← All documents
Public Privacy Updated July 11, 2026

Privacy & Regulatory Compliance

Our compliance posture across FERPA, HIPAA, COPPA, and state student-privacy laws.

Impact Suite practices data minimization and operates in compliance with the federal and state laws that govern student data. This page covers our regulatory posture; the specifics of what we collect, how long we keep it, and how it’s exported or deleted have their own detailed pages (linked below).

Regulatory compliance

  • FERPA — we operate as a school official with a legitimate educational interest; access is controlled and audited, and we support parent/student access rights.
  • HIPAA — health-related data is handled under HIPAA administrative, physical, and technical safeguards; a Business Associate Agreement is available.
  • COPPA — supported for students under 13.
  • State student-privacy laws — our Data Processing Agreement aligns to applicable state requirements (e.g. California SOPIPA, New York Education Law 2-d), and we can execute state-standard agreements including the Florida NDPA and other National Data Privacy Agreement templates.

No secondary use

We never sell or rent student data, never use it for advertising or profiling, and never use student data to train AI models (see AI data handling).

The details

A dedicated Data Protection Officer oversees privacy compliance (support@impactsuite.com).