SigIQ.ai Privacy Policy (FERPA & COPPA Compliant)

SigIQ.ai Privacy Policy (FERPA & COPPA Compliant)

Introduction

Privacy Policy

SigIQ.ai (“we”, “us”, or “our”) operates the EverTutor Live platform, an AI-driven tutoring service. EverTutor Live delivers interactive tutoring sessions, each called an “EverLesson,” designed primarily for K–12 students and educational institutions.

For the purposes of this Privacy Policy, “User” (“you”, “your”) refers to any individual or entity that accesses or uses our Services, including schools, teachers, parents, and students.

We are committed to protecting the privacy of all Users, especially students and children. We prioritize safety and compliance with applicable privacy laws. This Privacy Policy explains how SigIQ.ai collects, uses, and discloses personal information when you use EverTutor Live or visit our websites (collectively, our “Services”).

It also describes our practices for complying with the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA), among other laws, to safeguard student data. The categories of data we collect and how we use it may vary depending on your role and interaction with our Services (for example, as a school, teacher, parent, student, or other User).

  • Students, parents, or guardians using EverTutor Live through a school or teacher: Please see the Student Data and Children’s Privacy section of this Policy, which details how we handle student personal information in compliance with FERPA and COPPA.

  • Educational institutions (schools or districts) using EverTutor Live: Our collection and use of Student Data is also governed by our agreements with you (such as any Student Data Privacy Addendum), which incorporate the protections described in this Policy.

    By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

Information We Collect

We only collect the personal information necessary to provide and improve our Services. The types of information we may collect include:

Information Collected Automatically (Technical Data): When you visit our website or use EverTutor Live, our servers automatically log certain technical information. This includes your device’s Internet Protocol (IP) address, browser type, operating system, device identifiers, the date/time of your visit, and pages or features you accessed. We collect this data to monitor usage and performance of our Services. Unless you create an account or submit personal information, this technical data is not used to identify you by name or contact details. It is stored in log files and used in aggregate form (e.g., to analyze overall traffic and usage trends) so that it cannot reasonably be used to identify any individual.

  • Cookies and Tracking Technologies: Like most online services, we use cookies, web beacons, and similar technologies to improve your experience. Cookies are small text files placed on your device. We use cookies for purposes such as:

  • Strictly Necessary Cookies: To enable core site functionality (e.g., logging in, setting your preferences). Our site cannot function properly without these cookies, so you cannot opt-out of them.

  • Performance/Analytics Cookies: To count visits and traffic sources, understand which pages or features are most popular, and see how users move through our site. The information collected is aggregated and anonymous. Disabling these cookies may impair our ability to improve the Service.

  • Functional Cookies: To remember your preferences and enhance your experience (e.g., retaining a preferred language or showing personalized content such as tutorial videos). If you disable these cookies, some features of the Services may not function as intended.

You can control or delete cookies through your browser settings. However, note that if you disable all cookies, some parts of our Services (like EverTutor Live login or EverLesson features) may not work properly. We do not use cookies or tracking technologies for advertising purposes, and no third-party marketing cookies are used on student-facing portions of our Services. We also do not allow third parties to collect data about our users for their own advertising or profiling purposes through our Services.

  • Analytics Data: We may use third-party analytics tools (such as Google Analytics, MixPanel, PostHog and other such similar analytics tools) to gather information about how users interact with our website and app. These tools collect information like your IP address, browser type, pages visited, and time spent, which helps us understand usage patterns and improve our Services. We use User data for diagnostics and analysis to improve the quality, reliability, and effectiveness of our Services. Some analytics data is collected in aggregate or de-identified form to help us understand overall trends (for example, average time spent on EverTutor Live lessons to optimize content delivery). In certain cases, analytics data may be linked to identifiable User accounts in order to troubleshoot issues, ensure platform security, or personalize the learning experience. We configure these analytics providers to use data solely for our analytics purposes and not for their own use.If you prefer to opt out of Google Analytics, Google provides a browser add-on for that purpose.

  • Information You Provide to Us: You can enjoy some aspects of our website without creating an account, but certain Services (like participating in EverTutor Live sessions or accessing EverLessons) require an account or input from you. When you choose to register or interact with our Services, we may ask for certain personal information, including:

    • Account Registration: If you sign up as a teacher or school staff, we will collect your name, email address, school or organization name, role/title, and possibly your phone number and location (e.g., city, state) for account setup. If you create a student account, we may collect the student’s name, grade level or age (to validate COPPA requirements), a username or student ID, and an access code or class identifier linking the student to their school/teacher. Students are not necessarily required to provide an email address for using the student features; accounts for students may be created using class codes or by the teacher on the student’s behalf. You will also create a password or use a Single Sign-On (SSO) method provided by the school (if applicable).

    • Profile Information: We may allow users to provide additional profile details (for example, a profile picture, biography, or display name). For student users, such profile fields are minimal and controlled by the educational institution – we do not require you or encourage students to post extensive personal details. Any profile images or information for students are generally visible only to their teachers or classmates within a closed school group, not accessible publicly to the internet.

    • Communications: If you contact us (e.g., for support, feedback, or job inquiries), we will collect your name, contact information (like email), and the content of your message. If you subscribe to a newsletter or request information about our Services, we will collect your email and any preferences to send you those communications (you can opt out at any time).

    • EverLesson Content and User Submissions: In the course of using EverTutor Live, teachers and students may submit content that could include personal information. For example, a teacher might upload lesson materials or assignments, and students might input responses, or even audio/video during a live tutoring session. We refer to these instructional interactions as “EverLessons.” We collect and store the content of EverLessons (such as chat transcripts, problem solutions, or any other files and submitted artifacts) to provide the Service – for instance, to allow students and teachers to review past tutoring sessions, or to improve the AI tutor’s contextual understanding for that session. Important: EverLesson content could contain Student (defined below) and is treated as highly confidential. We use such content only to operate and improve the educational Services and never for advertising purposes. If an EverLesson involves real-time features like screen sharing or audio/video chat, those streams are not used for any purpose other than the live session itself, unless explicitly stated and agreed (for example, a teacher enabling a recording feature for later review, in accordance with school policy).

