Privacy Policy

This Privacy Policy explains how NexGen Secure LLC ("NexGen Secure," "we," "our," or "us") collects, uses, protects, and discloses information through the NexGen Secure educational platform and website (the "Service").

NexGen Secure provides cybersecurity and digital awareness education for K-12 students, educators, schools, families, and adult learners. Protecting student privacy and maintaining trust with schools and families is a foundational principle of our platform.

By accessing or using the Service, you agree to the practices described in this Privacy Policy.

1. Our Commitment to Student Privacy

Our policies, platform architecture, and operational practices are built to align with applicable U.S. student privacy laws and expectations, including:

• Children's Online Privacy Protection Act (COPPA)
• Family Educational Rights and Privacy Act (FERPA)

When NexGen Secure is used in a school-managed educational setting, schools act as the parent's authorized agent under COPPA for providing consent on behalf of students.

2. Information We Collect

The information we collect depends on the type of user and how the Service is accessed.

2.1 Teachers, Schools, Administrators, Parents, and Adult Users

• Name
• Email address
• School, district, or organization (if applicable)
• Account credentials (passwords are hashed and never stored in plain text)
• Subscription and billing information (processed by Stripe; NexGen Secure does not store full payment card numbers)
• Information voluntarily provided through support, contact, or data request forms

2.2 Students (K-12)

Students may access the Service only through accounts created or authorized by a school, teacher, or parent/guardian.

• First and last name (as provided by the school or parent)
• Class, group, or course affiliation
• School or district name
• Educational activity data such as lesson progress, quiz attempts, badges, points, streaks, and course completion status

Students under the age of 13 cannot create accounts independently. Individual memberships require the account holder to be at least 13 years old. For children under 13, a parent or guardian must create the account on their behalf.

We intentionally minimize student data collection. NexGen Secure does not collect or require student email addresses, birthdates, phone numbers, home addresses, photographs, precise geolocation data, social media profiles, or Social Security numbers.

2.3 Automatically Collected Technical Information

To operate and secure the platform, we automatically collect limited technical information, including:

• Device and browser type
• Network-level IP address (see Section 2.4 below)
• Server log and error data
• General usage and interaction metrics (pages visited, features used)

This information is used solely to maintain platform functionality, performance, and security. It is not used for advertising, behavioral profiling, or tracking individual students.

2.4 IP Address Handling

When the Service is accessed through a school network, the IP addresses collected are typically school network subnet addresses (shared institutional IPs) rather than individual student IP addresses, as students access the platform through school VPNs, firewalls, and single sign-on (SSO) systems. These network-level IP addresses are:

• Used exclusively for platform security, fraud prevention, and abuse detection
• Logged in server security audit logs only (not stored in student profile records)
• Classified under COPPA's "support for internal operations" exception for persistent identifiers
• Not used to identify, contact, or track individual students
• Not shared with third parties for any purpose

This approach is consistent with industry-standard practices used by other K-12 educational SaaS platforms.

2.5 Payment Information

Payments are processed by Stripe, a PCI-DSS compliant payment processor. NexGen Secure does not store, process, or have access to full payment card numbers or sensitive financial details. Stripe's privacy practices are governed by Stripe's Privacy Policy.

3. How We Use Information

We use collected information only for legitimate educational and operational purposes, including:

• Providing and maintaining the Service
• Delivering educational content to students
• Allowing teachers and administrators to view class progress
• Managing user authentication and platform security
• Processing subscriptions and payments
• Responding to support requests
• Preventing misuse, fraud, or security incidents
• Improving platform functionality and educational content
• Meeting legal and regulatory obligations

NexGen Secure does not use student information for advertising, behavioral profiling, or commercial purposes unrelated to education.

4. How We Share Information

NexGen Secure does not sell personal information.

4.1 Service Providers

We may share limited information with vetted service providers that support platform operations, such as:

• Cloud hosting and infrastructure providers
• Authentication and database services
• Email delivery providers
• Payment processors
• Limited analytics used to monitor platform performance and reliability

These providers are contractually restricted to using data only for services provided to NexGen Secure and must follow appropriate security and confidentiality obligations.

NexGen Secure does not use third-party advertising trackers, behavioral advertising cookies, or cross-site tracking technologies on student accounts.

4.2 Schools and Educators

When students use the Service through a school-managed account, authorized educators and administrators may access student progress and activity data for educational purposes.

