π« SPEDGenie never stores any of the following
β
Social Security numbers
β
Parent contact information
β
Original uploaded documents
Uploaded files are processed in your browser and deleted from memory immediately after extraction. The file you upload never persists on any server. Raw document text is cleared the moment the AI extraction completes β even if you close the tab before approving the profile.
β
What SPEDGenie may save β only with your explicit approval
β
Student code β a code you assign, such as "Student A" or "GL-7th." Never a real name.
β
Educational profile data β grade level, disability category, reading level, academic strengths, functional needs, accommodations, and IEP goal areas.
β
Saved IEP goals β goals you save from the Goal Intelligence Center, stored in your browser only.
β
Progress monitoring data β goal status entries you add manually. Stored in your browser only, never on a server.
All of the above is stored in your browser's localStorage only β on your device, not on any SPEDGenie server. Clearing your browser data removes it entirely. It cannot be accessed by SPEDGenie, Anthropic, or any third party.
How document processing works
When you upload an IEP, FIE, evaluation, or progress report, here is exactly what happens β step by step:
1
File is read in your browser
Your .docx or .txt file is opened using Mammoth.js, a JavaScript library that runs entirely in your browser. The file never leaves your device at this step.
2
PII is scrubbed before any transmission
Before the text is sent anywhere, a PII scrubber removes SSN patterns, phone numbers, email addresses, and street addresses from the text.
3
Scrubbed text is sent to Claude AI for extraction
The scrubbed text β not the original file β is sent to Anthropic's Claude API to identify educational information: strengths, needs, goals, accommodations. The AI is instructed to extract educational data only and never retain SSNs, names, addresses, or parent contacts.
4
Original document deleted from memory immediately
The moment the API responds, the raw text variable is set to empty string and the file input is cleared. The original document no longer exists in the session β even if you close the tab without approving the profile.
5
You review and approve every extracted field
The extracted educational profile is shown to you field by field. You can remove any item, add items, or edit the disability impact statement. Nothing is saved until you click "Approve & Save Profile."
6
Only your approved educational profile is saved β to your browser only
A structured JSON profile with no PII is saved to your browser's localStorage. It is never transmitted to SPEDGenie's servers. If you choose Anonymous Mode, nothing is saved at all β the data disappears when you close the tab.
Three privacy modes β you choose
SPEDGenie offers three modes depending on your district's privacy policies and your comfort level.
Anonymous Mode
Upload, extract, use. Nothing saved anywhere. Session ends, data disappears completely.
Nothing stored
Student Code Mode
Assign a code (Student A, GL-7th). Approved educational profile saved to your browser only. No PII ever.
Browser localStorage only
District Enterprise
Named students and long-term storage available under a signed DPA, Privacy Agreement, and Security Agreement.
Requires district contract
Student Intelligence Engineβ’ β what it extracts and what it does not
The Student Intelligence Engineβ’ reads existing student documents and pulls out only the educational information teachers need for instruction and IEP planning.
β
Extracts (educational data only)
β Academic and functional strengths
β Academic and functional needs
β Accommodations and modifications
β Current IEP goal areas and baselines
β Reading level and math level
β Disability category and impact statement
β Related services
β Behavior supports and transition needs
β Does not extract (never retained)
β Student name or date of birth
β Home address or school of attendance
β Social Security number or student ID
β Parent or guardian contact information
β Transportation information
β Medical insurance or Medicaid information
β Physician or medical provider details
β Original uploaded document
Artificial Intelligence Services
Important disclosure: SPEDGenie uses third-party artificial intelligence services to generate instructional content. When you use AI-powered features, information you submit may be processed by a third-party AI provider. You should avoid entering unnecessary personally identifiable information and should follow your district's policies regarding educational records.
SPEDGenie may utilize artificial intelligence services to assist with instructional planning, document generation, curriculum accessibility, goal generation, and educational workflows. Information submitted to AI-powered features may be processed by third-party AI service providers in accordance with applicable agreements and privacy practices.
Which AI provider does SPEDGenie use?
SPEDGenie uses Anthropic's Claude API to power AI-assisted features including goal generation, IEP drafting, curriculum accessibility, and document extraction. Anthropic operates under a Zero Data Retention (ZDR) policy for API usage β meaning inputs and outputs are not stored by Anthropic and are not used to train future AI models. For more information, visit anthropic.com/privacy.
What information is sent to the AI?
