Privacy Policy
How we collect, use, and protect the data schools entrust to nOS.
How we collect, use, and protect the data schools entrust to nOS.
nOS operates a web-based master scheduling platform (the “Service”) for private and independent high schools. This Privacy Policy explains how nOS collects, uses, discloses, and protects information in connection with the Service. We are committed to protecting the privacy of students, school administrators, and faculty who interact with our platform.
Schools submit data to the Service on behalf of their students and staff. This data may include:
We collect information provided when school administrators create accounts, including name, email address, and institutional affiliation. We also collect usage logs, browser type, IP address, and interaction data for security, support, and service-improvement purposes.
We use standard web technologies to collect session data, error logs, and platform performance metrics. We do not use third-party advertising trackers or behavioral profiling technologies.
We use collected information to:
We do not use Student Data for advertising, sale, or to train general-purpose AI models. Student Data is processed solely under the direction of the applicable school.
The Service offers optional AI-powered features. When an Authorized User uses these features, limited Student Data (such as student names and schedule context) is transmitted to our AI subprocessor, Anthropic PBC, through its API solely to generate a response for that user. Under our agreement with the subprocessor, this data is not used to train its models and is subject to limited retention. See our Subprocessor List for details.
We engage vetted third-party service providers (“subprocessors”) to operate the Service, including cloud hosting and database providers (Vercel, Neon), our AI model provider (Anthropic), email delivery (Google Workspace), and error monitoring (Sentry). All subprocessors are contractually bound to protect data in accordance with our obligations under applicable law and our Data Processing Agreement. A current, itemized list is available in our Subprocessor List and on our Security & trust page.
We may disclose information if required to do so by applicable law, court order, or governmental authority. We will notify the school of such requirements to the extent permitted by law.
In the event of a merger, acquisition, or sale of assets, Student Data will remain subject to the protections in this Privacy Policy and the applicable DPA. We will provide advance notice of any such transfer to the extent practicable.
We do not sell, rent, or trade Student Data under any circumstances.
We retain Student Data for the duration of the applicable subscription and for a 60-day post-termination export window. Following that window, production data is deleted. Encrypted backups are overwritten within 30 days of production deletion. Account and usage data is retained for a reasonable period to fulfill legal and contractual obligations.
We implement commercially reasonable technical and organizational security measures, including encryption in transit and at rest, access controls, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we are committed to prompt notification and response in the event of a confirmed breach. See our Security Overview for details.
The Service is operated under agreement with schools as a “school official” under FERPA. Schools are responsible for complying with FERPA requirements applicable to Student Data. nOS acts solely at the direction of the school and does not independently control the use of Student Data.
The Service is designed for use by schools on behalf of students. Schools, not nOS, are responsible for obtaining any required parental consents under COPPA or other applicable law in connection with the submission of student information. nOS does not knowingly solicit information directly from students or minors.
Requests for access, correction, or deletion of Student Data should be directed to the school that submitted the data. nOS will cooperate with schools in fulfilling such requests consistent with Service functionality. Authorized Users may contact us at bennettmiller@nosplanner.com with questions about their personal account data.
We may update this Privacy Policy from time to time. Material changes will be communicated to schools with at least thirty (30) days’ advance notice. Continued use of the Service after the effective date of the updated policy constitutes acceptance.
For privacy-related inquiries, please contact nOS Legal & Privacy at bennettmiller@nosplanner.com. Related documents: Terms of Service · Security & trust · Data Processing Agreement (PDF) · Subprocessor List (PDF).
Last updated July 9, 2026. A signed Data Processing Agreement (DPA) is available above and on request.