We strive to minimize the personal data we collect. We only ask for information that is reasonably necessary to fulfill the purpose of your interaction with SigIQ.ai. You may choose not to provide optional information (for instance, you can use the Service without uploading a profile photo). However, some features (like creating an account or participating in an EverLesson) will be unavailable if required information is not provided.

  • Payment Information: Currently, EverTutor Live is offered to schools and users either free of charge or via institutional subscriptions. If in the future we enable paid features or direct purchases, any payment transactions will be processed by a secure third-party payment processor. We would not store your full credit card information on our systems; instead, such information would be handled by the payment provider in compliance with Payment Card Industry (PCI) security standards. We will update this Privacy Policy to reflect any changes if payment data collection becomes applicable.

How We Use Your Information

In general, we use the collected information to operate, maintain, and improve our Services, to support educational use, and to communicate with you. More specifically, SigIQ.ai may use your personal information for the following purposes (and similar purposes as permitted by applicable law):

  • Providing and Personalizing the Services: To create and manage user accounts, authenticate users (allow you to log in), and provide the features and content of EverTutor Live. For example, we may use Student Data (like past EverLesson performance) to personalize the tutoring experience and tailor practice questions to the student’s needs. We may also use information about your use of the Services to improve our AI tutor models and content, but in an aggregate or de-identified manner whenever possible (we do not use any personally identifiable student data to train ourAI models).

  • Facilitating Communication: To send important administrative communications such as welcome emails, account confirmations, and technical or security alerts. We will also respond to your inquiries and support requests using your contact information. If you are a teacher or school administrator, we might send you information about new features or tips for using EverTutor Live. We only send promotional or newsletter emails to the extent you have signed up for them or as permitted by law, and you can opt out as described in the “Your Choices” section.

  • Ensuring Safety and Integrity: To monitor, detect, and prevent fraud or security issues. For instance, we may use technical data (IP addresses, logs) to protect against suspicious or malicious activity on our platform. We also may review content (including Student Data) strictly for compliance with our Terms of Service and this Policy – for example, to filter out abusive messages or ensure content is used for educational purposes. Automated tools or our staff may do such monitoring. In educational settings, teachers may also have access to monitor student activity within EverTutor Live.

  • Improving and Innovating: To analyze usage trends and feedback in order to refine our Services and develop new educational features. For example, usage data and aggregated student performance data can help us understand which EverLessons are most effective. This analysis helps us improve the curriculum, user interface, and AI tutor algorithms. Whenever feasible, we use de-identified or aggregated data for these purposes. We may publicly share aggregated insights (e.g., “students collectively solved 100,000 math problems on EverTutor this month”) to highlight usage trends, but we do not publicly disclose any personal information of users in doing so. All customer data is encrypted during transmission and at rest with strong industry-standard encryption (e.g., TLS for data in transit and AES-256 for stored data) to protect it while we use it for these purposes.

  • Compliance with Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests. For instance, we may need to use and disclose information in response to valid legal process (subpoenas or court orders) or to fulfill our duties under privacy laws (such as honoring opt-out preferences or data access requests as required by law).

  • Protection of Rights and Interests: We may use or disclose personal information where necessary to enforce our Terms of Service or other agreements, investigate and address potential violations, and protect the rights, property, or safety of SigIQ.ai, our Users, or others. This may include detecting and responding to security incidents or preventing misuse of the Services.

We will not use personal information for purposes other than those described in this Policy without your consent. We may, however, use anonymized or aggregated information that no longer identifies you to conduct research, improve educational outcomes, or demonstrate the effectiveness of our Services. If we need to use your personal information for a new purpose not originally outlined, we will notify you and, where required, obtain your consent.

Third-Party Services and Data Sharing

To provide the EverTutor Live service effectively, we rely on certain trusted third-party service providers. We carefully select these providers and require them to use personal information only as needed to provide their services to us, and not for their own purposes. Below we describe the categories of third parties we work with and how we protect your data in those contexts:

  • Hosting and Infrastructure Providers: Our websites and EverTutor Live platform are hosted on secure cloud servers (for example, reputable cloud providers like AWS or Azure). These providers store and transmit data on our behalf. All personal data (including Student Data) is stored in encrypted form and our cloud providers are contractually prohibited from accessing or using it for any purpose other than cloud storage and computing tasks as directed by SigIQ.ai.

  • Analytics Providers: As noted, we use analytics tools (e.g., Google Analytics, PostHog, MixPanel or similar) to collect usage data. These tools may set their own cookies or tracking identifiers on our site. However, we configure them so they do not collect any personal user identities . They provide us aggregate information only (such as total page views, or time spent on a lesson). Analytics providers are not allowed to use the data for profiling individual users or for advertising. For example, Google Analytics data sharing is disabled in our configuration, and we abide by the Google API Services User Data Policy (including its “Limited Use” requirements for any Google Integrated services we might use) to ensure your data from any Google connection is not misused.

  • AI Service Providers: EverTutor Live uses cutting-edge Generative AI to power our one-on-one tutoring sessions. To deliver these AI features, our systems may interact with third-party AI platforms via their Application Programming Interfaces (APIs). For instance, we may send a student’s question or an EverLesson prompt to an AI language model (from providers such as OpenAI, Anthropic, or others) to generate a helpful solution or explanation. We prioritize data security and privacy in these AI integrations. We do not share any more personal data than is necessary for the AI to function (typically just the academic content of a query or essay response). Our agreements with AI providers forbid them from using any of our data to train their general models or to improve their services outside of serving our account. Data sent through these AI APIs is not retained by the providers beyond a short window needed for technical monitoring: for example, OpenAI’s policy (as of 2025) is to retain API data for 30 days solely to monitor for abuse/misuse, after which it is deleted[1][2]. We maintain an up-to-date list of the AI vendors and subprocessors we use in our Data Protection Addendum (available upon request or on our website), and we ensure each vendor is also committed to student privacy. In short, any AI or machine learning vendor we utilize will treat your data with confidentiality and only use it to provide services to SigIQ.ai, not for their own product development.

