Privacy Policy

How we collect, use, and protect the data schools entrust to nOS.

Effective July 9, 2026· Governing law: North Carolina· nOS LLC

nOS operates a web-based master scheduling platform (the “Service”) for private and independent high schools. This Privacy Policy explains how nOS collects, uses, discloses, and protects information in connection with the Service. We are committed to protecting the privacy of students, school administrators, and faculty who interact with our platform.

1. Information we collect

1.1 School-provided data

Schools submit data to the Service on behalf of their students and staff. This data may include:

  • Student identifiers (name, student ID, grade level)
  • Course requests, scheduling preferences, and block assignments
  • Completed coursework and academic history
  • Teacher and administrator names and identifiers

1.2 Account and usage data

We collect information provided when school administrators create accounts, including name, email address, and institutional affiliation. We also collect usage logs, browser type, IP address, and interaction data for security, support, and service-improvement purposes.

1.3 Automatically collected data

We use standard web technologies to collect session data, error logs, and platform performance metrics. We do not use third-party advertising trackers or behavioral profiling technologies.

2. How we use information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Fulfill the master-scheduling functions requested by the school
  • Authenticate and support Authorized Users
  • Monitor platform security and detect unauthorized access
  • Communicate with school administrators regarding the Service
  • Comply with applicable legal obligations

We do not use Student Data for advertising, sale, or to train general-purpose AI models. Student Data is processed solely under the direction of the applicable school.

2.1 AI-assistant features

The Service offers optional AI-powered features. When an Authorized User uses these features, limited Student Data (such as student names and schedule context) is transmitted to our AI subprocessor, Anthropic PBC, through its API solely to generate a response for that user. Under our agreement with the subprocessor, this data is not used to train its models and is subject to limited retention. See our Subprocessor List for details.

3. Disclosure of information

3.1 Service providers (subprocessors)

We engage vetted third-party service providers (“subprocessors”) to operate the Service, including cloud hosting and database providers (Vercel, Neon), our AI model provider (Anthropic), email delivery (Google Workspace), and error monitoring (Sentry). All subprocessors are contractually bound to protect data in accordance with our obligations under applicable law and our Data Processing Agreement. A current, itemized list is available in our Subprocessor List and on our Security & trust page.

3.2 Legal requirements

We may disclose information if required to do so by applicable law, court order, or governmental authority. We will notify the school of such requirements to the extent permitted by law.

3.3 Business transfers

In the event of a merger, acquisition, or sale of assets, Student Data will remain subject to the protections in this Privacy Policy and the applicable DPA. We will provide advance notice of any such transfer to the extent practicable.

3.4 No sale of Student Data

We do not sell, rent, or trade Student Data under any circumstances.

4. Data retention

We retain Student Data for the duration of the applicable subscription and for a 60-day post-termination export window. Following that window, production data is deleted. Encrypted backups are overwritten within 30 days of production deletion. Account and usage data is retained for a reasonable period to fulfill legal and contractual obligations.

5. Security

We implement commercially reasonable technical and organizational security measures, including encryption in transit and at rest, access controls, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we are committed to prompt notification and response in the event of a confirmed breach. See our Security Overview for details.

6. Student privacy and FERPA

The Service is operated under agreement with schools as a “school official” under FERPA. Schools are responsible for complying with FERPA requirements applicable to Student Data. nOS acts solely at the direction of the school and does not independently control the use of Student Data.

7. Children’s privacy

The Service is designed for use by schools on behalf of students. Schools, not nOS, are responsible for obtaining any required parental consents under COPPA or other applicable law in connection with the submission of student information. nOS does not knowingly solicit information directly from students or minors.

8. Your rights and choices

Requests for access, correction, or deletion of Student Data should be directed to the school that submitted the data. nOS will cooperate with schools in fulfilling such requests consistent with Service functionality. Authorized Users may contact us at bennettmiller@nosplanner.com with questions about their personal account data.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated to schools with at least thirty (30) days’ advance notice. Continued use of the Service after the effective date of the updated policy constitutes acceptance.

10. Contact us

For privacy-related inquiries, please contact nOS Legal & Privacy at bennettmiller@nosplanner.com. Related documents: Terms of Service · Security & trust · Data Processing Agreement (PDF) · Subprocessor List (PDF).

Last updated July 9, 2026. A signed Data Processing Agreement (DPA) is available above and on request.