BULLSEYE AI SUPPLEMENT

Effective Date: 3/25/2026

Purpose and Scope. This AI Supplement (“Supplement”) describes how Bullseye, LLC (“Bullseye,” “Company,” “we,” or “us”) uses artificial intelligence and machine learning technologies in connection with the Bullseye platform (“Services”). This Supplement is incorporated by reference into the Bullseye Privacy Policy, Terms of Service, Master Service Agreement, and any applicable Data Privacy Agreement. In the event of a conflict between this Supplement and any other Bullseye agreement regarding AI-related data processing, this Supplement controls.

AI Feature Overview. Bullseye offers AI-assisted features (“AI Features”) that support educators with classroom observation analysis, coaching recommendations, instructional trend identification, and related professional development workflows. AI Features also include content creation capabilities such as rephrasing, shortening, or elaborating observation notes, generating next steps from text, and processing custom prompts related to observation and coaching data. AI Features are designed to augment, not replace, professional judgment. All AI-generated outputs are suggestions that should be independently reviewed by the user before being acted upon.

Data Flow Architecture

When a user activates an AI Feature, the following data flow occurs:

(a) User input (such as observation notes or coaching comments) is received by Bullseye’s application servers.

(b) Bullseye’s pre-processing engine applies automated de-identification controls to strip personally identifiable information from the input, including student names, teacher names, and other direct identifiers (“Name Scrubbing”). See Section 4.

(c) The de-identified text is transmitted via encrypted connection (TLS 1.2 or higher) to one or more of the AI Sub-Processors identified in Section 5.

(d) The AI Sub-Processor processes the de-identified text and returns the analytical or content-creation output to Bullseye’s servers.

(e) Bullseye presents the output to the user within the platform interface.

Data that remains on Bullseye servers and is NOT transmitted to the AI Sub-Processors includes: user account information, district identifiers, school identifiers, teacher identifiers, session metadata, and timestamps.

Note: Bullseye is currently implementing technical controls to ensure that the data categories listed above are excluded from AI Sub-Processor transmissions. Until implementation is complete, certain metadata fields may be included in transmissions to AI Sub-Processors. Bullseye will update this Supplement upon completion of these controls.

De-Identification and Name Scrubbing

Before any data is transmitted to the AI Sub-Processors, Bullseye applies automated pre-processing controls (“Name Scrubbing”) designed to remove personally identifiable information from the text. These controls include:

(a) For free-text fields (such as observation notes, coaching comments, and custom prompts): a Named Entity Recognition (NER) model that detects person names and replaces them with anonymous placeholders.

(b) For structured data fields (such as learner names, observer names, and other static PII fields): anonymization based on fixed logic prior to transmission.

(c) Images are filtered out entirely and are never transmitted to AI Sub-Processors.

Name Scrubbing is designed to address the risk that users may incidentally include student or teacher names in free-text observation fields. Bullseye applies commercially reasonable efforts consistent with industry standards for automated de-identification.

Note: The Name Scrubbing module for free-text fields is currently under development. Until it is fully deployed, PII contained in free-text observation fields may be transmitted to AI Sub-Processors as entered by users. Bullseye will update this Supplement upon deployment of the Name Scrubbing controls.

AI Sub-Processors

Bullseye currently uses the following AI Sub-Processors:

Provider: OpenAI, Inc.

Service/Models: GPT-4.1, GPT-4o, GPT-5, GPT-5.1, GPT-5.2

Processing Location: United States

Provider: Anthropic, PBC

Service/Models: Claude Sonnet 4, Claude Sonnet 4.5

Processing Location: United States

Provider: Google LLC

Service/Models: Gemini 2.5 Pro, Gemini 2.5 Flash, Gemini 2.5 Flash Lite

Processing Location: United States

Key contractual protections with each AI Sub-Processor include:

(a) The AI Sub-Processor is prohibited from using Bullseye customer data, input data, or output data to train, tune, fine-tune, or improve its AI/ML models.

(b) Input and output data is not retained by the AI Sub-Processor beyond the processing session. Metadata may be retained for up to ninety (90) days for abuse monitoring purposes and is then permanently deleted.

(c) The AI Sub-Processor will not disclose Bullseye customer data to any third party except as required by law.

(d) Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent).

(e) Each AI Sub-Processor maintains SOC 2 Type 2 and ISO 27001 compliance certification.

Bullseye will not change its AI Sub-Processors without providing affected customers with thirty (30) days’ prior written notice.

No-Training Commitment

Neither Bullseye nor its AI Sub-Processors uses customer data, observation data, coaching data, teacher performance data, or any derivative thereof to train, tune, fine-tune, or otherwise improve any AI or machine learning model. This commitment applies to all data transmitted to the AI Sub-Processors, all output generated by the AI Sub-Processors, and all data retained on Bullseye’s cloud servers. Bullseye has opted out of all AI Sub-Processors’ service improvement and model training programs. Confirmation of these opt-outs is available upon request.

