Privacy Policy
Last Updated: February 23, 2026
EMO Pulse™ is committed to protecting the privacy of students, families, educators, and all users of our platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and how we protect it.
Key Commitments: We never sell student data. We never use student data for advertising. We never share personally identifiable information with third parties for commercial purposes. Schools own their data.
1. Who We Are
EMO Pulse™ is a social-emotional wellness platform operated by EMO Pulse™ ("Company," "we," "us," or "our"), based in Charlotte, North Carolina. We provide emotional check-in tools, wellness resources, and analytics for K-12 schools, universities, and organizations.
2. Compliance Framework
EMO Pulse™ is designed to comply with the following federal and state privacy laws:
- FERPA (Family Educational Rights and Privacy Act) — We operate as a "school official" with a legitimate educational interest under FERPA, handling student education records on behalf of schools.
- COPPA (Children's Online Privacy Protection Act) — For users under 13, we require verifiable consent from a parent, guardian, or school acting as the parent's agent.
- State Student Privacy Laws — We align our practices with state-level student privacy requirements and are committed to signing Student Data Privacy Agreements (SDPAs) as required by individual states or districts.
3. Information We Collect
3.1 Information Provided by Schools
- Student names, grade levels, and classroom assignments
- Staff names, roles, and department information
- School and district identifiers
- Administrator contact information
3.2 Information Provided by Users
- Account credentials (email, password)
- Emotional check-in data (zone selection, intensity, optional notes)
- Journal entries and reflections
- Assessment responses (EMO Profile, THRONES™, Purpose Pulse)
- Wellness plan goals and progress
- Messages between parents and teachers
3.3 Information Collected Automatically
- Device type and browser information
- IP address (for security purposes only)
- Login timestamps and session activity
- Feature usage patterns (aggregated, not individual)
3.4 Information We Do NOT Collect
- Social Security numbers
- Financial information from students or families
- Biometric data
- Location tracking data
- Social media profiles or contacts
- Browsing history outside of EMO Pulse™
4. How We Use Information
| Purpose | Data Used | Legal Basis |
|---|
| Providing emotional check-in and wellness tools | Check-in data, journal entries | Contractual necessity / Legitimate educational interest |
| Generating dashboards and reports for administrators | Aggregated check-in data, trends | Legitimate educational interest |
| Delivering regulation tools and personalized support | Zone selection, intensity level | Contractual necessity |
| THRONES™ leadership program placement and tracking | Assessment responses, challenge submissions | Contractual necessity |
| Burnout detection and early warning alerts | Check-in patterns (aggregated) | Legitimate educational interest |
| Crisis protocol activation | High-intensity check-ins, keyword detection | Safety / Legitimate interest |
| MTSS/RTI compliance documentation | Intervention records, tier history | Legitimate educational interest |
| AI-powered insights and coaching | Anonymized/aggregated patterns | Contractual necessity |
| Platform security and abuse prevention | IP address, login activity | Legitimate interest |
5. Who We Share Information With
5.1 Within Your Organization
Data is shared according to role-based access controls configured by your school or organization:
- Teachers see only their assigned classroom's check-in data
- Counselors see their assigned caseload
- Administrators see building-wide aggregated data
- Guardians see only their linked child's information (age-appropriate)
- Students see only their own data
5.2 Third-Party Service Providers
We use a limited number of third-party services to operate the platform:
- Stripe — Payment processing (school billing only; no student data is shared with Stripe)
- OpenAI — AI-powered features (only anonymized, non-identifiable data is sent for processing)
- SendGrid — Transactional email delivery (password resets, notifications)
All third-party providers are contractually required to protect data and use it only for the purposes we specify.
5.3 We Never Share Data With
- Advertisers or ad networks
- Data brokers
- Social media platforms
- Any third party for commercial purposes
6. Student Data Protections
Student Privacy Pledge: We adhere to the principles of the Student Privacy Pledge. Student data is used only for educational purposes. Period.
- Student journal entries are private and encrypted individually
- Student check-in notes are visible only to the student and authorized staff
- We do not build advertising profiles on students
- We do not use student data to train AI models
- Student data is never retained after a school terminates their agreement (30-day export window, then permanent deletion)
7. Children Under 13 (COPPA)
For children under 13, we implement the following protections:
- Schools must provide COPPA consent, either as agents of parents or with direct parental consent
- We collect only the minimum information necessary for educational purposes
- Children under 13 cannot create accounts independently
- Content is age-gated by grade tier (elementary, middle, high)
- Parents/guardians can review their child's information, request corrections, or request deletion by contacting their school administrator
8. Data Security
We implement industry-standard security measures to protect your data:
- Encryption at rest: 256-bit AES encryption for stored data
- Encryption in transit: TLS 1.3 for all data transmission
- Access controls: Role-based permissions with principle of least privilege
- Authentication: Secure password hashing, session management, and rate limiting
- Audit logging: All data access and administrative actions are logged
- Incident response: We will notify affected schools within 72 hours of discovering a data breach
9. Data Retention
- Active accounts: Data is retained for the duration of the school's subscription
- After termination: Schools have 30 days to export their data. After 30 days, all data is permanently deleted
- Inactive student accounts: Student data associated with graduated or withdrawn students is handled per school policy and can be deleted upon request
- Backups: Encrypted backups are retained for up to 90 days for disaster recovery, then permanently destroyed
10. Your Rights
For Schools and Organizations
- Export all organizational data at any time
- Request deletion of all data
- Review and update user information
- Manage role-based access controls
- Request audit logs of data access
For Parents and Guardians
- Review your child's information through the Family Hub or by contacting the school
- Request corrections to inaccurate information
- Request deletion of your child's data (subject to school policy)
- Opt out of non-essential data collection
For Students (Age 18+)
- Access and download your personal data
- Request corrections or deletion
- Manage privacy settings within the app
11. AI Features and Data
EMO Pulse™ uses AI-powered features including the EMO Coach, Smart Journal Prompts, Early Warning Insights, and Classroom Insights. Our AI practices:
- AI features process only anonymized or aggregated data
- No personally identifiable student information is sent to AI providers
- We do not use student data to train external AI models
- AI-generated insights are supplementary tools, not diagnostic or clinical assessments
- Schools can opt out of AI features entirely
12. Crisis and Safety Data
When the "I Need Help Now" feature is activated or a high-intensity check-in triggers the crisis protocol:
- Designated school administrators and counselors are notified
- The user is connected to external crisis resources (988 Lifeline, Crisis Text Line)
- A record is created in the system for follow-up by authorized staff
- Crisis data is treated with the highest sensitivity and restricted access
13. Cookies and Tracking
EMO Pulse™ uses only essential cookies required for the Service to function (authentication tokens, session management). We do not use:
- Third-party tracking cookies
- Advertising pixels or beacons
- Analytics tools that track individual user behavior across sites
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify active subscribers of material changes at least 30 days before they take effect. The "Last Updated" date at the top of this page indicates the most recent revision.
15. Student Data Privacy Agreements (SDPAs)
We are prepared to sign Student Data Privacy Agreements as required by individual states or districts. If your district requires a specific SDPA or data privacy addendum, please contact us and we will work with your legal team to execute the appropriate agreement.
16. Contact Us
For privacy-related questions, data requests, or concerns:
If you believe your child's privacy rights have been violated, you may also file a complaint with the U.S. Department of Education: studentprivacy.ed.gov