Privacy Policy

Your privacy is fundamental to our mission. Learn how EdForge protects your data with enterprise-grade security and regulatory compliance.

Last Updated: December 15, 2025

Introduction

EdForge Technologies LLC ("EdForge," "we," "us," or "our") is committed to protecting the privacy of students, educators, parents, and all users of our Education Management Information System (EMIS). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

EdForge Technologies LLC is a Texas limited liability company located at 6600 McKinney Ranch Parkway, McKinney, TX 75070.

Information We Collect

Student Education Records

When schools use EdForge, they may input student education records including:

  • Student names, contact information, and demographics
  • Academic records, grades, and transcripts
  • Attendance and enrollment information
  • Behavioral records and disciplinary actions
  • Special education and accommodation records
  • Health information necessary for educational purposes

Staff and Institutional Data

  • Staff profiles, qualifications, and contact information
  • Department and organizational structures
  • Academic calendars and scheduling data
  • Financial and budgetary information

Usage and Technical Data

  • Login and authentication information
  • Browser type, device information, and IP addresses
  • Usage analytics and interaction patterns
  • Error logs and performance data

FERPA Compliance

EdForge complies with the Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student education records. As a "school official" under FERPA:

  • Legitimate Educational Interest: We access student records only to provide the educational services contracted by schools
  • Direct Control: Schools maintain direct control over the use and maintenance of education records
  • No Re-disclosure: We do not disclose personally identifiable information from education records to third parties without consent
  • Audit Trail: We maintain comprehensive audit logs of all data access for a minimum of 2 years as required by FERPA
  • Data Deletion: Upon request or contract termination, we delete student records according to school instructions

COPPA Compliance

EdForge complies with the Children's Online Privacy Protection Act (COPPA) for users under 13 years of age:

  • School Consent: Schools provide consent on behalf of parents for the collection of student information for educational purposes
  • Limited Collection: We collect only information necessary for educational services
  • No Commercial Use: We do not use children's personal information for commercial purposes unrelated to educational services
  • Parental Rights: Parents may review, request deletion, or refuse further collection of their child's information through their school
  • Security: We implement reasonable security measures to protect children's personal information

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):

  • Lawful Basis: We process personal data based on contractual necessity with schools and legitimate educational interests
  • Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing
  • Data Transfers: International data transfers are protected by appropriate safeguards including Standard Contractual Clauses
  • Data Protection Officer: Contact our DPO at shoaibrain@edforge.net
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

Data Retention

Our data retention practices include:

  • Active Data: Student and institutional data is retained for the duration of the service agreement with the school
  • Audit Logs: Access and activity logs are retained for 2 years to comply with FERPA requirements
  • Archived Data: Upon request, academic year data can be archived and stored in long-term encrypted storage
  • Deletion: Upon contract termination, data is deleted within 90 days unless legally required to retain

Third-Party Services

EdForge may integrate with the following third-party services:

  • Cloud Infrastructure: Amazon Web Services (AWS) and Google Cloud Platform for secure data hosting
  • Authentication: AWS Cognito for secure user authentication
  • Analytics: Vercel Analytics for anonymized usage statistics
  • Google Workspace: Optional integration for schools using Google for Education

All third-party service providers are contractually obligated to maintain the confidentiality and security of personal information.

Security Measures

We implement comprehensive security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-tenant isolation at the infrastructure level
  • Role-based access control (RBAC)
  • Regular security audits and penetration testing
  • Incident response and breach notification procedures

For more details, please visit our Security page.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

EdForge Technologies LLC

6600 McKinney Ranch Parkway

McKinney, TX 75070

Email: shoaibrain@edforge.net

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify schools of any material changes by email and update the "Last Updated" date at the top of this page. Continued use of EdForge after changes constitutes acceptance of the updated policy.