ePrescience Compliance Policies

Children’s Privacy (COPPA)

We provide a “Safe Zone” for students under 13. We do not track children, we do not sell their data, and we require a “Verified Parent” to unlock the account.

  • The Neutral Age Gate: We use a non-biased age screen at entry. We do not store birthdates for minors; we simply flag the account for enhanced protection.
  • Verifiable Parental Consent (VPC): In compliance with 2026 FTC rules, parents must verify their identity via Facial Liveness Check (biometric data is purged immediately) or Credit Card Authorization before a child can access AI analytics or community features.
  • Data Minimization: Minor accounts are blocked from sharing geolocation or phone numbers. AI insights for minors are “Contextual Only,” meaning we do not build long-term behavioral profiles of children.
  • Your Rights: Parents may review, delete, or revoke consent at any time by contacting compliance@eprescience.com.

School & Student Privacy (FERPA)

ePrescience acts as a digital extension of the classroom. We protect student records as “School Officials” and never use student data for commercial gain.

  • Legal Status: ePrescience complies with FERPA by operating under the “School Official” exception. We remain under the “Direct Control” of the school or district regarding the use of education records.
  • No Commercial Use: Student data is used exclusively for educational purposes. We strictly prohibit the use of student PII for targeted advertising or the creation of consumer profiles.
  • Data Ownership: All student-generated content (notes, study sets, analytics) remains the property of the student or the educational institution.
  • Security & Deletion: We use 256-bit encryption for student records. Upon contract termination, all school-linked data is permanently destroyed within 30 days.

International Privacy (GDPR/UK GDPR)

    For our users in Europe and the UK, we respect your “Right to be Forgotten” and ensure your data is handled under strict EU-approved safeguards.

  • Legal Basis: We process data for Contractual Necessity (to provide our service) and Explicit Consent (for AI-driven predictive analytics).
  • International Transfers: Data is transferred to our secure U.S. servers under the EU-U.S. Data Privacy Framework (DPF) and Standard Contractual Clauses (SCCs), ensuring a level of protection equivalent to EU standards.
  • Your Rights: You have the right to access your data, rectify errors, or exercise your Right to Erasure (deletion) at any time. We respond to all “Data Subject Access Requests” (DSARs) within 30 days.
  • Data Controller: ePrescience is the Data Controller. Our Data Protection Officer can be reached at compliance@eprescience.com.

California Privacy (CCPA/CPRA)

California residents have the right to know what data we collect, the right to opt-out of data sharing, and the right to limit the use of sensitive information.

  • Notice at Collection: In the past 12 months, we have collected: Identifiers (Name/Apple ID), Educational Activity, and Inferences (AI-generated learning styles).
  • No Sale or Sharing: We do not sell your personal information. We do not “share” data for cross-contextual behavioral advertising.
  • Sensitive Personal Information (SPI): We only use sensitive data (like account logins) to provide the ePrescience service. You have the right to “Limit the Use of My Sensitive PII” via your account settings.
  • Global Privacy Control: Our website and app are configured to automatically honor GPC signals (opt-out signals) sent from your browser or device.

The Apple Privacy Baseline

Note on Infrastructure:
ePrescience utilizes Apple’s on-device privacy protections, including App Tracking Transparency (ATT) and Sign-In with Apple. These independent policies (COPPA, FERPA, GDPR, CCPA) govern the data once it is transmitted to ePrescience’s secure cloud servers for AI processing and synchronization.