DailyWins← Back to app

DailyWins Privacy Policy

Effective Date: April 1, 2026

Last Updated: March 31, 2026

Website: dailywins.school

1. Introduction

DailyWins is a classroom behavior tracking application designed for use by K–12 educators. DailyWins allows teachers to record daily student behavior scores across customizable categories, generate progress reports, and share behavioral data with parents, guardians, and school administrators.

This Privacy Policy describes how Sure Step Education (“we,” “our,” or “us”), the company behind DailyWins, collects, uses, stores, discloses, and protects student data and other personal information in connection with the DailyWins application and website (collectively, the “Service”).

We are committed to protecting the privacy and security of student information and complying with all applicable federal and state laws, including the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), the California Student Online Personal Information Protection Act (SOPIPA, Cal. Bus. & Prof. Code § 22584), and California Education Code § 49073.1 (AB 1584).

2. Definitions

  • Local Educational Agency (LEA): A school district, county office of education, or charter school that enters into a contract with DailyWins.
  • Pupil Records: Any information directly related to a student that is maintained by the LEA or by DailyWins on behalf of the LEA. This includes behavior scores, attendance data, teacher notes, and any other personally identifiable information (PII).
  • Personally Identifiable Information (PII): Information that can be used to distinguish or trace an individual student’s identity, either alone or when combined with other information.
  • Operator: Sure Step Education, doing business as DailyWins, as a provider of an online service designed and marketed for K–12 school purposes.
  • Third Party / Provider: As defined in California Education Code § 49073.1 (AB 1584), the provider of digital educational software or services for the digital storage, management, and retrieval of pupil records — in this case, Sure Step Education, operating the DailyWins application.

3. Information We Collect

DailyWins collects only the information necessary to provide the Service. We collect the following categories of information:

3.1 Student Information (Pupil Records)

  • Student name or initials (as entered by the teacher)
  • Daily behavior scores across teacher-configured categories (e.g., Arrival, Compliance, Social, On-Task, Phone Away)
  • Attendance and absence records (Present, Unexcused Absent, Excused Absent)
  • Teacher-written notes associated with specific students, dates, and class periods
  • Behavioral trend data (weekly, monthly, and annual aggregations)

3.2 Teacher / Staff Information

  • Name and email address (via Google OAuth single sign-on)
  • School and district affiliation
  • Configuration preferences (bell schedules, category settings, progress bar thresholds)

3.3 Technical Information

  • Browser type and version
  • Device type (for responsive display purposes only)
  • Authentication tokens (managed by Google OAuth; DailyWins does not store passwords)

4. How We Use Information

DailyWins uses collected information solely for the following educational purposes:

  • To provide teachers with a tool for tracking and analyzing student behavior
  • To generate progress reports (daily, weekly, monthly, annual) for use in parent conferences, IEP meetings, and administrative review
  • To enable PDF and chart exports for teacher and school use
  • To authenticate authorized users via Google OAuth
  • To maintain and improve the functionality, security, and reliability of the Service

5. Prohibited Uses of Student Information

DailyWins will NEVER:

  • Use personally identifiable information from pupil records to engage in targeted advertising directed at students, parents, or teachers.
  • Use student information to create or amass a profile of a student for any purpose other than K–12 school purposes as authorized by the LEA.
  • Sell, rent, or trade student personal information to any third party.
  • Disclose student information to any third party except as required by law, authorized by the LEA, or as described in this Privacy Policy.
  • Use student information for any commercial purpose unrelated to the provision of the Service.

6. Ownership and Control of Pupil Records

In accordance with California Education Code § 49073.1 (AB 1584), all pupil records provided to or generated within DailyWins remain the property of and under the control of the Local Educational Agency (LEA). DailyWins acts as a custodian of this data on behalf of the LEA and is considered a School Official with a legitimate educational interest under FERPA.

The LEA retains full authority to direct DailyWins regarding the access, use, modification, and deletion of pupil records.

7. Data Storage and Security

7.1 Where Data Is Stored

All student data is stored on Supabase (PostgreSQL) servers located in the United States (East US — Ohio region). Data is encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256 encryption.

7.2 Security Measures

DailyWins implements and maintains reasonable security procedures appropriate to the nature of the student information collected, including:

  • Row-Level Security (RLS) policies ensuring that each teacher can only access their own students’ data
  • Google OAuth 2.0 for authentication (DailyWins never stores or handles user passwords)
  • HTTPS encryption for all data in transit
  • Access controls limiting data access to authorized personnel only
  • Regular review of security practices and infrastructure

7.3 Designated Responsible Individual

DailyWins designates the following individual as responsible for ensuring the security and confidentiality of pupil records:

Name: Devin Farren
Title: Co-Founder, Sure Step Education
Email: devin@surestepeducation.com

8. Breach Notification

In the event of an unauthorized disclosure of pupil records, DailyWins will:

  • Notify the affected LEA within 72 hours of discovering the breach
  • Provide a description of the nature of the breach, the types of information involved, and the number of individuals affected
  • Describe the steps DailyWins is taking to investigate and mitigate the breach
  • Notify affected parents, legal guardians, or eligible pupils as directed by the LEA and in accordance with applicable law

9. Parental Rights: Access, Review, and Correction

In compliance with FERPA and AB 1584, parents, legal guardians, or eligible pupils (students 18 years of age or older) have the right to:

  • Review their child’s personally identifiable information stored in DailyWins by contacting their child’s teacher or school administration.
  • Request correction of erroneous information. Requests should be directed to the LEA, which will coordinate with DailyWins to make the correction.
  • Request deletion of their child’s data by contacting their school district.

DailyWins will cooperate with the LEA in fulfilling all such requests in a timely manner.

10. Pupil-Generated Content

DailyWins does not currently collect pupil-generated content. All data in DailyWins is entered by teachers or school staff. Should a future version of DailyWins allow students to enter their own content, this policy will be updated to describe how students may retain possession and control of their pupil-generated content, including options to transfer such content to a personal account.

11. Data Retention and Deletion

DailyWins retains pupil records only for as long as necessary to fulfill the purposes described in this policy or as required by the LEA’s contract.

Upon termination or expiration of a contract with an LEA, or upon request by the LEA, DailyWins will:

  • Return all pupil records to the LEA in a standard, machine-readable format (e.g., CSV or JSON)
  • Delete all pupil records from DailyWins systems, including backups, within 60 days of the request or contract termination
  • Provide written certification to the LEA confirming that all pupil records have been deleted and are no longer available to DailyWins

12. FERPA Compliance

DailyWins operates as a “School Official” with a legitimate educational interest under FERPA (34 CFR § 99.31(a)(1)). DailyWins and the LEA will jointly ensure compliance with FERPA by:

  • Limiting access to student education records to authorized school personnel and DailyWins staff with a legitimate educational interest
  • Maintaining appropriate administrative, technical, and physical safeguards to protect the confidentiality of student records
  • Not redisclosing personally identifiable student information except as authorized by FERPA or directed by the LEA
  • Cooperating with the LEA to respond to parental requests to inspect, review, or amend student records

13. SOPIPA Compliance

As an operator of an online service designed and marketed for K–12 school purposes, DailyWins complies with the California Student Online Personal Information Protection Act (SOPIPA, Cal. Bus. & Prof. Code § 22584) by:

  • Not engaging in targeted advertising on the Service or using student information for advertising purposes
  • Not using student information to amass profiles for non-educational purposes
  • Not selling student information
  • Not disclosing student information except for legitimate educational or authorized purposes
  • Implementing and maintaining reasonable security procedures appropriate to the nature of the student information
  • Deleting student information when no longer needed for its collected purpose or upon request

14. COPPA Compliance

DailyWins is designed for use by teachers and school staff, not directly by students. Teachers and staff are the sole users who enter data into the Service. DailyWins does not collect personal information directly from children under the age of 13.

In the event that DailyWins introduces any student-facing features in the future, we will obtain verifiable parental consent or rely on the school consent exception under COPPA (16 CFR § 312.5(c)(1)) before collecting any information directly from students under 13.

15. Third-Party Services and Subprocessors

DailyWins uses the following third-party services to operate:

ServicePurposeData Processed
Supabase (PostgreSQL)Database hosting and storageAll student and teacher data
Google OAuth 2.0User authenticationTeacher email address and name
VercelApplication hosting and deliveryNo student data stored; serves application code only

DailyWins does not share, sell, or disclose student information to any additional third parties beyond those listed above. We will update this list if additional subprocessors are added and will notify LEAs of material changes.

16. Changes to This Privacy Policy

DailyWins reserves the right to modify this Privacy Policy. If we make material changes that affect the handling of pupil records, we will notify all LEAs with active contracts at least 30 days prior to the changes taking effect. The updated policy will be posted at https://dailywins.school/privacy with the revised effective date.

17. Data Processing Agreements

DailyWins is prepared to enter into a Data Processing Agreement (DPA) with any LEA as required by California Education Code § 49073.1 (AB 1584). We also support the California Student Data Privacy Agreement (CSDPA) template developed by CITE (California IT in Education, formerly CETPA) and the Student Data Privacy Consortium’s National DPA template. LEAs may contact us to initiate the DPA process.

18. Contact Information

For questions, concerns, or requests related to this Privacy Policy or DailyWins’ data practices, please contact:

Sure Step Education
Devin Farren, Co-Founder
Email: devin@surestepeducation.com
Website: https://dailywins.school