KairosED

KairosED™

Privacy Policy

Last Updated: March 19, 2026

KairosED™ is committed to protecting the privacy and security of educators, schools, and students. Our platform is designed to support school-safe AI use with a strong focus on data minimization, secure authentication, and responsible handling of educational information.

KairosED™ does not sell student data and does not use student data to train AI models.

1. Who We Are

KairosED™ ("KairosED™," "we," "our," or "the platform") provides AI-powered tools designed to support educators and school administrators. This Privacy Policy explains what information we collect, how we use it, and how we protect it when users access KairosED™ through our website and platform.

KairosED™ operates as a service provider to schools and districts. Schools and districts are the data controllers for education records processed through the platform. KairosED™ processes that data only on their behalf and under their direction.

2. Information We Collect

KairosED™ is intentionally designed to minimize the collection of personal information. We collect only what is necessary to operate the platform.

Account Information

When users sign in through Single Sign-On (SSO), we may collect:

  • Name and email address
  • School or district domain
  • User role (teacher, administrator)
  • Roster identifiers provided by the school or district via OneRoster sync

KairosED™ does not store user passwords. Authentication is handled entirely by trusted identity providers (Microsoft Entra ID / Azure AD or Google Workspace).

Usage Data

To operate the platform and provide AI-powered tools, we collect:

  • Prompts and context submitted by authenticated users to AI tools
  • AI-generated responses
  • Conversation history for tools that support threaded chat
  • Tool usage metadata (which tools were used, token counts, timestamps)
  • Safety event records when content matches district-configured rules (limited preview, maximum 150 characters)

Student Information

KairosED™ is a staff-facing platform. Tools are designed for use by educators and administrators, not directly by students (except where a district has explicitly enabled student-facing tools). Schools and educators should avoid entering personally identifiable student information into prompts unless it is necessary for an approved educational purpose.

When student-facing tools are enabled, student accounts are provisioned through district roster sync (OneRoster). Student tool usage is stored under the same retention and deletion policies as educator usage.

3. How We Use Information

We use information only to provide, maintain, secure, and improve KairosED™. This includes:

  • Authenticating users and managing role-based access
  • Generating requested AI-powered educational content
  • Storing conversation history so educators can reference prior sessions
  • Enforcing district-configured safety rules and notifying administrators of flagged content
  • Generating usage analytics visible only to district administrators
  • Monitoring platform performance and troubleshooting issues

KairosED™ does not sell, rent, or trade personal information. KairosED™ does not use student or educator data to train AI models.

4. AI Data Handling and Subprocessors

KairosED™ uses third-party AI providers through secure API connections to generate educational content. When a prompt is submitted:

  1. The request is securely transmitted to the AI provider over HTTPS.
  2. The AI provider generates a response.
  3. The response is returned to the authenticated user and stored in the platform under the district's configured retention policy.

AI Subprocessors

ProviderPurposeData Sent
OpenAIAI content generation and image analysisUser-submitted prompts and uploaded documents
VercelPlatform hosting and infrastructureAll platform traffic
Prisma / PostgreSQLDatabase storageAll stored platform data

Schools or districts that require a Data Processing Agreement (DPA) covering these subprocessors should contact us at support@kairosed.ai.

5. FERPA Commitment

KairosED™ is designed to support schools in meeting their obligations under the Family Educational Rights and Privacy Act (FERPA). Schools and districts retain ownership of their education records. KairosED™ operates as a "school official" under FERPA — processing education records only for legitimate educational purposes under the direct control of the school or district.

KairosED™ supports FERPA-aligned practices by:

  • Limiting data collection to what is reasonably necessary to operate the platform
  • Using data only for legitimate educational purposes under district direction
  • Enforcing strict multi-tenant isolation — one district cannot access another's data
  • Providing role-based access controls so educators see only their own data
  • Providing secure access controls through school-approved SSO providers
  • Providing district administrators with a self-service data deletion tool to remove all stored data for any user upon request
  • Enforcing a maximum 365-day retention limit on AI content; districts may configure shorter periods

Schools and districts that require a signed Data Processing Agreement or FERPA-specific addendum should contact us at support@kairosed.ai.

6. COPPA and Student Use

KairosED™ is designed primarily for use by educators and administrators. When student-facing tools are enabled by a district, KairosED™ operates under the school-operator model established by the Children's Online Privacy Protection Act (COPPA). Under this model:

  • The school or district acts as the authorizing party and is responsible for obtaining any required parental consent for students under age 13 prior to enabling student access.
  • KairosED™ collects only the information necessary to provide the educational service and does not collect personal information from students for any commercial purpose.
  • KairosED™ does not knowingly market directly to children or sell children's personal information.
  • Student tool access is controlled entirely by the district through roster provisioning and role-based permissions.

Districts enabling student-facing tools should ensure their acceptable use policies and parental consent procedures cover AI-powered educational tools. Contact us if you need documentation to support your district's COPPA compliance review.

7. Data Security

KairosED™ uses reasonable administrative, technical, and organizational safeguards to protect information, including:

  • Encrypted HTTPS connections for all data in transit
  • Secure cloud hosting and infrastructure on Vercel
  • Role-based access controls — administrators, teachers, and students each have access only to their own data
  • Strict tenant isolation — one district's data is never accessible to another
  • Authentication through trusted identity providers (no passwords stored)
  • Configurable content safety rules with district-level alerting

No system can guarantee absolute security. If KairosED™ becomes aware of a security incident that may have exposed personal information, we will notify affected schools or districts without unreasonable delay in accordance with applicable law.

8. Data Retention

KairosED™ retains information only as long as reasonably necessary. Districts configure their own retention period (between 1 and 365 days) for AI prompts, responses, and conversation history. A daily automated process permanently deletes records older than the configured threshold.

Data TypeRetention
Account information (name, email, role)While the account remains active
AI prompts and responsesDistrict-configured, 1–365 days (default 30 days)
Conversation historyDistrict-configured, 1–365 days (default 30 days)
Safety event logsDistrict-configured, 1–365 days (default 30 days)
Usage analytics (token counts, tool usage)District-configured, 1–365 days (default 30 days)
Roster sync recordsWhile the district account is active

District administrators may also use the self-service data deletion tool in the admin console to immediately delete all stored AI content for any specific user at any time.

9. Data Ownership

Educational data created or submitted by schools and educators remains the property of the school, district, or authorized user. KairosED™ does not claim ownership of user-created educational content. Districts may request a full export or deletion of their data at any time.

10. Data Deletion Requests

District administrators can delete all stored AI content for any user directly from the admin console without contacting us. For account-level or district-wide deletion requests, contact:

support@kairosed.ai

We will review and process verified requests within 10 business days.

11. Third-Party Services

KairosED™ uses trusted third-party providers as listed in Section 4 (AI Data Handling and Subprocessors). These providers are selected based on their security practices and commitment to educational data protection. We do not share personal information with third parties for advertising or marketing purposes.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to the platform, legal requirements, or privacy practices. The most current version will always be posted on this page with the updated effective date. Material changes will be communicated to district administrators.

13. Contact

For questions about this Privacy Policy, data deletion requests, or to request a Data Processing Agreement, contact:

KairosED™ Support

support@kairosed.ai

kairosed.ai