Security & Compliance
We built EduSched for schools. That means student data privacy isn't a feature — it's the foundation. Every layer of the platform was designed with FERPA, SOPIPA, and NDPA in mind from the start.
All reads and writes are tracked; directory of disclosures included
No ads · no AI profiling · no resale of student data
California Exhibit ready · your LEA owns the data
Under-13 direct-notice template with a built-in consent gate
Standard v1.0a · Exhibit E offered
VPAT in progress · target Q3 2026
Type I target month 6 · Type II month 12
Default breach notification turnaround
Pillar 1
Every school's data is encrypted separately. Even if something went wrong, one school's records can never bleed into another's.
Technically: each school has its own encryption key derived from a master key stored in Supabase Vault. Every piece of sensitive data is bound to a specific school and row using AES-256-GCM — which means a record can't be moved or re-used without the encryption failing. Encrypted fields include planner notes, lesson plans, substitute plans, student academic status, accommodation notes, and login tokens.
Pillar 2
Every action in EduSched is tracked, and those records can't be altered or deleted. If you ever need to show who accessed a student record and when, the answer is already there.
Technically: the audit log uses hash chaining — each entry references the previous one, so any tampering breaks the chain and is immediately detectable. The chain is verified automatically every day. Every read of a student education record writes an audit entry with a stated purpose. District admins see only their own district's log. This single artifact satisfies FERPA's directory of disclosures, AB 1584 §3, and NDPA Article III.
Pillar 3
Teachers see their students. Counselors see their caseload. Parents see their child. No one sees more than their role allows — at the database level, not just in the UI.
Technically: eight roles (super admin, district admin, school admin, counselor, teacher, student, parent, and presenter) are assigned at login and stamped into the session. Row-level security policies enforce access on every database table using a single shared library of permission helpers. Access control tests run automatically on every code change.
Pillar 4
When a student graduates, transfers, or requests deletion, their data is removed completely. You set the retention window. We honor it.
Technically: every record has a soft-delete flag and a configurable retention period. A purge function runs on a schedule per district, respecting each district's own retention settings. Individual student deletion for right-to-be-forgotten requests is a single operation. Each district configures its own retention windows in its compliance profile.
Vendor packet
Everything your legal and compliance team needs, pre-filled with EduSched's information and ready to redline in your preferred format.
The master agreement. Eight articles, mirroring the SDPC standard with EduSched's specific compliance commitments.
AB 1584 § 49073.1, SOPIPA, and CSPA Article 6 alignment for California districts.
A public offer that lets any subscribing district accept the originating district's terms with just a signature.
Every student record field we store, with its privacy classification, encryption status, and default retention period.
Ready for the district to send to parents of students under 13. The consent gate is built into the app.
A pre-filled privacy impact assessment for a typical pilot deployment, plus a breach response plan with role assignments and a 72-hour notification commitment.
Sub-processors
Subscribe to updates at privacy@edusched.com. Districts may object to any change during the 30-day notice window.
| Vendor | Role | Data categories | Location |
|---|---|---|---|
| Supabase | Database, authentication, storage, and secrets | Education records, user accounts, audit log, encrypted keys | US |
| Vercel | App hosting and request logs | Request metadata only; no student record content in logs | US |
| Resend | Transactional email | Recipient email address, subject, and message preview (up to 30 days) | US |
| Twilio | SMS (only when the district enables it) | Recipient phone number and message body (up to 60 days) | US |
Notably not on this list: any AI or LLM provider, any ad network, or any student-profiling analytics tool. EduSched's recommendation engine is rules-based by design — no black boxes, no student data leaving the platform for model training.
We'll send a copy pre-filled with your district's name, ready for your legal team to review.
Request the NDPA packet →