Legal

Privacy Policy

Last updated: July 15, 2026. Questions about this policy? Email support@godirectio.com.

directio is software that driving schools use to run their operations, and that families use to get a teenager from enrollment to a driver’s license. That means we handle data about minors, about families’ payments, and about schools’ businesses. This policy explains what we collect, why, who else touches it, and what rights you have. No legalese where plain English will do.

What we collect

  • Account information. Name, email address, role (owner, instructor, parent, student), and school affiliation.
  • Student records. Enrollment details, lesson progress, quiz results, instruction hours, scheduling history, and compliance milestones — including records about students under 18, entered by their school or their parent/guardian.
  • Payment metadata. What was purchased, when, for how much, and its refund status. Card numbers never touch directio — they are entered directly into Stripe, our payment processor.
  • Usage data. Pages visited, features used, and technical logs (IP address, browser type) that help us keep the platform secure and fast.

Students under 18

Most students on directio are minors between 14 and 18. We treat their data with particular care:

  • Data about a minor is provided by the enrolling school or by the student’s parent or legal guardian — not collected from the student behind their family’s back.
  • It is used solely to deliver driver-education services: lessons, scheduling, compliance tracking, and credentials.
  • It is never sold and never used for advertising — to minors or anyone else.
  • Parents and guardians may request access to, correction of, or deletion of their child’s data by emailing support@godirectio.com. Where a record is a compliance record the school is legally required to keep, we will explain what can and cannot be deleted and why.

Subprocessors

We use a small set of service providers to run the platform. Each receives only what it needs:

SubprocessorPurposeWhat they receive
CloudflareHosting, storage, email deliveryAll application data, lesson assets, and transactional email content, as our core infrastructure provider.
StripePaymentsCard details (entered directly into Stripe, never seen by us), payer name, email, and transaction amounts.
AnthropicAI help center and quiz assistanceThe text of help questions and quiz interactions; no student rosters or payment data.
Cloudflare Workers AILesson narration and translationLesson text being narrated or translated; no personal information.
DeepLPremium lesson translationsLesson content text only; no personal information.
Google TranslatePremium lesson translationsLesson content text only; no personal information.
MapboxMapsAddresses and coordinates shown on maps, such as school and pickup locations.
PerplexityState-information researchResearch queries about state requirements; no personal or student data.
ElevenLabsAudio narrationLesson and help-center text submitted for narration; no personal information.

If we add a subprocessor that handles personal data, we will update this table before it goes live.

Data retention

We keep data as long as it is needed to provide the service. Active school and student records stay for the life of the account. Because driver education is regulated, compliance records (credentials issued, instruction hours, audit logs) may be retained after an account closes for as long as state law requires the school to keep them. When a school leaves the platform, it can export its data; after the retention window, we delete or anonymize what remains.

Your rights

Wherever you live, we extend the same core rights, aligned with GDPR and CCPA:

  • Access — ask for a copy of the personal data we hold about you or your child.
  • Correction — fix inaccurate information.
  • Deletion — request removal of personal data, subject to compliance-retention obligations we will explain if they apply.

To exercise any of these, email support@godirectio.com. We respond within 30 days, and we will verify your identity before releasing or deleting anything.

Cookies

We use session cookies only — the cookie that keeps you signed in. There are no third-party advertising trackers, no cross-site tracking pixels, and no analytics cookies that follow you around the internet.

Security

  • All traffic is encrypted in transit (TLS).
  • Every school’s data is isolated by tenant: queries are scoped so one school can never read another’s records.
  • Compliance-sensitive actions — credentials issued, fees changed, records edited — are written to an audit log with who did it and when.
  • Access to production data is limited to the few people who operate the platform, and only when their job requires it.

If something goes wrong

If we experience a data breach that affects your personal data, we will notify affected schools and account holders without undue delay — and within any timeline applicable law requires — with a plain description of what happened, what data was involved, and what we are doing about it.

Changes to this policy

When we change this policy, we update the “Last updated” date above. For material changes — especially anything affecting minors’ data or the subprocessor list — we notify account holders by email or in-app notice before the change takes effect.

This page is provided for transparency and does not constitute legal advice.