Key Principles
- No student data. This platform is for educators and administrators. We never collect, store, or process student PII.
- No tracking cookies. We use Plausible Analytics, which is cookie-free and GDPR-compliant.
- No data sales. We never sell, rent, or trade personal information.
- Privacy by design. Affiliate clicks use hashed IPs, never raw addresses.
Infrastructure & Third-Party Services
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Vercel | Website hosting & CDN | Page requests, server logs | US / Global Edge |
| Supabase | Database & authentication | Tool data, submissions, newsletter emails | US (AWS) |
| Plausible | Privacy-friendly analytics | Aggregate page views only (no cookies, no PII) | EU |
| Resend | Transactional email | Email addresses for newsletter delivery | US |
| n8n | Workflow automation | Tool metadata for content generation | Self-hosted / US |
| Anthropic (Claude) | AI content generation | Tool data (no PII) for generating descriptions | US |
Security Measures
- All data encrypted in transit (TLS 1.2+)
- Database encrypted at rest (AES-256)
- Row-Level Security (RLS) on all database tables
- API routes authenticated via shared secrets for admin/automation operations
- Affiliate click tracking uses SHA-256 hashed IPs — raw IPs are never stored
- Admin operations restricted to service-role authentication
- No public write access to tool data — only read access through RLS policies
Affiliate Click Tracking
When you click “Visit Tool” on any tool card or detail page, the request is routed through our tracking endpoint before redirecting to the vendor website. Here is exactly what we capture:
// What we store per click:
tool_id: “uuid-of-the-tool”
ip_hash: “sha256(ip + tool_slug)[0:16]” // anonymized, not reversible
referrer: “the page you clicked from”
user_agent: “your browser string”
clicked_at: “timestamp”
// What we do NOT store:
raw_ip: never stored
user_id: we don't have accounts
browsing_history: not tracked
Data Retention & Deletion
| Data Type | Retention | Deletion Method |
|---|---|---|
| Newsletter emails | Until unsubscribe | Automatic on unsubscribe request |
| Tool submissions | 2 years after review | Automatic purge |
| Affiliate click logs | 12 months | Monthly automated cleanup |
| Contact messages | 1 year | Manual review + delete |
| Server logs | 30 days | Auto-rotated by hosting provider |
To request deletion of your personal data, email privacy@districtaiindex.com.
For more information, see our Privacy Policy or contact us.