Student Data Policy

theSATfix recognizes the sensitive nature of student educational data. We are committed to protecting student information in compliance with FERPA (Family Educational Rights and Privacy Act) and applicable state student privacy laws.

We collect the minimum data necessary to provide our service: name, email, practice question responses, time-on-task metrics, mastery scores across 26 skill dimensions, and study plan progress. We do not collect social security numbers, disciplinary records, or other sensitive student information.

Student data is used exclusively to: deliver personalized practice content; calculate mastery scores and skill progression; generate adaptive study plans; provide progress reports; and improve our question quality through aggregate analysis. We never use student data for advertising or marketing purposes.

Students (and their parents/guardians for minors) retain ownership of their educational data. theSATfix acts as a custodian of this data and processes it solely for the educational purposes described in this policy.

When theSATfix is used through an educational institution, the institution may have access to student progress data. Institutions must agree to our Data Processing Agreement which ensures data is used solely for educational purposes.

Students can export all their data (practice history, mastery scores, study plans) in JSON format from their account settings. Upon account deletion request, all personal data is permanently removed within 30 days. Anonymized aggregate data may be retained for service improvement.

Student data is protected by: AES-256 encryption at rest; TLS 1.3 encryption in transit; role-based access controls; regular security audits; and automated threat detection. Access to student data is limited to authorized personnel with a legitimate educational need.

In the unlikely event of a data breach affecting student information, we will notify affected users and relevant educational institutions within 72 hours, in compliance with applicable laws. We will provide details of the breach and steps taken to mitigate impact.

We use a limited number of sub-processors, all bound by strict data processing agreements. These include: cloud hosting providers (data storage), payment processors (billing only, no access to educational data), and email service providers (account notifications only).

For questions about student data practices, contact our Data Protection Officer at privacy@thesatfix.com. Parents and eligible students may request access to, correction of, or deletion of student education records.