Privacy Policy

1. Introduction

Bridge-it, Inc. ("Bridge-it," "we," "us," or "our") is committed to protecting the privacy of every user of our website and platform at https://bridge-it.ai (the "Platform"). Bridge-it is an AI-powered career readiness and guidance solution designed for middle and high school students, and used by educators, school counselors, parents, and school districts across the United States.

This Privacy Policy explains what personal information we collect, how we use and share it, and the rights available to you. Because Bridge-it serves students who may be minors, we apply heightened data-protection standards consistent with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable state student-privacy laws.

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform immediately.

2. Who This Policy Applies To

This Privacy Policy applies to:

• Students (middle and high school) who use Bridge-it directly or through their school or district
• Parents and legal guardians of student users
• Teachers, school counselors, and other educational staff
• School districts and institutions that contract with Bridge-it
• Any other visitor to https://bridge-it.ai

Where students are involved, the school or district acts as the educational agency responsible for authorizing access and managing student data in compliance with FERPA. Bridge-it operates as a "school official" or service provider under FERPA on behalf of those institutions.

3. Information We Collect

3.1 Information Provided Directly

When you register or use the Platform, we may collect:

• Full name, email address, and school/grade level
• Account credentials (username and hashed password)
• Onboarding responses: career interests, goals, strengths, and preferences
• Work-based learning logs, internship records, volunteer history, and other experience data entered by the student
• Messages or interactions with the AI co-pilot feature
• Contact information submitted via demo requests or the "Get in touch" form

3.2 Information Collected Automatically

When you visit the Platform, we automatically collect certain technical data, including:

• IP address and approximate geographic location (city/state level)
• Browser type, operating system, and device identifiers
• Pages visited, features used, time spent, and clickstream data
• Cookies, session tokens, and similar tracking technologies (see Section 7)

3.3 Information from Schools and Districts

Schools or districts may provide Bridge-it with roster data via our SIS/LMS integrations, including:

• Student name, grade, school, and district affiliation
• Enrolment status and course/pathway information
• Single Sign-On (SSO) identifiers

Such data is provided solely to enable the Platform's educational functions and is governed by the data-processing agreements entered with the school or district.

3.4 Information from Parents and Educators

Parents and educators may provide contact details and, where the school configuration permits, view summarized student progress data. Parent and educator accounts are set up under the governance of the school or district.

4. How We Use Information

Bridge-it uses the information we collect for the following purposes:

• Providing and personalizing the Platform, including AI-generated career pathway recommendations and goal-setting tools
• Allowing educators and counselors to monitor student engagement and offer timely support
• Enabling parents and guardians to view summarized student milestones (subject to school configuration and FERPA consent rules)
• Communicating account-related updates, technical notices, and support responses
• Improving Platform features through aggregated, de-identified analytics
• Complying with legal obligations and protecting the safety of students and others
• Responding to demo and contact requests from prospective school partners

We do NOT use student personal information for advertising, marketing to students or their families, or any purpose unrelated to providing the educational services contracted by schools and districts.

5. How We Share Information

5.1 With Schools and Districts

Student data is shared with the authorizing school or district as required to provide the Platform and comply with FERPA. Schools retain ownership of student education records.

5.2 With Service Providers

We engage third-party vendors who assist us in delivering the Platform (e.g., cloud hosting, analytics, security monitoring). These vendors process data only on our behalf under contractual data-protection obligations and are prohibited from using the data for their own purposes.

5.3 Legal and Safety Disclosures

We may disclose information if required by law, court order, or government regulation; to protect the rights, property, or safety of Bridge-it, our users, or the public; or to investigate suspected fraud or security incidents.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all assets, student data will remain subject to this Privacy Policy. We will notify affected schools and districts and, where required, obtain consent before transferring student data to a successor entity.

5.5 What We Never Do

• We never sell student personal information to any third party
• We never share student data with advertisers or marketing companies
• We never use student data to build advertising profiles
• We never disclose student data in ways that violate FERPA or applicable state law

6. Student Privacy — FERPA and COPPA

6.1 FERPA

Bridge-it complies with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. We act as a school official with a legitimate educational interest, processing student education records only as directed by and on behalf of the school or district. Schools and districts retain control over student records and may request access, correction, or deletion of data in accordance with FERPA procedures.

