Back to Gardenia
DRAFT — not yet reviewed by legal counsel

Privacy Policy

Last updated: 2026-04-23

The short version. Gardenia stores your family's special-education records so you can actually find them. Everything is encrypted. We don't sell your data. We don't train general AI models on your child's IEP. We never share records with a school or third party without your explicit consent. You can export or delete your data anytime.

1. Who this policy covers

This Privacy Policy describes how Gardenia Joy, LLC ("Gardenia," "we," "us," "our") collects, uses, stores, and discloses information when you use the Gardenia web application and related services (the "Service"). It applies to parents, legal guardians, teachers, advocates, and other adults who create Gardenia accounts.

Your children are data subjects of the Service in the sense that your account will contain information about them (name, date of birth, school, IEP contents, evaluations, etc.), but your child does not directly interact with Gardenia and does not have their own Gardenia account. See Section 9 below for how we handle children's data.

2. What we collect

2.1 Information you provide

  • Account profile: your name, email address, state of residence, password (hashed), time zone, and preferred language.
  • Child profile(s): your child's first name (last name optional), date of birth, grade, school, district, disability category (optional), and primary care-contact notes (also optional).
  • Documents: IEPs, 504 plans, evaluations, progress reports, letters sent or received, work samples, and any other files you upload to the Documents vault.
  • Letters and reflections: the content of letters you draft through Gardenia's letter tools, and any private reflections you save in the Guided Paths / Book interactive features.
  • Meeting notes, consult messages, Ask Nicole questions, and similar advocate-paired content.
  • Payment information if you purchase a subscription, consult, or Ask Nicole question. Payment card data is collected directly by Stripe; Gardenia stores only a last-four-digits record and a Stripe customer reference.

2.2 Information we collect automatically

  • Usage data: pages visited, features used, buttons clicked, and approximate duration.
  • Device and connection data: IP address, browser type, device type, time zone, and approximate location (city-level) derived from IP.
  • Audit events: a record of every meaningful action in your account (login, document upload, letter draft, configuration change) for your security and for compliance. These are viewable by you in Settings → Activity.

2.3 Information from third parties

Very limited. We receive payment confirmations from Stripe and email-delivery statuses from Resend. If you log in through a third- party identity provider (Google, Apple, or similar), we receive your name and email from that provider in order to create or authenticate your account.

3. How we use your information

We use the information we collect to:

  • Provide the Service — render your Documents vault, generate letters, run AI analyses, match you with a consultant, send transactional email, etc.
  • Secure the Service — detect abuse, prevent unauthorized access, troubleshoot bugs, and keep our infrastructure healthy.
  • Improve the Service — understand which features are useful and which are confusing, in aggregate. We analyze usage patterns across users, never individual parent sessions.
  • Communicate with you — account notifications, deadline reminders, consult confirmations, product updates. You can opt out of non-transactional email via Settings → Notifications.
  • Comply with legal obligations — responding to lawful process, enforcing our Terms, protecting our users' safety.

4. How we DO NOT use your information

Gardenia does not:

  • Sell your personal information or your child's data. Ever.
  • Use the content of your IEPs, evaluations, letters, or reflections to train general-purpose AI models.
  • Share your child's records with schools, districts, advocates, attorneys, or anyone else unless you explicitly direct us to (for example, when you press "share this document with my advocate" inside the app).
  • Advertise to you based on your child's disability category.
  • Disclose your use of the Service on social media or publicly.

5. Encryption and security

All document and reflection content is encrypted at rest using AES-256 at the storage layer, and all network traffic between your browser and our servers is protected by TLS 1.2 or higher. Passwords are hashed using industry-standard key-derivation functions (argon2id or bcrypt); we never store passwords in plaintext and cannot recover a lost password — you reset it.

Our infrastructure uses Supabase (Postgres + storage + auth) with Row-Level Security policies that make a cross-account data request structurally impossible, not just "policy-restricted." We run automated security testing and periodic manual review.

