Student Data Privacy and FERPA Policy

Last Updated: May 13, 2026

This page governs how Presence handles information it processes as a service provider on behalf of schools, school districts, and other education customers (“Customers” and singularly “Customer”) through the Presence platform and related services. It does not apply to information collected from visitors to our public website, which is covered by our Website Privacy Policy.

1. Presence’s Commitments Regarding Student Data. The following commitments reflect Presence’s approach to student data across our platform and services. Where Presence processes student data on behalf of a Customer, those practices are also governed by our agreements with that Customer.

Presence does not:

Sell student personal data, under any circumstances or for any purpose.
Share student personal data for non-educational or commercial purposes, including sharing with data brokers or advertisers.
Use student data for targeted or behavioral advertising, or for any marketing purpose.
Profile students except where strictly necessary to provide an educational service requested by a school or educator, and never for advertising or commercial purposes.
Use student data to train, fine-tune, or improve artificial intelligence or machine learning models, including large language models or permit any third-party AI provider to do so.
Employ manipulative or deceptive design practices that encourage students to disclose more personal data than is necessary for the service.
Collect or process precise geolocation data, biometric data, or other sensitive personal data from students unless required for a specific educational purpose and expressly permitted by applicable law.

Presence does:

Design and operate its platform to avoid practices reasonably likely to cause material harm to children, including physical, emotional, developmental, or privacy-related harm.
Limit access to student data to personnel with a legitimate educational interest consistent with the purposes for which the data was obtained.
Maintain technical and organizational security measures appropriate to the sensitivity of student data, including encryption in transit (TLS 1.2 or higher) and at rest (AES-256 via AWS RDS and S3).
Store all student data within the United States.
Notify the applicable Customer of any third-party request for access to student education records, and decline to comply with such requests absent a court order, lawful subpoena, or Customer direction.

This policy applies only to student data processed by Presence as a service provider on behalf of schools, districts, Local Education Agencies, or other Customers. They do not alter the terms of the Website Privacy Policy governing personal information Presence processes in other contexts.

2. FERPA

2.1 Compliance. Presence is a vendor to educational agencies and institutions (“EAs”) and receives personally identifiable information (“PII”) contained in student records from the EAs. Only information that is needed for Presence and its employees and contractors to perform services is disclosed to Presence by the EA. These disclosures are authorized under the Family Educational Rights and Privacy Act (“FERPA”).

Presence, as a contractor to the EA, receives the disclosures on the same basis as school officials employed by the EA, consistent with FERPA regulations, 34 CFR §99.31(a)(1)(i)(B). Consistent with those regulations, Presence has a legitimate educational interest in the information to which it is given access because the information is needed to perform the outsourced service, and Presence is under the direct control of the EA in using and maintaining the disclosed education records, consistent with the terms of its contract.

Presence is subject to the same conditions on use and redisclosure of education records that govern all school officials, as provided in 34 CFR §99.33. In particular, Presence must ensure that only individuals that it employs, contracts with, or that are employed by its contractor, with legitimate educational interests consistent with the purposes for which Presence obtained the information obtain access to PII from education records it maintains on behalf of the district or institution.

Further, in accordance with 34 CFR §99.33(a) and (b), Presence may not redisclose PII without the consent of a parent or an eligible student (a student who is 18 years old or above, or is enrolled in postsecondary education) unless the agency or institution has authorized the redisclosure under a FERPA exception and the agency or institution records the subsequent disclosure. An example of such a disclosure is when Presence is requested by a school district to assist the district in the transfer of student records from our system to another system.

2.2 School Official Designation. To the extent Presence receives, accesses, or maintains education records on behalf of an EA, Presence is designated as a “school official” with a “legitimate educational interest” in such records, as those terms are used under FERPA and its implementing regulations at 34 CFR § 99.31(a)(1)(i)(B). In fulfilling this designation, Presence: (a) performs institutional services and functions for which the EA would otherwise use its own employees; (b) is under the direct control of the EA with respect to the use and maintenance of education records; and (c) is subject to the requirement that it use education records only for the purposes for which the disclosure was made and will not redisclose personally identifiable information from education records without authorization, consistent with 34 CFR § 99.33.

2.3 Directory Information. Presence does not independently disclose student data as “directory information” under FERPA. Any designation or disclosure of directory information is determined and managed solely by the applicable school or educational agency in accordance with its own policies and FERPA obligations. Where Presence processes student data on behalf of a school, we do so solely under the school’s instructions and pursuant to our applicable agreements.

2.4 No Advertising Use. Presence will not sell or otherwise use or redisclose education records for targeted advertising or marketing purposes. Presence does not allow advertising within its products or services, and therefore there is no behavioral or targeted advertising. Presence uses data within its products and services only to deliver the services contracted by the educational institution. Presence may use anonymized, non-PII data internally to improve the products and services it delivers to EAs.

2.5 Ownership of Student Data. Presence does not own any of the student data or district-created data within its products. Such data is the property of, and remains under the control of, the EA.

2.6 Third-Party Access Requests. In the event any third party seeks to access education records, Presence will immediately inform the EA of such request in writing. Presence shall not provide access to such data or respond to such requests unless compelled to do so by due process, court order, or lawfully issued subpoena from a court of competent jurisdiction, or directed to do so by the EA. Should Presence receive a court order or lawfully issued subpoena seeking the release of such data, Presence shall provide immediate notification, along with a copy thereof, to the EA prior to releasing the requested data, unless such notification is prohibited by law or judicial and/or administrative order.

