Privacy & Security
SOC 2 compliant. FERPA aligned. COPPA compliant. Student data is never sold, shared, or used to train AI models.
What We Promise Every District
Six commitments that govern how Beni handles student data. These are not aspirational. They are contractual.
Beni does not sell, rent, or share student data with third parties for advertising, marketing, or any commercial purpose. Period.
Student inputs, responses, and interactions are never used to train, fine-tune, or improve any AI model, whether ours or a third party's.
Your district retains full ownership of all student and staff data at all times. Beni is a data processor, not a data owner. Upon termination, all district data is returned or deleted at your direction.
We collect only the data necessary to provide the service. We do not collect student social security numbers, biometric data, or financial information.
Beni has achieved SOC 2 compliance, independently verified. Our security controls cover data encryption, access management, availability, and incident response.
District administrators can see exactly what data Beni collects, who has access, and how it is used. Audit logs are available on request.
FERPA, COPPA, and State Privacy Laws
Beni is built for the regulatory environment K-12 districts operate in.
FERPA (Family Educational Rights and Privacy Act)
Beni is designed to operate as a "school official" under FERPA, meaning we access student education records only to provide the services contracted by the district. We implement role-based access controls so only authorized school personnel can view student data. We do not disclose personally identifiable information from education records to any third party without prior written consent from the district.
COPPA (Children's Online Privacy Protection Act)
For students under 13, Beni operates under the school's authorization as permitted by COPPA. We do not collect more personal information than is reasonably necessary. We do not enable public-facing profiles or communications for students under 13. Districts can review and request deletion of any student's data at any time.
State Student Privacy Laws
Beni is designed to comply with state student privacy laws including but not limited to California SOPIPA, New York Education Law 2-d, Colorado Student Data Transparency and Security Act, Illinois SOPPA, and Connecticut PA 16-189. We sign Student Data Privacy Agreements (SDPAs) aligned with the Student Data Privacy Consortium national template.
Data Privacy Agreements
Beni will sign your district's DPA, the SDPC National DPA, or a mutually agreed-upon data privacy agreement before any student data is processed. We do not access student data until a signed agreement is in place.
Contact info@benieducation.com to initiate the DPA process.
How We Protect Your Data
District data is encrypted, access-controlled, and deletable on request. Details on what we collect are in the Privacy Policy below.
Encryption
All data is encrypted in transit using TLS 1.2 or higher. All data is encrypted at rest using AES-256. Encryption keys are managed through industry-standard key management services and rotated regularly.
Access Controls
Beni employees access student data only when necessary to provide technical support, and only with the district's knowledge. All internal access is logged. Background checks are performed on all employees with data access. Access is least-privilege and reviewed quarterly.
Data Retention and Deletion
Districts control data retention periods. Upon written request, all district data is deleted within 30 calendar days. Upon contract termination, all data is deleted within 60 calendar days unless the district requests a data export first. Deletion is confirmed in writing.
Subprocessors
Beni uses a limited set of subprocessors (hosting, email delivery, error monitoring). All subprocessors meet the same data protection standards. A current list is available upon request. Districts are notified before any new subprocessor is engaged.
Security Architecture
Built for the security requirements K-12 districts demand.
Infrastructure
All infrastructure is hosted on SOC 2 compliant cloud providers within the United States. We do not store or process student data outside the US.
Testing and Monitoring
Penetration testing is conducted at least annually by a qualified third party. Vulnerability scans are run continuously. All production systems are patched within 30 days of critical security updates.
Incident Response
In the event of a data breach affecting student data, Beni will notify the affected district within 72 hours of confirmed discovery. Notification includes the nature of the breach, the data affected, steps taken to contain and remediate, and a point of contact. We maintain a documented incident response plan tested annually.
Employee Security
All employees with access to student data undergo background checks, complete security awareness training at hire and annually, and operate under confidentiality agreements.
Privacy and Security FAQ
The questions district technology directors and administrators ask most.
Privacy Policy
Beni Education Inc. ("Beni," "we," "us," or "our") provides an AI governance platform for K-12 school districts ("the Service"). This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website at benieducation.com or use our Service.
1. Information We Collect
Information provided by districts: Student roster data (name, email, grade, class assignment) provided through district rostering systems. Teacher and administrator account information (name, email, role).