  • Other Third-Party Tools: SigIQ.ai may integrate additional educational technology tools or single sign-on services at your or your school’s request (for example, Google Classroom, Clever, or similar services for rostering and login). When we do so, it is for the convenience of our users and with your authorization. Any information received through such integrations will be treated in line with this Privacy Policy and, where applicable, the privacy policy of the third-party tool. We do not allow these third parties to use your personal information except as needed to provide the integrated service. For instance, if a school uses Google Classroom to roster students into EverTutor, we receive student names and emails from Google solely to create accounts, and we do not share any more student data back with Google than necessary for the login function.

  • Service Providers (Processors): In addition to the above, we use other vendors to support operations – such as email delivery services, customer support software, data backup services, or payment processors (if payments are enabled). These providers act under our instructions to process your information on our behalf and for no other purpose. We vet our service providers for strong security practices and require them to sign confidentiality and data protection agreements. A list of key subprocessors (critical service providers with access to personal data) is available in our Data Protection Addendum or upon request. We will update that list as needed and give notice if we make material changes to our data-sharing practices.

No Advertising or Marketing Use by Third Parties: SigIQ.ai does not share your personal information with advertisers or marketing companies. We do not permit any third-party advertising networks to collect information about users through our Services. In particular, Student Data is never used for targeted advertising (on or off our platform), and we do not allow vendors to profile students for marketing. All third parties who might come in contact with any personal data (especially student data) are contractually restricted to using it only to provide their services to us and for no other purposes.

Personalized Advertising

We do not engage in personalized advertising on EverTutor Live or any of our Services. “Personalized advertising” means ads tailored to an individual based on their personal information, online behavior, or profile. SigIQ.ai does not show ads in the EverTutor Live platform, and we do not use data collected from students or any users to create marketing profiles or target ads on other sites. We are firmly committed to an ad-free learning environment in compliance with laws like COPPA and California’s student privacy laws that prohibit using student data for marketing.

Automated Decision-Making

SigIQ.ai does not use your personal information to carry out any automated decision-making or profiling that produces legal or similarly significant effects on you. In other words, we do not make important decisions about you purely by algorithms without human involvement. The AI tutor in EverTutor Live may provide individualized lesson content or feedback, but these automated processes do not negatively affect your rights or opportunities – they are intended to help and personalize learning. We do not profile users in any way that would impact things like eligibility for employment, credit, insurance, or other legal effects. If this policy changes in the future, we will update you and ensure any such use complies with applicable law.

How We Share or Disclose Information

We understand that your personal information is important, and we are not in the business of selling it to others. We only share information in a few select circumstances, outlined below, and we always do so in accordance with this Privacy Policy and applicable laws (such as FERPA, COPPA, and privacy laws in your state):

  • With Service Providers (“Operators” or “Processors”): We may share personal information with our trusted third-party service providers that perform certain functions on our behalf, as described in the Third-Party Services section above. For example, we may store data on cloud hosting providers, use communication tools to send emails or support messages, or use analytics services to understand product usage. In all cases, these providers act under our direction, and we share only the data necessary for them to carry out their services. They are bound by contractual obligations to keep the information confidential and use it only for the purposes we specify. These service providers do not have any independent right to use or disclose your information, and they must adhere to privacy and security practices no less protective than our own. If a service provider can no longer meet these obligations, we will take steps to discontinue or replace their services.

  • With School or District (for Student Data): If you are a student using EverTutor Live through your school, the educational institution (and/or the teacher) overseeing your use has access to the personal information and content you provide. For example, a teacher can view a student’s EverLesson submissions, performance data, or account profile. The school may also receive analytics or reports about student usage and progress. We consider the school (or district) to be the primary owner of Student Data on behalf of the student (and their parent/guardian). We only share Student Data with the specific school or educator that is authorized to access that data, in order to support the educational use. We do not share a student’s personal data with other schools or parties except as directed by the school or as legally required. (For instance, we would never make student work publicly visible or share it with another school without permission.)

  • For Legal Reasons (Law Enforcement or Safety): We may disclose personal information if we in good faith believe that such action is necessary to:

    • Comply with a legal obligation or respond to lawful requests from public authorities (such as a court order, subpoena, or government demand). If a law enforcement authority demands student records, we will attempt to redirect the request to the school and will only comply directly if required by law, in line with FERPA’s requirements.

    • Enforce our Terms of Service, investigate and defend ourselves against any third-party claims or allegations, or protect the security or integrity of our Services.

    • Protect the rights, property, or personal safety of SigIQ.ai, our users, students, or the public. For example, if we detect content that indicates an imminent threat of harm, we might notify appropriate authorities or the school, consistent with applicable laws and our contractual obligations.

We will make reasonable efforts to limit the scope of data disclosed and will object to overly broad requests when appropriate. Unless legally prohibited or there is an urgent security concern, we strive to notify the affected user or school before disclosing their information in response to legal demands.

  • Business Transfers: If SigIQ.ai is involved in a merger, acquisition, financing due diligence, restructuring, bankruptcy, receivership, sale of company assets, or other corporate change, personal information may be transferred to a successor or affiliate as part of that transaction. We would only do this subject to assurances that the information will remain protected consistent with this Privacy Policy. In such an event, we will provide notice (for example, via email and/or a prominent notice on our website) of any change in ownership or new uses of your personal information, as well as any choices you may have regarding your personal information. If you, as a school or parent, do not wish to continue with the Services under new ownership, you may request the deletion of Student Data as described in the “Your Rights” section. Even in the event of a business transfer, we will not sell student personal information or any personal data in a way that violates applicable laws. If our company is ever acquired, the successor would be bound to the same strict obligations for Student Data unless you give consent to any new privacy policy.

