Ionian Privacy Policy

Effective Date: June 12, 2025

1. Introduction

Ionian ("we," "us," "our") is committed to protecting the privacy and security of the student data we handle. This Privacy Policy explains how we collect, use, and safeguard information provided to us by school districts ("clients").

2. Information We Collect

We collect data provided to us directly by our clients from their Student Information Systems (SIS). The completeness and accuracy of our analysis depend on the data provided. This may include, but is not limited to:

• Personally Identifiable Information (PII) such as student name, student ID, parent name, parent phone number, and address.

• Student enrollment figures

• Student achievement data (grades, scores, awards)

• Student progress data over time

• Program-specific data (e.g., instrumentation in a music program)

3. How We Use Information

We use the collected information exclusively to provide our services to the client. This includes:

• Tracking student trends.

• Analyzing student achievement and progress.

• Monitoring enrollment figures.

• Conducting proportional analysis for program growth and success.

• Assisting clients in identifying and solving issues within their programs.

• Responding to specific inquiries from our clients regarding their data.

4. Data Security and Storage

We are committed to ensuring the security of student information.

• Primary Tools: We use Microsoft Power BI for data analysis and visualization. Student information data is stored in a secure Google Business account Google Drive.

• Data Storage: Data is stored on a secure local desktop and shared via Microsoft Power BI's cloud service for the purpose of creating and sharing dashboards.

• Encryption: We rely on the security protocols of our technology partners. Both Google Workspace and Microsoft Power BI use industry-standard encryption to protect data both in transit (while being transferred) and at rest (while being stored).

• Dashboard Delivery: Dashboards are delivered to clients directly and securely through the Microsoft Power BI service. Access is managed through secure links or by granting permissions to specific client email addresses, as configured within the Power BI platform.

5. Third-Party Vendor Compliance

We use the following third-party services to provide our product. We rely on their public statements regarding security and compliance. For your convenience, we have provided links to their relevant policy and compliance pages:

• Microsoft: For services including Power BI.

• Google Workspace: For services including Google Drive.

• Squarespace: For general website hosting.

Based on their public statements and policies, these vendors are understood to be compliant with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).

6. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer student data to outside parties. All data is used solely for the benefit of the client who provided it.

7. Data Retention

Upon the expiration or termination of a client's service agreement, we will adhere to the following data retention schedule:

• Grace Period (90 Days): All client data, including Personally Identifiable Information (PII), will be retained for a period of 90 days to allow for service renewal without interruption.

• Anonymization: After the 90-day grace period, we will permanently delete all PII from the client's dataset. We will retain the anonymized, aggregated data (such as enrollment statistics and achievement trends) for a period of up to three (3) years for historical analysis purposes should the client choose to renew their services at a later date.

• Final Deletion: After three (3) years, all remaining anonymized data associated with the client will be permanently deleted from our systems.

8. Client and Parent Rights

• Review and Amendment of Official Records: Requests to inspect, review, or amend official student records must be directed to the respective school district. We do not have the authority to alter the data within a client's Student Information System (SIS).

• Data Maintained by Ionian: If a parent or eligible student believes that data we maintain in our own systems is inaccurate, they should direct their request to the school district. The school district can then verify the information and instruct us to correct or delete the inaccurate data from our systems. We will act promptly on any such verified instructions from our client.

9. Data Breach Notification

In the event of a data breach involving personally identifiable student information, we will take immediate steps to assess and contain the incident. We will promptly notify any affected client, providing details of the breach and the steps we are taking to mitigate its effects.

10. Changes to This Privacy Policy

We reserve the right to update this privacy policy at any time. We will notify our clients of any material changes to this policy via email or other direct communication.

11. Contact Information

For any questions or concerns regarding this privacy policy or our data practices, please contact us at privacy@ioniandash.com