Privacy Policy
Last updated: May 1, 2026 · Effective: May 1, 2026
What you should know in 30 seconds
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). No exceptions.
We comply with U.S. student-data laws and EU/UK data protection rules.
No advertising trackers. No selling lists. Your information stays with us — that's it.
Export it any time, delete it any time. We're processors, you're the controller.
1. Who we are
Unik LMS ("Unik," "we," "us," or "our") is operated by Prepaze, Inc., a Delaware corporation with headquarters at 3031 Village Market Place, Morrisville, NC 27560, USA. This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Unik LMS platform, our websites at uniklms.com and prepaze.com, our mobile applications, and any related services (collectively, the "Service").
2. Information we collect
We collect three categories of information, and we collect only what is necessary to deliver the Service:
2.1 Information you provide
- Account information: name, email address, organization, role, and password (hashed using bcrypt).
- Profile information: optional profile photo, time zone, language preferences.
- Educational content: lessons, assessments, course materials, discussion posts, learner work, grades, and rubrics that you create, upload, or submit.
- Payment information: for paying accounts, billing contact and payment instrument details are handled by Stripe; we never see full card numbers.
- Communications: messages you send to us, support requests, and feedback.
2.2 Information we collect automatically
- Usage data: pages visited, features used, click events, performance metrics, error logs.
- Device data: browser type, operating system, screen size, IP address, approximate location (city-level).
- Cookies and similar technologies: we use first-party cookies for authentication and a small set of essential analytics (no advertising cookies).
2.3 Information from third parties
If you sign in with Google, Microsoft, or another single sign-on (SSO) provider, we receive your name, email, and profile photo from that provider. If your school connects a Student Information System (SIS) such as PowerSchool, Infinite Campus, or Clever, we receive roster data (student name, grade, class enrollment) under the data agreement your school has with that provider.
3. How we use information
We use personal information for these purposes and these purposes only:
- To provide, maintain, and improve the Service.
- To authenticate users, secure accounts, and prevent fraud or abuse.
- To generate analytics, lesson plans, assessments, and AI-assisted insights at your direction.
- To communicate about service updates, security notices, and (with your consent) product news.
- To comply with legal obligations, respond to lawful requests, and enforce our terms.
We do not use student personal information for advertising, profiling, or any commercial purpose unrelated to the Service. Period.
4. AI features and data handling
Unik uses large language models (currently Anthropic Claude and OpenAI GPT-4-class models) to power AI lesson planning, AI-generated insights, and adaptive learning. When you use these features:
- Only the prompt content needed for the task is sent to the AI provider.
- We use enterprise API endpoints with zero-retention agreements — the provider does not retain inputs or outputs for model training.
- We do not send personally identifiable student information to AI providers when generating aggregate analytics; data is anonymized at the request layer.
- You can disable AI features on an org-wide basis from Admin Settings.
5. FERPA, COPPA, and student privacy
For K-12 customers in the United States, Unik acts as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA, 34 CFR § 99.31(a)(1)). We collect, use, and disclose student records only at the direction of the school, and we destroy student records upon school request or at the end of the contract.
For users under 13, we comply with the Children's Online Privacy Protection Act (COPPA). Unik does not knowingly collect personal information from children under 13 except through a school that has obtained the necessary parental consent and authorized us to collect that information on its behalf.
We have signed the Student Privacy Pledge and adhere to its commitments.
6. GDPR and UK GDPR
For users in the European Economic Area, United Kingdom, and Switzerland, Unik processes personal data on the legal bases of (a) contract performance, (b) legitimate interest, and (c) consent where required. You have the right to access, rectify, erase, restrict processing, port, and object to processing of your personal data. Contact privacy@prepaze.com to exercise these rights.
7. How we share information
We share personal information only as needed to run the Service:
- Service providers (sub-processors) such as cloud hosting (Google Cloud, Supabase), email delivery (Resend), payment processing (Stripe), and customer support (Intercom). A full list is at uniklms.com/subprocessors.
- At your direction: when you choose to integrate with a third-party tool via SCORM, LTI, or our API.
- Legal compliance: in response to lawful subpoenas, court orders, or to protect the safety of users.
- Business transfers: if Prepaze is acquired or merges with another company, your information may transfer, but the protections in this policy continue to apply.
We never sell personal information.
8. Data security
We use industry-standard administrative, technical, and physical safeguards to protect personal information. These include: TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access controls, audit logging, regular penetration testing, and SOC 2 Type II certification (annual). No system is perfectly secure, but we work hard to minimize risk and respond quickly to incidents.
9. Data retention
We retain personal information for as long as your account is active, plus a short period thereafter to comply with legal obligations. Schools and organizations can request deletion of student records at any time and we will purge them within 30 days. Account-level deletion removes all personal information except (a) data we are legally required to retain and (b) anonymized aggregates used for service improvement.
10. Your rights and choices
Depending on your jurisdiction, you may have the right to: access your personal information, correct inaccuracies, delete your account, export your data, restrict or object to processing, and lodge a complaint with a supervisory authority. To exercise any of these rights, email privacy@prepaze.com. We respond within 30 days.
11. International data transfers
Unik primarily stores data in U.S. and EU regions. When we transfer personal data internationally, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other adequate transfer mechanisms.
12. Cookies
We use a minimal set of first-party cookies for authentication (session cookies), preferences (theme, language), and essential analytics (page-load timings). We do not use third-party advertising cookies. You can disable cookies in your browser settings, but the Service may not function correctly without authentication cookies.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced by email and in-app notification at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
14. Contact us
Questions, concerns, or requests? Contact our Data Protection Officer:
Attn: Data Protection Officer
3031 Village Market Place
Morrisville, NC 27560
USA
Talk to a real person about privacy and compliance
Our team is happy to walk through our Data Processing Agreement, sub-processor list, or any specific question your IT/Legal team has.
Contact our DPO