PRACTICE PULSE PRIVACY POLICY

Effective Date: January 1, 2026
Last Updated: January 10, 2026

This Privacy Policy describes how Viddi Labs, LLC, a California limited liability company, doing business as Practice Pulse ("Provider," "we," "us," or "our"), collects, uses, discloses, and protects information when schools, teachers, and students use the Practice Pulse educational software platform (the "Platform").

SCOPE AND APPLICABILITY

School-Directed Educational Service

Practice Pulse is a school-directed educational technology service designed for use by K–12 schools, districts, teachers, and students pursuant to a written agreement with a school or district (each, a "School"). The Platform is not offered directly to the general public and is not intended for independent consumer use.

Relationship to Pilot Program Agreement and Data Privacy Agreement

If a School has entered into a Pilot Program Agreement or other written agreement with Provider that includes data privacy and data protection terms (a "Data Privacy Agreement" or "DPA"), that agreement governs the processing of Student Data and supersedes this Privacy Policy in the event of any conflict.

This Privacy Policy is provided solely for transparency and informational purposes. It does not create independent contractual obligations, third-party beneficiary rights, or direct consumer rights enforceable against Provider by students, parents, or guardians. All enforceable data protection obligations are governed exclusively by the applicable Pilot Program Agreement, Data Privacy Agreement, or other written agreement between Provider and the School.

DEFINITIONS

"Student Data" means information that is directly related to an identifiable student and is maintained by Provider on behalf of a School, including information that constitutes "education records" under the Family Educational Rights and Privacy Act ("FERPA").

"User Content" means content submitted to the Platform by users, including videos, reflections, text responses, practice submissions, and other educational materials.

"Personal Information" has the meaning set forth under applicable U.S. privacy laws, including the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").

"School" includes a school district, charter school, or other educational authority that has entered into a written agreement with Provider authorizing educational use of the Platform.

For avoidance of doubt, "Student Data" as used in this Privacy Policy has the same meaning as "Student Data" as used in any applicable Pilot Program Agreement or DPA.

INFORMATION WE COLLECT

Student Information

On behalf of Schools, Provider may process Student Data including, but not limited to:

• Student name or School-assigned identifier
• School-issued email address or login credentials
• Practice activity and engagement data
• Reflections or responses entered by students
• Video submissions related to teacher-assigned activities
• Technical metadata (e.g., device type, timestamps, IP address)

Provider collects and processes Student Data solely at the direction of and on behalf of the applicable School. Provider does not determine the purposes or means of processing Student Data except as necessary to provide and support the Platform in accordance with School instructions.

Teacher and School Information

Provider may collect information provided by teachers or School administrators, including:

• Account credentials
• Name and School contact information
• Assignment configuration and instructional feedback
• Communications with Provider

Information We Do Not Intentionally Collect

Provider does not intentionally collect:

• Sensitive personal characteristics unrelated to educational use
• Financial information of students
• Precise geolocation data or persistent location tracking

HOW INFORMATION IS USED

Provider processes Student Data exclusively on behalf of Schools and strictly for the school-authorized educational purposes stated below, and not for any independent commercial, consumer, or marketing purpose:

• Deliver, operate, and maintain the Platform
• Support teacher-created assignments and instructional feedback
• Facilitate student practice submissions and reflections
• Maintain and improve Platform functionality
• Provide technical and customer support
• Comply with applicable legal obligations

Provider does not:

• Sell or rent Student Data
• Use Student Data for targeted advertising
• Build profiles for non-educational purposes
• Use Student Data for marketing to students

LEGAL BASES AND REGULATORY COMPLIANCE

FERPA

Provider acts as a "school official" under FERPA with a legitimate educational interest, subject to the School's direct control with respect to the use and maintenance of education records.

COPPA

For students under the age of thirteen (13), Provider relies on the applicable School to provide required notices, obtain and maintain all legally required parental consents, and act as Provider's authorized agent for purposes of the Children's Online Privacy Protection Act ("COPPA") in the School-directed educational context.

Provider does not independently verify parental consent and disclaims any responsibility or liability arising from a School's failure to obtain, maintain, or document such consent.

California and New Jersey Student Privacy Laws

Provider processes Student Data in compliance with applicable student privacy laws, including but not limited to:

• California Education Code §49073.1 (AB 1584)
• California Student Online Personal Information Protection Act ("SOPIPA")
• New Jersey P.L.2019, c.494
• New Jersey Data Privacy Act (P.L.2023, c.266)

DISCLOSURE OF INFORMATION

Provider may disclose information:

• To subprocessors that support Platform operations, pursuant to written agreements imposing data protection obligations consistent with this Privacy Policy
• To Schools and authorized users acting under School authority
• As required by law, regulation, or valid legal process

Provider does not disclose Student Data to third parties for commercial purposes.

Provider does not disclose Student Data in response to individual student or parent requests except as expressly authorized by the applicable School or required by law.

DATA SECURITY

Provider maintains commercially reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or misuse. Such safeguards are intended to be consistent with generally accepted industry standards for educational technology platforms of similar size and scope.

Security safeguards are implemented in a manner appropriate to a limited educational pilot environment and may evolve over time as the Platform develops. No method of transmission or storage is guaranteed to be completely secure.

Security practices may evolve over time, including during pilot deployments, and Provider does not guarantee absolute security.

INCIDENT RESPONSE

Provider will notify the applicable School without undue delay following confirmation of a security incident involving unauthorized access to Student Data, in accordance with the notification and remediation provisions set forth in the applicable written agreement. Provider has no obligation to notify individual students or parents directly.

DATA RETENTION AND DELETION

Student Data is retained only as long as necessary to provide the Platform or as required by law. Upon termination of the applicable agreement or written request from a School:

• Active Student Data will be deleted within thirty (30) days
• Backup systems will be purged within ninety (90) days, unless legally required otherwise.

Certain educational records may be retained where required by applicable law or School policy, including for record-keeping or audit purposes.

USER CONTENT AND MODERATION

Provider does not pre-screen or actively monitor User Content. The Platform may make available reporting and moderation tools to assist School oversight; however, Provider does not assume responsibility for monitoring or enforcing content standards.

Schools remain solely responsible for supervision, discipline, and enforcement of acceptable use policies.

INDIVIDUAL RIGHTS

Requests by students, parents, or guardians to access, correct, or delete Student Data must be directed to the applicable School. Provider responds to such requests only as instructed or authorized by the School and does not independently verify or fulfill individual rights requests.

CHILDREN AND PARENTS

Practice Pulse is intended solely for use in School-authorized educational contexts. Parents or guardians with questions regarding data practices should contact their School directly. Provider does not have a direct relationship with parents or guardians and provides the Platform solely pursuant to School authorization.

CHANGES TO THIS PRIVACY POLICY

Provider may update this Privacy Policy from time to time. Material changes will be communicated to Schools as required by applicable agreements or law.

CONTACT INFORMATION

Questions regarding this Privacy Policy may be directed to: