Kuliso’s standard DPA is aligned with the Student Data Privacy Consortium (SDPC) National DPA template — the gold standard recognized by 40+ states. Pre-filled with Kuliso’s actual data practices. Ready for district counsel to review and countersign.
View the full DPA template online, or email us and we’ll return a countersigned copy within 1 business day. No back-and-forth. No legal delays.
Student names and emails only. Grade level, session transcripts, and progress data. No IEP, 504, ESOL status, or disability data.
Student data is never sold, shared with advertisers, or used to train AI models. No disclosure to unauthorized third parties.
All data stored and processed on US-only infrastructure. No international data transfers. US-only AI processing via Google Gemini.
Data retained while service is active. Deleted within 30 days of service termination; purged from backups within 90 days. Audit logs retained 5 years.
Districts notified within 72 hours of a confirmed breach. Written incident report within 5 business days. Full cooperation with district legal teams.
Kuliso operates as a “school official” under 34 CFR § 99.31(a)(1). Schools may share records under existing FERPA authority without separate parental consent.
Google Gemini (AI, US), Render.com (hosting, SOC 2), Neon (database, SOC 2). 30-day notice before adding sub-processors. Full list
Districts own all student data. Full export available on request. Data deleted on contract termination. Audit logs available for district review.
Kuliso’s DPA is drafted to align with the Student Data Privacy Consortium (SDPC) National DPA template, the most widely adopted student data privacy agreement framework in the United States. The SDPC template is recognized or actively used by state education agencies in:
Using an SDPC-aligned DPA means your district legal team will already be familiar with the structure, and state education agency approval processes (where they exist) are expedited.
Heads up for Texas, New York, and California districts: These states have specific student privacy law requirements (SOPIPA/FERPA addenda for TX, Ed Law 2-d for NY, SOPIPA for CA) that add specific provisions on top of FERPA. Kuliso’s DPA includes language to address these requirements. Contact us if your district needs state-specific addendum language.
A signed DPA with Kuliso supports compliance audits for federally-funded procurement. Kuliso is eligible for procurement under:
Need procurement documentation? We can provide a procurement packet including: signed DPA, FERPA compliance statement, security overview, accessibility VPAT, and pricing letter. Email support@kuliso.org with your district’s requirements.
In addition to FERPA, many states have enacted specific student data privacy laws. Kuliso’s DPA addresses the following state-specific requirements:
If your state has specific vendor registration requirements (e.g., New York has a vendor registry system), we can assist with that registration process. Contact us with your state and we’ll confirm current registration status.
The complete Student Data Privacy Agreement for Kuliso is available at:
kuliso.org/student-data-privacy
Full legal text · SDPC-aligned · Printable · Updated April 2026
The document includes: definitions, authorized use restrictions, data security requirements, breach notification procedures, sub-processor disclosure, data return/deletion terms, and signature block for district countersignature.
support@kuliso.org · Subject: DPA Request · Include your district name and state
Privacy Policy, FERPA statement, security overview, accessibility VPAT — all in one place