Legal.
Effective date: June 11, 2026
Accord IEP, LLC ("Accord," "we," "us") provides a special education management platform that helps Texas school districts create, manage, and track Individualized Education Programs (IEPs). This policy explains what information we collect, how we use it, and the rights you have.
It applies to:
A plain-language summary first: student data in Accord belongs to the school district, is used only to deliver special education services, is never sold, and is never used for advertising. The rest of this policy is detail on that promise.
Where a signed agreement between Accord and a school district — such as a student data privacy agreement (DPA) — differs from this policy, the signed agreement controls for that district's data.
From districts and their staff: names, work email addresses, roles, and campus assignments. We need this to give the right people the right access.
About students: the information a district puts into an IEP and its supporting records — name, student ID, date of birth, disability category, evaluations, goals, accommodations, service schedules, service delivery logs, and progress data. We collect this because it is the service: districts use Accord to manage these records.
From parents and guardians: if your district enables the parent portal, your name, email address, and your activity in the portal (such as documents viewed or signed).
From website visitors: if you submit our contact form, the name, email, and message you provide. Our website does not use advertising trackers.
We practice data minimization: we collect only what is needed to deliver the educational service, and we do not ask districts to provide more than the platform needs to function.
We use the information described above for exactly one purpose: delivering the special education management service that districts contract us to provide. That includes operating the platform, generating the documents and reports districts request, surfacing compliance deadlines, and providing technical support.
We do not:
We share data only with service providers ("subprocessors") that we use to run the platform, and only to the extent needed for them to do their job. Each is bound by contract to protect the data and use it only on our instructions.
| Subprocessor | What they do | Student data exposure |
|---|---|---|
| Amazon Web Services (AWS) | Cloud services: platform hosting and data storage, email delivery (SES), and sign-in/authentication (Cognito) | Stores platform data, encrypted; processes user names and email addresses |
| Anthropic | AI processing (see below) | Processes IEP document content sent to AI features |
| OpenAI | AI processing (see below) — alternate AI provider | Processes IEP document content sent to AI features |
| AI processing (see below) — translation of platform content | Processes content sent for translation, which may include IEP document content |
Our public website at accordiep.com is served through Cloudflare, and contact-form submissions are delivered to our team via Slack. These services handle website-visitor information only — never student data.
How we use AI. Accord uses artificial intelligence to assist educators: when a district uploads an existing IEP document, AI extracts and organizes its content so educators can work with it in the platform. When platform content is processed by an AI provider, that provider is contractually prohibited from using it to train their models. AI output is always reviewed by the educators responsible for the student's program; AI does not make educational decisions about students. As we add AI features, we will update this section before they launch.
We do not share student information with anyone else — no data brokers, no advertisers, no analytics companies. If a court order or law requires disclosure, we will notify the district before complying unless legally barred from doing so.
We will update this subprocessor list whenever it changes and notify districts of additions as required by our agreements with them.
A district-facing security overview with more technical detail is available on request at [email protected].
The district owns its data and controls its lifecycle. We retain student data only as long as the district's contract directs. Deletion is triggered by:
Before deletion at contract end, districts may export their data in a standard format. Backups containing deleted data expire on a fixed schedule of no more than 30 additional days.
One exception, consistent with standard district data privacy agreements: data that has been fully de-identified — stripped of anything that could identify a student — may be retained to improve the service. De-identified data is no longer student data, and we never attempt to re-identify it.
Under FERPA, parents and eligible students have the right to inspect and review education records, request corrections, and consent to most disclosures. Under COPPA, parents of children under 13 have additional rights, including review and deletion of their child's information.
Because your school district — not Accord — is the controller of education records, the path to exercise these rights is through your district, which can direct us to act on any record we hold. If you contact us directly at [email protected], we will acknowledge your message within 10 business days and refer your request to your district, as our agreements with districts require — and we will act promptly on whatever the district directs.
If we confirm a breach affecting personal information, we will notify affected districts within 72 hours of confirmation, with what we know about the scope, the data involved, and the steps we are taking. We will cooperate fully with the district's own notification obligations to families under state and federal law.
Accord operates as a "school official" with a legitimate educational interest under FERPA's school official exception (20 U.S.C. §1232g(b)(1)(A); 34 CFR §99.31(a)(1)). That means we act under the district's direct control with respect to education records, use them only for the contracted purpose, and do not re-disclose them.
For students under 13, Accord relies on the COPPA school authorization exception: the district provides consent on behalf of parents for the collection of student personal information strictly for educational purposes. Consistent with the 2025–2026 COPPA amendments, we disclose our use of AI in Section 4, maintain a current subprocessor list, and apply written data retention limits.
Consistent with Texas Education Code §32.151 et seq. (the Texas Student Data Privacy Act), Accord:
Privacy questions, requests, or concerns:
If we make material changes, we will notify district administrators by email at least 30 days before the change takes effect and update the effective date above. Prior versions will be available on request.
If Accord is ever acquired by or merged into another company, the obligations in this policy and in our district agreements follow the data: the successor inherits them, and districts receive written notice within 60 days, with the right to terminate if they disapprove.