🧭

IEP Compass

Privacy Policy

Effective Date: April 2, 2026 · Last Updated: April 23, 2026

The short version: IEP Compass stores your data securely so you can access it from any device. We never sell your personal information. We never share your child's information with advertisers. Everything you log stays yours. Our AI assistant (Claudia) processes messages through Anthropic's API — we explain exactly what that means below.

1. Who We Are

IEP Compass ("we," "our," or "us") is a mobile application designed to help parents and advocates organize, track, and manage Individualized Education Program (IEP) documentation for children with special needs. IEP Compass is developed and operated by Tristan Patin.

For questions about this policy, contact us at: hello@iepcompass.com

2. Information We Collect

We collect only what is necessary to provide the app's features:

Account information: Your email address and password (stored securely via Firebase Authentication) when you create an account.
Child profiles: Name, age, grade, school, and IEP status that you choose to enter.
Daily logs: Notes, mood entries, behavioral observations, categories, and dates you record.
Documents: Files you upload (IEPs, evaluations, letters, reports) stored securely in Firebase Storage.
Email logs: Correspondence summaries you manually enter into the app.
Calendar events & reminders: Appointments and notifications you create.
AI conversation messages: Messages you send to Claudia (our AI assistant) and the responses you receive. See Section 7 for how this data is handled.
Profile photo: An optional photo you choose to upload.
Usage data: Anonymous analytics (screen views, feature usage) to help us improve the app. This data is not linked to your identity.
Crash reports: Technical error logs to help us fix bugs. These do not include the content of your logs or documents.

3. Categories of Personal Information (CCPA)

For California residents, the categories of personal information we collect include:

Identifiers: Email address, account ID
Personal records: Child name, age, school, IEP-related notes and documents you enter
Commercial information: Subscription plan and purchase history (processed by RevenueCat)
Internet activity: Anonymous feature usage and crash reports
Inferences: None — we do not build behavioral profiles

We do not sell or share any of these categories for cross-context behavioral advertising.

4. How We Use Your Information

We use your information exclusively to:

Provide and sync the app's features across your devices.
Send you reminders and notifications you have configured.
Generate reports and PDF exports from your own data.
Power the Claudia AI assistant (see Section 7).
Improve the app through anonymous usage analytics.
Process subscription payments and manage your account.
Respond to support requests you send us.

We do not use your data to serve you advertisements. We do not sell, rent, or trade your personal information to any third party.

5. How We Store and Protect Your Data

Your data is stored using Google Firebase, which provides industry-standard security including encryption in transit (TLS) and at rest. Firebase Security Rules ensure that only you — authenticated with your account — can access your own data. No other app user can read or modify your account or your child's information.

We use Sentry for crash reporting. Crash logs contain technical stack traces and device information only — they do not include the content of your logs, documents, or your child's personal information.

6. Children's Privacy (COPPA)

IEP Compass is designed for use by parents and adult advocates — not by children directly. Children do not create accounts or interact with the app. We do not knowingly collect personal information directly from anyone under the age of 13.

Information about your child (name, age, school, behavioral observations, IEP details) is entered by you, the parent or guardian, and is stored within your account to organize your own records. We treat this information with the highest level of care:

It is never sold or shared with advertisers, data brokers, or third parties for commercial purposes.
It is accessible only to you within your account.
It is deleted when you delete your account.

Parental Rights: As the account holder and parent or guardian, you have the right to:

Review all information stored about your child by accessing your account or contacting us.
Correct any inaccurate information by editing it directly in the app.
Delete your child's profile and all associated data using the in-app delete function or by contacting us at hello@iepcompass.com.
Refuse further collection by deleting your account at any time.

If you believe a child under 13 has created an account without parental consent, please contact us immediately at hello@iepcompass.com and we will delete the account promptly.

7. AI Features (Claudia & AI Explainer) — Third-Party AI Service & Data Handling

IEP Compass includes two AI-powered features: the Claudia chat assistant and the AI Explainer tool. Both transmit data to Anthropic, Inc. to generate responses. The app asks for your explicit permission through a consent screen before any data is ever sent. You may decline at any time.

