School & District Partnerships

FERPA Readiness

AISparks is a consumer product. FERPA applies only when schools direct students to use a tool as part of their educational program. This page documents our framework for district deployments.

⚠️

Current Status: Consumer Product Only

AISparks is currently used directly by families — parents create and control all accounts. FERPA does not apply to our current consumer product because AISparks is not a school-directed service maintaining education records on behalf of a school or district. If your school is considering a district deployment, review the DPA framework below and contact support@aisparks.us.

What is FERPA?

The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, is a federal law that protects the privacy of student education records. It applies to schools and their service providers — not to independently purchased consumer apps.

FERPA requires that schools obtain written parental consent before disclosing a student's education records to third parties, with exceptions for "school officials" (including contractors) with a "legitimate educational interest" under a Data Processing Agreement.

When a school or district directs students to use AISparks as part of their curriculum, AISparks becomes a "school official" holding education records, and a FERPA-readiness DPA review is required.

Our DPA Framework

The following provisions would be included in any Data Processing Agreement with a school or district. This is a summary framework — actual DPA language is tailored to district requirements.

Purpose Limitation

AISparks will use student education records solely to provide the contracted educational service. We will not use education records for advertising, product development beyond the contracted service, or any secondary purpose not authorized by the school.

Data Minimization

We collect only the data elements necessary to deliver the service: student first name, grade level, and in-app learning activity. No last names, government IDs, health information, or financial records.

Security Safeguards

AES-256-GCM application-level encryption for all PII, AES-256 at rest, TLS 1.3 in transit, role-based access controls, and annual third-party security audits consistent with NIST 800-171 and SOC 2 principles.

Subcontractor Controls

Any subcontractor (subprocessor) that accesses student education records is bound by contractual obligations that are at least as protective as those in our DPA. Current subprocessors are listed in our Privacy Policy. We provide 30-day advance notice before adding new subprocessors that access education records.

Parental & Student Rights

Schools retain the right to direct parents to review, correct, or delete their child's education records on AISparks at any time. We provide dedicated mechanisms for record review and deletion within 30 days of request.

Breach Notification

We will notify the contracting school or district within 72 hours of discovering a breach of student education records, consistent with FERPA's requirement that schools notify parents within a reasonable time.

Data Return & Deletion

Upon contract termination, we will return a complete export of student education records to the school in JSON or CSV format within 30 days, then permanently delete all copies (including backups) within 60 days.

No Sale of Education Records

AISparks will never sell, rent, or trade student education records. This prohibition survives contract termination and applies indefinitely.

Student Data — Never, Under Any Circumstances

Sold or rented to third parties
Used for targeted advertising
Used to build behavioral profiles for commercial purposes
Disclosed to data brokers
Retained after contract termination (beyond 60-day deletion window)
Used to identify or re-identify individuals in aggregated data
Shared with AI providers in a way that includes student identifiers
Transferred outside the United States without prior written consent

State Student Privacy Laws

Many states have enacted student privacy laws that supplement FERPA. Our DPA framework is designed to satisfy the most restrictive requirements. Key state laws include:

StateLawCitation
CaliforniaAB 1584 (SOPIPA)Ed. Code § 49073.1
New YorkEducation Law § 2-d8 NYCRR Part 121
TexasTexas Student Data Privacy ActTex. Ed. Code § 32.151
ColoradoStudent Data Transparency & Security ActC.R.S. § 22-16-101
IllinoisStudent Online Personal Protection Act (SOPPA)105 ILCS 85
FloridaStudent Data Privacy ActFla. Stat. § 1002.222
GeorgiaStudent Data Privacy, Accessibility, and Transparency ActO.C.G.A. § 20-2-666
🏫

District or School Partnership Inquiry

If your school or district is interested in piloting AISparks as part of your curriculum, we will provide a full FERPA DPA for your legal review. Contact our partnerships team.

support@aisparks.us