Privacy Policy
1. Introduction
IEP Right ("we," "us," or "our") is a mobile application designed to help parents and guardians of children with disabilities track IEP (Individualized Education Program) compliance, understand their rights under IDEA, and connect with other parents. IEP Right is operated by IEP Right LLC, a California limited liability company.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have. By using IEP Right, you agree to the practices described in this policy.
2. Who This App Is For
IEP Right is designed for parents and guardians of children with disabilities — not for children directly. You must be 18 years of age or older to create an account. When you enter information about your child, you are providing that information on behalf of your child as their parent or legal guardian.
We do not knowingly collect personal information directly from children under 13. If you believe we have inadvertently received information from a child under 13 without parental consent, please contact us at privacy@iepright.com and we will delete it promptly.
3. Information We Collect
Information You Provide Directly
Account information:
- Full name
- Email address
- Phone number
- Password (stored as a secure hash — we never store your actual password)
Your child's information:
- Child's first name
- Grade level
- Disability category or categories (selected from a predefined list)
- School name, city, and state
- School year, annual IEP review date, next evaluation date
- Accommodations listed in the IEP
Activity you create in the app:
- Daily compliance log entries
- Observation journal entries (title, body, tags)
- Deadlines and reminders you add
- Community posts and replies you write
Information Collected Automatically
- Device information: Device type, operating system version, and unique device identifiers used to send push notifications
- App usage data: Which screens you visit and how you interact with the app (used to improve the product — not sold or shared with advertisers)
- Crash reports: If the app crashes, we may receive a crash report with technical information about the error
Information We Do Not Collect
- Your home address or your child's home address
- Social Security numbers
- Financial information (payment processing is handled entirely by Apple or Google)
- Health records, medical records, or any records covered by HIPAA
4. How We Use Your Information
- Provide the app's features — compliance logging, meeting prep, rights content, community
- Send push notifications for upcoming IEP deadlines and review dates
- Enforce community safety via content moderation
- Improve the app using aggregated, anonymized usage data
- Respond to your support requests
- Comply with legal obligations
5. How We Share Your Information
We do not currently sell your personal information. We do not sell, rent, or trade your personal information or your child's information to third parties for commercial purposes. If this practice ever changes, we will notify you before it takes effect.
Service Providers:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication hosting | All app data you create |
| Apple (APNs) | iOS push notifications | Device push token |
| Google (FCM) | Android push notifications | Device push token |
| Expo | App infrastructure and OTA updates | Crash and usage diagnostics |
| Resend | Transactional email | Your email address |
Community Feature: Content you post in the community is visible to other users. Posts are anonymous — your name and child's information are not displayed. Your state badge (e.g., "CA") may be shown. Do not include personally identifying information in posts.
Legal Compliance: We may disclose information if required by law, court order, or to protect safety.
6. Data Retention
We retain your personal information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where required by law.
7. Your Privacy Rights (California Residents — CCPA/CPRA)
- Right to Know: Request a copy of the personal information we have collected about you.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale: We do not currently sell your personal information.
- Right to Limit Use of Sensitive Personal Information: Your child's disability information is used only to operate the app — not for advertising or profiling.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.
How to Submit a Request: Email us at privacy@iepright.com. We will respond within 45 days.
8. Security
- All data transmitted between the app and our servers is encrypted using HTTPS/TLS
- Passwords are hashed and never stored in plain text
- Database access is restricted using Row-Level Security (RLS) so each user can only access their own data
- We use Supabase, which is SOC 2 compliant, for data storage
No security system is perfect. Contact us immediately at support@iepright.com if you believe your account has been compromised.
9. International Users
IEP Right is intended for use in the United States. If you access the app from outside the United States, your information will be transferred to and processed in the United States.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email at least 30 days before the changes take effect.
11. Contact Us
IEP Right LLC
931 10th Street #180
Modesto, CA 95354
Email: privacy@iepright.com