Privacy policy

Effective Date: January 4, 2026 Last Updated: March 2026

www.truemadeai.com · support@truemadeai.com

TrueMadeAI builds AI governance and control software for schools, families, and individuals. This policy covers all TrueMadeAI products:

- **Tenet** — AI governance for K-12 schools and districts
- **SafeAI** — AI controls for families
- **Tivity** — Focus and productivity controls for individuals

This policy describes what data each product collects, how it is handled, and the rights of users and organizations. Where practices differ by product, those differences are called out explicitly

## Our Privacy Commitment

**Core principle:** TrueMadeAI does not sell personal information. We do not use advertising trackers. We do not train AI models on student data or user content.

TrueMadeAI products are built privacy-first by design. Where technically possible, policy enforcement and content analysis happen locally on the user's device. We minimize centralized data collection and avoid storing sensitive content we do not need to hold.

---

## Chrome Extension Data Practices (Tenet)

Tenet is distributed as a Google Chrome extension. The following describes precisely how the extension handles data, because Chrome Web Store policy and school district procurement require explicit disclosure.

### What runs on-device (never transmitted to TrueMadeAI)

- **Student message content** typed into AI platforms (ChatGPT, Claude, Gemini, Grok, Copilot, Perplexity, Meta AI, MagicSchool, and others)
- **File contents** scanned for PII before upload — DOCX, PPTX, XLSX, and plain text files are scanned and redacted locally; the original or redacted file stays on device
- **ML classifier analysis** — jailbreak detection, content filtering, and PII context classification run entirely using on-device logistic regression models. No message content is sent to TrueMadeAI servers for classification.
- **Bloom filter keyword matching** — blocked keyword checks run against a locally-stored filter. Keyword lists never leave the device.
- **AI platform detection** — the extension monitors web pages across all domains to detect AI chatbot interfaces per district policy. This browsing activity is not transmitted to TrueMadeAI.

### What is stored on the TrueMadeAI backend

- **District and teacher policy configuration** — district rules, teacher classroom settings (including AI platform permissions, blocked sites, schedules, and system prompts), and class rosters are stored on the Tenet backend to enable policy sync across managed devices. This data includes teacher and student email addresses and class assignments. TrueMadeAI stores this data solely to operate the service and does not use it for any other purpose.
- **Account email address** — used to identify the user role (student, teacher, administrator) and retrieve the correct policy configuration. Also stored locally in chrome.storage.sync.

### What is stored by the district (not by TrueMadeAI)

- **Analytics events** — violation counts, notification events, and session data are stored locally in chrome.storage.local. If a district configures analytics export, events are sent to a district-owned analytics endpoint (such as the district's own S3 bucket or Google Cloud Storage). TrueMadeAI does not receive, store, or have access to analytics events — the district owns and controls this data entirely.

### What is transmitted externally

- **Policy sync** — the extension syncs policy configuration with the Tenet backend to retrieve current district rules, class settings, and roster data.
- **Support communications** — if you contact [support@truemadeai.com](mailto:support@truemadeai.com), we receive the content of that communication.

### Why the extension accesses all websites

Tenet's heuristic content script runs on all URLs at document_idle to detect AI chatbot interfaces on arbitrary websites. New AI tools launch constantly; a static domain blocklist would immediately fall behind. The heuristic detector identifies AI interfaces using local DOM analysis and applies district blocking policy. This runs entirely locally and does not transmit browsing data to TrueMadeAI. Specific known AI platforms are listed explicitly in host_permissions for deeper integration including fetch interception and system prompt injection.

---

## What We Collect

### 1. Policy Data

We store policy configurations needed to provide the service:

- District baseline AI rules and platform permissions (Tenet)
- Classroom rules, AI system prompts, and schedules set by teachers (Tenet)
- Student roster data managed by district administrators (Tenet) — stored on the Tenet backend
- Family rules and preferences (SafeAI)
- Individual focus settings (Tivity)

### 2. Account and Operational Data

- Email address for account identification and role resolution
- Support communications you send to us
- District contract and licensing information

We do not collect billing or payment card data directly. If a payment is ever processed, it is handled by a third-party processor and TrueMadeAI does not store card details.

### 3. AI Content (Prompts and Transcripts)

By default, TrueMadeAI does not collect or store AI conversation content.

Some districts may request optional logging for compliance, auditing, or incident response. If enabled, the district controls what is logged, where it is stored, retention periods, and who can access it. TrueMadeAI will clearly disclose these details before enabling any optional logging for a deployment.

---

## What We Do Not Collect

- AI conversation content (by default)
- Student message content or file contents — these are processed locally and never transmitted to TrueMadeAI
- Analytics events, violation notifications, or session data — these are district-owned
- Browsing history or full page content from non-AI websites
- Screen recordings or keystrokes
- Advertising identifiers or tracking cookies
- Biometric data
- Precise geolocation

---

## FERPA Compliance (Student Education Records)

Tenet is designed to support district compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g.

