HomeBasedEdu

Privacy Policy

⚑ Working draft — not legally reviewed

Generated from how the app actually handles data, as a starting point. This is not legal advice and is not final. Anything shown as [confirm: like this] needs owner confirmation, and the whole document must be reviewed against a proper template or by a lawyer before it governs any paid signup.

Effective date: [confirm: set on finalization]

Who we are

HomeBasedEdu helps homeschooling families in Pennsylvania and New York keep the records their state requires and generate the documents they file. This policy explains what we collect, why, and how it is protected. The service is operated by [confirm: legal entity name and address] and you can reach us about privacy at [confirm: privacy@homebasededu.com].

What we collect

We collect only what the service needs to keep your records and produce your filings:

  • Account details: your email address (used for magic-link sign-in), your home state, and your subscription status and plan.
  • Filing profile: the household and supervisor details your filings require — supervisor name and relationship, mailing address, phone number, and your school district and recipient details.
  • Your children’s information, entered by you: each child’s name, birthdate, grade level, and the date you began homeschooling them.
  • Records you log: instruction logs (dates, hours, subjects, notes), course lists, reading lists, and work samples — including any files you upload.
  • Filing inputs: the content of the documents you prepare — for example NY IHIP plans and quarterly reports, and PA affidavit details, evaluations, and assessment results. Depending on your state and choices this can include immunization or health-service status (and any records you attach) and attestations you make.
  • Documents we generate: the PDFs produced from your data, stored so you can download them again.
  • Payment information: if you subscribe, we store your payment processor’s customer identifier and your subscription status. We do not collect or store your card number — payments are handled entirely by Stripe.

We do not store account passwords (sign-in is by one-time email link), and we do not use third-party advertising or analytics trackers.

Children’s information

HomeBasedEdu is a tool for parents and guardians. Information about children is entered by the adult account holder for the purpose of homeschool recordkeeping and compliance — the service is not directed to children and children do not create accounts or use it directly. [confirm: confirm our COPPA/children’s-data position and any parental attestation with counsel].

How we use your information

  • To build your compliance checklist and compute deadlines.
  • To generate the documents you choose to create.
  • To send you sign-in links and, on paid plans, deadline reminder emails.
  • To process your subscription and provide support.

We do not sell your or your children’s information, and we do not use it for advertising. [confirm: confirm this as a binding commitment]

Who processes your data (service providers)

We rely on a small number of vetted providers to run the service. They process data only to provide their service to us:

  • Supabase — database, authentication, and file storage (holds your account, records, filing inputs, and uploaded files).
  • Stripe — payment processing (receives your email and handles your card details directly; we never see them).
  • Resend — email delivery (receives your email address and the content of reminder messages).
  • Vercel — application hosting.

[confirm: confirm data-processing agreements (DPAs) are in place with each provider, and add any others you adopt]

How we protect your data

  • Every family’s data is isolated at the database level (row-level security), so one account cannot read another’s records.
  • Uploaded files and generated documents live in private storage and are served only through short-lived download links that expire after about an hour.
  • Sign-in uses one-time email links — there are no passwords for us to store or leak.
  • Administrative keys are used only on our servers and are never exposed to the browser.
  • Data is encrypted in transit. [confirm: confirm encryption-at-rest details with Supabase]

Cookies

We use only the essential cookies needed to keep you signed in. We do not use advertising or analytics cookies. [confirm: confirm whether a cookie notice/banner is required for your audience]

Keeping and deleting your data

We keep your information while your account is active. Deleting a child or a record removes its associated data, and you can ask us to delete your account. [confirm: confirm the retention period after deletion, backup handling, and how users request access, export, or deletion]

Changes to this policy

If we make material changes we will update this page and the effective date above. [confirm: confirm how users are notified of changes]

Contact

Questions about your privacy? Contact us at [confirm: privacy@homebasededu.com]. See also our Terms of Service.