  • With Your Consent: We will share your personal information with third parties other than our service providers only if you (or, for students, your parent or school) have given us explicit consent to do so. For instance, if a school requests us to integrate EverTutor with another educational app and to exchange data, we will do so only with proper authorization and for the benefit of the educational program. Another example might be if you choose to participate in a public forum, contest, or testimonial and explicitly agree to share your information for that purpose. In such cases, we will clarify what information will be shared and with whom, and we will respect your decision.

Except for the limited sharing described above, we do not disclose your personal information to any third parties. This includes that we do not trade, rent, or sell your information. Student Data in particular is treated as highly confidential and is not disclosed beyond the school or parties authorized by the school, in accordance with FERPA and other student privacy laws.

Data Security

We are committed to protecting the security of your personal information. SigIQ.ai employs a combination of administrative, technical, and physical safeguards designed to guard data against unauthorized access or disclosure. These include but are not limited to:

  • Encryption: All data exchanged with our Services is encrypted in transit using Secure Sockets Layer (SSL)/Transport Layer Security (TLS). This means that when you log in, enter information, or use EverTutor Live, the data is encrypted so it cannot be intercepted and viewed. Additionally, personal data (including any Student Data and EverLesson content) is encrypted at rest on our servers (we utilize strong encryption standards such as AES-256 for data storage).

  • Access Controls: We limit access to personal data to authorized personnel who need it to perform their job duties (for example, customer support personnel or engineers addressing a specific issue). Each authorized person has unique credentials. For Student Data, we have stricter controls: only a small number of personnel with special clearance can access raw Student Data, and only for permitted purposes (like troubleshooting a support request from a teacher, with the school’s permission).

  • Secure Infrastructure: Our servers are hosted in facilities with robust security measures (such as 24/7 monitoring, biometric access controls, fire suppression, and redundant power). We regularly update and patch our software and systems to address security vulnerabilities. We also use firewalls and network segmentation to protect our internal networks.

  • Testing and Assessments: We periodically review our security procedures and depending on the implementation, employ third-party security experts to perform penetration tests or security assessments on our environment. We also have an incident response plan in place (see below) to handle any security incidents swiftly and effectively.

  • Data Minimization and Retention: By minimizing the amount of personal data we collect and storing it only as long as necessary (see “Data Retention” below), we reduce the risk associated with data breaches. For example, if you request deletion of your account or if a school terminates its contract, we will securely delete or de-identify the personal data associated with that account after fulfilling any legal retention obligations within 180 days of the contract change.

Despite our efforts to protect information, no security method is 100% perfect. Therefore, we cannot guarantee absolute security of data. However, we will continuously update our safeguards as new security technologies and practices emerge, and we will promptly inform users and authorities as required by law if any data breach occurs that may compromise your privacy. We also strongly encourage you to help protect the security of your account: keep your password confidential and do not share it. If you believe your account has been compromised, please contact us immediately.

Student Data and Children's Privacy (FERPA & COPPA Compliance)

Protecting the privacy of students and children is important for SigIQ.ai. We recognize the sensitive nature of student personal information and we strictly limit how we collect, use, and share Student Data. In this section, “Student Data” means personally identifiable information (PII) that is directly related to a student (or child) and is provided to or collected by SigIQ.ai through a school, teacher, parent, or student using our Services for educational purposes. Student Data is generally part of the student’s “education records” as defined by FERPA, and may also be considered personal information under COPPA if the student is under 13. We handle Student Data in accordance with all applicable federal and state student privacy laws:

  • SigIQ.ai as a School Official (FERPA): When a K-12 school or teacher uses EverTutor Live for classroom or educational purposes and shares student information with us, we consider ourselves a “school official” acting on behalf of that educational institution. This means any Student Data we receive is under the control of the school and used only for the school’s purposes, to deliver the EverTutor educational services. We agree to abide by the limits imposed by the Family Educational Rights and Privacy Act (FERPA) and its implementing regulations. Specifically, we:

  • Use Student Data only for the purposes authorized by the school – namely, to provide and improve the educational Services. We do not use or disclose Student Data for our own commercial purposes or any other purpose beyond what the school has authorized.

  • Do not allow any unauthorized third party to access Student Data, except as allowed in this Policy (such as the student’s own teacher or our authorized service providers acting under strict obligations).

  • Operate under the school’s official exception of FERPA’s consent requirement. Under FERPA, a school may disclose education records to a contractor like SigIQ.ai without parental consent if the contractor is performing an institutional service or function for which the school would otherwise use its own employees, is under the school’s direct control with respect to use of the data, and is subject to FERPA’s requirements regarding the use and re-disclosure of education records. SigIQ.ai fulfills these conditions. We have signed agreements or terms of service with schools that specify our obligations to protect Student Data. We do not re-disclose student education records except as directed by the school or as legally required (in accordance with FERPA).

  • Assist schools in fulfilling their FERPA obligations. For example, if a parent or eligible student requests access to or correction of the student’s education records that we store, we will help the school provide the requested access or make the correction (see “Your Rights” below). We acknowledge that FERPA gives parents (and students 18 or older) the right to access their education records and request amendments for inaccuracies[5][6]. We cooperate with our school partners to ensure compliance with FERPA’s requirements.

  • Do not retain Student Data longer than necessary. The default rule is that Student Data is retained for as long as an account is active or as needed to provide the Services, and then it is deleted or de-identified within 180 days of the account deletion request. If a school terminates its use of EverTutor Live, or upon a school’s written request, we will delete or return the Student Data we have for that school within 180 days of the request, after allowing the school to retrieve a copy, except to the extent we are required by law to retain it or for legitimate business purposes like disaster recovery backups. We do not mine Student Data for any purposes other than those authorized (no commercial data mining, no selling lists of students, etc.). In short, SigIQ.ai does not own or control Student Data – such data is owned and controlled by the student’s educational institution or the student/parent. We are a trusted custodian acting on the school’s behalf.

