FERPA CompliantSchool Official StatusFor District Procurement
FERPA Compliance Statement
A one-page summary of how Kuliso handles student education records under FERPA. Prepared for district procurement officers, legal counsel, and compliance reviewers.
Effective: April 21, 2026 · Kuliso — operated by Polsia Inc.
🏛️ Formal Compliance Statement
Kuliso, operated by Polsia Inc., acknowledges its obligations under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99.
When deployed by a school or district, Kuliso functions as a “school official” with a “legitimate educational interest” in student education records, as defined in 34 CFR § 99.31(a)(1)(i)(B). Kuliso:
— Performs services and functions that would otherwise be performed by school employees34 CFR § 99.31(a)(1)(i)(B)(1)
— Is under the direct control of the educational institution with respect to the use and maintenance of education records34 CFR § 99.31(a)(1)(i)(B)(2)
— Is subject to the requirements of FERPA § 99.33(a) prohibiting re-disclosure of personally identifiable information
Under this status, schools may share student education records with Kuliso under their existing FERPA authority — without requiring separate parent consent — provided a Data Processing Agreement (DPA) is executed between the school/district and Kuliso.
✓ What Kuliso Does
Collects minimal PII (name + email only)
Uses records only for the contracted tutoring service
Maintains FERPA audit logs for all data access
Returns/deletes records upon termination of service
Notifies districts within 72 hours of a data breach
Provides data export on district request
Signs DPAs with districts before accessing records
Processes data on US-only servers
✗ What Kuliso Never Does
Does NOT sell student data to any party
Does NOT use student data for advertising
Does NOT use student data to train AI models
Does NOT share records with unauthorized third parties
Does NOT collect IEP, 504, or ESOL status
Does NOT build student behavioral or psychological profiles
Does NOT re-disclose records without school authorization
Does NOT store data outside the United States
📋
Ready to execute the DPA?
Our standard DPA is SDPC-aligned and pre-filled with Kuliso’s data practices. Districts return countersigned within 1 business day.
Kuliso's FERPA exposure is intentionally minimal. We receive:
Student name (first name and last initial, or a teacher-assigned alias)
Email address (if provided for account access; not required for classroom use)
Grade level and language background (teacher-configured)
Session transcripts — the questions students ask and the AI's responses
Assessment and progress data — scores, skill-level estimates, growth metrics
Learning support preferences — e.g., text-to-speech enabled, simplified language on
We do NOT receive: IEP documents, 504 plans, ESOL designation, disability classifications, disciplinary records, grades from other systems, or any education record beyond what is described above.
How Records Are Used
Kuliso uses student education records exclusively to:
Provide AI tutoring and adaptive learning recommendations to the enrolled student
Generate progress reports for the student’s teacher and/or parent
Maintain the audit log required under FERPA
Respond to FERPA data requests (access, correction, deletion, export)
Records are never used for marketing, advertising, AI training, or any purpose outside the contracted tutoring service.
Data Retention & Deletion
Active accounts: Data retained for the duration of the service relationship
After service termination: Soft-deleted within 30 days; permanently purged from all backups within 90 days
District request: Full deletion of all district student data within 30 days of written request
FERPA audit logs: Retained for 5 years after student account deletion (contains no tutoring content, only access records)
Breach Notification
In the event of a breach involving student education records, Kuliso will notify affected districts within 72 hours of confirming the breach. Written incident reports are provided within 5 business days. We cooperate fully with district legal teams and state reporting requirements.
School & District Responsibilities Under FERPA
When a school or district deploys Kuliso, the following actions are recommended to maintain FERPA compliance:
Execute a DPA: Sign Kuliso’s Data Processing Agreement before sharing any student records. This establishes Kuliso as a school official and sets out both parties’ obligations. → View DPA template
Update FERPA annual notice: Identify Kuliso (Polsia Inc.) in your institution’s FERPA annual notice as a school official with legitimate educational interest.
Inform parents: Disclose to parents (via your annual FERPA notice or technology use notice) that your district uses Kuliso for AI tutoring, and that Kuliso handles student data as a school official.
Manage student enrollment: Teachers are responsible for ensuring only eligible enrolled students access their Kuliso classrooms via join codes.
Handle access requests: FERPA grants parents the right to inspect and review their child’s education records. Kuliso provides data export functionality. Contact support@kuliso.org for FERPA access requests.
Note on Title III and IDEA funding: Kuliso can be deployed using Title III (English Language Acquisition), IDEA Part B (Individuals with Disabilities Education Act), Title I, and State ELD procurement funds. The existence of a signed DPA is typically required for audit compliance under these funding sources. Contact us for procurement documentation tailored to your funding type.
COPPA Interaction With FERPA (Under-13 Students)
When schools use Kuliso with students under 13, the COPPA school operator exception applies:
The school acts as the operator under 16 CFR § 312.5(b)(1) and may provide consent for data collection on behalf of parents
Schools represent that they have appropriate parental notification procedures in place consistent with COPPA and their institutional policies
No behavioral advertising is shown to any users, including students under 13
Personal information collected from under-13 students is limited to: first name (or alias), grade level, session transcripts, and progress data
Summary: Schools deploying Kuliso for under-13 students via a signed DPA are operating within the COPPA school consent exception. No separate parental consent collection by Kuliso is required under this model. The school’s existing FERPA and COPPA notices cover the relationship.
IDEA Compliance & Student Confidentiality
The Individuals with Disabilities Education Act (IDEA) requires strict confidentiality of disability-related records. Kuliso is designed from the ground up to comply:
No disability data collected: Kuliso never collects, stores, or displays IEP status, 504 plan status, ESOL/ELL designation, or any disability or accommodation classification
Universal Design for Learning (UDL): All learning supports (text-to-speech, simplified language, extended time, visual aids, bilingual glossaries) are available to every student — not tied to an accommodation flag
No inferred disability status: A student’s use of learning supports cannot be used to infer disability status, because all students have access to all supports
Teacher configuration is private: Learning support preferences set by teachers are not visible to other teachers, students, or parents outside the immediate relationship
This approach means Kuliso’s system cannot generate records that would constitute “education records” under IDEA regarding disability status, because no such data is captured in the first place.
Contact for FERPA Documentation
Need a signed DPA? Need to complete a FERPA vendor assessment? Have legal questions? We respond quickly and provide complete documentation.
🏛️
FERPA & Compliance Documentation
support@kuliso.org · DPAs returned countersigned within 1 business day