FERPA Compliance Statement

1. What is FERPA?

The Family Educational Rights and Privacy Act (FERPA) is a U.S. federal law that protects the privacy of student education records. FERPA applies to all schools and educational agencies that receive funds under an applicable program of the U.S. Department of Education.

Ausmo App is committed to maintaining FERPA compliance to ensure the privacy and security of student education records for all users, particularly when working with schools, teachers, and educational institutions.

2. Our FERPA Compliance Framework

2.1 Data Privacy and Security

• Strict access controls limiting data to authorized personnel only
• End-to-end encryption for all student education records
• Secure data storage with AES-256 encryption at rest
• Regular security audits and vulnerability assessments
• Multi-factor authentication for all educational users
• Role-based access control (RBAC) aligned with legitimate educational interests

2.2 Parental Rights and Consent

• Mechanisms for schools to obtain and document parental consent
• Support for parent/guardian access to their child's records
• Processes for parents to request amendments to education records
• Clear disclosure of directory information policies
• Annual notification support for educational institutions

2.3 Authorized Disclosures

• Disclosure only to school officials with legitimate educational interests
• Proper consent mechanisms for non-exception disclosures
• Audit logging of all access to education records
• Compliance with exceptions under FERPA regulations (34 CFR § 99.31)
• No disclosure of education records to third parties without authorization

3. Education Records Protected Under FERPA

When used by educational institutions, Ausmo App may maintain the following types of education records:

• Student names, dates of birth, and contact information
• Individualized Education Program (IEP) goals and objectives
• Progress reports and assessment data
• Communication logs between teachers, therapists, and students
• AAC usage data and communication development metrics
• Therapy session notes and educational interventions
• Special education services documentation

All education records are maintained with the same rigorous security and privacy protections required under FERPA.

4. School Official Exception

Ausmo App operates as a "school official" with "legitimate educational interests" when providing services to educational institutions. This means:

• We perform an institutional service that would otherwise be performed by school employees
• Access to education records is necessary to fulfill our contractual obligations
• We are under the direct control of the school regarding use and maintenance of education records
• We use education records only for authorized purposes specified by the school
• We do not disclose or re-disclose education records without school authorization

Schools maintain full control over their students' education records and can revoke access at any time.

5. Data Use and Restrictions

5.1 Permitted Uses

Ausmo App uses education records solely for the following authorized purposes:

• Providing AAC tools and communication support services
• Progress tracking and educational reporting
• Facilitating communication between authorized team members
• Supporting IEP goals and educational objectives
• System maintenance, technical support, and security

5.2 Prohibited Uses

Ausmo App does NOT:

• Sell or rent student education records to third parties
• Use education records for advertising or marketing purposes
• Create behavioral profiles for non-educational purposes
• Disclose education records without proper authorization
• Use data for purposes other than those specified in our agreements

6. Parental Rights Under FERPA

When your child's school uses Ausmo App, parents and eligible students have the following rights:

6.1 Right to Inspect and Review

• Right to inspect and review education records maintained in Ausmo App
• Schools must provide access within 45 days of request
• Right to receive copies of records if distance prevents inspection

6.2 Right to Request Amendment

• Right to request correction of inaccurate or misleading information
• Right to a hearing if the school declines the amendment request
• Right to place a statement in the record if disagreement persists

6.3 Right to Consent to Disclosures

• Right to provide or withhold consent for disclosure of education records
• Exceptions apply for school officials, emergency situations, and legal requirements

6.4 Right to File a Complaint

Parents have the right to file a complaint with the U.S. Department of Education if they believe the school has violated FERPA:

7. Data Security Measures

7.1 Technical Safeguards

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Secure authentication with multi-factor authentication (MFA)
• PIN and biometric security options (Face ID, Touch ID)
• Automatic session timeout and logout
• Regular security audits and penetration testing

7.2 Administrative Safeguards

• Employee background checks and confidentiality agreements
• Regular privacy and security training for all staff
• Documented policies and procedures for data handling
• Incident response plans for security breaches
• Regular compliance audits and assessments

7.3 Access Controls

• Role-based access control limiting data to authorized users
• Unique user identification and authentication
• Audit logging of all access to education records
• Principle of least privilege for data access

8. Data Retention and Deletion

Ausmo App follows strict data retention and deletion policies in compliance with FERPA:

• Education records retained only as long as necessary for authorized purposes
• Schools maintain control over retention periods for their students' data
• Secure deletion methods ensuring data cannot be recovered
• Data deletion upon school request or contract termination
• Backup data destroyed according to documented schedules
• Annual review of data retention practices

Schools can request deletion of specific records or all student data at any time by contacting schools@ausmoapp.com

9. Third-Party Service Providers

Any third-party service providers (subcontractors) that may have access to education records are:

• Carefully vetted for security and privacy practices
• Bound by contractual obligations to protect education records
• Required to comply with FERPA requirements
• Prohibited from using education records for unauthorized purposes
• Subject to the same access restrictions as Ausmo App staff
• Regularly audited for compliance

We maintain a current list of all subcontractors with potential access to education records, available to schools upon request.

10. Breach Notification

In the event of a security breach involving education records, Ausmo App will:

• Notify affected schools promptly upon discovery
• Provide detailed information about the nature and scope of the breach
• Identify affected students and records
• Describe steps taken to contain and remediate the breach
• Assist schools in fulfilling their notification obligations to parents
• Implement corrective actions to prevent future breaches
• Document all incidents for compliance and review

11. Student Privacy Pledge

Ausmo App is committed to the Student Privacy Pledge, which includes commitments to:

• Not collect, maintain, use, or share student personal information beyond that needed for authorized educational purposes
• Not sell student personal information
• Not use or disclose student information for behavioral targeting of advertisements
• Not build a personal profile of a student other than for supporting authorized educational purposes
• Not make material changes to privacy policies without first providing notice and choice to schools
• Not knowingly retain student personal information beyond the time period required
• Collect, use, share, and retain student personal information only for purposes authorized by the school
• Disclose clearly our data retention and deletion policies
• Maintain comprehensive security program reasonably designed to protect student personal information
• Require subcontractors to adhere to these same commitments

12. Training and Compliance

All Ausmo App employees and contractors with access to education records receive:

• Comprehensive FERPA training upon hiring
• Annual refresher training on student privacy requirements
• Regular updates on changes to FERPA regulations
• Security awareness and incident response training
• Role-specific training for handling education records

All staff must sign confidentiality agreements and are subject to disciplinary action for violations of student privacy.

13. Transparency and Accountability

Ausmo App maintains transparency in our data practices:

• Clear and accessible privacy policies and terms of service
• Regular reports to schools on data usage and security
• Annual compliance assessments and audits
• Open communication with schools about data practices
• Prompt responses to questions and concerns about student privacy

14. Contact Information

For questions about FERPA compliance, data practices, or to report a concern:

Schools may also contact the Family Policy Compliance Office at the U.S. Department of Education for questions about FERPA at studentprivacy.ed.gov

15. Updates to This Statement

We may update this FERPA Compliance Statement periodically to reflect changes in our practices, technologies, or legal requirements. Schools will be notified of material changes that affect their agreements with us.

The current version is always available at ausmoapp.com/ferpa