4.3 Legal Requirements

Information may be disclosed when required to comply with applicable laws, legal processes, or to protect the rights, safety, and security of users or NexGen Secure.

4.4 Business Transfers

In the event of a merger, acquisition, or similar transaction, information may be transferred to a successor entity under the same privacy commitments.

5. Children Under 13 (COPPA Compliance)

NexGen Secure is committed to complying with the Children's Online Privacy Protection Act (COPPA). The following practices apply to children under the age of 13:

• Children under 13 may only use the Service with school or parental/guardian authorization
• Individual memberships require account holders to be at least 13 years old; for children under 13, a parent or guardian must create and manage the account on the child's behalf
• We use a neutral age-screening mechanism on individual membership signups to prevent unauthorized access by children under 13
• We collect only the minimum information necessary to provide educational services (first name, last name, class affiliation, and educational progress data)
• We do not collect email addresses, birthdates, phone numbers, home addresses, photographs, or social media information from students
• We do not use student data for targeted advertising, behavioral profiling, or any commercial purpose unrelated to education
• Network-level IP addresses (typically school subnet addresses) are used solely for security under the "support for internal operations" exception and are not stored in student profile records
• When the Service is used in a school setting, the school acts as the parent's authorized agent for providing consent under COPPA

5.1 Parental Rights Under COPPA

Parents and legal guardians of children under 13 have the right to:

• Review the personal information collected about their child
• Request a copy of their child's data in a portable format
• Request deletion of their child's personal information
• Request corrections to inaccurate information
• Refuse further collection of their child's information (which may result in the child's account being deactivated)

To exercise these rights, parents and guardians may:

• Submit a request through our Parent/Guardian Data Request Form
• Email us directly at nexgensecure.us@gmail.com with "Data Request" in the subject line

We will respond to all verified requests within 30 days. We may require identity verification before processing a request to protect your child's privacy.

6. FERPA Considerations for Schools

When providing services to schools, NexGen Secure acts as a "school official" with legitimate educational interests under the Family Educational Rights and Privacy Act (FERPA).

• Student data is processed solely for educational purposes as directed by the school
• Schools retain control over student education records at all times
• Student data is not disclosed to any third party except as directed by the school, as described in this policy, or as required by law
• Schools may request access, export, or deletion of student data at any time
• Upon contract termination or school request, student data is deleted within 30 days, subject to legal retention requirements and backup cycles

7. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including:

• Encrypted data transmission (HTTPS/TLS)
• Role-based access controls
• Authentication protections
• System monitoring and logging
• Vendor security assessments

No system can be guaranteed to be completely secure, but we take appropriate measures consistent with industry standards.

8. Data Retention

We retain personal information only as long as necessary to provide the Service, meet legal obligations, and support educational needs.

• School-managed student accounts: Student data is retained only for the duration of the school's active use of the Service. Upon school request or contract termination, student data is deleted within 30 days, subject to legal retention requirements and backup cycles.
• Individual and family accounts: Account data is retained for the duration of the active subscription. After subscription expiration or account deletion, personal data is deleted within 30 days.
• Security logs: Server security logs (which may include network-level IP addresses) are retained for up to 90 days for security and fraud prevention purposes, then automatically purged.
• Payment records: Transaction records may be retained as required by applicable tax and financial regulations.

9. User Rights

Schools, parents, guardians, and adult users may exercise the following rights:

• Access: Request to review what personal information we hold
• Correction: Request corrections to inaccurate information
• Deletion: Request permanent deletion of personal information
• Export: Request a copy of data in a portable format
• Opt-out: Manage cookies through browser settings
• Withdraw consent: Revoke authorization for data collection (which may result in account deactivation)

To exercise these rights:

• Parents/guardians may use our Parent/Guardian Data Request Form
• Schools may contact us at nexgensecure.us@gmail.com
• All users may email nexgensecure.us@gmail.com with "Data Request" in the subject line

We will respond to all verified requests within 30 days.

10. Third-Party Links

The Service may contain links to third-party websites. NexGen Secure is not responsible for the privacy practices of external sites.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes affecting schools will be communicated with reasonable notice.

12. Student Data Ownership

Student data remains the property of the school or authorized educational institution. NexGen Secure acts solely as a data processor and does not claim ownership of student records.

13. Operator Contact Information

For questions, concerns, or requests regarding this Privacy Policy, your data, or our privacy practices, please contact the operator of the Service: