Privacy Policy

Effective date: October 16, 2025

Connect K12 Inc. ("Connect K12", "we", "us", or "our") provides a SaaS platform at connectk12.ai. This Privacy Policy explains what information we collect, how we use it, and the choices you have. For an overview of our security controls, see our Security and Data Protection Overview.

Company Details

• Legal name: Connect K12 Inc.
• Address: 2093 Philadelphia Pike, Unit 3313, Claymont, DE 19703, USA
• Website: https://www.connectk12.ai

Scope

This policy covers our web application, APIs, and services we operate to deliver the platform. It applies to information we process as a controller (Account/Operations Data) and as a processor/service provider on behalf of customers (Customer Data).

What We Collect

• Account/Operations Data (controller)
  • Organization details, admin/user contact info (e.g., name, business email)
  • Product usage and support interactions
  • Basic telemetry used to operate and improve the service
• Customer Data (processor/service provider)
  • Data uploaded to the platform or accessed via customer‑authorized integrations
  • Identity provider attributes used for access control in a tenant
  • Outputs generated within a tenant
• Integration Credentials
  • OAuth tokens/refresh tokens for customer‑authorized integrations, scoped to minimum required permissions
• Technical Data
  • Log and device information (e.g., IP address, browser, timestamps) used to secure and operate the service

We do not require special categories of personal data. If customers choose to process such data, they are responsible for lawful basis and notices.

Cookies and Analytics

• We do not use third‑party cookies or third‑party analytics.
• We may use strictly necessary cookies to enable authentication and core functionality.

AI Features

For AI‑assisted transformations, we send only dataset schema metadata (e.g., column names, types, high‑level descriptions) to the AI provider. We do not send raw record values.

How We Use Information

• To provide, secure, and improve the platform
• To operate customer‑authorized integrations
• To authenticate and authorize users (we validate IdP tokens and issue short‑lived JWTs; we do not persist IdP access/ID tokens)
• To support customers and communicate about the service

Legal Roles

• For Customer Data, we act as a processor/service provider; customers are controllers.
• For Account/Operations Data, we act as the controller.

Data Residency and Subprocessors

• Customer Data is stored and processed in the United States.
• We use third‑party service providers (e.g., AWS for hosting). A current list of subprocessors is available upon request.

Security

• Encryption in transit (TLS 1.2+) and at rest; secrets stored in AWS Secrets Manager
• Least‑privilege access and logical tenant isolation
• Centralized logging and monitoring
• OAuth tokens are protected by database encryption at rest and TLS in transit; never displayed in admin views and never logged; customers may revoke tokens with the provider

See our Security and Data Protection Overview for additional details.

Retention and Deletion

• Customer Data is retained for the duration of the subscription and deleted within defined timelines after termination; backups expire per retention schedules.
• Log retention varies by environment and purpose; details available upon request.

Your Choices and Rights

• Rights may vary by jurisdiction (e.g., access, correction, export, deletion). End users should contact their organization’s administrator; we will assist the controller as required.
• Admins can revoke integration access with the provider at any time; re‑authorization may be required to resume functionality.

California Privacy Notice (CCPA/CPRA)

• We do not sell or share personal information as those terms are defined by CCPA/CPRA, and we do not use personal information for cross‑context behavioral advertising.
• To submit a request or question regarding your privacy rights, email support@connectk12.ai.

Children’s and Student Data

We provide a platform for K‑12 administrators and do not handle student data. We do not knowingly collect information directly from children.

Changes to This Policy

We may update this policy from time to time. We will post updates on this page with a new effective date.

Contact

• Privacy and Security: security@connectk12.ai
• Data Subject Requests and Support: support@connectk12.ai

Disclaimer

This policy is informational and non‑contractual. Contractual commitments are defined in the applicable agreement between Connect K12 and the customer.