Trust Center

Security & privacy documentation for districts

Everything your technology and data-privacy team needs to evaluate Impact Suite — our security program, subprocessors, AI data handling, and data-protection practices. Self-serve the public documents below, or request access to items shared under NDA.

Hosting AWS · U.S. (Oregon) U.S. data residency
Encryption AES-256 · TLS 1.2/1.3 At rest & in transit
Compliance FERPA · HIPAA · COPPA SOC 2 in progress
AI 100% in AWS No training on student data
Public

Documentation

Freely available — no login or request required.

Security

Security Overview

Our security program, encryption standards, hosting, and access controls at a glance.

Read →
Privacy

What Data We Collect

A complete inventory of the data elements we collect, why, and how they're protected.

Read →
Privacy

Privacy & Regulatory Compliance

Our compliance posture across FERPA, HIPAA, COPPA, and state student-privacy laws.

Read →
Legal

Subprocessors

The third-party services we use to deliver the platform, what they process, and where.

Read →
Legal

Third-Party Management

How we vet, contract with, and monitor the vendors that process educational data.

Read →
AI

AI Data Handling (AskImpact)

How AskImpact uses AI — no model training on student data, U.S. processing, human oversight.

Read →
Security

Data Flow

How student data enters, is stored, and is processed — all within a U.S. AWS boundary.

Read →
Privacy

Data Transition

How educational agencies export their data — and what happens when services end.

Read →
Privacy

Secure Deletion

Our NIST 800-88–aligned data destruction process, with certification provided to agencies.

Read →
Security

Incident Response

How we detect, contain, investigate, and communicate security incidents — with a 72-hour notification commitment.

Read →
Security

Training & Awareness

How our personnel are trained to protect student data.

Read →
Accessibility

Accessibility (VPAT)

Our WCAG 2.1 AA conformance approach and how to request the current VPAT.

Read →
Legal

Customization & Alignment

How we align our data-privacy and security practices to your district's specific policies and state requirements.

Read →
Under NDA

Available on request

Sensitive artifacts shared with reviewers under a mutual NDA. Request access →

Customers

For current districts

Current districts receive advance notice of subprocessor changes under their Data Processing Agreement, and can request a copy of their executed DPA, a data export, or a certificate of destruction through their account team at support@impactsuite.com.

Talk to our compliance team

Questions about our security program, a specific document, or a district-specific requirement?