  • Children’s Online Privacy Protection Act (COPPA): We comply with COPPA, which is the federal law that protects the privacy of children under 13 in online services. Our Services are primarily provided to schools and educators for educational use. We do not knowingly collect personal information from children under the age of 13 unless and until a school or parent has authorized us to do so. In practical terms, this is how we handle COPPA:

  • School Consent in Lieu of Parent: In the context of school use, the Federal Trade Commission (FTC) allows schools to act as agents of the parent to provide consent for the online collection of students’ personal information, when the service is used solely for the benefit of students and the school for educational purposes[1]. SigIQ.ai relies on this “school consent” provision. This means that if a teacher or school agrees to use EverTutor Live in the classroom and to our terms, we presume that the school has obtained the necessary parental consent or is otherwise authorized to consent on behalf of parents for us to collect students’ personal data for the educational context. We only collect what is necessary for the educational activity (for example, a student’s name and work, but not extraneous details). We use that data only for providing the Service – no marketing or advertising – as described throughout this Policy.

  • Direct Parental Consent for Non-School Users: If a child under 13 seeks to use our Service in a context not involving a school (for example, a parent signing up their child at home for a tutoring account), we will require verifiable parental consent before collecting personal information from that child. We may do this by asking for the parent’s email to send a consent form, or by other verifiable consent methods allowed under COPPA. If such consent is not provided, we will not create an account for the child. However, in general, our EverTutor Live product for K-12 is intended to be accessed in partnership with schools or with direct parent involvement – children are not supposed to sign up on their own.

  • No Conditioning & Minimal Data: We do not condition a child’s participation in an activity (e.g., being able to use an EverLesson) on providing more personal information than is reasonably necessary for that activity. For example, to partake in an EverTutor session, a student might only need to provide a first name, grade level, and an access code from their teacher – we wouldn’t suddenly require a child’s phone number or photo unless it was essential for the educational service (which it is not). We strive to collect the minimal data needed from children.

  • Parental Rights Under COPPA: If you are a parent or guardian and your child under 13 is using EverTutor Live (with your consent or the school’s consent), you have the right to review the personal information we have collected about your child, have it deleted, and refuse to permit further collection or use of the child’s information. We strongly encourage parents to work with their child’s school or teacher to obtain any educational records or to make such requests (since the school may have additional context or copies of the data). However, you may also contact us directly at mangalam@sigiq.ai with such requests. If we receive a verifiable request from a parent for access to or deletion of a child’s information, we will first notify the school (if the data was collected in a school context) to ensure there is no conflict with school preferences or legal obligations, then assist in fulfilling the request in a reasonable time frame. For example, COPPA requires that we give parents the ability to review their child’s personal information, have it deleted, and cease further collection upon request[8][2]. We honor these requirements.

  • No Marketing to Children & No Third-Party Disclosure: We do not share children’s personal information with third parties for any purpose unrelated to providing the educational service. Specifically, we never share a child’s data for advertising or create any kind of marketing profile of a child. We also do not publicly disclose or display a child’s personal information. Within EverTutor Live, a student’s name or work might be visible to their teacher or classmates in the same virtual class, but it is not visible to others on the internet. We do not allow students to make their profiles or EverLesson content public via our platform.

  • COPPA Safe Harbor and Certifications: SigIQ.ai is dedicated to maintaining the highest standards of children’s privacy. We adhere to industry best practices and are exploring participation in recognized COPPA Safe Harbor programs (such as iKeepSafe or PRIVO) to regularly audit and certify our compliance. We will update this Policy if we join any such programs.

If you are a parent and have questions about your child’s use of EverTutor Live, we encourage you to contact your child’s teacher or school (since they have set up the account) as a first step. You can also reach out to us at mangalam@sigiq.ai and we will be happy to assist in accordance with our obligations. We take children’s privacy seriously and welcome feedback on how to improve our practices.

Your Choices and Rights

We believe it’s important that you have control over your personal information. Depending on who you are (e.g., a teacher, a student, a parent, or a general website visitor) and where you live, you may have certain rights regarding the personal data we hold about you. Below, we outline the choices you have in using our Services and the legal rights you may exercise. We will not discriminate against you for exercising any privacy rights.

  • Accessing and Updating Account Information: If you have an EverTutor account, you can log in and access or update certain profile information directly. For example, teachers can update their contact information or password in their account settings. Students (or their teachers on their behalf) can correct their name, reset passwords, or update other account details through the platform’s account management tools. Keeping your information accurate and up-to-date helps us serve you better, so we encourage you to correct any inaccuracies. If you encounter any issues updating your information, please contact us for help.

  • Opt-Out of Marketing Communications: If you signed up to receive our newsletter or promotional emails and no longer wish to receive them, you can opt out at any time. Simply click the “unsubscribe” link at the bottom of any marketing email, or adjust your email preferences in your account settings (if available). You may also request to opt out by contacting us at mangalam@sigiq.ai. Please note that even if you opt out of promotional emails, we may still send you transactional or administrative messages that are important for using the Service (for example, password reset emails, important updates about the Service, or notices about this Privacy Policy).

  • Device and Cookie Choices: As discussed in the Cookies section, you can control or delete cookies through your browser settings. If you do not want analytics information collected, you might consider using browser-based privacy tools or opt-out mechanisms provided by analytics services. For mobile apps, you can usually reset or limit ad tracking via your device settings (though we do not currently serve ads or use cross-app advertising trackers in our product). Additionally, modern web browsers offer a “Do Not Track” (DNT) signal. However, note that our website does not respond to DNT signals at this time because there is no consistent industry standard for compliance. Since we do not track users across third-party sites, our practice is essentially unchanged by DNT (we already minimize tracking to what’s described here).

