1. About iepOS

iepOS is an AI-powered Individualized Education Program (IEP) management platform operated by ZLDA Group, LLC, a Florida limited liability company doing business as iepOS ("iepOS," "we," "us," or "our"). We serve K-12 school districts, special education teachers, case managers, parents, and students.

This Privacy Policy explains how we collect, use, share, and protect information when you access iepOS through our web application or API. Please read it carefully. By using iepOS, you agree to the practices described here.

2. Information We Collect

2.1 Account Information

We collect your name, email address, role (teacher, case manager, parent, etc.), and district affiliation when you create an account or are provisioned by your district.

2.2 Student Education Records

As a platform for special education management, we process student education records — including IEP goals, progress notes, assessment results, and accommodations — on behalf of the school district. This data is subject to FERPA and is controlled by your district, not by iepOS.

2.3 Usage Data

We collect anonymized usage logs (pages visited, feature interactions, error events) to improve product reliability. These logs do not contain student PII.

3. How We Use Your Information

Providing, maintaining, and improving the iepOS platform
Authenticating users and enforcing role-based access controls
Generating AI-assisted progress notes and goal suggestions (human approval required)
Sending transactional emails such as IEP meeting reminders and invitations
Maintaining audit logs required by IDEA and FERPA
Diagnosing technical errors and improving system reliability

We do not use student education records to build advertising profiles, train general-purpose AI models, or sell data to third parties.

4. FERPA

iepOS operates as a "school official" under FERPA with a legitimate educational interest in accessing student records as defined in each district's Data Processing Agreement (DPA). We do not disclose education records to third parties without written district consent, except as permitted by FERPA.

5. Data Retention & Deletion

Student education records are retained for the duration of the district's contract and for up to 90 days after termination, then permanently deleted unless law requires longer retention. You may request deletion of account data by contacting us at the email below.

6. Security

iepOS encrypts all data in transit (TLS 1.2+) and at rest (AES-256). Integration tokens are encrypted with AES-256-GCM before storage. We enforce role-based access controls, audit logging, and multi-tenant data isolation.

7. Children's Privacy (COPPA)

iepOS is not directed to children under 13 as direct users. Student accounts are provisioned by schools or districts under the School Official exception to COPPA. Parents may review, correct, or request deletion of their child's information through their district's data privacy officer or by contacting us directly.

8. Changes to This Policy

We will post changes to this page and update the "Last updated" date. Material changes affecting districts will be communicated by email with at least 30 days' notice.

9. Contact

Questions about this policy? Contact our Privacy Officer at tanis@zldagroup.com.