FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. ThinkStem AI is fully committed to FERPA compliance and operates as a "school official" under FERPA's exception for service providers.

How We Comply

• School official status: We act as a school official with a legitimate educational interest, under direct control of the school
• Limited data use: We only use student information for the educational purposes specified in our agreement with schools
• No redisclosure: We don't share student records with third parties without authorization
• Data ownership: Schools retain ownership of all student data; we're a custodian, not an owner
• Right to access: Parents and eligible students may request access to their education records through their school
• Data deletion: Schools can request deletion of student data at any time

Data We Collect

We collect only the minimum information necessary to provide our educational services: name, email, grade level, school affiliation, and learning progress data.

Security Measures

All student data is encrypted in transit (TLS 1.3) and at rest (AES-256). We use AWS infrastructure with SOC 2-compliant data centers, role-based access controls, and regular security audits.

Data Processing Agreement

We provide a Data Processing Agreement (DPA) for all school district partners. To request a copy, contact info@thinkstemai.com.

Questions?

For FERPA-related questions or to request our DPA, email info@thinkstemai.com.