When you use an AI-powered feature (IEP Builder, Goal Intelligence, StoryGlyph, Chunking Engine, Student Intelligence), the text or content you submit in that feature is sent to the Anthropic API for processing. SPEDGenie runs a PII scrubber before sending text to remove common identifying patterns (SSNs, phone numbers, email addresses, street addresses). The API call is made server-side through a secure serverless function β your browser never connects directly to Anthropic and the API key is never exposed.
What information is NOT sent to the AI?
βThe original uploaded document β deleted from memory before any API call
βStudent names, dates of birth, or Social Security numbers (scrubbed)
βParent contact information, phone numbers, or email addresses (scrubbed)
βYour API credentials or account information
Can districts restrict AI processing?
Yes. District Enterprise accounts have access to the District AI Governance Settingsβ’ panel, where District Administrators can allow, restrict, or disable AI-assisted processing for their users, require Student Code Mode for all AI features, and view AI processing logs. Contact admin@spedgenie.com to configure AI governance settings for your district.
For district attorneys and technology directors: SPEDGenie recommends reviewing Anthropic's Data Processing Agreement, privacy policy, and ZDR terms before authorizing use for staff processing student-related documents. A Data Processing Agreement between your district and SPEDGenie LLC is available on request and should be executed before enabling document upload features for district users.
FERPA and SPEDGenie
Important: SPEDGenie is designed with FERPA-aligned data minimization and document processing safeguards. Final district approval, data governance, and access policies remain the responsibility of the district. SPEDGenie does not certify or guarantee FERPA compliance β that determination requires review of your district's specific policies, contracts, and authorization procedures.
FERPA (the Family Educational Rights and Privacy Act) protects student education records. Here is how SPEDGenie's design relates to FERPA principles:
- SPEDGenie is designed to avoid maintaining education records. It generates draft content that teachers use to create records β but the records themselves live in your district's IEP management system (TAMS, Frontline, SpEd Forms), not in SPEDGenie. Whether SPEDGenie qualifies as a "school official" or requires a FERPA exception depends on your district's specific use case and counsel's review.
- SPEDGenie is a teacher tool, not a student-facing product. Students never interact with SPEDGenie directly. No student accounts exist.
- Teachers are instructed to use student codes only. Every screen that accepts student input displays a FERPA reminder. SPEDGenie cannot prevent a teacher from typing a real name, but the policy and UI both direct against it. Districts should establish a written policy on acceptable use.
- A Data Processing Agreement (DPA) is available on request. Districts that require a formal DPA can request one by emailing admin@spedgenie.com. Execution of a DPA is required before enabling District Enterprise storage mode.
- User behavior matters. FERPA compliance is partly technology, partly district policy, and partly user behavior. SPEDGenie provides safeguards β district policies and training complete the picture.
The AI we use β Anthropic Claude
SPEDGenie uses Anthropic's Claude API to generate IEP language, extract educational profiles, and build symbol supports. Relevant data practices:
- Anthropic's Zero Data Retention (ZDR) policy means API inputs and outputs are not stored by Anthropic and are not used to train future AI models.
- The API call is made through a secure serverless function β your browser never connects directly to Anthropic. The API key is never exposed to your browser.
- Anthropic is SOC 2 Type II certified.
- For more on Anthropic's privacy practices, visit anthropic.com/privacy.
What teachers should not do
SPEDGenie is designed to protect student privacy β but teachers are the first line of defense. Please do not:
- Enter real student names into any SPEDGenie field. Use student codes or initials.
- Upload documents that contain sensitive medical information beyond what is needed for educational planning.
- Upload documents on a shared or public computer where the browser session is not private.
- Share a SPEDGenie URL that includes a student code with anyone not authorized to view that student's educational information.
- Use SPEDGenie on a district device if your district has not approved AI-assisted educational tools or has specific restrictions on browser-based AI processing.
Retention table β what is stored in each mode
This table shows exactly what is retained in each privacy mode. Nothing beyond this table is stored by SPEDGenie.
| Data type |
Anonymous Mode |
Student Code Mode |
Enterprise Mode |
| Original uploaded document |
β Never |
β Never |
β Never |
| Student PII (name, DOB, address, SSN) |
β Never |
β Never |
β Never |
| Parent or guardian contact information |
β Never |
β Never |
β Never |
| Approved educational profile (student code, grade, disability, strengths, needs, accommodations, goals) |
β Not saved |
Browser only
localStorage |
District server
with DPA |
| Saved IEP goals (teacher-saved from goal library) |
β Not saved |
Browser only |
District server
with DPA |
| Progress monitoring entries (teacher-entered data points) |
β Not saved |
Browser only |
District server
with DPA |
| Aggregate usage analytics (page views, feature counts β no identifiers) |
Aggregate only |
Aggregate only |
Aggregate only |
Browser localStorage means data exists only on the teacher's device in their browser. It is never transmitted to SPEDGenie servers. Clearing browser data removes it permanently.
