PRIVACY POLICY

Effective Date: January 1, 2026

Company: 24-7 Education Inc. d/b/a 24/7 Teach (“24/7 Education,” “we,” “us,” “our”) 

Services Covered: Our websites (including 247teach.org and related sites), mobile apps, Naomi-ai website/applications, APIs, downloadable content, and any other products/services we offer (collectively, the “Services”). 

This Privacy Policy explains:

  • what information we collect,

  • how we use and share it,

  • choices and rights you have, and

  • additional terms that apply when the Services are used by schools (School Accounts / Student Users).

This Privacy Policy is designed to work together with our Terms and Conditions and our Kids Privacy Policy. 

1) Key Definitions

Personal Information: Information that identifies, relates to, describes, or can reasonably be linked to a particular person (such as name, email, identifiers, or account data).

User Content: Content you submit or generate through the Services, including postings, code, and AI content (Inputs/Outputs). The Terms confirm AI Content is “User Content.” 

Student Data / Education Records: For school use, information that is directly related to a student and maintained by an educational agency/institution or its service provider, including information that may be protected by FERPA and/or state student privacy laws.

School Personnel: Teachers, school/district administrators, and similar staff using Services for school purposes. 

School Accounts: Accounts created/rostered by School Personnel or created by students at the direction of School Personnel using school emails and associated with a class. 

Integrated Services: Third-party services you may use to register/login or connect to our Services (e.g., Google, Facebook Connect, Clever/ClassLink where supported). 

Linked Accounts: When a personal account is associated with a School Account so learning activity may be viewed by those with access to either interface/credential set; once linked, they can’t be separated. 

De-identified/Aggregated Data: Data that has been de-identified so it cannot reasonably be used to identify an individual; may be combined across users for analytics and improvement.

2) Who This Policy Applies To

This policy applies to:

  • learners, parents/guardians, teachers/school personnel, coaches, and other users who access the Services; 

  • visitors to our websites; and

  • institutions using the Services for school purposes.

If your school/district has a separate written agreement or data protection addendum (including an NDPA), that agreement may control in the event of a conflict for School Accounts and Student Data. 

3) Information We Collect

A. Information you provide directly

Depending on how you use the Services, we may collect:

  • Account registration: name, email, password, role/type (learner/parent/teacher), age/grade band where relevant, and related profile information. 

  • Parent/guardian information (when creating/managing a Child User account): identifiers and contact details needed to create/manage/approve accounts, and to verify identity when required. 

  • School account setup/rostering information: information provided by School Personnel and/or imported via supported rostering methods (e.g., Google Classroom/Clever/ClassLink, where supported). 

  • Communications: messages you send to us (support requests, emails, forms), and related metadata.

  • Coaching relationships: if a User adds a “Coach,” that Coach may view account activity as permitted by role/settings. 

B. User Content (including tutoring and AI)

We collect and store User Content you submit or generate, including:

  • tutoring/coaching activity and learning activity,

  • assignments/work products you upload or create,

  • feedback you provide (surveys, thumbs up/down on outputs, etc.), 

  • AI Inputs and Outputs created through Naomi-ai and other AI-Enabled Features. 

Important: AI-Enabled Features are not intended to process personally identifiable information, and you must instruct authorized users not to submit PII/proprietary data in Inputs. 

C. Information collected automatically

We may automatically collect:

  • device/browser info, IP address, general usage logs, and performance data to operate and secure the Services.

  • cookie and similar tracking data (see Cookies section below).

D. Information from Integrated Services (third parties you connect)

If you register/login using an Integrated Service, we may access account information from that Integrated Service consistent with your settings and our Privacy Policy. 

4) How We Use Information

We use information to:

  1. Provide and operate the Services (create accounts, authenticate users, deliver tutoring/learning tools, store learning activity, and enable requested features). 

  2. Maintain, secure, support, and improve the Services (debugging, abuse prevention, feature development, analytics). 

  3. Personalize learning and coaching (e.g., tailoring learning experiences, showing progress and learning activity to authorized viewers like parents/school personnel/coaches based on permissions).

  4. Communicate with you about service-related messages (account notices, security alerts, policy updates).

  5. Process payments (if applicable) via payment processors/vendors (see Sharing section).

  6. Comply with law and protect rights/safety (legal compliance, responding to lawful requests, protecting the Services’ security and integrity). 

School Accounts and AI (special rule)

We do not use User Content from School Accounts (including Inputs/Outputs) to train or improve generalized AI models for other customers, except in de-identified and aggregated form or if a written school/district agreement permits otherwise. 

5) How We Share Information

We treat User Content as confidential except where you share it or make it public, and we limit disclosures as described below. 

A. Sharing you control (settings, permissions, and roles)

Information may be visible to:

  • Parents/Guardians who manage or are connected to a child account. 

  • School Personnel / Institutions for School Accounts used in class and as permitted by school settings and agreements. 

  • Coaches you add (as permitted by the feature and settings). 

  • Users with Linked Account access, because learning activity may be viewed by any person with access to either linked interface. 

B. Service providers and subprocessors

We may share information with vendors that help us run the Services (hosting, security, analytics, customer support tools, communications tools, payment processing). For School Accounts/Student Data, subprocessors must be bound by confidentiality and data protection obligations. 