What data is transmitted to Anthropic

Each time you use Claudia or the AI Explainer, the following information is sent over an encrypted (HTTPS) connection to Anthropic's servers:

Your typed messages and questions
Photos or documents you choose to share or upload within the AI features
Your child's first name (provided as conversational context so Claudia can personalize responses)
The name of the screen you are currently viewing inside the app
Your conversation history from the current session (capped at the last 10 exchanges to limit data exposure)

Who receives this data

The data listed above is received and processed by Anthropic, Inc. (anthropic.com), the company that operates the Claude AI model. Anthropic acts as a data processor on your behalf for the sole purpose of generating AI responses. For full details on how Anthropic handles API data, see Anthropic's Privacy Policy. Anthropic does not use data submitted through the API to train its AI models without customer permission.

How IEP Compass handles AI conversations

IEP Compass does not permanently store the content of your Claudia conversations on its own servers beyond the session history saved in your account.
Your Claudia usage count (number of messages sent today) is stored server-side to enforce daily limits for free accounts. This count contains no message content.
We recommend not including highly sensitive personal identifiers (such as Social Security numbers, medical record numbers, or financial account details) in messages to Claudia or the AI Explainer.

Your consent

Before any data is transmitted to Anthropic, the app displays a disclosure screen that identifies Anthropic as the recipient, lists what data will be sent, and requires your explicit acknowledgment. You can decline at any time — doing so prevents the AI features from sending data. If you have previously consented and wish to withdraw, you can clear the app's local data or contact us at hello@iepcompass.com to request account deletion.

8. Third-Party Services

IEP Compass uses the following third-party services to function:

Google Firebase — Authentication, database, and file storage. Firebase Privacy Policy
Anthropic — AI model powering the Claudia assistant. Messages sent to Claudia are processed by Anthropic's API. Anthropic Privacy Policy
RevenueCat — Subscription and in-app purchase management. RevenueCat Privacy Policy
Sentry — Crash reporting and error monitoring. Sentry Privacy Policy
Expo / EAS — Mobile app build and over-the-air update infrastructure. Expo Privacy Policy

9. Data Retention

We retain your data for as long as your account is active. If you delete your account — which you can do at any time from the app's Settings screen — your personal data and all associated records (logs, documents, child profiles, reminders, calendar events) will be permanently deleted from our systems within 30 days. Uploaded files in Firebase Storage are deleted as part of this process. Anonymized analytics data may be retained indefinitely as it cannot be linked to your identity.

10. Your Rights

You have the right to:

Access all data stored about you by contacting us.
Correct inaccurate information by editing it directly in the app.
Delete your account and all associated data using the Delete Account option in Settings, or by contacting us at hello@iepcompass.com.
Export your data using the app's built-in PDF report export feature.
Opt out of analytics by disabling analytics in your device settings or contacting us.

If you are located in California, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Contact us to exercise any CCPA rights.

If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority. Contact us to exercise these rights.

11. We Do Not Sell Your Personal Information

IEP Compass does not sell, rent, lease, or otherwise share your personal information or your child's information with any third party for monetary or other valuable consideration. This applies to all users including California residents under CCPA.

12. Push Notifications

If you enable reminders, we will send push notifications to your device. You can disable these at any time through your device's notification settings or within the app's Settings screen.

13. Cookies and Local Storage

The IEP Compass mobile app (iOS and Android) does not use cookies. It uses standard device-local storage — specifically AsyncStorage and Firebase's secure token cache — to keep you signed in and store your preferences. This data never leaves your device except as part of normal Firebase Authentication.

The IEP Compass web app uses Firebase Authentication's session management, which stores your login token in your browser's IndexedDB — not as a traditional HTTP cookie. We do not use advertising cookies, tracking pixels, or third-party analytics cookies on the web app.

Because we do not use cookies for tracking or advertising purposes, we do not display a cookie consent banner. The only browser storage we use is strictly necessary to keep you signed in and provide the app's core features. You can clear this at any time by signing out or clearing your browser's site data.

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable law. Notification will be sent to the email address associated with your account.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For significant changes — particularly those that affect how your child's data is handled — we will notify you within the app before the changes take effect. Continued use of IEP Compass after changes are in effect means you accept the updated policy.

17. Contact Us

🧭 IEP Compass — Privacy Inquiries

Email: hello@iepcompass.com
We aim to respond to all privacy-related inquiries within 5 business days.

For COPPA-related requests (parental review, correction, or deletion of child data), we will respond within 48 hours.