  • Privacy Rights for Specific Regions: Privacy laws in certain jurisdictions (such as California, Virginia, Colorado, the European Union, United Kingdom, etc.) provide individuals with specific rights regarding their personal data. These rights may include:

  • Right to Know/Access: You may have the right to request confirmation that we are processing your personal information and to obtain a copy of the personal information we have about you, as well as supplementary details about how and why we process your data.

  • Right to Correct: You may have the right to request that we correct or rectify any inaccurate personal information we hold about you.

  • Right to Delete: You may have the right to request deletion or erasure of your personal information, subject to certain exceptions (for example, we might need to retain certain data to comply with a legal obligation, or if the data is necessary to complete the transaction you entered into, such as completing educational services for which it was provided).

  • Right to Data Portability: For certain data, you may request a copy in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another service where technically feasible.

  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” of your personal information or the sharing of your personal information for targeted advertising purposes. However, SigIQ.ai does not sell personal information to third parties (and certainly not Student Data), nor do we share it for behavioral advertising, so there is no need to opt out in that sense. We also do not use your data for any “profiling” in furtherance of decisions that produce legal or similarly significant effects.

  • Right to Non-Discrimination: We will not deny you service, charge you a different price, or provide a different level of quality of service for exercising any privacy rights you have under law. We do not retaliate or discriminate against individuals who exercise their rights.

To exercise any applicable rights, you (or an authorized agent acting on your behalf) can contact us at mangalam@sigiq.ai with your request. We will need to verify your identity (and, if applicable, authorization of the agent) before fulfilling the request. Verification may involve confirming control of your email or having you log into your account, or for more sensitive requests, providing additional information. We will only use the verification data for confirming identity/authority and to log the request.

Special case – Student Data controlled by Schools: If we have collected personal information on behalf of a school (i.e., Student Data as defined above), that data is technically under the school’s control. If you are a parent or student wanting to exercise rights (access, deletion, etc.) regarding Student Data, we respectfully ask that you first direct your request to the appropriate school administrator or teacher. This is because the school is in the best position to verify your identity/relationship and to ensure that fulfilling the request does not conflict with educational record-keeping requirements. We will promptly cooperate with the school to respond to your request. For instance, if a school instructs us to delete a student’s account and data, we will do so. If the school needs us to provide a copy of data for a parent, we will provide it. In any case, you are also welcome to contact us directly at mangalam@sigiq.ai about Student Data requests – if we receive such a direct request, we may coordinate with the school before taking action, to ensure proper authorization, but we will not refuse any reasonable, lawfully made request for access or deletion of Student Data. Our goal is to assist both the school and you (the parent or student) in protecting privacy rights.

  • Data Retention and Deletion: We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. In practice, this means:

  • For general user accounts (teachers, other non-student users), we keep your information while your account is active. If you choose to delete your account or if your account has been inactive for an extended period, we will delete or anonymize your personal information in accordance with our standard procedures mentioned before. There may be some delay in fully deleting data from our backups and caches after we deactivate or delete an account, but we will not use your data in the interim other than to securely store it.

  • For Student Data, we retain it for the duration of the educational purpose. Typically, this is for as long as the student’s account is active under a school subscription. If a school terminates service or requests deletion of Student Data at any time, we will comply and delete the data (after providing an opportunity for the school to retrieve a copy if requested) within 180 days of receiving the request. We have policies to periodically purge or de-identify Student Data that is no longer needed – for example, if a student graduates or leaves the school and the school does not request retention, we will remove their personal data from our live systems. An upto 180 days of delay may be kept for administrative purposes (like billing records showing that a student count was included in an invoice, or audit logs for security), but we strive to either avoid including personal identifiers in those records or to protect them as required until they can be destroyed.

  • In some cases, we may retain data for a limited time as required for legal compliance or legitimate business interests. For example, we might retain a record of a customer service correspondence to defend against a future dispute, or we may keep server logs containing IP addresses for a few weeks for security monitoring. If data is retained for such purposes, it will remain protected under this Privacy Policy and we’ll only keep it as long as necessary to fulfill the purpose. After that, it will be deleted or anonymized.

If you request deletion of your personal information, we will take reasonable steps to honor your request. Please note that deletion is irreversible – if your account is deleted, you may lose access to your EverTutor history or progress, and we cannot recover it later. Also, certain data cannot be deleted if required for legal reasons (for example, we might need to keep a record of a transaction for financial reporting, or retain information for resolving disputes). We will inform you if we cannot fully comply with a deletion request due to a specific legal obligation. Otherwise, we will confirm once we have deleted your data as requested.

  • Appeal Process: In jurisdictions that require it (such as some U.S. state laws), if we decline to act on a rights request you make (for example, if we cannot verify you or if an exemption applies), we will notify you of our decision and provide instructions on how you can appeal our decision. Appeals will be reviewed by a higher authority within our company (e.g., our Data Protection Officer or legal counsel) and we will respond within the time frame required by law. If after an appeal you still have concerns, you may contact your state’s Attorney General or, in the EU/UK, your local Data Protection Authority to file a complaint.

Additional Notices

California Residents’ Privacy Rights

f you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include those described in the “Your Choices and Rights” section above (right to know, access, delete, correct, opt-out, etc.). Under California law, we are also required to provide you with information about our data practices in a format that lists the categories of personal information we collect, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it. The chart below provides this overview, which supplements the information already provided in this Privacy Policy. Please note that the chart covers general personal information collected from our users. Student Data collected on behalf of schools for educational purposes is treated separately (as described in detail above) and is not used for any purpose other than to provide the Services to the school – such Student Data is not sold or used for marketing, and is only shared with the school and authorized service providers.

