← All documents
Public Legal Updated July 11, 2026

Customization & Alignment

How we align our data-privacy and security practices to your district's specific policies and state requirements.

Every educational agency operates under its own policy framework, state regulations, and institutional requirements. Impact Suite works to align our practices with each agency’s specific needs — your policies take precedence.

Discovery

During contracting we review your data-security and privacy policies, regulatory obligations (state student-privacy laws, district interpretations of FERPA/COPPA), operational policies (retention, records management), and procurement requirements (security, insurance, audit). We then perform a gap analysis against our standard practices and agree on how each requirement will be met.

Documented in the DPA (Exhibit D)

Agency-specific requirements are captured in Exhibit D of our Data Processing Agreement (built on the 1EdTech DPSA template) so they are legally binding, including:

  • State-specific statutory requirements
  • Custom retention and deletion timelines (e.g. deletion triggered when a student leaves the district, where a state requires it)
  • Enhanced security configurations (MFA scope, IP allowlisting, session timeouts, audit logging)
  • Reporting/audit requirements and insurance provisions
  • Any negotiated variations from standard terms

Configurable controls

The platform supports per-agency configuration of data-retention periods and deletion triggers, role-based access reflecting your org structure, authentication requirements (MFA scope, SSO), audit logging, integration/data-mapping, and export format/schedule.

Ongoing alignment

We conduct periodic reviews with agencies that have custom requirements, update configurations and Exhibit D when your policies change, and provide compliance documentation and audit support on request. Our compliance team (support@impactsuite.com) owns this relationship.