2.7 Parent and Student Rights. If the EA is unable to fulfill a request of an eligible student or parent/guardian to review the student’s records, Presence can assist at the direction and expense of the EA. In such an event, parents, legal guardians, or eligible students shall follow the procedures established by the EA in accordance with FERPA.

Generally, these procedures establish the right to request an amendment of the student’s education records that the parent or eligible student believes is inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA. Parents or eligible students who wish to ask the EA to amend their child’s or their own education record should write an EA official, clearly identify the part of the record they want changed, and specify why it should be changed. If the EA decides not to amend the record as requested, the EA will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment.
If you have questions about personal information Presence processes on behalf of a Customer, or wish to exercise rights relating to that information, please contact the applicable Customer directly.

3. State Student Data Privacy Laws. Presence acknowledges that numerous states have enacted student data privacy laws that may impose obligations beyond those required by FERPA, including but not limited to restrictions on the collection, use, disclosure, sale, and retention of student personal information, as well as requirements related to data security, breach notification, and transparency. To the extent any applicable state student data privacy law imposes obligations on Presence with respect to student data processed under this Agreement, Presence agrees to comply with such obligations. Where a state law requires a specific contractual commitment, data protection addendum, or written assurance as a condition of lawful processing, the parties agree to cooperate in good faith to execute such documentation.

4. HIPAA Compliance. Student records that are disclosed to Presence by an educational agency (“EA”) and maintained within Presence products are by definition “education records” under FERPA and not “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage. See the exception at paragraph (2)(i) to the definition of “protected health information” in the HIPAA Privacy Rule at 45 CFR § 160.103. See also Joint Guidance on the Application of FERPA and HIPAA to Student Health Records, U.S. Department of Education and U.S. Department of Health and Human Services (November 2008).

Where a customer is not subject to FERPA and health information shared with Presence therefore constitutes “protected health information” subject to HIPAA Presence operates as a HIPAA-compliant Business Associate. In such cases, Presence and the applicable customer will enter into a Business Associate Agreement (“BAA”), and Presence’s obligations with respect to such information will be governed by HIPAA, its implementing regulations, and the terms of the BAA. Evidence of Presence’s HIPAA compliance certification is available in Presence’s Trust Center.

Notwithstanding the foregoing, Presence strives to comply with all applicable privacy laws and has taken measures to ensure that its practices are consistent with HIPAA requirements.

5. Subprocessors. Presence may engage third-party subprocessors to assist in delivering the products and services described herein, including subprocessors that may access or process student data or other personally identifiable information. Presence maintains a current list of its subprocessors, which is available in Presence’s Trust Center. Presence remains responsible for the acts and omissions of its subprocessors with respect to the processing of customer data to the same extent as if Presence were performing such processing directly.

6. Data Security. Presence employs extensive technological and organizational measures to ensure data security and privacy, including:

• Encryption in transit: Data is encrypted end-to-end using TLS 1.2 or higher.
• Encryption at rest: Data is encrypted using AES-256 bit encryption via AWS RDS and S3.
• Physical and logical access controls: Access to systems containing student data is restricted to authorized personnel with a legitimate educational interest.
• Background checks: Presence conducts criminal background checks on employees who have access to student data.
• Training: Employees and contractors receive security and privacy training addressing FERPA, HIPAA, the HITECH Act, and applicable privacy laws.
• U.S. data residency: All student data is stored within the United States.
• SOC 2 Type 2 certification: Presence’s platform has obtained SOC 2 Type 2 certification, demonstrating rigorous security controls. Additional details are available at Presence’s Trust Center.

7. Breach Notification. In the event Presence becomes aware of a data breach or inadvertent disclosure of PII, Presence shall take immediate steps to limit and mitigate such breach to the extent possible. Presence will notify a senior member of the affected EA’s leadership team, ideally the Superintendent or equivalent chief executive, typically within 72 hours of confirmation of the event, including known relevant details. The EA and Presence will work cooperatively to determine an action plan, including any required notification of affected persons.

8. Data Retention and Destruction. Presence retains and destroys student data in accordance with the terms of the applicable Customer agreement, Data Processing Agreement, Business Associate Agreement, or applicable law, whichever governs. Presence shall ensure that it disposes of any and all data or information received from the EA in a commercially reasonable manner that maintains the confidentiality of the contents of such records. At the written request of the EA, Presence will provide a written certification of destruction.

To the extent parents, guardians, or students have questions regarding the content of, or privacy associated with, any applications used by the educational institution, please contact that agency or institution directly.

9. Policy Updates. Presence may, from time to time, update this page to reflect compliance with evolving state and federal laws and regulations. Presence will not materially change its policies and practices to make them less protective of student privacy without the written consent of the EA. The EA may rely upon and enforce any current or prior version of this policy unless otherwise agreed to in writing.

10. Contact. For questions about this page or Presence’s student data practices, please contact:

Email: privacy@presence.com

Mail: PresenceLearning, Inc., 530 Seventh Avenue, Suite M1, New York, NY 10018

For questions about student records maintained by a specific school or district, please contact that educational agency directly.