- When a school district deploys Tenet, TrueMadeAI acts as a "school official" under FERPA, accessing student education records only to perform services the district has contracted for.
- TrueMadeAI does not disclose student education records to third parties without district authorization, except as required by law.
- Because student message content and file contents are processed on-device and not transmitted to TrueMadeAI, the primary data handling risk associated with AI tool usage is mitigated at the architectural level.
- Districts retain full control of their analytics data. Analytics events are stored locally or exported to district-owned infrastructure — TrueMadeAI does not receive or store these events.
- Districts may request a Data Processing Agreement (DPA) or FERPA-specific addendum. Contact [support@truemadeai.com].

---

## COPPA Compliance (Children Under 13)

Tenet may be used by students under 13 years of age in K-12 school deployments. TrueMadeAI complies with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, as follows:

- Tenet is deployed at the school and district level. The school or district acts as the operator obtaining any necessary parental consent under COPPA on behalf of TrueMadeAI, consistent with the school exception under 16 C.F.R. § 312.5(b)(1).
- TrueMadeAI does not knowingly collect personal information from children under 13 directly. The extension identifies users by role via district-managed email addresses.
- Student message content and file contents analyzed by the extension are processed locally on the device and are not collected by TrueMadeAI.
- If TrueMadeAI becomes aware that personal information has been collected from a child under 13 outside the school deployment context, we will delete it promptly. Contact [support@truemadeai.com].

---

## How Each Product Handles Data

### Tenet (Schools and Districts)

Tenet enforces district AI policy on managed devices through a Chrome extension. Data handling depends on deployment configuration:

- **Device-only enforcement:** Policy enforced locally with no centralized logging. Rules sync from the Tenet backend. Student interactions are not stored.
- **Hosted admin configuration:** Rules managed through the Tenet admin dashboard, stored on the Tenet backend.
- **Optional analytics export:** If configured by the district, violation events may be exported to district-owned storage (S3, Google Cloud Storage, or similar). TrueMadeAI does not receive or store these events.

The district controls deployment scope, device coverage, user access permissions, and administrative visibility. TrueMadeAI does not access district analytics data.

### SafeAI (Families)

SafeAI runs locally on a family-managed device. It does not collect or store AI conversation content. Rules and usage indicators are stored locally to power the parent dashboard. If account features are used, an email address is collected for authentication.

### Tivity (Individuals)

Tivity is a personal productivity tool. It stores user settings and focus preferences locally. Account data may be collected if a paid plan is enabled.

---

## Third-Party Services

TrueMadeAI may use the following categories of service providers:

- **Hosting providers** — for the Tenet backend and admin dashboard
- **Support email tooling** — to manage support communications
- **Payment processing** — if applicable; TrueMadeAI does not store payment card details

We do not use third-party advertising trackers in any TrueMadeAI product. Service providers only receive the minimum information needed to perform their function.

For Tenet specifically: districts that configure analytics export control their own analytics storage. TrueMadeAI does not own or operate district analytics infrastructure.

---

## Data Security

TrueMadeAI products are designed to minimize sensitive data collection at the architecture level. Key security properties of Tenet:

- **On-device ML** — content classification never requires transmitting message content to external servers
- **On-device file DLP** — file scanning and redaction occur in the browser; file contents are not uploaded to TrueMadeAI
- **District-owned analytics** — violation events and notifications stay under district control; TrueMadeAI has no access
- **Local analytics storage** — usage events are stored in chrome.storage.local, accessible only through the admin dashboard by authorized district personnel

Where hosted services exist, we apply security controls appropriate to the deployment. Security documentation is available to districts during procurement. Contact [support@truemadeai.com]for a security overview.

---

## Your Rights and Controls

### Districts and Organizations

- Control which devices and users Tenet applies to
- Configure, update, or remove rules and policies at any time
- Control data retention settings for any optional analytics export
- Request deletion of district data from TrueMadeAI systems by contacting [support@truemadeai.com]
- Request a Data Processing Agreement (DPA) or FERPA addendum

### Families and Individuals

- Reset local settings or uninstall the extension to remove locally stored data
- Contact [support@truemadeai.com] to request deletion of any account or support data we hold

### State Privacy Rights

Depending on your state, you may have additional rights including the right to access, correct, or delete personal information. To exercise these rights, contact [support@truemadeai.com]. We will respond within the timeframe required by applicable law.

---

## Changes to This Policy

We will update this policy if our practices change and revise the Last Updated date at the top. If changes are significant, we will provide reasonable advance notice to districts and active users.

---

## Contact Us

- **Email:** [support@truemadeai.com]
- **Website:** [https://www.truemadeai.com]
- **Phone:** 773-766-5694

---

## TL;DR

- **Privacy-first by design** — AI content analysis runs on your device, not our servers
- We do not sell personal information or use advertising trackers
- Student message content and file contents are never transmitted to TrueMadeAI
- Analytics events are district-owned — TrueMadeAI does not receive or store them
- Policy and roster data is stored on the Tenet backend solely to operate the service
- FERPA and COPPA compliant — districts act as operator for student data
- Optional analytics export is district-controlled and district-owned
- Contact [support@truemadeai.com]for a DPA, FERPA addendum, or security documentation