LocusEducation

Student data privacy and security

Locus is built to pass district review: minimal collection, no advertising or analytics trackers, short retention windows, and student accounts that are invisible to the public. This page summarizes the practices your privacy team will ask about; the signed Data Privacy Agreement is the binding document.

COPPA and FERPA posture

  • Your DPA authorizes accounts for your students of any age — the district's authorization stands in for parental consent (COPPA school-authorization provision). We collect no ages or birthdates at all.
  • Locus operates as a school official under FERPA: student records are used solely to provide the service, never redisclosed, never used commercially, and deleted on request or when no longer needed.
  • Districts can request a full export or deletion of any student's data at any time; both actions are logged.
  • Parents exercise review rights through the district.

What student accounts never touch

  • No public exposure: student accounts are excluded from public leaderboards and public profile pages.
  • No third-party embeds: YouTube help videos are disabled for student accounts.
  • No CDNs: every page asset is served from our own domain, so page loads leak no student IPs to third parties.
  • No analytics, no ads, no profiles for non-educational purposes, no sale of data.

What we collect and keep

  • Account: email, username, student flag. No ages, no birthdates.
  • Learning activity: attempts, answers, scores, timing — the data teachers need for grading.
  • Crash reports (90 days), email tokens (deleted on expiry), invitation records (deleted 7 days after expiry).
  • IP addresses are never stored. Account deletion removes personal data immediately.

Subprocessors

  • Cloudflare — hosting, TLS termination, signup bot check, transactional email delivery
  • Clever, Google, GitHub — sign-in, only for the chosen provider
  • UptimeRobot — status-page monitoring, receives no user data

Security

  • TLS everywhere; passwords hashed with Argon2; httpOnly same-site session cookies.
  • Administrative access to student data is role-restricted and written to an audit log.
  • Breach notification to affected districts without undue delay.

Rostering

Districts can roster through Clever Instant Login (students and teachers sign in with existing school accounts; no new passwords) or through recognized school email domains with class join codes.

Get the DPA

We sign NDPA-style data privacy agreements. Contact us and we'll send the template with your district's exhibit filled in.

[email protected]Read the full privacy policy