STUDENT DATA PRIVACY

Privacy by
design

KyberGate was built from day one with student privacy as a core principle — not an afterthought. We never sell data, never show ads, and never share with third parties.

Start Free PilotFull Privacy Policy

Compliance certifications

We meet or exceed every major student data privacy standard.

FERPA

School Official Exception

COPPA

Under-13 Protections

CIPA

E-Rate Eligible

PPRA

Parent Rights

SDPC

National DPA Ready

CSA STAR

CAIQ Completed

SDPC National DPA Ready

KyberGate is ready to sign the Student Data Privacy Consortium's standardized National Data Privacy Agreement. Streamlined procurement for any district that uses the SDPC framework.

Pre-signed standardized DPA
Covers all 50 states
Automatic annual renewal
Transparent data inventory

E-Rate Eligible

KyberGate qualifies as a CIPA-compliant web filtering service under E-Rate Category 2. Use E-Rate funding to cover your web filtering costs.

SPIN: 143055219
CIPA compliant filtering
Category 2 eligible
471 form assistance available

CSA STAR CAIQ Completed

We've completed the Cloud Security Alliance's Consensus Assessment Initiative Questionnaire (CAIQ). This 300+ question assessment covers security, privacy, compliance, and operational practices across all aspects of our cloud infrastructure.

Request CAIQ document

Our Student Privacy Pledge

We will not sell student personal information

We will not use student data for targeted advertising

We will not build profiles beyond educational purposes

We will not share data with data brokers or third parties

We enforce strict, configurable data retention limits

We support data access and deletion requests within 30 days

We maintain enterprise-grade encryption at rest and in transit

We are transparent about all data collection and processing

We notify districts within 24 hours of any data breach

We will not change privacy practices without 60 days notice

What we will never do

Sell or rent student data to anyone

Target advertising to students or schools

Share data with data brokers

Use student data for AI model training

Store browsing page content (only URLs/metadata)

Retain data longer than authorized by the district

Access student data without school admin authorization

Make changes to privacy policies without advance notice

24-Hour Breach Notification

In the unlikely event of a data breach, we commit to notifying all affected districts within 24 hours of discovery — far exceeding the typical 72-hour standard. Notifications include the nature of the breach, data affected, remediation steps taken, and recommended actions for the district.

State Privacy Law Compliance

KyberGate is designed to meet the requirements of state student data privacy laws, including:

New York Education Law §2-d
California SOPIPA & CalOPPA
Illinois ISSPA & BIPA
Connecticut PA 16-189
Colorado HB 16-1423
Virginia SDPA (HB 2350)
Florida DOE Student Data Governance
Massachusetts Student Privacy Alliance
Texas SB 252
Maryland Ed. Art. §4-131

Available Documents

We provide all documentation needed for school board review and procurement:

Privacy Policy

Full privacy policy with FERPA/COPPA/CIPA details

Terms of Service

Service terms including SLA and liability

Data Processing Agreement

Standard DPA or SDPC National DPA

CSA STAR CAIQ

Cloud Security Alliance assessment questionnaire

Security Overview

Infrastructure, encryption, access controls

Parent Bill of Rights

NY Ed Law §2-d compliant notice

Ready for board review?

We'll provide your procurement team with every document they need — DPA, security overview, compliance certifications, and CSA STAR CAIQ.

Request DPA Full Privacy Policy