🔒 Privacy Policy

Last Updated: November 6, 2025

Strux Labs ("we," "us," or "our") provides an educational tool designed to support students and families. We are committed to protecting student privacy and handling all personal information with the utmost care.

This Privacy Policy explains how we collect, use, and protect information in connection with our Service. This policy is primarily directed at the Schools and School Districts ("Schools") that purchase our Service.

1. Our Commitment to Student Privacy: FERPA & COPPA

Our Service is designed for the K-12 school environment. We comply with all applicable federal laws governing student data privacy, including the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).

Under FERPA: We act as a "School Official" on behalf of the School. We are contractually bound to use student data only for the specific educational purpose for which the School has engaged us. We operate under the direct control of the School with respect to the use and maintenance of all "education records."

Under COPPA: Our Service is provided to students for an educational purpose at the direction of their School. The School provides consent on behalf of parents (the "school consent" exception) for us to collect personal information from students under 13. This information is used strictly for this educational purpose and for no other commercial purpose.

Our Core Privacy Pledges:

  • We DO NOT sell or rent student personal information.
  • We DO NOT use student personal information for behavioral targeting or any other form of commercial advertising.
  • We DO NOT build commercial profiles of students.
  • We DO NOT use student personal information for any purpose other than providing and improving the educational Service authorized by the School.
  • We WILL securely destroy or return all student data upon request by the School or at the end of our contract.

2. What Information We Collect

We only collect information that is necessary to provide the core functions of the Service. At the direction of the School, we access and process the following categories of student information via a secure, read-only connection to the School's Learning Management System (LMS) or Student Information System (SIS):

  • Student & Course Information: Student name, course enrollments, course titles, and teacher names.
  • Assignment & Academic Data: Assignment titles, descriptions, due dates, maximum points, and types (e.g., assignment, discussion).
  • Grades & Submissions: Grades, comments, submission status (e.g., submitted, late, missing), and timestamps.
  • Course Materials: Files, documents, and links associated with courses and assignments.
  • Calendar Events: School-related events, test dates, and school holidays.

3. How We Use Information

We use the information listed above only to provide the features of the Service as described to the School. This includes:

  • To power the "Dynamic Planner": Organizing assignments and breaking them into manageable tasks.
  • To populate the "Digital Backpack": Structuring and presenting course materials.
  • To create the "Focus Dashboard" and "Today's Quest": Filtering and displaying daily academic tasks.
  • To inform the "Parent's Cockpit": Providing parents with alerts about missing work and progress updates.
  • To maintain the "Unified Calendar": Aggregating all academic deadlines and events into one view.

4. Third-Party Service Providers

We work with trusted third-party service providers to deliver our educational services. All service providers are contractually bound to protect student privacy and use data only for authorized educational purposes.

Infrastructure & Hosting

  • Cloud Hosting: Secure data storage and application delivery on enterprise-grade infrastructure
  • Database Services: Encrypted PostgreSQL database for secure data storage

Educational AI Services

We use artificial intelligence to enhance the educational experience by analyzing assignment complexity, prioritizing tasks, and generating personalized study recommendations.

  • Anthropic (Claude): Content classification, educational insights, and learning pattern analysis

AI Service Safeguards

All AI providers:

  • Process data under Data Processing Agreements (DPAs) that meet educational privacy standards
  • Use student data ONLY for providing our educational services
  • Do NOT use student data for training AI models
  • Do NOT retain student data beyond session processing
  • Receive only the minimum data necessary (often anonymized)

We require all service providers to maintain FERPA-compliant security measures and sign contracts protecting student privacy.

5. When We Share Student Information

We share student information ONLY in these strictly limited circumstances:

With Your School/District

  • Academic performance data and educational insights
  • Assignment completion tracking
  • Parent engagement metrics
  • At the direction of school administrators

With Parents/Guardians

  • Their own child's educational records
  • Progress reports and recommendations
  • Academic performance insights

As Required by Law

  • In response to valid court orders or subpoenas
  • To comply with legally mandated reporting
  • To protect safety in emergency situations (as permitted by FERPA)

With Service Providers

  • Only as necessary to provide educational services
  • Under strict contractual privacy protections
  • With technical and organizational safeguards

We NEVER:

  • Sell student data to third parties
  • Share data for advertising or marketing purposes
  • Disclose data to data brokers or aggregators
  • Use student data for non-educational purposes

🍪 Understanding Your Privacy Choices

When you first visit Strux Labs, you'll see a privacy consent banner that allows you to control how we use certain technologies. Here's what each option means:

Essential Cookies

These are necessary for the website to function properly. They enable basic features like logging in, navigating pages, and accessing secure areas. These cannot be disabled as the Service would not work without them.

Functional Cookies

These enable enhanced functionality and personalization, such as remembering your preferences, settings, and display options. Disabling these may limit some features of the Service.

