American Access Institute Privacy Policy

Effective Date: February 11, 2026

American Access Institute (AAI), a Nevada 501(c)3, in collaboration with Catapult Education Group (CEG), values the privacy of individuals who use the Catapult platform (collectively, our Services). This Privacy Policy explains how we collect, use, and share information from school administrators (Administrators) and student users (Users). AAI offers support to a wide range of community partners and operates as a School Service Provider in compliance with NRS 388.281 through 388.296.

  1. INFORMATION WE COLLECT
  • Registration and Profile Information:We collect student email addresses to facilitate account authentication and provide career-readiness notifications.
  • Privacy-Preserving Architecture:AAI and CEG employ a security layer that alphanumerically encodes student identifiers. This ensures that personal identity is shielded within the primary database environment used for daily operations and AI-driven insights.
  • Covered Information:All personally identifiable information gathered by the Service is treated as Covered Information under NRS 388.282.
  1. HOW WE USE THE INFORMATION WE COLLECTAAI uses Covered Information solely for authorized educational purposes at the direction of the District, including:
  • Operating the Catapult platform and Catapult Connect mobile application.
  • Providing customized career-readiness guidance and pathway recommendations.
  • Facilitating automated system alerts (nudges) to support student progress.
  • Complying with FERPA and Nevada state law.
  1. HOW WE SHARE INFORMATION
  • Authorized Subprocessors:AAI does not sell Covered Information. We share information only with authorized Subprocessors necessary for hosting, security, and instructional delivery (e.g., AWS, CEG). These parties are contractually prohibited from re-identifying De-Identified Student Data.
  • District Control:AAI acknowledges that student records remain the property of and under the direct control of the local education agency (the District or other organization).
  • Law Enforcement:We may disclose information if required by a court order or subpoena.
  1. DATA RETENTION AND DELETIONTo comply with Nevada law and District standards, AAI retains Covered Information only for the duration necessary to fulfill the educational purposes defined by the District. Notwithstanding any internal audit logs, all Covered Information is subject to secure purging within 30 days of a formal request from the District or upon termination of the service agreement, as mandated byNRS 388.293.

  2. SECURITY PLANPursuant toNRS 388.293, AAI maintains a comprehensive data security plan that includes:
  • Technological Safeguards:AES 256-bit encryption for data at rest and TLS 1.2 or higher for data in transit.
  • Administrative Safeguards:Infrastructure hosted in SOC 2-compliant data centers with restricted access protocols.
  • Physical Safeguards:Industry-standard protections at all data processing locations.
  1. CHILDREN’S PRIVACYIn compliance with COPPA, AAI does not allow children under the age of 13 to register without verified institutional or parental consent.
  2. CONTACT INFORMATIONQuestions regarding this Privacy Policy or our data practices should be directed to info@americanaccessinstitute.org.