Hypothetical AI is committed to protecting the privacy and security of personal and sensitive information collected, used, and stored in the course of conducting business. Hypothetical AI’s product is FERPA compliant and meets all related security and privacy standards. This policy outlines our approach to data privacy and security and sets forth the principles and practices we adhere to in order to safeguard the data entrusted to us.
This policy applies to all employees, contractors, vendors, and third parties who have access to personal or sensitive data as part of their responsibilities at Hypothetical AI. It covers all data collected, processed, transmitted, and stored by the company, regardless of the format or medium.
We implement appropriate technical and organizational measures to protect personal and sensitive data against unauthorized access, disclosure, alteration, or destruction. The Hypothetical AI product uses identity and access management to ensure that all student data is private and accessible only to authorized personnel including the school counselor, the school administrator and the system administrator.
We comply with all applicable data protection laws, regulations, and industry standards governing the collection, use, and protection of personal and sensitive data. Hypothetical AI leverages Google Cloud Platform for hosting its SaaS software and relies on Google's database and related services to store and manage data. The Hypothetical AI product uses Firebase, a Google service for storing data. Firebase is compliant with ISO 27001, ISO 27017, ISO 27018 for security and privacy management in cloud environments, as well as SOC 1, SOC 2, and SOC 3 frameworks, ensuring comprehensive security controls and operational excellence.
All data transmitted between our SaaS software and Google Cloud services is encrypted using industry-standard encryption protocols (e.g., TLS/SSL) to protect it from interception and unauthorized access. We work closely with Google Cloud to ensure that their infrastructure and services meet our security requirements and standards. We regularly review Google's security policies, certifications, and compliance reports to ensure that they align with our own security objectives.
Hypothetical AI is committed to compliance with all applicable data protection laws and regulations including:
Children's Online Privacy Protection Act (COPPA) - Our services are designed to protect the privacy of all users, including children. In cases where users are under the age of 13, we rigorously adhere to the Children's Online Privacy Protection Act (COPPA) to ensure their information is safeguarded appropriately.
The Protection of Pupil Rights Amendment (PPRA) - If our solution or the pilot run of it involves surveys collecting sensitive information as defined under PPRA, we will ensure compliance through parental consent to student surveys and rights to review and protection of student privacy.
Children’s Internet Protection Act (CIPA) - While CIPA compliance is generally the responsibility of schools, we ensure that our services support schools in their compliance efforts by providing safe, filtered internet access and educational content.
Family Educational Rights and Privacy Act (FERPA) - We comply with FERPA’s requirement to make personal data available to parents as needed. Our solution is designed not to collect student education records; however, in instances where such records are encountered during pilot testing or operational deployment, we will comply with all applicable requirements of the Family Educational Rights and Privacy Act (FERPA) to ensure the privacy and security of this information.
We maintain regular backups of data stored in the database and have disaster recovery measures in place to ensure data availability and integrity in the event of system failures or catastrophic events. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law or regulation. Personal data that is no longer needed is securely disposed of or anonymized to prevent unauthorized access.
In the event of a data breach involving personal or sensitive data, we will promptly assess the impact, mitigate the risks, and notify affected individuals and regulatory authorities as required by law. We maintain procedures for responding to data breaches and conducting investigations to prevent future incidents.
We provide training and awareness programs to employees and contractors to ensure they understand their responsibilities for protecting personal and sensitive data .They are required to follow strict security protocols and procedures to safeguard data and prevent security incidents.
Hypothetical AI's management is responsible for overseeing the implementation of this policy and ensuring that adequate resources are allocated to maintain effective data privacy and security practices. Employees and contractors are accountable for their actions related to the handling of personal and sensitive data, and violations of this policy may result in disciplinary action. For questions or concerns regarding this policy or our data privacy and security practices, please contact hello@hypothtetical.io .