Redaction guidance for teachers
Before uploading any document to SPEDGenie, teachers should apply basic redaction practices. SPEDGenie runs an automatic PII scrubber β but teacher-level redaction is the first and strongest line of defense.
Before uploading β redact or remove:
βοΈ Replace student name with a code or initials
βοΈ Remove or black out date of birth
βοΈ Remove parent names and phone numbers
βοΈ Remove home address and school address
βοΈ Remove student ID numbers and SSN
βοΈ Consider using the Paste Text tab for maximum control
π‘ The Paste Text tab is always the most private option. Instead of uploading a full document, paste only the sections you need β the PLAAFP paragraph, the goals, or the accommodations list. This way you never send more than you intend.
Security β current state and roadmap
SPEDGenie is a browser-based platform with a serverless backend. The following describes the current security posture and the features on the enterprise roadmap.
β
Current β in place today
βAll data transmitted over HTTPS/TLS
βAPI key stored server-side β never exposed to browser
βAI vendor Zero Data Retention policy (Anthropic)
βAutomatic PII scrubber before any AI call
βDocument deleted from memory after extraction
βTeacher review required before any data is saved
βNo student data stored server-side (Individual/Code modes)
βFERPA reminder displayed on every student input screen
π² Enterprise roadmap β planned
βEncryption at rest for Enterprise storage tier
βRole-based access controls (Teacher / Campus Admin / District Admin)
βAdmin audit log β who accessed what and when
βAutomated data deletion after configurable retention period
βSSO / district identity provider integration
βSOC 2 Type II audit (Enterprise tier)
βData residency options (US-only storage)
βBreach notification procedures (contractual)
Honest disclosure: SPEDGenie has not undergone a third-party security audit. The enterprise security features listed above are planned and not yet implemented. Districts evaluating SPEDGenie for Enterprise use should conduct their own security review and engage SPEDGenie in a DPA discussion before enabling named student storage.
Privacy & Security FAQ
Where is data stored? +
In Student Code Mode (default), approved educational profile data is stored in your browser's localStorage only β never on SPEDGenie servers. In District Enterprise mode, data is stored on district-approved servers under a signed Data Processing Agreement. Uploaded documents are never stored β they are deleted from memory immediately after extraction.
Is data encrypted? +
All data transmitted between your browser and SPEDGenie is encrypted via HTTPS/TLS. Browser localStorage data is protected by your device's browser security. Encryption at rest for Enterprise storage is on the product roadmap. SPEDGenie has not yet completed a third-party security audit β see the Security section of this page for the honest current state.
What happens to uploaded documents? +
Uploaded documents are read in your browser, run through a PII scrubber, and sent to the AI for extraction. Immediately after extraction completes, the raw text is deleted from memory β even if you close the tab before approving the profile. The original file is never sent to a server.
Does SPEDGenie store student names? +
No. In Anonymous Mode and Student Code Mode, student names are never stored or extracted. The PII scrubber removes name patterns before any AI processing. In District Enterprise mode, named student profiles may be stored under a signed Data Processing Agreement with your district.
Is SPEDGenie FERPA compliant? +
SPEDGenie is designed with FERPA-aligned data minimization and document processing safeguards. Final district approval, data governance, and access policies remain the responsibility of the district. SPEDGenie does not certify or guarantee FERPA compliance β that determination requires review of your district's specific policies, contracts, and authorization procedures. A Data Processing Agreement is available on request.
Does SPEDGenie sell data? +
No. SPEDGenie does not sell user data, student data, or educator data to any third party. We do not advertise to students. We use Anthropic's Claude API with Zero Data Retention policy β API inputs are not stored or used to train AI models by Anthropic.
Can users delete their data? +
Yes. Browser-stored data (localStorage) can be deleted at any time by clearing your browser data. Account-level deletion requests can be submitted through the Privacy Settings page or by emailing admin@spedgenie.com. SPEDGenie will respond within 30 days.
How are security incidents handled? +
In the event of a security incident affecting user or student data, SPEDGenie will notify affected users and districts promptly via email. Formal breach notification procedures are on the enterprise roadmap. Contact admin@spedgenie.com immediately if you suspect unauthorized access to your account.