What CoIEP does not do

• OpenAI does not train on your students’ data. Every PII-bearing request sets the per-request zero-retention opt-out (store: false) and attaches only a salted hash for abuse detection — never raw organization, user, or session IDs. The account-level Zero Data Retention DPA with OpenAI is in progress; until it is countersigned, the client-side opt-out is in effect on every call.
• We do not share student records with advertising, marketing, or analytics vendors. There is no third-party tracking on authenticated pages, and student data is not exported to any product analytics service.
• We do not vectorize student PII. Our four retrieval indexes (Pinecone) hold only super-admin-curated reference content: state academic standards, Specially Designed Instruction (SDI) interventions, Supplementary Aids & Services (SAS) accommodations, and synthetic sample-student profiles authored by the curriculum team. The application is strictly read-only against these indexes. Real student records (PLAAFP, goals, MDT documents, session transcripts) live only in the primary Postgres database.
• We do not claim HIPAA compliance. K-12 education records are governed by FERPA, not HIPAA. CoIEP makes no HIPAA claim anywhere in the product, documentation, or contracts.

What CoIEP does do

• Schema-level tenant isolation. Every IEP, student, session, conversation, and document is scoped to an organizationId at the database schema. The foreign key is required. One district’s data cannot appear in another district’s session by query design.
• Per-request audit logging. Every API call is logged with user, endpoint, and timestamp, retained for review.
• Encryption in transit and at rest. Database connections require TLS. The managed Postgres instance encrypts data at rest with AES-256.
• Organization-scoped API credentials. API keys are issued per organization, not globally. Revoking access for a district revokes it cleanly.
• Grounded generation. AI responses are grounded in academic standards and evidence-based practice descriptions, retrieved at request time. The model is not free-associating from internet pretraining when drafting goals or PLAAFP statements.

Compliance roadmap

• SOC 2 Type II hosting and development platform through Fruition.
• OpenAI Zero Data Retention DPA: in progress with OpenAI. Client-side opt-out is already wired on every PII-bearing request; the account-level DPA removes OpenAI’s default 30-day completion-logging window once countersigned.
• Legal framework: FERPA. We operate as a school official under direct control of the district, with data used only for the educational purpose specified.

Compared to a general-purpose chatbot

Who to ask

• Technical and security questions: Brad Anderson, Fruition — brad.anderson@fruition.net
• Licensing and legal questions: University of Wyoming Office of Technology Transfer
• Product questions: Tiffany Hunt and Ling Zhang, College of Education, University of Wyoming