Skip to main content
🔒 Privacy & Compliance

We take student privacy seriously.
Here's exactly what that means.

This page is written for teachers and administrators — not lawyers. No jargon. Just a clear explanation of how Kuliso handles student data, what we're required to do by law, and what we've chosen to do beyond that.

Last updated: April 2026 · Questions? support@kuliso.org
✓ FERPA Compliant ✓ COPPA Compliant 🚫 Never sell student data 🚫 No ads to students 🔒 AES-256 encrypted 📋 Data deleted on request
⚖️

FERPA Compliance

FERPA (the Family Educational Rights and Privacy Act) is the federal law that governs how schools and their vendors handle student records. Here's what it means for Kuliso:

No sharing student PII with third parties. Kuliso does not share student personally identifiable information (PII) with advertisers, data brokers, or any outside company. The only parties who can see student data are: the student themselves, their teacher, their parent/guardian, and authorized Kuliso support staff when helping resolve an issue.
No student names in marketing or reporting. If Kuliso ever publishes data about student outcomes, no student names, school names, teacher names, locations, grade levels, or any identifying details are included. We describe results using only anonymized, aggregate language.
All student data stays within classroom scope. A teacher can only see data for students in their own classroom. Students can only see their own work. No cross-classroom or cross-teacher data sharing.
We operate as a "school official" under FERPA. This means your school can share student records with Kuliso under your existing FERPA authority — without collecting separate parent consent for each student — as long as a Data Processing Agreement (DPA) is in place.

Deploying Kuliso at your school? We'll provide a signed Data Processing Agreement (DPA) within 1 business day. Email support@kuliso.org or view the full DPA template.

👶

COPPA Compliance

COPPA (the Children's Online Privacy Protection Act) requires extra protections for children under 13. Kuliso is built for classroom use under teacher supervision — here's how we comply:

✓ We do this

No advertising to students

Zero ads, sponsored content, or affiliate links — ever. Students using Kuliso see only educational content.

✓ We do this

Teacher-supervised access

Kuliso is designed for classroom deployment under teacher control. The school manages student access, not kids independently signing up.

✓ We do this

School handles consent (the legal way)

When your school deploys Kuliso, the school acts as the COPPA consent intermediary — this is the standard, legal approach used by every reputable EdTech platform.

✓ We do this

No collection outside school context

Kuliso does not collect personal information from children under 13 outside of a school-managed account. Family plans require parental consent before activation.

✗ We never do this

Behavioral tracking

No tracking students across other websites, no behavioral profiles, no data shared with advertisers.

✗ We never do this

Selling or sharing data for profit

Student data is never sold, rented, traded, or shared with any company for commercial purposes. Period.

For family subscriptions (outside school): If a parent signs up for a family plan that includes a child under 13, Kuliso requires verifiable parental consent before the student account becomes active. The student account is locked until the parent verifies via email.

📊

Data & Research Policy

Kuliso may eventually publish research or outcome data — for example, how students using Kuliso perform on vocabulary assessments over time. Here's our firm policy on how that data is used:

Anonymized, aggregate only. No exceptions.

Any data Kuliso publishes — in research, case studies, marketing, or public reporting — uses fully anonymized, aggregate data only. That means:

No student names. No teacher names. No school names.
No locations — not city, state, district, or school name.
No grade levels, demographic details, or anything that could identify a classroom.
Data is reported across groups, not tied to individuals.
📋 Example — What This Looks Like in Practice

CORRECT: "Across 2 classrooms over 6 weeks, students improved vocabulary quiz scores by an average of 22%."

NEVER: "Students at Jefferson Elementary in Austin, TX — Ms. Rivera's 4th grade class — improved vocabulary scores by 22%."

Opt in or out anytime. Teachers and schools can opt in or out of anonymized data collection at any time. If you opt out, your classroom's data is excluded from any aggregate reporting entirely. To request this, email support@kuliso.org.

What about AI training? Kuliso never uses student session transcripts or student data to train AI models. The AI models Kuliso uses (Google Gemini API) are subject to Google's API terms, which also prohibit training on API request data.

🛡️

Student Privacy in Practice

Beyond legal compliance, here's how Kuliso is actually built to protect students day-to-day:

Students join via classroom codes — no personal email required. Teachers create a classroom and share a join code. Students can access Kuliso without providing an email address. No account creation friction, no email verification for students.
Student data is never sold or shared with outside companies. The only third parties that may process student data are our hosting infrastructure providers (Render, Neon) and the AI API (Google Gemini) — all of which are contractually bound not to use the data for their own purposes.
No disability or accommodation status recorded. Kuliso does not collect, store, or display IEP status, 504 plan status, ESOL designation, or any disability classification. All learning supports (text-to-speech, simplified language, extended time) are available to every student — no student is labeled.
Data deletion available on request. Teachers, schools, or parents can request deletion of all student data. Active systems are cleared within 30 days. All backups are purged within 90 days. We provide written confirmation when it's done.
All data encrypted at rest and in transit. Student data is stored using AES-256 encryption. All connections use TLS. Data is stored on US servers only.
Breach notification within 72 hours. If we ever detect a confirmed security breach involving student data, we notify affected schools within 72 hours — not whenever we get around to it.

How to submit a data request: Parents, guardians, or teachers can request data access, correction, or deletion at any time. Email support@kuliso.org with "Privacy Request" in the subject line. We respond within 2 business days.

Questions about student privacy?

We respond to every privacy question — typically same day. District procurement, DPA requests, parent concerns, whatever you need.

📧 Email us directly → Try Kuliso free →
📂

Full Legal Documentation

Need the full legal documents for your district's procurement process? Everything is here:

📋
Student Data Privacy Addendum
Ready-to-sign DPA for school districts. FERPA & COPPA aligned. Downloadable as PDF.
⚖️
FERPA Statement
Formal compliance statement for district procurement officers and legal counsel.
🔒
Privacy Policy
Full privacy policy covering all users — teachers, parents, and students.
Accessibility Statement
WCAG 2.1 AA compliance, IDEA support, and Universal Design for Learning.