Information collected automatically: Usage data (pages visited, features used, session duration). Device and browser information. IP address (used for security monitoring, not stored with student records).
Information from website visitors: Name, email, district name, and role when submitted through contact or application forms. Standard web analytics data.
2. How We Use Information
- To provide, maintain, and improve the Service
- To communicate with district administrators about their account
- To respond to inquiries and support requests
- To detect and prevent security incidents
- To comply with legal obligations
We do not use student data for advertising, marketing, or profiling.
3. How We Share Information
We do not sell personal information. We share information only as follows:
- With subprocessors necessary to provide the Service (hosting, email delivery), under contractual data protection obligations
- With the district that provided the data, at their request
- When required by law, court order, or valid legal process
We will notify the district before complying with legal requests for student data unless legally prohibited from doing so.
4. Data Retention
We retain student data only for as long as necessary to provide the Service, or as directed by the district's data retention policy. Website visitor data (form submissions, analytics) is retained for 24 months. Districts may request deletion of all their data at any time.
5. Security
We implement administrative, technical, and physical safeguards to protect information. These include encryption in transit and at rest, role-based access controls, employee background checks, regular security assessments, and incident response procedures. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
6. Children's Privacy
The Service is intended for use by K-12 schools. We do not knowingly collect personal information from children under 13 except through a school's authorized use of the Service, as permitted under COPPA. If you believe we have collected information from a child without proper authorization, contact us at info@benieducation.com.
7. Your Rights
Districts may access, correct, or delete student data by contacting us. Parents may exercise their FERPA rights through their child's school district. California residents may exercise rights under the CCPA by contacting us. We respond to all data rights requests within 30 days.
8. Changes to This Policy
We will notify districts of material changes to this policy at least 30 days before they take effect. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
9. Contact
Beni Education Inc.
23465 Civic Center Way Building 9
Malibu, CA 90265
info@benieducation.com
Terms of Service
1. Acceptance
By accessing or using the Beni platform ("the Service"), you agree to these Terms of Service. If you are entering into these terms on behalf of a school district or organization, you represent that you have authority to bind that entity.
2. The Service
Beni provides an AI governance and policy execution platform for K-12 school districts. The Service includes a Student Workspace, Teacher Controls, Neuro Cards, Policy Cards (launching Summer 2026), and compliance tools. Features and availability may change as we develop the product.
3. Accounts
District administrators are responsible for managing user accounts within their organization. You agree to maintain the confidentiality of account credentials and to notify us promptly of any unauthorized access.
4. Acceptable Use
You agree not to:
- Use the Service for any unlawful purpose
- Attempt to gain unauthorized access to any part of the Service
- Interfere with or disrupt the Service
- Reverse engineer or decompile the Service
- Use the Service to collect data about students for purposes unrelated to education
5. Intellectual Property
Beni retains all rights in the Service, including all software, design, and documentation. Districts retain all rights in their data. Content created by students and teachers within the Service belongs to the district.
6. Fees and Payment
Pricing is set forth in the applicable order form or Founding Partner agreement between Beni and the district. Founding Partner pricing is locked for three years from the date of the signed agreement.
7. Termination
Either party may terminate the agreement with 60 days written notice. Upon termination, Beni will provide a data export upon request and delete all district data within 60 calendar days.
8. Disclaimer
The Service is provided "as is" and "as available." Beni does not warrant that the Service will be uninterrupted, error-free, or free of harmful components. Beni does not provide legal advice. Districts are responsible for ensuring their own compliance with applicable laws.
9. Limitation of Liability
To the maximum extent permitted by law, Beni's total liability to you for any claims arising from or related to the Service shall not exceed the amounts paid by you to Beni in the 12 months preceding the claim.
10. Governing Law
These terms are governed by the laws of the State of California, without regard to conflict of law principles. Any disputes shall be resolved in the courts of Los Angeles County, California.
11. Changes
We may update these terms from time to time. We will notify districts of material changes at least 30 days in advance. Continued use of the Service constitutes acceptance.
12. Contact
Beni Education Inc.
23465 Civic Center Way Building 9
Malibu, CA 90265
info@benieducation.com