Back to home

Privacy Policy for Kai

This Privacy Policy describes how K12 Analytics Engineering (“Company,” “we,” “us,” or “our”) collects, uses, and protects information when you use the Kai web application and related services (the “Service”). By using the Service, you agree to the practices described in this policy.

1. Who This Policy Applies To

The Service is designed for use by educators, administrators, and authorized staff within K12 school districts. Students do not interact with the Service directly. Access is provisioned by your district.

2. Information We Collect

A. Account Information

When you sign in to Kai using Google OAuth, we receive and store the following information from your Google account:

  • Your name
  • Your email address
  • Your profile picture

We also request permission to create files in your Google Drive (the drive.file scope). This allows Kai to export data tables to Google Sheets on your behalf. This permission is limited to files that Kai creates and does not grant access to read, modify, or delete any other files in your Google Drive. Your Google OAuth credentials are encrypted using AES-256-GCM before being stored in our database.

B. Usage Information

When you interact with Kai, we process the queries you submit through the conversational interface in order to return analytics results from your organization’s data. We store chat session metadata (such as session titles and timestamps) in our database. The full contents of your conversations, including your messages and Kai’s responses, are stored on our cloud infrastructure to power the conversational analytics experience.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and manage your session
  • Provide, operate, and maintain the Service
  • Process your conversational queries against your organization’s data
  • Maintain audit logs for administrative actions (such as account impersonation by platform administrators)
  • Improve and develop the Service

We do not use your information for advertising, marketing, or sale to third parties.

4. Cookies and Similar Technologies

Kai uses a small number of first-party cookies that are strictly necessary for the Service to function. We do not use any third-party, analytics, advertising, or tracking cookies.

  • Session cookie: An encrypted cookie that keeps you signed in for up to 7 days.
  • Admin support cookie: A temporary encrypted cookie used when a platform administrator accesses your account during a support session. It expires after 1 hour.

Because these cookies are strictly necessary for authentication and core functionality, no cookie consent banner is shown. You can clear these cookies at any time through your browser settings, though doing so will sign you out.

5. Data Storage and Security

  • Infrastructure: The Service runs on Google Cloud Platform.
  • Encryption: OAuth tokens and impersonation payloads are encrypted using AES-256-GCM before storage. All data is encrypted in transit via TLS.
  • Isolation:Each organization’s data operates in an isolated environment. Queries are scoped to your organization and cannot access another organization’s data.

6. Third-Party Services

The Service integrates with the following third-party providers:

  • Google OAuth: Used for user authentication. Google receives information as part of the sign-in flow in accordance with Google’s Privacy Policy.
  • Google Cloud Platform: Used to host the Service and power the conversational analytics engine. Data is processed within Google Cloud infrastructure.

7. Student Data and FERPA

  • The handling of student and organizational data is governed by your district’s Master Services Agreement (MSA) with K12 Analytics Engineering. Every district signs a MSA before gaining access to the Service.
  • Under these agreements, K12 Analytics Engineering is designated as a school official with a legitimate educational interest under FERPA.
  • Kai may display personally identifiable student information depending on the query.
  • Your district retains ownership and control of all organizational and student data. We access it solely to provide the Service on your district’s behalf.
  • We do notbuild personal profiles of students other than in furtherance of the educational purpose defined in your district’s MSA.
  • We do not use student data for advertising, marketing, or any purpose unrelated to providing the Service to your organization.

8. Data Retention

  • Account data is retained while your account is active. When an account is deactivated, associated records are soft-deleted and may be permanently removed after a reasonable retention period.
  • Chat sessions and conversation history are retained while your account is active to provide ongoing access to your past queries.
  • Impersonation audit logs are retained for security and compliance purposes.
  • District-initiated deletion:Districts may request deletion of their organization’s data by contacting us at privacy@alcozer.dev. Upon receiving a verified request, we will delete or de-identify the data within a reasonable timeframe.
  • Some data may persist temporarily in backups or support records after a deletion request is processed. We will not actively use retained copies after processing the request.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete the personal information we hold about you. If you access the Service through a school district, please contact your district administrator first. Your district can then submit a request to us on your behalf at privacy@alcozer.dev. We will respond to all verified requests in accordance with applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Service or via email. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@alcozer.dev.