6. Third-party processors

Gardenia shares data with third parties only as necessary to operate the Service. Current processors:

  • Supabase (Database + Storage + Auth). Your account and documents live in our Supabase project, encrypted at rest, RLS- enforced at the database layer. Data residency: United States.
  • Stripe (Payments). When you provide payment card information, it is submitted directly from your browser to Stripe; Gardenia receives only tokens and metadata.
  • Resend (Transactional email). Account notifications, consult confirmations, deadline reminders. We never send marketing email through this channel.
  • Anthropic (AI analysis). When you upload a document and press "analyze," the document text is sent to Anthropic's Claude API for processing under Anthropic's zero-retention API policy. Document contents are not used to train Anthropic's models.
  • Zoom (video consults). When you book a consult, Zoom provides the meeting room. Zoom receives meeting metadata (participant email, meeting topic) but not your document contents or child records.

We maintain Data Processing Agreements or equivalent contractual protections with each processor.

7. Your rights and controls

7.1 Access, correction, and export

You can view, edit, and export your account data at any time through Settings → Data Export. An export includes your profile, child profiles, all uploaded documents, all letters drafted, all reflections, all meeting notes, and all audit events.

7.2 Deletion

You can delete individual documents, letters, or reflections at any time. You can delete your entire account through Settings → Account. Upon account deletion:

  • Live database and storage records are purged within 30 days.
  • Encrypted backups are retained for up to 90 days and then rotated out.
  • A minimal tombstone record (deletion timestamp, account ID) is kept for up to 7 years for fraud prevention and legal defense.
  • Stripe payment records are retained per Stripe's terms and applicable tax law.

7.3 California residents

Under the California Consumer Privacy Act and California Privacy Rights Act, you have the right to know what personal information we collect, to delete it, to correct it, and to opt out of "sale" (which Gardenia never does) and of "sharing" for cross-context behavioral advertising (which Gardenia also never does). You can exercise these rights through the Settings → Data Export and Settings → Account flows, or by emailing privacy@gardenia.joy.

7.4 EU/EEA/UK residents

If you are in the EU, EEA, or United Kingdom, you have rights under the GDPR / UK GDPR including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is your consent (when you create your account and upload content) and legitimate interest (for security and service improvement). You may contact us at privacy@gardenia.joy or lodge a complaint with your local supervisory authority.

8. Retention

We retain account information for as long as your account is active. When you close your account, retention windows are described in Section 7.2.

We may retain records longer if required by law (for example, tax and payment records under Internal Revenue Service guidance), if needed to enforce our Terms, or if needed to defend a legal claim.

9. Children's data

See our COPPA notice for full details. Briefly: Gardenia does not knowingly collect personal information directly from children under 13. A parent or guardian (the account-holder) provides information about their child to the Service; that information is used only to provide the Service to the parent (generating letters, organizing records, running AI analysis of the child's evaluation, etc.). Parental consent is inherent in the parent creating the account and adding the child. Parents can review, correct, or delete their child's data at any time through Settings → Children.

10. FERPA

See our FERPA notice for details on how Gardenia interacts with the Family Educational Rights and Privacy Act. In summary: Gardenia is not an educational agency or institution, so FERPA does not apply to us directly. The records you upload to Gardenia (IEPs, evaluations, etc.) are records you have obtained through your FERPA rights with the school; Gardenia stores them on your behalf at your direction, and nothing you store here is disclosed without your explicit permission.

11. International data transfers

Our infrastructure is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. By using the Service you consent to this transfer.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced by email and/or a banner in the Service at least 30 days before they take effect. Non-material changes (clarifications, updated contact info) take effect immediately upon posting.

13. Contact us

Questions, concerns, or requests about your privacy can be directed to:

privacy@gardenia.joy
Gardenia Joy, LLC
[Postal address to be added when legal entity is finalized]

This Privacy Policy is a draft prepared for Gardenia's internal review. It describes our intended practices but has not yet been reviewed by licensed legal counsel and may need adjustment based on final infrastructure choices, counsel review of specific jurisdictions (especially California and the EU), and any data-protection impact assessment conducted prior to public launch. Nothing in this draft should be treated as operative until that review is complete and the "DRAFT" marker is removed.