FERPA Statement

Family Educational Rights and Privacy Act Compliance
Effective Date: March 20, 2026 — Digital Dog Tech, a product line of iTeachAI LLC

1. Our Commitment to Student Privacy

Digital Dog Tech, a product line of iTeachAI LLC, is deeply committed to protecting the privacy of student education records. We understand that schools, districts, teachers, parents, and students trust us with sensitive information, and we take that responsibility seriously.

We comply with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 C.F.R. Part 99. This statement explains how we handle student education records when schools and districts use our Services.

2. Our Role Under FERPA

When a school or district uses Digital Dog Tech’s Services (including Blossom and College Buddy), we function as a “school official” with a “legitimate educational interest” as defined under FERPA § 99.31(a)(1). This means:

• We access student education records only to fulfill the services defined in our agreement with the school or district.
• We are under the direct control of the school with respect to the use and maintenance of education records.
• We use personally identifiable information from education records only for the purposes for which the disclosure was made.
• We comply with FERPA’s requirements as if we were an employee of the educational institution.

3. Education Records We Access

In the course of providing our Services, we may access the following types of education records:

• Student identifiers: Name, student ID, username, grade level, class enrollment
• Academic work: Assignments, submissions, project files, and responses entered into the platform
• Grades and assessments: Scores, rubric evaluations, and teacher feedback generated through our tools
• Progress data: Completion status, time on task, learning milestones
• AI interaction logs: Student conversations with the Bubbles AI tutor (anonymized for processing)

We do NOT access: disciplinary records, health records, financial records, counseling records, or any education records beyond what is necessary for the Services.

4. How We Protect Education Records

• Encryption: AES-256 encryption at rest and SSL/TLS encryption in transit for all education records.
• Access controls: Role-based access ensuring only authorized personnel can access student data. Employees undergo background checks and receive FERPA training.
• Audit logging: All access to education records is logged with timestamps, user identifiers, and actions taken.
• Data isolation: Each school’s data is logically separated. Schools cannot access another school’s records.
• AI anonymization: Before student inputs are processed by AI models, all personally identifiable information (names, IDs, school identifiers) is stripped. AI model providers never receive identifiable student data.
• Vulnerability management: Regular security assessments, penetration testing, and prompt patching of identified vulnerabilities.
• Physical security: Servers hosted in professionally managed data centers with multi-factor physical access controls.

5. Parent & Student Rights

FERPA grants parents (and eligible students aged 18+) the following rights regarding education records:

5.1 Right to Inspect and Review

Parents and eligible students have the right to inspect and review education records maintained by the school. Since we act as a school official, requests to review records held in our system should be directed to the school, which will coordinate with us to provide access.

5.2 Right to Request Amendment

Parents and eligible students may request that the school amend inaccurate or misleading education records. If such records are maintained in our system, the school may direct us to make the correction.

5.3 Right to Consent to Disclosures

Schools must generally obtain written consent before disclosing personally identifiable information from education records, except in circumstances permitted under FERPA (such as disclosure to school officials with legitimate educational interests).

5.4 Right to File a Complaint

Parents and eligible students may file a complaint with the U.S. Department of Education if they believe FERPA rights have been violated:

6. No Selling of Student Data

We make the following unequivocal commitments:

• We do NOT sell student personal information or education records to any third party, for any reason, ever.
• We do NOT use student data for targeted advertising.
• We do NOT build advertising or commercial profiles based on student data.
• We do NOT use student data to amass profiles for purposes other than education.
• We do NOT use student data to train AI models.
• We do NOT share student data with third parties for their own commercial purposes.

7. Data Retention & Deletion

• Active accounts: Education records are retained for the duration of the school’s or district’s subscription.
• End of school year: Schools are prompted to review and confirm whether student data should be retained for the next year or deleted.
• Account termination: When a school or district terminates its agreement, we provide 60 days to export data in standard formats (CSV, JSON). After the export window, all education records are permanently deleted within 30 days.
• Individual student deletion: Schools may request deletion of individual student records at any time. Deletion is completed within 30 days.
• Backups: Backup copies of deleted data are purged within 90 days of the deletion request.
• Anonymized data: Fully de-identified, aggregated data that cannot be linked to any individual student may be retained for product improvement and research.

8. Service Providers & Subprocessors

We use a limited number of service providers to operate our platform. Each provider is:

• Contractually bound to protect education records
• Prohibited from using education records for any purpose other than providing services to us
• Required to delete education records upon termination of their agreement with us
• Subject to our security and compliance requirements

Our current categories of service providers include:

• Cloud hosting: Infrastructure for storing and processing data
• AI model providers: Process anonymized (non-identifiable) data only
• Payment processing: Handles billing for school subscriptions (does not access education records)
• Email delivery: Sends service notifications (does not access education records)

Schools may request a list of specific subprocessors by contacting us.

9. Breach Notification

In the event of a security breach involving education records, we will:

• Notify the affected school or district within 72 hours of confirming the breach
• Provide details of the breach, including the types of data affected and the number of records involved
• Describe the steps taken to contain and remediate the breach
• Cooperate with the school in notifying affected parents and students as required by applicable law
• Provide a written incident report within 30 days

10. Data Processing Agreements

We offer Data Processing Agreements (DPAs) to schools and districts that include:

• Detailed description of data processing activities
• FERPA compliance obligations
• Security requirements and incident notification procedures
• Data retention and deletion schedules
• Audit rights for the school or district
• Subprocessor management provisions

To request a DPA, contact us at info@iteachai.co.

11. State Student Privacy Laws

In addition to FERPA, we are committed to complying with applicable state student privacy laws, including but not limited to:

• California Student Online Personal Information Protection Act (SOPIPA)
• New York Education Law 2-d
• Colorado Student Data Transparency and Security Act
• Connecticut Student Data Privacy Act
• Florida K–20 Student Information Database
• Other applicable state laws in jurisdictions where our school partners operate

We review our practices regularly to maintain compliance as state laws evolve.

12. Contact Information

For questions about this FERPA Statement, to request a Data Processing Agreement, or to report a concern about student data, please contact us: