🎓 ClassroomOS TRUST CENTER ← Back to Platform
✅ FERPA Compliant · Student Data Protected

Your Data Is Safe.
Your Students Are Protected.

ClassroomOS is built from the ground up to protect student privacy. We never sell data, never use student information to train AI models, and never share data with third parties without explicit district authorization.

🛡️
FERPA Compliant
Student education records handled per 20 U.S.C. § 1232g
🇺🇸
US Data Residency
All data stored in Supabase US-East infrastructure
🚫
Zero AI Training
Student data is never used to train any AI model
🔐
JWT Authentication
Every request verified. Row-Level Security enforced.
📋
DPA Available
Data Processing Agreement available for all districts
👁️
Audit Logging
All data access events logged and traceable
🛡️
FERPA Compliance
Family Educational Rights and Privacy Act — 20 U.S.C. § 1232g
  • School Official ExceptionClassroomOS operates under the legitimate educational interest exception to FERPA (34 CFR § 99.31(a)(1)). We access student education records solely to provide instructional support services to educators and districts.
  • No Disclosure to Third PartiesStudent education records are never disclosed to third parties without explicit written district authorization. Advertising and data monetization are strictly prohibited.
  • Minimum Necessary DataWe collect only the data fields required to provide instructional recommendations. Student PII (names, IDs) is used only to track growth within a class context, never for cross-class or cross-district profiling.
  • Parent and Educator Rights PreservedDistricts retain full ownership of their data. Upon contract termination, all district data is exportable and deletable within 30 days upon written request.
  • Data Processing AgreementClassroomOS provides a FERPA-compliant Data Processing Agreement (DPA) to all districts. Contact us to receive your district's DPA before deployment.
🔄
How Your Data Flows
End-to-end data path — what moves, where it goes, who can see it
👩‍🏫
Educator
Uploads CSV or enters class data
🔐
JWT Auth
Supabase verifies identity every request
⚙️
Worker
Cloudflare edge processes signal computation
🗄️
Supabase DB
US-East. RLS enforced. Encrypted at rest.
🤖
OpenAI GPT-4o
Receives signal summaries only. Zero PII sent.
📋
Educator
Receives recommendation. Data stays in district.

Critical note on AI: When ClassroomOS sends data to OpenAI for recommendation generation, it sends only signal summaries (e.g. "growth_gap, high severity, 62% below grade level") — never student names, IDs, or identifiable information. OpenAI processes this under our zero data retention agreement.

📊
What We Collect and Why
Minimum necessary data principle — we only hold what we need to serve educators
Data TypePurposeStored?Sent to AI?Shared?
Educator email + nameAuthentication, account managementYESNONO
Class/section metadataSection organization, recommendationsYESNONO
Assessment scores (aggregate)Signal computation, growth trackingYESNONO
Student names / IDsGrowth tracking within class onlyYESNEVERNO
Signal summariesInstructional recommendation engineYESYES — anonymizedNO
Strategy evidence logsProgress monitoring, coaching feedbackYESNONO
IEP / 504 flagsDifferentiated strategy selectionYESNEVERNO
Demographic indicatorsEquity signal computation (aggregate)YESNEVERNO
🤖
AI Governance
How ClassroomOS uses AI responsibly in an educational context
  • Student Data Never Trains AI ModelsClassroomOS operates under OpenAI's zero data retention policy. Data submitted via the API is not used to train OpenAI models. Student data from your district never improves any AI system outside your contract.
  • Evidence-Based GroundingAll AI recommendations are anchored to a vetted evidence base from IES What Works Clearinghouse, NWEA, TNTP, Hattie's Visible Learning, and Rosenshine's Principles of Instruction. AI cannot generate recommendations unsupported by this research base.
  • Educator Judgment Is FinalClassroomOS recommendations are planning considerations — never directives. The platform explicitly states this in every recommendation context. Educator professional judgment governs all instructional decisions.
  • No Automated Student DecisionsClassroomOS never makes automated decisions about individual students. All outputs are addressed to educators for their consideration, not to students or families directly.
  • Bias MonitoringThe evidence base explicitly includes culturally sustaining pedagogy (Hammond, 2015) and equity frameworks (Eccles expectancy-value theory, Yeager social-psychological interventions) to surface strategies that center students' identities and assets.
🔐
Security Architecture
Defense-in-depth across every layer
  • JWT Authentication on Every RequestEvery API call is verified against Supabase Auth using a short-lived JWT. Tokens expire and require refresh. No request is served without a verified identity.
  • Row-Level Security (RLS)Supabase RLS policies ensure that even if an API key were compromised, users can only read and write their own records. Cross-tenant data access is architecturally impossible at the database level.
  • Encryption at Rest and In TransitAll data is encrypted at rest using AES-256 and in transit via TLS 1.3. Supabase infrastructure is hosted on AWS US-East with SOC 2 Type II certification.
  • Cloudflare Edge SecurityAll API requests pass through Cloudflare's global edge network, providing DDoS protection, WAF rules, and rate limiting before reaching application logic.
  • AI Rate LimitingAI synthesis endpoints are rate-limited to 20 calls per user per hour via Cloudflare KV. This prevents abuse and protects district data from bulk extraction attempts.
  • Audit LoggingAll significant data access and modification events are written to an immutable audit log with user ID, timestamp, action type, and resource identifier. Available for district security review.
  • Session TimeoutSessions automatically expire after 30 minutes of inactivity with a 2-minute warning. This is enforced client-side on every page.
⚖️
Educator and District Rights
You own your data. We are a processor, not an owner.
  • Right to ExportDistricts can export all their data at any time via the Admin dashboard. Data is provided in standard CSV/JSON formats within 5 business days of written request.
  • Right to DeletionUpon contract termination, all district data is permanently deleted within 30 days. Confirmation of deletion is provided in writing.
  • Right to AccessEducators can view all data ClassroomOS holds about their classes through the platform interface at any time. No hidden data stores.
  • Right to CorrectionInaccurate data can be corrected or deleted by the educator at any time. Assessment data can be voided with a single action from the ingest history panel.
  • Breach NotificationIn the event of a security incident affecting district data, ClassroomOS will notify the district within 72 hours of discovery, consistent with applicable state and federal notification requirements.
🔗
Sub-processors
All third-party services used to deliver ClassroomOS
VendorPurposeData SharedLocation
SupabaseDatabase, authentication, storageAll user and class data (encrypted at rest)AWS US-East-1
CloudflareEdge network, CDN, API gateway, DDoS protectionRequest metadata only (no payload storage)Global CDN / US edge
OpenAIAI recommendation generation (GPT-4o)Anonymized signal summaries only — zero PII, zero data retentionUS (zero retention policy)

No other sub-processors have access to district or student data. ClassroomOS does not use advertising networks, analytics platforms with data sharing, or social media SDKs.

Ready to Deploy in Your District?

Our team will provide your district's Data Processing Agreement, answer security questionnaires, and support your IT review — typically completed within 5 business days.

📄 Request Data Processing Agreement 🔐 Security Review Request ← Back to Platform
Last updated: March 2026 · ClassroomOS v11.0.0 · Impact Solutions Group LLC
Questions? [email protected]