Privacy Policy

1. Introduction

Story Bridge LLC (“Story Bridge,” “we,” “our,” or “us”) is committed to protecting your privacy and the privacy of student data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at thestorybridge.app and when schools and districts use the Story Bridge platform.

By accessing or using our website or services, you agree to this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Website Visitors

When you visit our marketing website, we may collect:

• Contact information you voluntarily provide via forms (name, email address, school/district name, professional role)
• Usage data collected automatically (pages visited, time on site, referring URL, browser type, device type) via Google Analytics
• Cookies for analytics and site functionality (see Section 7)

2.2 Platform Users (School Counselors, Social Workers, Educators)

When Authorized Users access the Story Bridge platform, we collect:

• Account information provided through SSO authentication (name, email address, organization) via Google, Microsoft, or ClassLink
• Professional information (school, district, role)
• Usage data (stories created, sessions facilitated, platform activity)

2.3 Student Data

Student data is entered exclusively by Authorized Users (adults), never by students directly. We collect only:

• Student first name, last name, and grade level
• School and organization assignment
• External student ID (optional, for district record-matching)
• Reading session data (timestamps, stories read, quiz responses, points earned)
• Skill check-in responses (SEL skill practice tracking)

We do NOT collect: home addresses, parent contact information, Social Security numbers, medical records, disciplinary records, behavioral diagnoses, photos, videos, voice recordings from students, location data, or device identifiers.

3. How We Use Your Information

3.1 Website Visitor Information

• Respond to demo requests and inquiries
• Send information about our services (only when requested)
• Analyze website usage to improve our content and user experience
• Comply with legal obligations

3.2 Platform User Information

• Provide and maintain the Story Bridge platform
• Authenticate users and manage access controls
• Generate usage reports for district administrators
• Provide technical support

3.3 Student Data

Student data is used solely for:

• Personalizing therapeutic stories (first name for character personalization)
• Tracking reading sessions and progress for counselor review
• Monitoring SEL skill practice through check-ins
• Generating progress reports for school staff

Student data is never used for advertising, marketing, profiling, or any purpose unrelated to the educational service.

4. Third-Party Service Providers

We use the following service providers to operate our platform. Each processes data only as directed by us:

We do not sell, rent, or share personal information or student data with any third party for their own marketing or commercial purposes.

5. FERPA and COPPA Compliance

Story Bridge is designed to comply with the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

• FERPA: We operate as a “school official” under 34 CFR § 99.31(a)(1). Student education records are processed only for the educational purpose specified by the contracting school. Parents retain full rights to inspect, amend, and request deletion of their child’s records.
• COPPA: We rely on the school consent exception under 16 CFR § 312.5(c)(1). No data is collected directly from children. All student data is entered by adult Authorized Users in a supervised setting.
• AI Safety: Student PII is never included in AI generation prompts. Student data is never used to train AI models. All AI-generated content requires human review before publication.

For our complete compliance documentation, see our FERPA & COPPA Compliance Statement.

6. Data Security

We implement technical and organizational safeguards to protect your information:

• AES-256 encryption at rest via Google Cloud Platform
• TLS 1.2+ encryption for all data in transit
• Role-based access controls with organization and school-level isolation
• SSO authentication via Google, Microsoft (Azure Entra ID), and ClassLink
• Comprehensive audit logging of all data access, export, and deletion events
• Daily and weekly automated backups with 7-day point-in-time recovery
• Infrastructure hosted on GCP (SOC 2 Type II, ISO 27001, FedRAMP certified)
• 72-hour breach notification to affected schools

7. Cookies and Tracking Technologies

Our marketing website uses Google Analytics (GA4) to understand how visitors use our site. This collects anonymized data such as page views, session duration, and referral sources. Google Analytics uses cookies to distinguish unique users.

The Story Bridge platform (the application used by school staff) does not use advertising cookies or third-party tracking. Authentication cookies are used solely for session management.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Data Retention

• Student data: Retained for the duration of the school’s active subscription. Deleted within 30 days of subscription termination. Individual student records can be deleted immediately by Authorized Users.
• Platform user accounts: Retained for the duration of the school’s subscription. Deactivated upon school request.
• Website form submissions: Retained for up to 2 years for business development purposes, or until you request deletion.
• Audit logs: Retained for 1 year, then permanently deleted.
• Encrypted backups: Automatically purged after 98 days.

9. Your Rights

Website Visitors

You may request access to, correction of, or deletion of any personal information you have provided to us through our website forms by contacting us at the address below.

Parents and Guardians

Under FERPA and COPPA, parents have the right to review, request amendment of, and request deletion of their child’s education records. To exercise these rights, contact your child’s school counselor or administrator, who can access these functions directly in the Story Bridge platform.

School Administrators

Administrators can export student data, delete individual student records, and request organization-wide data deletion at any time through the platform’s built-in tools or by contacting us directly.

10. Children’s Privacy

Story Bridge does not knowingly collect personal information directly from children under 13 (or under 16 in certain jurisdictions). All student data is entered by adult Authorized Users acting within the school context. Students interact with the platform only through a supervised kiosk mode where no personal information is collected from the child.

If we learn that we have inadvertently collected personal information directly from a child without proper consent, we will delete that information promptly. If you believe we have collected such information, please contact us immediately.

11. Student Data Privacy Agreement (DPA)

We are prepared to execute a Student Data Privacy Agreement (DPA) with school districts. Our DPA covers data ownership (the school owns all student data), permitted uses, security requirements, breach notification, data return/destruction upon termination, and compliance with applicable state laws. Contact privacy@thestorybridge.app to request a DPA.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify contracting schools of material changes at least 30 days before they take effect. The “Last updated” date at the top of this page indicates the most recent revision. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: