Security & Compliance

Compliance & Regulatory Alignment

Tool For School is built from the ground up to support the compliance requirements that districts, parents, and state regulators expect.

🛡️

Federal

FERPA Aligned

We operate in accordance with the Family Educational Rights and Privacy Act, ensuring the protection of student education records across every module.

  • Role-based access controls limit data visibility by function
  • Restricted data access enforced at the system level
  • Parent and student record access processes documented and supported
  • Vendor data protection agreements available upon request
👶

Federal

COPPA Compliant

For users under 13, we implement parental consent processes and strict data handling standards in alignment with the Children's Online Privacy Protection Act.

  • Verifiable parental consent processes
  • Transparent data collection disclosures
  • Minimum necessary data collection only

State

Texas Student Data Privacy Act Aligned

We support Texas districts in meeting their obligations under the Texas Student Data Privacy Act, including vendor contracting requirements and data use restrictions.

  • Operator agreement provisions available for district review
  • No secondary use of student data for commercial purposes
  • Supports district data governance requirements

"Hallways are where incidents happen. Paper passes give zero visibility. But students need autonomy, not constant surveillance. The answer is pattern intelligence, not punishment."

Architecture

Security Architecture

Tool For School is built on a security-first architecture designed for the operational demands of K-12 environments.

Encryption

  • Data encrypted in transit (TLS 1.2+)
  • Data encrypted at rest
  • Secure cloud infrastructure

Access Controls

  • Role-based permissions
  • Least-privilege enforcement
  • Audit logging of sensitive actions

Infrastructure

  • Secure cloud-hosted environments
  • Environment isolation (Prod / Staging)
  • Secure API authentication

Integrations

Integration Standards

Tool For School connects with the systems districts already use, following established interoperability standards.

  • OneRoster standard support for rostering and data sync
  • Clever integration for streamlined district onboarding
  • ClassLink integration for identity and access management
  • Read-first integration posture — we do not write to SIS records without explicit authorization
  • Graceful degradation when upstream systems are unavailable

Governance

Data Governance

Data Ownership

Schools and districts retain full ownership of their data. Tool For School operates as a data processor, not a data owner.

Data Portability

Districts can request a full export of their data at any time. We provide documented processes for data export in standard formats.

Data Retention

We maintain clear policies on what data is stored, how long it is retained, and when it is deleted. Retention schedules are available as part of our district data protection agreement.

Data Deletion

Upon contract termination, we provide documented procedures for secure data deletion. Districts are not locked in — and their data does not stay behind.

Operations

Operational Security

  • Continuous environment monitoring
  • Secure development lifecycle practices
  • Controlled production deployment procedures
  • Documented incident response procedures
  • Independent security reviews conducted regularly

Questions about our compliance posture?

We're happy to walk through our data protection agreements, security practices, and compliance documentation with your district's team.

Contact Us