiries.

  • Monitor, debug, and improve platform performance and security.

  • Produce aggregated, de‑identified analytics that help schools evaluate classroom trends.

  • Send administrative notices or product updates to account holders who opt in.

We never sell or rent Personal Information or Student Data, and we do not serve targeted advertising inside the product.


4. Legal Bases for Processing

For users in the European Economic Area or United Kingdom, we rely on one or more of the following legal bases under GDPR/UK GDPR: (a) performance of a contract with the School Customer, (b) legitimate interests (platform security and improvement), and (c) consent where required.


5. Compliance With Federal Law

5.1 Children’s Online Privacy Protection Act (COPPA)
Deskpad is used under school direction. The School Customer acts as the parental agent and provides any necessary parental consent before students under 13 create accounts.

Parents may review, correct, or delete their child’s information by contacting the school or Deskpad AI.

5.2 Family Educational Rights and Privacy Act (FERPA)
Deskpad acts as a "School Official" under FERPA, processing Student Data only for legitimate educational interests defined by the School Customer.

Student Data remains under the direct control of the School Customer. We disclose Student Data only to authorized personnel or as directed in writing by the School Customer.

5.3 Children’s Internet Protection Act (CIPA)
Deskpad does not provide unrestricted web browsing. If a School Customer receives E‑Rate funding and enables external links, the school can apply its existing content‑filtering solution. Deskpad supports such integrations and will cooperate with a school’s internet safety policy.


6. State‑Specific Student Privacy Laws

We comply, as a service provider, with all applicable state student privacy statutes, including but not limited to:

  • California CCPA/CPRA and SOPIPA – honor rights of access, correction, deletion, and no sale of minor data.

  • Illinois SOPPA – written agreement with districts, breach notification within 30 days, data deletion at contract end.

  • New York Education Law 2‑d – encryption in transit and at rest, security and privacy plan, breach notification within 7 days.

  • Texas Student Privacy Act, Virginia Student Data Protection Act, Colorado HB‑16‑1423, and similar laws – data governance, prohibitions on targeted advertising, and mandatory security measures.

A full table of state‑specific commitments is available on request.



7. Transparency and Notice

A plain‑language version of this policy is provided for parents and students.

Data elements collected, purpose of collection, and third‑party disclosures are published in Deskpad Privacy Policy.

Any material change to data practices will be announced at least 30 days before taking effect.


8. Cookies and Tracking Technologies

Deskpad does not place marketing or behavioral cookies. Essential session cookies may be used to maintain secure log‑in. Third‑party analytics (e.g., Google Analytics) may set their own cookies. These cookies are only for aggregate usage reporting and can be disabled via browser settings or school‑wide filtering tools.


9. Data Sharing and Third Parties

We share Personal Information only with:

  • Infrastructure providers (AWS, Oracle, Alfresco) for hosting and storage.

  • Service providers that perform functions on our behalf (e.g., email delivery, analytics) under written agreements that prohibit onward sale or misuse.

  • Authorized School Officials as defined by each School Customer.

  • Law enforcement or regulators when required by law or court order after notice to the School Customer unless legally prohibited.

All vendors are vetted for compliance with COPPA, FERPA, applicable state law, and the National Institute of Standards and Technology (NIST) cybersecurity framework.



10. Data Security

Encryption in transit (TLS 1.2 or higher) and at rest (AES‑256).
Role‑based access control with multi‑factor authentication for staff.
Annual third‑party penetration tests and SOC 2 Type II audit reports available under NDA.
Continuous monitoring, logging, and automated alerting.
Incident response plan aligned with NIST SP 800‑61.


11. Data Retention and Deletion

We retain data only as long as necessary for the intended purpose, contractual obligations, or legal compliance.

  • Student Data is deleted or exported within 60 days upon written request from the School Customer, or within 120 days following contract termination—whichever comes first.

  • Teacher and Administrator Personal Information is retained while the account remains active, and for up to two additional years to maintain audit logs, unless an earlier deletion request is made.

  • System Logs are retained for 12 months for security analysis and then either deleted or anonymized.


All deletion actions are verified and documented. Audit logs are preserved as required for legal and security purposes.



12. User Rights and Choices

Students and Parents (U.S.)
Access, review, or correct Student Data through the School Customer.
Request deletion through the School Customer or directly if appropriate.

California Residents
Rights to know, delete, correct, and opt out of sale or sharing. Deskpad does not sell personal data.

EU/UK Residents
Rights of access, rectification, erasure, restriction, data portability, and objection.


13. Student Privacy Pledge and Certifications

Deskpad has signed the Student Privacy Pledge and is committed to its principles. We undergo annual privacy and security audits by an independent assessor.


14. Contracts and Data Processing Agreements (DPAs)

Each School Customer receives a DPA that:

  • Defines Deskpad as a data processor or school official.

  • Lists data elements processed and their educational purpose.

  • Requires industry‑standard security and breach notification within timelines mandated by state law.

  • Prohibits targeted advertising, data sale, and secondary use.

  • Sets deletion or return of Student Data at contract end.

  • A National Data Privacy Agreement (NDPA) version is available on request.


15. Children’s Privacy Statement (COPPA‑Specific Summary)

Deskpad collects a child’s Personal Information only with school consent acting in place of parents. The information is used solely to provide the educational service. Parents can exercise their COPPA rights by contacting their child’s school or Deskpad AI.


16. Changes to This Privacy Policy

We may update this policy from time to time. Material changes will be posted on our website and, where required, emailed to account holders or School Customers at least 30 days before becoming effective.


17. Contact Us

For questions or concerns about these Privacy Policy, please contact us.
Deskpad Legal Team

Copyright @ Deskpad 2025

Terms

Privacy

Join the movement

About Us

Press

Contact

FAQ’s

Copyright @ Deskpad 2025

Terms

Privacy

Join the movement

About Us

Press

Contact

FAQ’s

Copyright @ Deskpad 2025

Terms

Privacy

Join the movement

About Us

Press

Contact

FAQ’s