6.2 COPPA

Bridge-it does not knowingly collect personal information directly from children under the age of 13 without verifiable parental consent or school authorization as permitted under COPPA (15 U.S.C. § 6501 et seq.). Where students under 13 access the Platform, they do so through their school, which provides consent on behalf of parents as permitted by COPPA's school exception. Parents may review, request deletion of, or refuse further collection of their child's personal information by contacting their school or Bridge-it directly at the contact details in Section 11.

6.3 State Privacy Laws

Bridge-it complies with applicable state student data-privacy laws, including but not limited to the Student Online Personal Information Protection Act (SOPIPA) and analogous statutes in states where we operate. We enter into data-privacy agreements with school districts as required by applicable law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. Categories of cookies we use include:

• Strictly Necessary Cookies — required for authentication, session management, and security. These cannot be disabled without impairing Platform functionality.
• Functional Cookies — remember your preferences and settings to provide a consistent experience.
• Analytics Cookies — collect aggregated, de-identified usage data to help us understand how the Platform is used and improve its features. Student data is never shared with third-party analytics providers for commercial purposes.

We do not use advertising or behavioral tracking cookies. You may manage cookie preferences through your browser settings; note that disabling certain cookies may affect Platform functionality.

8. Data Security

Bridge-it implements industry-standard technical and organizational safeguards to protect your information, including:

• Encryption of all data in transit (TLS 1.2 or higher) and at rest (AES-256)
• Role-based access controls ensuring users access only data appropriate to their role (student, teacher, counselor, parent, administrator)
• Regular security assessments and penetration testing
• Incident response procedures aligned with applicable breach-notification laws

Despite these measures, no system is perfectly secure. In the event of a data breach affecting student data, we will notify the relevant school or district and comply with applicable state breach-notification timelines.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law:

• Active accounts: Data is retained for the duration of the school or district contract and for a reasonable period thereafter to allow for data export requests.
• Student data: Upon contract termination or written request from the school or district, student data is deleted or returned in a portable format within 60 days, except where retention is required by law.
• De-identified analytics: Aggregated, de-identified data may be retained indefinitely for research and product-improvement purposes.
• Visitor and contact data: Data collected from website visitors and demo requests is retained for up to 24 months unless you request deletion.

10. Your Rights and Choices

10.1 Student and Parent Rights (FERPA)

Parents and eligible students (18 or older) have the right to inspect and review education records held by Bridge-it, request correction of inaccurate records, and request deletion of records, subject to applicable legal requirements. These requests should be directed to the school or district in the first instance. Bridge-it will cooperate with schools and districts to fulfill such requests.

10.2 California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of personal information. Bridge-it does not sell or share personal information as defined under the CCPA. To exercise your rights, contact us at the details in Section 11.

10.3 Other Users

Non-student users (educators, parents with independent accounts, website visitors) may request access to, correction of, or deletion of their personal information by contacting us directly. We will respond within the timeframe required by applicable law.

10.4 Opt-Out of Communications

You may opt out of non-essential communications (e.g., newsletters, marketing emails) at any time by clicking "Unsubscribe" in any such email or by contacting us directly. Transactional and account-related communications cannot be opted out of while your account is active.

11. Contact Us

For questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

Schools and districts with questions about their data-processing agreements or student data should contact their assigned Bridge-it account representative or the above email address.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on https://bridge-it.ai with a revised effective date
• Notify registered users via email or in-Platform notification
• Where required by law or contract, notify school district partners in advance of material changes

Continued use of the Platform after the updated policy takes effect constitutes acceptance of the changes. We encourage you to review this policy periodically.

13. Governing Law

This Privacy Policy is governed by the laws of the United States and, to the extent applicable, the laws of the state in which the school or district contracting with Bridge-it is located. Any disputes shall be resolved in accordance with the dispute-resolution provisions of the applicable school or district agreement, or, for non-institutional users, in a court of competent jurisdiction.