Analytics Cookies

These help us understand how you use the platform so we can improve the learning experience. We track things like which features are most helpful, how long students engage with content, and where they might be getting stuck. This data is used only for educational improvement and is never shared for commercial purposes.

Performance Cookies

These monitor site performance and loading times to ensure optimal user experience. They help us identify technical issues like slow page loads or errors so we can fix them quickly.

Error Tracking

This helps us identify and fix bugs by reporting errors that occur during your session. When enabled, we receive automated reports when something goes wrong, which helps us improve the reliability of the Service.

Important: Your choices apply only to non-essential tracking technologies. We still collect the educational data described in Section 2 above as necessary to provide the Service, regardless of your cookie preferences. You can change your preferences at any time by clicking the privacy settings link in the footer.

6. How We Protect Information

We take data security seriously and have implemented robust technical and organizational safeguards to protect the student information we process. These measures include:

  • Encryption: All data is encrypted in transit (using HTTPS/TLS) and at rest (using AES-128 field-level encryption with PBKDF2 key derivation).
  • Access Control: We implement strict role-based access controls (RBAC) and the principle of least privilege. Access to student data is limited to only those employees who require it to perform their job functions.
  • Authentication: All administrative access to production systems is protected by multi-factor authentication (MFA).
  • Audit Logging: We maintain comprehensive, tamper-proof audit logs (with SHA-256 checksums) that track all access to student data for FERPA compliance.
  • Employee Training: All employees with potential access to student data receive regular training on security best practices and the legal requirements of FERPA and COPPA.
  • Incident Response: We maintain a formal Incident Response Plan to promptly address any potential data breach.

7. Data Retention and Deletion

We retain student personal information only as long as necessary to provide the Service to the School or as otherwise directed by the School.

Retention Periods

  • Active Students: Account information retained for duration of enrollment plus 1 year
  • Academic Records: Current school year plus 2 years for historical comparison
  • Assignment Data: Current semester plus 1 year for progress tracking
  • Analytics Data: Current school year only
  • AI Analysis Results: 30 days for immediate educational purposes
  • Audit Logs: 5 years for FERPA compliance (20 USC 1232g)

End of Contract

When our contract with a School ends, we will securely delete or return all student personal information in our systems within 30 days, in accordance with our agreement with that School. We provide deletion certificates upon request.

8. Your Rights: Access, Correction, and Deletion

Parents and eligible students (18 years or older) have important rights regarding their educational records under FERPA.

Access Your Data

  • View all educational records we maintain
  • Download your data in machine-readable formats (JSON, CSV, PDF)
  • Request access: privacy@thestruxlab.io

Correct Inaccurate Information

  • Request correction of errors in educational records
  • Schools make final determination on academic records
  • Timeline: 10 business days for review

Delete Your Data

  • Request deletion of your account and all associated data
  • Timeline: 30 days for complete deletion
  • Note: Some data may be retained as required by law or school policy
  • Request: deletion@thestruxlab.io

Restrict Processing

  • Disable AI analysis features
  • Opt out of optional data collection
  • Limit data sharing (where permitted by school)

As we are acting as a "School Official," parents should contact their child's School to exercise these rights. We will fully cooperate with any request the School provides to us.

9. Security Incident Response

In the unlikely event of a data security incident affecting student information, we are committed to transparency and prompt action.

We Will:

  • Investigate and contain the incident immediately
  • Notify affected schools within 48 hours of discovery
  • Notify affected parents/students within 72 hours
  • Provide details on what data was affected
  • Explain steps we're taking to prevent future incidents
  • Offer support services (credit monitoring if appropriate)

You Will Be Notified:

  • By email to your registered address
  • Through your school/district (if applicable)
  • Via notice on our website

Contact for Security Concerns:

Security Team: security@thestruxlab.io
Privacy Officer: privacy@thestruxlab.io

10. Legal Framework & Compliance

FERPA Compliance

This service complies with the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99), which protects the privacy of student education records.

School Official Exception

We operate under the "School Official" exception to FERPA, meaning:

  • We have a legitimate educational interest in student records
  • We use data only for authorized educational purposes
  • We maintain the same privacy standards as your school
  • We do not re-disclose data without consent or legal authority

COPPA Compliance

For students under 13, we comply with the Children's Online Privacy Protection Act (15 U.S.C. § 6501). Schools provide consent on behalf of students under the "school official" exception.

State Privacy Laws

We also comply with applicable state student privacy laws, including but not limited to:

  • California: AB 1584, SB 1177 (Student Online Personal Information Protection Act - SOPIPA)
  • New York: Education Law § 2-d
  • Other state-specific educational privacy requirements

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. If we make material changes, we will notify the Schools we partner with so they can provide notice to parents and students as they deem appropriate.

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.

12. Contact Us

Questions About Privacy?

If you have any questions about this Privacy Policy, please contact us at:

Strux Labs

Email: privacy@thestruxlab.io

arrow_back Back to Home