Category of Personal Information

Identifiers (name, email address, phone number, account login credentials, IP address, or similar identifiers)

Educational Records Information (Student Data such as school, grade level, student ID, class assignments, EverLesson content, performance data)

Internet or Electronic Activity (browsing actions on our site/app, usage logs, device type, cookies, interaction data)

Geolocation Data (general location inferred from IP address, e.g., city or region)

Financial Information (payment details, if any)

Professional or School Affiliation (for teachers or admins: school name, district, job title, years of experience)

Sources

- Provided directly by you (or by your school, for student accounts) when creating an account or contacting us. Collected automatically (IP address) from your device when you use the
Services.

- Provided by schools, teachers, or students when using the Service (e.g., teacher uploads a class roster with student names; student completes an EverLesson). - Observed through student’s use of EverTutor Live (scores, progress metrics).

- Collected automatically through your use of our Services (via cookies, log files, analytic scripts).

- Collected automatically from device IP or provided by you in profile (e.g., selecting your time zone or country).

- Provided by you if making a purchase or provided by a school for subscription billing.

- Provided by you during account registration or profile setup (for teacher/admin accounts). - Possibly from a school administrator who roster teachers.

Purpose of Collection/Use

- To create and manage your account (authentication, account lookup). - To communicate with you (service notifications, support, updates). - To provide the Services (e.g., associating a student with the correct teacher or class, saving progress). - For security and fraud prevention (logging IP addresses to detect malicious activity). - To comply with legal obligations (e.g., maintaining records of consents).

- Educational purposes only: to enable students to participate in EverLessons and to allow teachers to track progress. - To personalize instruction (adaptive learning based on performance). - To maintain educational records for the school/teacher (e.g., a history of tutoring
sessions).
- To improve the Service’s effectiveness in an educational context (e.g., refining our AI tutor using
aggregated insights, not individual student identities).

- To monitor and analyze usage of our website and EverTutor Live (e.g., what features are most used) and improve functionality. - To debug and troubleshoot technical issues (error logs).
- To secure the Services (identifying unusual usage patterns that might indicate security risks).
- To personalize your experience (e.g., remembering your preferences or progress).

- To customize content (e.g., serving the appropriate language or region-specific content). - For service functionality (time zone settings for class schedules). - For security (monitoring logins from unexpected regions).

- To process transactions (e.g., subscription fees). - To maintain proper business records and comply with accounting/legal requirements.

- To verify and manage educator accounts (ensuring you are associated with the correct school). - To tailor the Service to your role (e.g., providing admin dashboards to principals vs. teacher view for teachers). - To communicate with schools about their usage (sending reports or notices to the district contact).

Third Parties Shared With

- Service providers (cloud hosting for storing account info; email service to send communications ; authentication service for login). - School or Institution (for student identifiers, shared with the student’s school/teacher who uses our Service). - Law enforcement or regulators (only if required by law or to protect rights, as detailed above). - Successor entity (if a business transfer occurs, under same protections).

- Service providers (cloud storage of Student Data; AI processing to generate tutoring responses – under strict protections as described). School/Teacher (the student’s own educators and administrators have access to their students’ data).
- Authorized integrations
(e.g., if the school integrates Google
Classroom, data is shared
between our Service and that platform as needed).
- Law enforcement (only if required by law and after notifying the school, to the extent permitted).
- Successor entity (only in event of business transfer, with continued protections and no new use).

- Service providers (analytics providers that process usage data on our behalf; these providers do not get identifying info like your name). - Service providers (analytics providers that process usage data on our behalf; these providers do not get identifying info like your name). - Hosting and IT providers (who might incidentally process log data for storage/backups ). - Law enforcement (only in case of investigating a security incident or fraud, as required by law).

- Service providers (infrastructure that sees IP addresses, e.g., content delivery networks). - Law enforcement (only if required in context of an investigation).

- Payment processors (who process your payment securely – we do not store full credit card info). - Service providers (if needed for invoicing or billing communications ). - Law enforcement/re gulators (if required for audit or fraud prevention).

- Service providers (cloud databases storing profile info; CRM tools for communicating with school clients). -School/Distric t (if you sign up independently as a teacher, we may share your info with your school’s officials if needed to confirm authorization or to align with a school license). - Successor entity (in event of corporate change, as part
of business
contacts).

We do not use or disclose “sensitive personal information” (as defined under California law) for purposes other than those permitted (such as providing our services or as authorized by you). For instance, we do not use any precise geolocation, we do not collect Social Security Numbers, and we do not collect racial/ethnic origin or health data in the context of our Service. (Student demographic information, if ever collected for reporting, would be used only in aggregate or as required by the school and in compliance with laws.)

California Consumer Rights: As a California resident, you have the right to request that we (1) disclose to you what personal information we collect, use, disclose, and sell, (2) provide access to and/or a copy of your specific pieces of personal information, (3) delete your personal information, and (4) correct inaccurate personal information we hold about you. You also have the right to direct us not to sell or share your personal information (though as noted, we don’t do that anyway). To exercise any of these rights, please follow the instructions in the “Your Choices and Rights” section above by contacting us at privacy@sigiq.ai. We will not discriminate against you for exercising these rights. Certain information may be exempt from these requests under California law; for example, we cannot reveal certain pieces of information that are necessary for security (we wouldn’t provide you your account password in response to an access request, for security reasons). Also, we may retain some data as required by law or for legitimate purposes (we will inform you if so). We will verify your identity when you make a request to ensure we are protecting your data from unauthorized access. Typically, we will ask you to provide information that matches what we have on file (such as confirming your email address and some usage details). If an authorized agent makes a request on your behalf, we may require proof of authorization and also direct confirmation from you.

“Shine the Light” Law: California Civil Code §1798.83 permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. SigIQ.ai does not share personal information with third parties for their own direct marketing purposes, so this law is generally not applicable in our case. If you have questions about our compliance with this law, you can contact us.

Do Not Track: Some browsers transmit “Do-Not-Track” signals to websites. Given the current lack of a standard for how DNT signals should be interpreted, we do not respond to them. However, as described, we limit our data collection and usage to what is necessary for the functioning of our Services and do not track users across third-party websites as-is.