If a district NDPA applies, it also requires that any subprocessors have data protections “no less stringent” than the agreement. 

C. Integrated Services (third-party account connections)

If you use an Integrated Service, you agree we may access/store/use certain information from that service consistent with this Privacy Policy, and you should review that third party’s policies. 

D. Legal, safety, and integrity

We may disclose information:

  • as required by law,

  • to protect the security/integrity of the Services,

  • to investigate abuse, fraud, or security incidents. 

Where an NDPA applies, compelled disclosure requires safeguards (including notice where permitted). 

E. We do not sell Student Data or use it for targeted advertising (School Accounts)

If Student Data is governed by an NDPA, the agreement states Student Data is not used to sell information or for targeted advertising and limits use to educational/service purposes. 

6) Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • keep you logged in (where applicable),

  • remember preferences,

  • understand usage patterns,

  • improve performance and security.

You can control cookies through your browser/device settings. Some features may not work properly if cookies are disabled.

7) Data Retention and Deletion

A. General retention

We retain Personal Information and User Content as long as needed to:

  • provide the Services,

  • meet operational requirements,

  • comply with legal obligations,

  • resolve disputes, and

  • enforce agreements.

B. Linked Accounts (special note)

If a personal account is linked to a School Account, learning activity may be retained in the linked personal account even after School Account termination, and linked accounts cannot be separated once linked. 

C. School Accounts retention/disposition (when NDPA applies)

Where a district NDPA applies, Student Data must be returned or deleted at the end of the service term or upon request, and disposition must occur within the specified timeframe (the NDPA states a 60-day disposition window). 

D. De-identified/aggregated data

We may retain de-identified and aggregated data derived from User Content for service improvement, analytics, security, and related purposes, consistent with applicable law and school/district agreements. 

8) Your Rights and Choices

Our Terms require that our Privacy Policy explains the procedures by which Users/Parents/School Personnel may view, update, correct, or delete account and personal information. 

A. How to exercise rights (general)

  • Account settings: You can update certain profile/settings within your account.

  • Deletion requests: You (or a Parent for a Child User) may request deletion by account tools or contacting support, subject to identity verification and legal retention requirements. 

B. School Accounts (students/parents)

For School Accounts, parents and students often must route certain requests through the school/district (because the school controls the education record), and we will support the school/district in fulfilling those requests where required by law and contract.

C. Marketing preferences

If we send optional newsletters or promotional communications, you can opt out using the unsubscribe method in the message or by contacting us.

9) Children’s Privacy and School Consent

The Services are not available to users under 13 unless approved by a Parent or (for School Accounts) School Personnel as permitted

For School Use in the U.S., School Personnel/Institutions agree they are responsible for required notices/consents under FERPA and COPPA and other applicable privacy laws. 

We also strongly require adult supervision for minors using AI-Enabled Features and instruct that minors should refrain from submitting personally identifiable information in AI Inputs. 

10) Security

We use administrative, technical, and physical safeguards designed to protect information. No system is perfectly secure, but we work to prevent unauthorized access and misuse.

If we become aware of unauthorized access to User Content, we will use reasonable efforts to notify you and/or the applicable school/district administrator consistent with notice terms and applicable law/agreements. 

Incident notice timing (when NDPA applies)

Where a district NDPA governs Student Data, it requires notice to the district of a breach/security incident within the required window (the NDPA states 72 hours). 

11) International Use and Data Processing Location

We operate the Services in the United States, and we collect, store, and process data in the United States. 

12) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice in a reasonable manner (such as email or posting a notice), consistent with our Terms. 

For School Accounts, material adverse changes to how education-record personal information is used/shared may have additional notice/opt-out handling as described in the Terms. 

13) Contact Us

For privacy questions, requests, or concerns, contact:

24-7 Education Inc. d/b/a 24/7 Teach

Email: legal@247education.org

(If you want, paste the mailing address block from your “Notice” section here exactly as you want it shown publicly; the Terms confirm notice procedures exist and reference Section 18.1.) 

Appendix A — School/District Addendum

This appendix applies when 24/7 Education is acting as a contractor providing Services to a NY educational agency (or when a district agreement requires NY Education Law 2-d style terms).

A1) Use limitations for Student Data (No Sale / No Targeted Ads)

Student Data is not used to sell information or for targeted advertising; it is used to deliver and operate the educational Services and related support. 

A2) Types of Student Data (example disclosure list)

Your NDPA’s Exhibit B includes categories such as: student name, contact information, username/IDs, grade level, teacher/class/school identifiers, and other education/work product data required to provide the service. 

A3) Subprocessors and confidentiality

Subprocessors must be under written obligations that protect Student Data and are no less stringent than the applicable district agreement/NDPA. 

A4) Data location (if required by contract)

If required by the NDPA/district agreement, Student Data is stored in the United States. 

A5) Security incident notification

Where the NDPA applies, security incident notice to the district must occur within the NDPA-required timeframe (72 hours). 

A6) Data disposition (return/deletion)

Upon end of term or district request, Student Data is returned or deleted within the NDPA’s stated timeframe (60 days).