Student data privacy and security
Locus is built to pass district review: minimal collection, no advertising or analytics trackers, short retention windows, and student accounts that are invisible to the public. This page summarizes the practices your privacy team will ask about; the signed Data Privacy Agreement is the binding document.
COPPA and FERPA posture
- Your DPA authorizes accounts for your students of any age — the district's authorization stands in for parental consent (COPPA school-authorization provision). We collect no ages or birthdates at all.
- Locus operates as a school official under FERPA: student records are used solely to provide the service, never redisclosed, never used commercially, and deleted on request or when no longer needed.
- Districts can request a full export or deletion of any student's data at any time; both actions are logged.
- Parents exercise review rights through the district.
What student accounts never touch
- No public exposure: student accounts are excluded from public leaderboards and public profile pages.
- No third-party embeds: YouTube help videos are disabled for student accounts.
- No CDNs: every page asset is served from our own domain, so page loads leak no student IPs to third parties.
- No analytics, no ads, no profiles for non-educational purposes, no sale of data.
What we collect and keep
- Account: email, username, student flag. No ages, no birthdates.
- Learning activity: attempts, answers, scores, timing — the data teachers need for grading.
- Crash reports (90 days), email tokens (deleted on expiry), invitation records (deleted 7 days after expiry).
- IP addresses are never stored. Account deletion removes personal data immediately.
Subprocessors
- Cloudflare — hosting, TLS termination, signup bot check, transactional email delivery
- Clever, Google, GitHub — sign-in, only for the chosen provider
- UptimeRobot — status-page monitoring, receives no user data
Security
- TLS everywhere; passwords hashed with Argon2; httpOnly same-site session cookies.
- Administrative access to student data is role-restricted and written to an audit log.
- Breach notification to affected districts without undue delay.
Rostering
Districts can roster through Clever Instant Login (students and teachers sign in with existing school accounts; no new passwords) or through recognized school email domains with class join codes.
Get the DPA
We sign NDPA-style data privacy agreements. Contact us and we'll send the template with your district's exhibit filled in.