Other State Privacy Laws

We also comply with other state privacy laws such as the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Utah Consumer Privacy Act, and Connecticut’s Act Concerning Personal Data Privacy, to the extent they apply to SigIQ.ai. If you are a resident of these states, you have privacy rights similar to those of California residents (access, deletion, etc.) and we extend the same core commitments to you regarding not selling data and not using it for targeted ads without consent. You can exercise your rights in the same way as described earlier (by contacting us, etc.). If you ever feel we have not fully addressed your concerns, you may have the right to contact your state’s Attorney General or consumer protection authority. We encourage you to reach out to us first, as we are committed to resolving any privacy issues promptly and fully. For K-12 student data specifically, many states have additional laws governing educational service providers (for example, California’s SOPIPA, Illinois’ SOPPA, New York Education Law 2-D, etc.). SigIQ.ai adheres to the requirements of these laws when we operate in those states. This means, for example, we do not use Student Data for targeted advertising, we do not sell Student Data, we do not profile students except as consistent with the authorized educational purpose, and we implement reasonable security procedures to protect Student Data. We are happy to sign state-specific student data protection addenda with school districts to meet local requirements.

Data Breach and Incident Response

SigIQ.ai has implemented a robust incident response plan to address any data breaches or security incidents swiftly and effectively. While we work hard to prevent incidents, we want you to know the steps we would take should one occur:

  1. Identification and Investigation: Our IT security team continuously monitors systems for anomalies. If a potential security incident is detected (through automated alerts or user reports), the team will log details and begin an immediate investigation. We classify the incident (e.g., whether it involved personal data, and if so, what types and how many individuals). Within the first 24 hours of detection, our Chief Executive Officer (CEO) and senior management are alerted and an assessment of scope and impact is conducted. We preserve evidence (logs, etc.) for analysis.

  2. Containment: As soon as we identify an incident, we take steps to contain it and prevent further unauthorized access or data loss. This could involve isolating affected servers, changing access credentials, shutting off certain features, or applying emergency patches. For example, if a particular EverTutor database was compromised, we might take it offline and switch to a secure backup, while blocking suspicious IP ranges.

  3. Notification: If the incident is confirmed to involve personal data, especially Student Data or sensitive information, we will notify affected parties in accordance with applicable law. This typically includes notifying the impacted schools (for any Student Data breaches) and individuals whose information was involved, as well as regulatory authorities as required (for instance, under GDPR we’d notify supervisory authorities within 72 hours if criteria are met; under certain state laws, we’d notify state agencies or credit bureaus if specific data like logins or financial info were compromised). For example, New York’s Education Law 2-D requires that schools be informed of breaches affecting their student/teacher data without undue delay, and that we certify our remediation steps. Our notification will include information about what happened, what data was involved (to the best of our knowledge), what we are doing about it, and recommendations for users (like resetting passwords if applicable). We may provide these notices via email, direct contact to school administrators, and/or public posting if needed. We also have an obligation to inform law enforcement in some cases.

  4. Eradication and Recovery: We will work to eliminate the root cause of the breach – removing malware, closing vulnerabilities, and securing systems. We’ll also restore data from clean backups as needed to ensure continuity of service. Throughout this process, we document actions taken and ensure that any backdoors or malicious changes are eradicated.

  5. Follow-up and Improvement: After containment and restoration, senior management and the security team perform a post-incident review. We analyze how the incident happened and identify any areas for improvement. We update our security practices, policies, and training to prevent similar incidents in the future. If necessary, we will bolster our safeguards – for example, adding additional encryption layers, enhancing network monitoring, or revising data handling procedures. We take incidents extremely seriously and view them as opportunities to harden our defenses and reinforce user trust.

    We want you to feel confident that even in the unlikely event of a breach, SigIQ.ai will handle your information responsibly and transparently. If you have any questions about our data security or incident response protocols, feel free to contact us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes to the way we collect or use personal information, we will provide you with advance notice as appropriate. We will typically notify users by posting the updated policy on our website and updating the “last updated” date at the top, and for significant changes we may also notify you via email or via an in-service notification (especially if you are a school administrator or teacher user). We will give at least 7 days’ notice of any material changes to this Policy so that you have time to review the changes. If you continue to use the Services after a Privacy Policy update takes effect, it means you accept the revised terms (to the extent permitted by law). If you do not agree to the changes, you should discontinue use of the Services and may request deletion of your data as described above.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Older versions of our Privacy Policy may be made available upon request for reference.

Contact Us

SigIQ.ai is dedicated to respecting your privacy and protecting your personal information. If you have any questions, concerns, or feedback regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

SigIQ.ai, Inc.

Karttikeya Mangalam, CEO and Co-Founder 1600

Shattuck Ave, Berkeley, CA, 94709

Email: mangalam@sigiq.ai

If you are an educator or school official, you may also reach out to your dedicated SigIQ.ai account representative or our support team through the usual channels, and they can route privacy questions to the right personnel.

For parents or students: we recommend contacting your school first if your inquiry is about Student Data, but you are welcome to contact us directly as well and we will do our best to assist or direct your question appropriately.

We will respond to inquiries as soon as reasonably possible, generally within a 5 business days. If you need to escalate an issue or feel that we have not addressed a privacy concern satisfactorily, please let us know and we will take appropriate steps to resolve it.

Thank you for trusting SigIQ.ai and EverTutor Live. We are honored to support your educational journey and are committed to keeping your personal information safe and your privacy rights respected.

[1] [2] [5] [6] [8] Federal Student Privacy Laws - FERPA & COPPA

https://educationframework.com/resources/student-privacy-laws/federal-laws

Privacy Policy

SigIQ

© 2025-2026, All Rights Reserved

Privacy Policy

SigIQ

© 2025-2026, All Rights Reserved

Privacy Policy

SigIQ

© 2025-2026, All Rights Reserved

Privacy Policy

SigIQ

© 2025-2026, All Rights Reserved

Get in touch
Get in touch