Teacher and Performance Data

Bullseye is a teacher coaching and observation platform. Data processed by AI Features may include teacher observation data, coaching feedback, performance evaluation information, and related professional development records (collectively, “Teacher Performance Data”). In certain jurisdictions, Teacher Performance Data carries specific statutory protections including but not limited to:

(a) In New York, Annual Professional Performance Review (“APPR”) data is confidential under Education Law Sections 3012-c and 3012-d.

(b) In New Hampshire, “Teacher Data” (including performance evaluations, app usernames, app passwords, and in-app performance) receives the same protections as Student Data under RSA 189:65-68-a.

Bullseye applies the same de-identification, Name Scrubbing, encryption, sub-processor, and no-training safeguards described in this Supplement to Teacher Performance Data as it applies to all other data processed through AI Features.

Student Data

Bullseye is designed as an administrator and teacher-facing platform and is not designed or intended to collect student data or personally identifiable student information. To the extent that student names or identifiers may be incidentally present in observation notes or other free-text fields entered by users, the Name Scrubbing controls described herein are designed to strip such information before it reaches the AI Sub-Processors. Where Bullseye has designated “None” in the schedule of data in a Data Privacy Agreement, the Name Scrubbing controls described herein are a key safeguard supporting the accuracy of that designation.

Security Safeguards

The following security measures apply to AI-related data processing:

(a) Encryption in transit. All data transmitted between Bullseye and the AI Sub-Processors is encrypted using TLS 1.2 or higher.

(b) Encryption at rest. Data stored on Bullseye’s servers is encrypted at rest using AES-256.

(c) Access controls. Access to AI-related data processing systems is restricted to authorized Bullseye personnel on a need-to-know basis.

(d) Audit logging. AI Sub-Processor API calls are logged for monitoring and incident response purposes.

(e) Infrastructure. Bullseye’s platform is hosted on Heroku, DigitalOcean, and AWS cloud infrastructure within the United States.

Opt-Out and Configurability

AI Features are not enabled by default. Districts may enable AI Features through district-level configuration settings or by contacting their Bullseye Customer Success Manager. Disabling AI Features does not affect access to the core Bullseye platform.

Incident Response

In the event of an unauthorized release, disclosure, or acquisition of data processed through AI Features (“AI Data Incident”), Bullseye will:

(a) Notify the affected district within twenty-four (24) hours of confirmation of the incident.

(b) Provide the information required under the applicable Data Privacy Agreement.

(c) Cooperate with the district, applicable state education departments, and law enforcement as required.

(d) If the AI Data Incident originates from an AI Sub-Processor, Bullseye will coordinate with the Sub-Processor to contain the incident and will provide the district with information received from the Sub-Processor regarding the scope and cause.

Data Retention and Deletion

AI Sub-Processors: Input and output data is not retained beyond the processing session. Metadata is retained for no more than ninety (90) days for abuse monitoring purposes and is then permanently deleted.

Bullseye: AI-generated outputs are stored on Bullseye’s servers as part of the user’s observation and coaching records and are subject to the same data retention and deletion policies as all other platform data. Upon written request from a district, Bullseye will delete AI-generated outputs in accordance with the applicable Data Privacy Agreement (typically within ninety (90) days of request).

Intellectual Property

Bullseye’s AI analysis engine, internally built AI models, algorithms, underlying platform technology, and all improvements, enhancements, or modifications thereto are and shall remain the exclusive property of Bullseye. For the avoidance of doubt, references to “models” in this section refer to Bullseye’s proprietary, internally developed AI models and analytical tools, not to the third-party large language models provided by AI Sub-Processors. Improvements to Bullseye’s platform or AI capabilities that are informed by aggregate, de-identified usage patterns across Bullseye’s customer base are not work product of any individual district or customer. Nothing in any district’s service agreement, data privacy agreement, or professional consultant agreement shall be construed to transfer ownership of Bullseye’s pre-existing or independently developed intellectual property to any district.

Audio and Video Data

Bullseye does not currently offer AI Features that process audio or video data. Images uploaded to the platform are filtered out entirely and are never transmitted to AI Sub-Processors. If Bullseye develops AI Features involving audio, video, or image processing in the future, this Supplement will be updated before any such features are made available.

Changes to This Supplement

Bullseye may update this Supplement from time to time. Material changes will be communicated to affected customers at least thirty (30) days before they take effect.

Contact

For questions about this Supplement or Bullseye’s AI practices, contact: Jake Szabo, COO, jake.szabo@bullseyeedu.com, 914.275.7073.