Privacy policy

Effective Date: January 4, 2026 Last Updated: February 2026

www.truemadeai.com · support@truemadeai.com

TrueMadeAI builds AI governance and control software for schools, families, and individuals. This policy covers all TrueMadeAI products:

  • Tenet — AI governance for K-12 schools and districts

  • SafeAI — AI controls for families

  • Tivity — Focus and productivity controls for individuals

This policy describes what data each product collects, how it is handled, and the rights of users and organizations. Where practices differ by product, those differences are called out explicitly.

Our Privacy Commitment

Core principle: TrueMadeAI does not sell personal information. We do not use advertising trackers. We do not train AI models on student data or user content.

TrueMadeAI products are built privacy-first by design. Where technically possible, policy enforcement and content analysis happen locally on the user's device. We minimize centralized data collection and avoid storing sensitive content we do not need to hold.

Chrome Extension Data Practices (Tenet)

Tenet is distributed as a Google Chrome extension. The following describes precisely how the extension handles data, because Chrome Web Store policy and school district procurement require explicit disclosure.

What runs on-device (never transmitted to TrueMadeAI)

  • Student message content typed into AI platforms (ChatGPT, Claude, Gemini, Grok, Copilot, Perplexity, Meta AI, MagicSchool, and others)

  • File contents scanned for PII before upload — DOCX, PPTX, XLSX, and plain text files are scanned and redacted locally; the original or redacted file stays on device

  • ML classifier analysis — jailbreak detection, content filtering, and PII context classification run entirely using on-device logistic regression models. No message content is sent to TrueMadeAI servers for classification.

  • Bloom filter keyword matching — blocked keyword checks run against a locally-stored filter. Keyword lists never leave the device.

  • AI platform detection — the extension monitors web pages across all domains to detect AI chatbot interfaces per district policy. This browsing activity is not transmitted to TrueMadeAI.

  • Analytics events — violation counts and session data are stored locally in chrome.storage.local and are only accessible to the district administrator through the admin dashboard. TrueMadeAI does not receive raw analytics events.

What is transmitted externally

  • Policy configuration sync — district rules, teacher classroom settings, and roster data are synced with the district's Google Sheets backend via Google Apps Script. This data is controlled by the district, stored in the district's own Google account, and is not stored on TrueMadeAI servers.

  • Account email address — used to identify the user role (student, teacher, administrator) and retrieve the correct policy configuration. Stored in chrome.storage.sync.

  • Support communications — if you contact support@truemadeai.com, we receive the content of that communication.

Why the extension accesses all websites

Tenet's heuristic content script runs on all URLs at document_idle to detect AI chatbot interfaces on arbitrary websites. New AI tools launch constantly; a static domain blocklist would immediately fall behind. The heuristic detector identifies AI interfaces using local DOM analysis and applies district blocking policy. This runs entirely locally and does not transmit browsing data to TrueMadeAI. Specific known AI platforms are listed explicitly in host_permissions for deeper integration including fetch interception and system prompt injection.

What We Collect

1. Policy Data

We store policy configurations needed to provide the service:

  • District baseline AI rules and platform permissions (Tenet)

  • Classroom rules, AI system prompts, and schedules set by teachers (Tenet)

  • Student roster data managed by district administrators (Tenet) — stored in the district's Google Sheets, not on TrueMadeAI servers

  • Family rules and preferences (SafeAI)

  • Individual focus settings (Tivity)

Policy data may be stored locally on-device or in a district-controlled hosted environment depending on the deployment model.

2. Account and Operational Data

  • Email address for account identification and role resolution

  • Support communications you send to us

  • District contract and licensing information

We do not collect billing or payment card data directly. If a payment is ever processed, it is handled by a third-party processor and TrueMadeAI does not store card details.

3. AI Content (Prompts and Transcripts)

By default, TrueMadeAI does not collect or store AI conversation content.

Some districts may request optional logging for compliance, auditing, or incident response. If enabled, the district controls what is logged, where it is stored, retention periods, and who can access it. TrueMadeAI will clearly disclose these details before enabling any optional logging for a deployment.

What We Do Not Collect

  • AI conversation content (by default)

  • Student message content or file contents — these are processed locally and never transmitted to TrueMadeAI

  • Browsing history or full page content from non-AI websites

  • Screen recordings or keystrokes

  • Advertising identifiers or tracking cookies

  • Biometric data

  • Precise geolocation

FERPA Compliance (Student Education Records)

Tenet is designed to support district compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g.

  • When a school district deploys Tenet, TrueMadeAI acts as a "school official" under FERPA, accessing student education records only to perform services the district has contracted for.

  • TrueMadeAI does not disclose student education records to third parties without district authorization, except as required by law.

