EduSched

For Parents & Districts

Student Data Privacy

Last updated: May 23, 2026

This page is written for parents, guardians, and district administrators who want to understand exactly what student data EduSched holds, how it is protected, and what rights you have over it. The full detail lives in our Privacy Policy and the signed Data Privacy Agreement (DPA) between EduSched and your district.

Our core commitments — in plain language

  • No ads.We do not display advertising of any kind and never will.
  • No sale.We do not sell, rent, or license student data to anyone — ever.
  • No AI training.Student data is never used to train an external AI or machine-learning model.
  • District owns the data.Your district retains full ownership of all student records and can export or delete them at any time.
  • 72-hour breach notice.If we ever confirm unauthorized access to student data, we notify your district within 72 hours.

1. What student data we collect

We collect only what is necessary to operate the Service for your school. Below is a plain-language summary; the column-by-column inventory is in our public Schedule A (Data Elements), available in the vendor packet.

Basic identifiers

  • Full name, school email address, grade level
  • School-issued student ID number
  • Date of birth — used only to determine if a student is under 13 for COPPA purposes
  • Phone number — optional; for students, only if the district enables SMS and (for under-13 students) a parent has consented

Education records created inside EduSched

  • Flex-session sign-ups, attendance, and special-day participation
  • Student planner items — titles and due dates are unencrypted; free-text notes are encrypted at the application layer so EduSched staff cannot read them
  • Counselor request reason and status — encrypted; visible only to the student's assigned counselor and authorized school administrators
  • Optional mood check-in (a single emoji-equivalent, no free text) — only if the school opts in
  • Optional seating-chart photo — stored as an ordinary image for in-classroom roster recognition only; not converted to a biometric template
  • Optional academic-status summary pulled from the district's Aeries gradebook — a severity band and missing-assignment count only; full grade detail stays in Aeries and is never copied

Read-only data from district systems

  • Aeries SIS — roster, schedules, and (if grade-gated FlexTime is enabled) gradebook summaries
  • Canvas / Google Classroom — assignments and announcements, via per-student OAuth the student controls
  • Google SSO / Microsoft SSO — identity claims at sign-in only

2. What we do not collect — ever

  • Social Security numbers
  • Government-issued ID numbers
  • Biometric identifiers (no face templates, fingerprints, or voiceprints)
  • Geolocation data of any precision
  • Audio or video recordings of students
  • PPRA-protected survey categories (political affiliation, religious beliefs, sexual behavior, illegal activity, critical appraisals of family members)
  • Behavioral profiles built for any commercial purpose

3. How we protect student data

  • Application-layer encryption (AES-256-GCM) for sensitive free-text fields — planner notes, counselor reasons, lesson-plan bodies — so EduSched staff cannot read the content even with database access
  • Database encryption at rest (AES-256) and TLS 1.2+ in transit on every endpoint
  • Row-level security (RLS) enforced inside the database — a student sees only their own records; a counselor sees only their caseload; authorization cannot be bypassed by an application bug
  • Hash-chained audit log — every access to a student record is logged with the actor, timestamp, and purpose; the log is immutable and verified daily
  • Annual penetration test by a qualified third-party firm; critical findings remediated within 90 days
  • Background-checked personnel — production database access is limited to staff who have completed a background check and signed a confidentiality agreement
  • US data residency — all data is stored in the United States (US-West by default; US-East on request)

4. No AI training. No advertising. No profiling.

The Service does not currently use AI, machine learning, or large language models in any user-facing feature. Our session recommendation engine is deterministic (rule-based).

These commitments are binding in our NDPA and will never change without district consent:

  • Student Data will never be used to train an external AI model or sold to a data broker
  • AI will never be used to make consequential decisions about a student (placement, discipline, eligibility, grading)
  • If we ever introduce an AI feature, districts will receive at least 30 days' advance written notice and can turn it off
  • EduSched does not display advertising of any kind on the platform
  • We do not build behavioral profiles of students for any commercial purpose

5. FERPA — parent and student rights

EduSched operates as a "school official" with a "legitimate educational interest" under FERPA §99.31(a)(1). The School remains the controller of education records; EduSched acts only on the School's instructions.

Parents and eligible students (18 or older, or attending a post-secondary institution) have the right to:

  • Inspect and review education records held by the School
  • Request amendment of records they believe are inaccurate or misleading
  • Request deletion of records through the School's administrator
  • Receive a disclosure-of-access report (FERPA §99.10(b)) listing who has seen the records

To support these rights, EduSched provides:

  • A one-time, time-bound parent magic-link page so parents can review what EduSched holds on their child without creating an account
  • A per-student data export in a portable, structured format (available to School administrators)
  • A disclosure-of-access report in the compliance settings page
  • Deletion-on-request via the purge_student() function available to School administrators

6. COPPA — students under 13

When a School authorizes EduSched to collect personal information from students under 13 for school operations, the School acts as the parent's agent under 16 CFR §312.5(a)(2). EduSched provides Schools with a COPPA Direct Notice template that the School can distribute to parents.

Until parent consent is recorded in the platform, EduSched will not send SMS or push notifications to under-13 students — this gate is on by default and is configurable per district.

Parents may at any time:

  • Refuse further collection of their child's personal information
  • Request a review of the information we hold
  • Request deletion — through the School or by emailing privacy@edusched.com

7. California law — SOPIPA, AB 1584, CCPA/CPRA

EduSched complies with California's student-data laws, including those that apply to Irvine Unified School District and all other California LEAs:

  • We do not engage in targeted advertising on the Service or anywhere else using information acquired from the Service (SOPIPA §22584(b)(1)(A))
  • We do not use information from the Service to amass a profile about a K-12 student except in furtherance of K-12 school purposes (SOPIPA §22584(b)(1)(B))
  • We do not sell student information (SOPIPA §22584(b)(1)(C); AB 1584 / Ed. Code §49073.1(b)(2))
  • Student data is the property of the student and the LEA — not EduSched (Ed. Code §49073.1(b)(1))
  • We delete covered information of a student at the direction of the School (SOPIPA §22584(b)(4))
  • Pupils may access and export their own data in a structured machine-readable format (Ed. Code §49073.1(b)(7))

California parents and staff. California residents who are EduSched users in a non-student capacity (teachers, administrators, parents) have CCPA/CPRA rights to know, access, correct, delete, and limit use of their personal information. Email privacy@edusched.com. We respond within 45 days.

8. How long we keep student data

Default retention windows (districts may adjust these in the compliance settings):

  • Attendance records and audit logs: 7 years
  • Student records: 5 years after end of relationship
  • Planner items, external assignment cache, academic status cache: 365 days
  • Counselor notes: per district retention schedule
  • Magic-link tokens: 24-hour expiry by default

When a district's contract ends, EduSched will — at the district's election — return all data in a structured machine-readable format or securely destroy it within 60 days and issue a written certification of destruction.

Questions? Contact us.

EduSched, Inc.
Privacy & FERPA questions: privacy@edusched.com
Data Protection Officer: privacy@edusched.com (Christina Hanna)
Security incidents: security@edusched.com
Contracts & DPA: contracts@edusched.com

Full details are in the Privacy Policy, Terms of Service, and the Data Privacy Agreement executed with your district.