Privacy Policy

We collect the minimum information necessary to provide K12 BudgetBook to your district. This includes:

• Account information: Name, email address, district affiliation, and role when you create an account.
• Budget data: Financial data you upload, including budget line items, fund codes, and appropriation amounts. This is aggregate district financial data, not individual student or employee information.
• Usage data: How you interact with the platform, including pages visited, features used, and actions taken. This helps us improve the product.
• DESE public data: We incorporate publicly available data from the Massachusetts Department of Elementary and Secondary Education for benchmarking purposes. This is public information, not user-submitted data.

We use the information we collect to:

• Provide, maintain, and improve the K12 BudgetBook service
• Generate AI-powered budget narratives and executive summaries using your district's financial data
• Provide benchmarking and peer comparisons using DESE public data
• Communicate with you about your account and the service
• Improve our product based on aggregate usage patterns

We take the security of your data seriously and implement multiple layers of protection:

• Encryption: All data is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit).
• Row-level security: Our database enforces row-level security (RLS) policies, ensuring each district can only access its own data. No district can see another district's budget information.
• Infrastructure: Data is stored in Supabase (built on PostgreSQL) with SOC 2-aligned security practices. The application is hosted on Vercel with enterprise-grade infrastructure.
• Access controls: Authentication is handled through Supabase Auth with secure session management. Role-based access controls limit data visibility within your organization.

We use the following third-party services to operate K12 BudgetBook. Each service processes only the minimum data necessary for its function:

We retain your data for as long as your account is active and as needed to provide you with the service. When you delete your account:

• All budget data, generated narratives, and uploaded files associated with your account are permanently deleted.
• Account information (name, email) is removed from our systems.
• Deletion is permanent and cannot be reversed. We recommend exporting your data before deleting your account.

You may also request deletion of your data at any time by contacting us at privacy@k12budgetbook.com.

K12 BudgetBook is designed for use by school district administrators and finance professionals. It is important to note:

• No student PII: K12 BudgetBook does not collect, store, or process personally identifiable information (PII) about students. The platform works exclusively with aggregate financial data at the district and school level.
• No children's data: The service is intended for adult users (school administrators and finance staff) and does not knowingly collect information from children under 13 in compliance with COPPA.
• FERPA alignment: Since we do not process student education records, FERPA obligations related to student data do not apply to our service. However, we maintain security practices consistent with the expectations of educational institutions.

We understand that Massachusetts school districts operate under the Massachusetts Public Records Law (M.G.L. Chapter 66). Budget data uploaded to K12 BudgetBook may be subject to public records requests directed to your district. Key considerations:

• Your district retains full ownership of all data uploaded to K12 BudgetBook. We do not claim any ownership rights over your financial data.
• Generated budget books and reports can be exported at any time for compliance with public records requests.
• We will cooperate with your district to fulfill any lawful public records requests related to data stored in our system.