Privacy

Bellwork is a school-intelligence platform operated by Noah VanSickle as a sole proprietorship doing business as Bellwork. When this policy says "Bellwork", "we", "us", or "our", that's who we mean.

If you need to reach us about anything in this policy — questions, requests, complaints — write to hello@bellwork.ai.

This policy describes the data we collect when you use Bellwork's website, web application, API, and AI assistant (together, the Service), what we do with that data, who we share it with, and the choices you have about it.

It applies to data about you — your account, your activity, your billing. It does not govern Bellwork's reference dataset about public schools and districts, which is described separately in section 5.

We collect only what we need to run the Service:

• Account data. Email address, name, and (if you sign in with Google) your Google profile basics. We use Supabase Auth for sign-in and session management.
• Organization data. If you create or join an organization, the org name, your role, and (for invited users) who invited you.
• Billing data. Stripe customer ID, subscription status, credit balances, and transaction history. We do not see or store card numbers — Stripe handles them.
• Usage data. The actions you take in the app (searches, filters, exports, AI chat prompts and responses, credit consumption), timestamps, and basic device/browser info (IP address, user-agent, viewport size) used for security, rate-limiting, debugging, and product analytics.
• Communications. Anything you send to us — emails, support requests, feedback.

We use your data to:

• Provide, secure, and maintain the Service.
• Authenticate you, control access, and prevent fraud and abuse.
• Process payments and manage your subscription / credits.
• Respond to support requests and notify you about important account or service events.
• Improve Bellwork — fix bugs, prioritize features, monitor performance, and understand how the product is used in aggregate.

We do not sell your personal data. We don't run ad networks on Bellwork and we don't share your data with advertisers.

Bellwork compiles and analyzes public information about U.S. K-12 schools and districts — directory data published by the National Center for Education Statistics (NCES) and state education agencies, state assessment results, district websites, public board minutes, public staff directories, and similar publicly available sources.

This dataset is not student data. We do not collect, store, or process student personally identifiable information (PII) and Bellwork is not a FERPA-regulated service. Where staff contact information appears in the Service, it is professional contact information published by the district for the purpose of being contacted.

If you are a school staff member and want your professional contact information removed from Bellwork, email hello@bellwork.ai from a verifiable district email address and we will remove it.

We use a small number of trusted subprocessors to run the Service. Each receives only the data it needs:

• Supabase — database, authentication, and storage. Hosts your account and application data.
• Vercel — web hosting and edge networking. Serves the application and processes incoming requests.
• Stripe — payment processing. Handles all card data and produces invoices and receipts. See Stripe's own privacy policy for details.
• Anthropic and OpenAI — large-language-model providers powering the Bellwork AI assistant. When you send a prompt, the contents of that prompt and the relevant context are transmitted to the model provider in order to generate a response. We use their API tiers, which under their current terms do not train their models on inputs sent through the API.
• Google — only if you choose Google sign-in. Google receives the authentication request and returns your profile basics.
• Crash and product analytics — Sentry-class error tracking and PostHog-class product analytics, used to monitor reliability and aggregate usage. Configured to scrub passwords, tokens, and other obvious PII.

We also share data when we're legally required to (court order, subpoena, lawful regulatory request), or when necessary to protect the rights, property, or safety of Bellwork, our users, or the public.

Bellwork uses cookies and similar browser storage for two purposes:

• Essential — keep you signed in (session cookies), remember your preferences, and protect against cross-site request forgery. The Service does not work without these.
• Product analytics — first-party measurement of page views and feature usage. No third-party advertising trackers.

You can clear cookies in your browser at any time; doing so will sign you out.

We keep account and usage data for as long as your account is active. When you delete your account (or ask us to delete it), we remove personally identifiable data from active systems within 30 days, and from encrypted operational backups within 90 days.

We may keep transactional billing records longer if required for tax, accounting, or legal compliance.

You can, at any time:

• Access and update your account information from settings.
• Export your data on request.
• Delete your account, either from settings or by emailing us.
• Opt out of non-essential product emails from the unsubscribe link in any such email.

Depending on where you live, you may have additional rights under laws like the GDPR (EU/UK) or CCPA/CPRA (California) — including the right to request access, correction, deletion, portability, or to object to or restrict certain processing. Email hello@bellwork.ai and we'll handle the request.

Bellwork is a business-to-business tool. It is not directed to children and we don't knowingly create accounts for anyone under 18, or collect personal data about anyone under 13. If you believe a child has signed up, email us and we'll remove the account.

We protect your data with the standard set of controls you'd expect: HTTPS for every connection, encryption at rest via our hosting providers, hashed credentials, scoped row-level security on the database, least-privilege service accounts, and regular backups.

No system is perfectly secure. If you spot a vulnerability, please report it to hello@bellwork.ai with the subject line "Security report" before disclosing publicly.

Bellwork is operated from the United States. Our subprocessors (Supabase, Vercel, Stripe, Anthropic, OpenAI, Google) primarily process data in the U.S. but may transfer it to other regions for service availability. By using Bellwork, you understand your data will be processed in the United States and in any other country where our subprocessors operate.

If we make material changes to this policy, we'll update the "last updated" date at the top and — for changes that affect how we use existing user data — we'll email you. Continuing to use the Service after the update means you accept the revised policy.

Questions, requests, or anything else — hello@bellwork.ai.