Privacy Policy

1. Who we are & scope

TSI provides STEM, computer science, AI literacy, and related services to schools and nonprofits. This policy covers getmytsi.org and other TSI-operated marketing or intake properties unless a separate notice is posted. Use of TSI-built AI products (AI Tutor, PIXIO, Machine, MyApps) may also be governed by product-specific terms linked from those applications—please review them alongside this policy.

2. Roles: schools, families, TSI

In many K–12 engagements, the school or district acts as the controller of student education records and determines the instructional purpose for data use. TSI typically acts as a processor or school official (as defined under FERPA) only when designated in writing by the institution. Parents and eligible students should direct questions about directory information, consent, or record amendments to their school first; we assist schools in responding.

3. Information we collect

• Website & intake: names, emails, phone numbers, titles, school or employer affiliations, and free-text messages submitted through Contact, Request TSI, Partner Apply, or similar forms.
• Transactions: donation or store checkout data processed by Stripe (we do not store full payment card numbers on TSI servers).
• Program delivery: rosters, attendance, assessment artifacts, support tickets, and content students or teachers upload into TSI-managed tools when required to operate the contract—always limited to what the school authorizes.
• Technical data: IP address, device/browser metadata, and essential cookies needed for security or session continuity.

4. How we use information

We use data to respond to inquiries, plan and staff programs, provision software, provide professional development, meet safety obligations, comply with law, invoice or acknowledge donations, and improve our curricula. We do not sell personal information and we do not use student data for targeted advertising.

5. AI tools & model providers

When schools enable TSI AI products, prompts and outputs may transit secure APIs to model or infrastructure partners (for example, OpenAI, Groq, Fal, or hosting providers). We configure classroom-appropriate settings, document subprocessors in agreements, and support schools in communicating how AI is used instructionally. Schools should review the separate AI product documentation at support.myapps.ai and our Terms of Service where applicable.

6. Student privacy (US)

FERPA: We support schools in honoring parental rights and limiting redisclosure of education records consistent with the Family Educational Rights and Privacy Act.

COPPA: For children under 13, we rely on schools or parents to provide verifiable consent when required and to supply age-appropriate instructions.

New York Education Law §2-d: When serving NY learners, we align with applicable requirements for third-party contractors, including data protection agreements where mandated, and we cooperate with district privacy officers.

7. International & GDPR

TSI primarily serves US schools but may process limited data from international visitors. Where GDPR or UK GDPR applies, we honor applicable rights (access, rectification, erasure, restriction, portability, and objection) and support lawful transfer mechanisms. Contact support@mytsi.org to exercise rights.

8. NYC DOE & DIIT alignment

We design implementations to respect NYC Department of Information Technology & Telecommunications (DIIT) guidance when districts require it, including acceptable-use expectations, identity practices, and procurement documentation supplied by partner schools.

9. Subprocessors & links

Representative processors include Stripe (payments), Vercel (hosting), Resend (transactional email), Calendly (scheduling), YouTube (embedded media), and AI or cloud partners required to deliver specific features. Each maintains its own policies; we review SOC reports or equivalent assurances when available.

10. Security & retention

We apply administrative, technical, and organizational controls appropriate to the sensitivity of education data—access controls, encryption in transit, least-privilege accounts, and staff training. Retention schedules follow contract terms and legal obligations; schools may request deletion or return of data when an engagement ends unless law requires retention.

11. Cookies & analytics

We minimize tracking. Essential cookies support forms, authentication, or security. Any analytics are configured to reduce fingerprinting; we do not run behavioral ad networks on student-facing properties.

12. Changes

We will update this policy when practices evolve and revise the “Last updated” date. Material changes to how student data is handled will be communicated through partner schools when contractually required.

13. Contact

Privacy questions, data subject requests, or law-enforcement inquiries should be emailed to support@mytsi.org or mailed to our New York office (see Contact). You may also call 347-406-2809.