  • Because student message content and file contents are processed on-device and not transmitted to TrueMadeAI, the primary data handling risk associated with AI tool usage is mitigated at the architectural level.

  • Districts retain full control of their data. Roster data, class configurations, and any optional logs are stored in district-controlled systems (Google Sheets under the district's Google Workspace account).

  • Districts may request a Data Processing Agreement (DPA) or FERPA-specific addendum. Contact support@truemadeai.com.

COPPA Compliance (Children Under 13)

Tenet may be used by students under 13 years of age in K-12 school deployments. TrueMadeAI complies with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, as follows:

  • Tenet is deployed at the school and district level. The school or district acts as the operator obtaining any necessary parental consent under COPPA on behalf of TrueMadeAI, consistent with the school exception under 16 C.F.R. § 312.5(b)(1).

  • TrueMadeAI does not knowingly collect personal information from children under 13 directly. The extension identifies users by role via district-managed email addresses.

  • Student message content and file contents analyzed by the extension are processed locally on the device and are not collected by TrueMadeAI.

  • If TrueMadeAI becomes aware that personal information has been collected from a child under 13 outside the school deployment context, we will delete it promptly. Contact support@truemadeai.com.

How Each Product Handles Data

Tenet (Schools and Districts)

Tenet enforces district AI policy on managed devices through a Chrome extension. Data handling depends on deployment configuration:

  • Device-only enforcement: Policy enforced locally with no centralized logging. Rules sync from the district's Google Sheets. Student interactions are not stored.

  • Hosted admin configuration: Rules managed through the Tenet admin dashboard, stored in the district's Google Sheets backend.

  • Optional organizational logging: If enabled by the district, violation events may be exported to district systems. TrueMadeAI does not receive or store these logs.

The district controls deployment scope, device coverage, user access permissions, and administrative visibility. TrueMadeAI does not access district data without district authorization.

SafeAI (Families)

SafeAI runs locally on a family-managed device. It does not collect or store AI conversation content. Rules and usage indicators are stored locally to power the parent dashboard. If account features are used, an email address is collected for authentication.

Tivity (Individuals)

Tivity is a personal productivity tool. It stores user settings and focus preferences locally. Account data may be collected if a paid plan is enabled.

Third-Party Services

TrueMadeAI may use the following categories of service providers:

  • Hosting providers — only where a product includes a hosted console or admin dashboard

  • Support email tooling — to manage support communications

  • Payment processing — if applicable; TrueMadeAI does not store payment card details

We do not use third-party advertising trackers in any TrueMadeAI product. Service providers only receive the minimum information needed to perform their function.

For Tenet specifically: district policy data is stored in the district's own Google Sheets account via Google Apps Script. TrueMadeAI does not control or own that storage. Google's privacy practices for Google Workspace for Education apply to that data.

Data Security

TrueMadeAI products are designed to minimize sensitive data collection at the architecture level. Key security properties of Tenet:

  • On-device ML — content classification never requires transmitting message content to external servers

  • On-device file DLP — file scanning and redaction occur in the browser; file contents are not uploaded to TrueMadeAI

  • District-controlled storage — roster and rule data lives in the district's Google account, not in TrueMadeAI-operated databases

  • Local analytics — usage events are stored in chrome.storage.local, accessible only through the admin dashboard by authorized district personnel

Where hosted services exist, we apply security controls appropriate to the deployment. Security documentation is available to districts during procurement. Contact support@truemadeai.com for a security overview.

Your Rights and Controls

Districts and Organizations

  • Control which devices and users Tenet applies to

  • Configure, update, or remove rules and policies at any time

  • Control data retention settings for any optional logging

  • Request deletion of district data from TrueMadeAI systems by contacting support@truemadeai.com

  • Request a Data Processing Agreement (DPA) or FERPA addendum

Families and Individuals

  • Reset local settings or uninstall the extension to remove locally stored data

  • Contact support@truemadeai.com to request deletion of any account or support data we hold

State Privacy Rights

Depending on your state, you may have additional rights including the right to access, correct, or delete personal information. To exercise these rights, contact support@truemadeai.com. We will respond within the timeframe required by applicable law.

Changes to This Policy

We will update this policy if our practices change and revise the Last Updated date at the top. If changes are significant, we will provide reasonable advance notice to districts and active users.

Contact Us

Email: support@truemadeai.com Website: https://www.truemadeai.com Phone: 773-766-5694

TL;DR

  • Privacy-first by design — AI content analysis runs on your device, not our servers

  • We do not sell personal information or use advertising trackers

  • Student message content and file contents are never transmitted to TrueMadeAI

  • Districts control their own data — roster and rule data lives in the district's Google account

  • FERPA and COPPA compliant — districts act as operator for student data

  • Optional logging is district-controlled and opt-in only

  • Contact support@truemadeai.com for a DPA, FERPA addendum, or security documentation