1. Introduction

Sunrise Classroom Inc.(“Sunrise,” “Company,” “we,” or “our”) is committed to protecting the privacy and security of educator and student information.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard information when you use our platform and related services (“Services”).

2. Scope and User Categories

This Privacy Policy applies to two categories of users:

A. Institutional Users

Educators, administrators, mentors, and other personnel accessing Sunrise pursuant to a written agreement between Sunrise and a school district, university, or other educational institution (“Partner”).

B. Individual Users

Educators or other users who independently subscribe to Sunrise outside of a written institutional agreement.

Data processing obligations may differ depending on whether Services are provided under a written institutional agreement.

3. Role of Sunrise (Institutional vs. Individual Use)

Institutional Use

When Sunrise provides Services under a written agreement with a Partner, Sunrise acts as a Data Processor and service provider. Sunrise may qualify as a “School Official” under the Family Educational Rights and Privacy Act (FERPA) only when designated by and operating under the direct control of the Partner pursuant to that agreement.

Individual Use

When Sunrise is accessed independently by Individual Users, Sunrise acts as a service provider directly to the user. Sunrise does not automatically operate as a FERPA “School Official” unless formally designated under a written institutional agreement.

Individual Users are responsible for ensuring that their use of the Services complies with applicable district policies, employment obligations, and student privacy laws.

4. Information We Collect

We may collect the following categories of information:

• Account Information (name, email address, login credentials)
• Instructional Content (lesson plans, curriculum materials, uploaded resources)
• Student Information (only as authorized under an institutional agreement or voluntarily uploaded by a user)
• Technical Information (device type, browser, IP address, usage logs)

Sunrise does not require Social Security numbers, biometric data, health records, or precise geolocation data.

5. How We Use Information

We use information to:

• Provide instructional feedback and coaching features
• Operate, maintain, and improve the Services
• Provide customer support
• Maintain system security and integrity
• Comply with legal and contractual obligations

Sunrise does not sell personal information and does not use student data for advertising or targeted marketing purposes.

6. Artificial Intelligence Processing

Sunrise uses artificial intelligence features to provide instructional feedback.

Sunrise does not use Institutional Data to train foundation or general-purpose artificial intelligence models and requires its AI subprocessors to implement contractual restrictions consistent with this commitment.

Data shared with AI subprocessors is limited to the minimum necessary to provide the Services. AI outputs are advisory only and do not automate student decisions. Sunrise does not engage in commercial student profiling.

7. Subprocessors

Sunrise may engage subprocessors only as necessary to provide the Services.

Subprocessors are contractually required to implement data protection obligations consistent with Sunrise's commitments. Sunrise remains responsible for subprocessor compliance.

A current list of subprocessors is available upon request.

8. Data Retention and Deletion

We retain data only as long as necessary to provide the Services or as required by law.

Upon termination of Services:

• Institutional data may be returned upon written request.
• Data will be deleted within thirty (30) days, subject to backup lifecycle procedures.
• Backup data will be purged in accordance with standard retention schedules.
• Written deletion certification is available upon request for institutional partners.

9. Data Security

Sunrise implements administrative, technical, and organizational safeguards designed to protect personal information, including:

• Encryption in transit (TLS 1.2/1.3)
• Encryption at rest (AES-256)
• Role-based access controls
• Multi-factor authentication for administrative access
• Logging and monitoring systems
• Documented incident response procedures

Additional details are provided in our Security Statement.

10. Breach Notification

For Institutional Users, breach notification obligations are governed by the applicable written agreement and Data Protection Agreement.

For Individual Users, Sunrise will provide notice consistent with applicable data breach notification laws.

11. Legal Compliance

Sunrise is committed to compliance with applicable privacy and education laws, including:

• FERPA (where designated by written agreement)
• COPPA (where applicable)
• SOPIPA
• California Education Code §49073
• AB 1584
• CCPA/CPRA (as applicable)

12. Individual User Responsibility

Individual Users are responsible for ensuring that any student information uploaded to the Services complies with district policies and applicable privacy laws.

Sunrise does not assume institutional compliance obligations unless formally designated under a written agreement.

13. Changes to This Policy

Sunrise may update this Privacy Policy to reflect changes in law, technology, or operational practices.

Material changes affecting Institutional Users will be handled in accordance with applicable contractual obligations.