Tactile History

FERPA disclosure

Tactile History operates as a 'school official' under the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g). This page explains what student data we collect, why, and how we protect it.

1. The data we collect

  • Quiz answers (anonymized; keyed by device fingerprint, not student name).
  • LLM conversation transcripts (the questions students ask the document-grounded tutor).
  • Device fingerprints (SHA-256 of ANDROID_ID, used to bind the panel hardware to a license).
  • No student names, no PII, no SSNs, no addresses, no parent contact info.

2. Why we collect it

  • Quiz answers power the educator dashboard — the teacher sees which questions the class struggled with.
  • LLM transcripts help the teacher see how the class is engaging with the historical documents.
  • Device fingerprints bind the panel to the school's license (a lost or stolen panel can be revoked).
  • We do not use the data for advertising, profiling, or sale to third parties.

3. How we protect it

  • Encryption in transit (TLS 1.2+) and at rest (Postgres + EncryptedSharedPreferences on the panel).
  • Access controls: school admins see only their school's data; Tactile History employees see only the data they need for support.
  • No third-party analytics, no advertising SDKs, no Facebook / Google trackers.
  • Annual security review; incident-response plan published to school admins on request.

4. Data retention

  • Quiz answers: 1 year (then aggregated and anonymized).
  • LLM transcripts: 30 days (then deleted).
  • Audit log: 7 years (FERPA-aligned retention for license events).
  • On school request, we delete all school data within 30 days of contract termination.

5. School rights

  • Right to access: schools can request a complete export of their data at any time.
  • Right to correct: schools can update any incorrect student data via /account/contact.
  • Right to delete: schools can request deletion; we comply within 30 days.
  • Right to complain: schools can raise concerns with us (privacy@tactilehistory.com) or with the US Department of Education.

6. Sub-processors

  • Stripe (payment processing; PCI-DSS Level 1).
  • Anthropic / Minimax (LLM providers for the tutor; no PII is sent to the LLM API).
  • Clerk (authentication for /admin and /account).
  • Google Cloud (infrastructure; no PII beyond the school admin's email).
  • Full sub-processor list: privacy@tactilehistory.com.

This page is informational; the legally binding FERPA addendum is provided to schools under contract.

Last updated: 2026-06-18.