BrailleBuddyby Lonia AI

Data Privacy Agreement

Data Privacy Agreement

For school districts evaluating BrailleBuddy for student use

Download PDF Questions? Contact admin@lonia.ai

Version 1.0 — April 2026

Disclaimer: This template is provided for informational purposes. Lonia AI recommends that both parties have the agreement reviewed by legal counsel before signing.

1. Parties

This Data Privacy Agreement ("Agreement" or "DPA") is entered into by and between:

Provider: Lonia AI ("Provider"), operator of BrailleBuddy at braillebuddy.lonia.ai and app.braillebuddy.lonia.ai

School/District: __________________________________________ ("School/District")

Effective Date: __________________________________________

2. Definitions

"Student Data" or "Student Records" means education records as defined under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99. This includes any information directly related to a student that is maintained by an educational agency or institution, or by a party acting for such agency or institution.

"Education Records" means records directly related to a student and maintained by an educational agency or institution or by a party acting for such agency or institution, as defined in FERPA (34 CFR § 99.3).

"Personally Identifiable Information" ("PII") means information that, alone or in combination, can be used to identify a specific student, including but not limited to: name, email address, student ID numbers, and other direct or indirect identifiers as defined in 34 CFR § 99.3.

"De-identified Data" means data from which all personally identifiable information has been removed, and for which there is a reasonable determination that a student's identity is not personally identifiable, whether through single or combined use of indirect identifiers.

"School Official" means a party to whom an educational agency or institution has outsourced institutional services or functions, under the FERPA exception at 34 CFR § 99.31(a)(1)(i)(B), provided the party (1) performs an institutional service or function for which the agency would otherwise use employees, (2) is under the direct control of the agency with respect to use and maintenance of education records, and (3) is subject to the requirements of 34 CFR § 99.33(a) governing re-disclosure.

3. Purpose & Scope

BrailleBuddy processes Student Data solely to provide bidirectional braille translation services to the School/District. Provider acts as a "School Official" under FERPA with a legitimate educational interest in accessing Student Data to deliver the contracted service.

Data processed

  • Student names and email addresses
  • Class associations and teacher assignments
  • Braille standard and device preferences
  • Assignment records and converted materials

Data NOT collected

  • Social Security numbers
  • Grades or test scores
  • Disciplinary records
  • Health information
  • Biometric data
  • Financial information

4. FERPA Compliance Obligations

Provider agrees to the following obligations under FERPA:

  • Provider will not use Student Data for any purpose other than providing the contracted braille translation service.
  • Provider will not disclose Student Data to any third party except as required to provide the service (see Section 8: Sub-Processors) or as required by law.
  • Provider maintains direct control over Student Data and does not sell, rent, or trade Student Data under any circumstances.
  • Provider will not use Student Data for advertising, marketing, profiling, or any commercial purpose unrelated to the contracted service.
  • Provider will cooperate with the School/District to allow parents and eligible students to inspect and review education records held by Provider, in accordance with FERPA requirements.

5. Data Security Measures

Provider implements the following technical and organizational security measures to protect Student Data:

  • Authentication: OAuth Single Sign-On only (Google, Microsoft). Provider stores zero passwords.
  • Encryption at rest: AES-256 encryption for all stored data.
  • Encryption in transit: TLS 1.3 for all data transmission.
  • Access controls: Role-based access with row-level security policies enforcing tenant isolation between organizations.
  • Audit logging: All access to Student Data is logged with timestamps and user identity.
  • Infrastructure: Hosted on SOC 2 Type II certified cloud infrastructure.
  • Braille translation: Performed client-side in the browser. Document content does not traverse Provider's servers during translation.
  • File storage: Private encrypted storage with signed URLs using short expiry. No public access to uploaded files.

6. Data Retention & Deletion

  • Converted materials: Retained for 365 days from date of last access, then automatically deleted.
  • Student records: Retained while the subscription is active. On termination, student PII is purged within 30 days.
  • Audit logs: Retained for 365 days for compliance documentation, then purged.
  • Original uploaded documents: Purged immediately after text extraction. Original files are not stored long-term.

Right to deletion

School/District may request deletion of all Student Data at any time by contacting admin@lonia.ai. Provider will complete deletion within 30 days and provide written confirmation.

On contract termination

All Student Data will be deleted within 30 days of contract termination. School/District may request a data export in standard formats before deletion.

7. Data Breach Notification

In the event of a confirmed data breach involving Student Data, Provider will:

  • Notify the School/District within 72 hours of discovering the breach.
  • Include in the notification: the nature of the breach, categories of data affected, approximate number of records affected, measures taken to address the breach, and recommended steps for the School/District.
  • Cooperate with the School/District in investigating and remediating the breach.

Provider maintains a documented incident response plan that is reviewed and updated annually.

8. Sub-Processors

Provider uses the following third-party services that may process Student Data:

Sub-processors used by BrailleBuddy and the data each processes
Sub-Processor Purpose Data Processed
Supabase (AWS infrastructure) Database hosting, authentication, file storage Account info, student records, converted materials
Google OAuth Authentication Email, name, profile photo
Stripe Payment processing Billing contact info (no student data)

Provider will notify School/District at least 30 days before adding new sub-processors that will process Student Data. All sub-processors are bound by data protection obligations equivalent to those in this Agreement.

9. Access & Amendment Rights

Parents, guardians, and eligible students may request access to education records held by Provider, through the School/District. Parents and guardians may request amendment of inaccurate records.

Provider will cooperate with the School/District to fulfill access and amendment requests within 30 days of receipt.

10. Data Minimization

Provider collects only the minimum data necessary to provide the braille translation service.

Student data elements collected

  • Name and email address
  • Class association
  • Braille standard preference (UEB Grade 1, UEB Grade 2, Nemeth)
  • Device preference (embosser model, display type)
  • Assignment history

Data NOT collected

  • Social Security numbers
  • Grades or test scores
  • Disciplinary records
  • Health information
  • Free/reduced lunch status
  • Disability status beyond what is necessary for braille format preferences

11. Accessibility

BrailleBuddy meets the following accessibility standards:

  • WCAG 2.2 Level AA compliance across all user-facing features
  • 7:1 contrast ratio for critical content, serving blind and low-vision users
  • Designed for screen reader use; NVDA (Windows), JAWS (Windows), and VoiceOver (macOS/iOS) testing in progress
  • Full keyboard navigation — every feature is accessible without a mouse
  • Section 508 compliant for federal accessibility requirements

12. Term & Termination

This DPA remains in effect for the duration of the service agreement between Provider and School/District.

Either party may terminate this Agreement with 30 days written notice to the other party.

The following sections survive termination: Data Retention & Deletion (Section 6), Data Breach Notification (Section 7), and all confidentiality obligations.

13. Governing Law

State: __________________________________________

This Agreement shall be governed by the laws of the state identified above. Both parties agree to comply with all applicable federal laws, including FERPA (20 U.S.C. § 1232g), COPPA (15 U.S.C. §§ 6501-6506, where applicable), and applicable state student privacy laws.

14. Signatures

Provider — Lonia AI

Name: __________________________________________

Title: __________________________________________

Date: __________________________________________

Signature: __________________________________________

School/District

Name: __________________________________________

Title: __________________________________________

Organization: __________________________________________

Date: __________________________________________

Signature: __________________________________________

Contact

For questions about this Data Privacy Agreement, contact:

Email: admin@lonia.ai

Lonia AI