Student Privacy Rights (FERPA)

Introduction to Educational Privacy

Flinteract is committed to protecting the educational privacy rights of all student users. As an educational technology platform serving college and university students, we comply with the Family Educational Rights and Privacy Act (FERPA) and other relevant educational privacy regulations.

Understanding FERPA

What is FERPA?

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. FERPA gives parents certain rights with respect to their children's education records, and these rights transfer to the student when they reach 18 years of age or attend school beyond the high school level.

How FERPA Applies to Flinteract

What Student Data We Protect

Information We Collect (FERPA Compliant)

• University Affiliation: Email domain verification only (@university.edu) to confirm student status
• Communication Data: Student-to-student messages for community building (not academic records)
• User-Generated Content: Posts, comments, marketplace listings representing personal expression
• Location Preferences: Campus-relevant content filtering (not attendance tracking)
• Profile Information: Basic profile data necessary for social networking features

Educational Records We DON'T Collect

Data Minimization Principle

• Necessary Data Only: We collect only data necessary for app functionality and community features
• Educational Purpose: All data collection serves legitimate educational and social networking purposes
• No Academic Profiling: We don't create profiles of academic performance or behavior
• Limited Third-Party Sharing: Student data never sold or shared with marketers

Your Student Privacy Rights Under FERPA

Right to Inspect and Review

• Data Access: View all personal data we have collected about you through in-app privacy dashboard
• Data Export: Download your complete data profile in portable format anytime
• Transparency: Clear explanation of what data we collect and how it's used
• Regular Updates: Access to real-time view of your current data profile

Right to Request Amendment

• Data Correction: Edit profile information and correct inaccurate data through app settings
• Content Management: Delete or modify your posts, comments, and marketplace listings
• Account Updates: Update university affiliation, contact information, and preferences
• Error Reporting: Report any inaccurate data for immediate correction

Right to Consent to Disclosures

• Explicit Consent: We require explicit consent before sharing any student information
• Granular Controls: Control exactly what information is shared and with whom
• Third-Party Sharing: No sharing with external parties without your specific consent
• Opt-Out Options: Easy opt-out from any data sharing arrangements

Right to File Complaints

• Internal Appeals: Report privacy concerns to our student privacy officer
• Federal Rights: File complaints with the U.S. Department of Education's FERPA office
• Investigation Support: Full cooperation with any FERPA complaint investigations
• No Retaliation: Protection against retaliation for filing privacy complaints

Enhanced Protections for Students Under 18

Additional Privacy Safeguards

Parental Notification

• Safety Concerns: Parents notified of any safety concerns involving minor students
• Account Oversight: Parents may request information about minor students' accounts
• Consent Requirements: Additional consent requirements for certain features
• COPPA Compliance: Compliance with Children's Online Privacy Protection Act alongside FERPA

Minor Protection Protocols

• Immediate Escalation: Safety concerns involving minors escalated immediately
• Professional Support: Coordination with school counselors and support staff
• Crisis Response: Enhanced crisis response procedures for minor students
• Legal Reporting: Mandatory reporting obligations for student safety

University Partnership & Data Sharing

Limited Institutional Sharing

Independent Operation

• No SIS Integration: We don't integrate with student information systems
• Separate Authentication: Independent email verification system
• Privacy Barrier: Clear separation between our platform and university systems
• Student Control: Students control their own data independent of university policies

Institutional Respect

• University Policies: Respect for university privacy policies and procedures
• Campus IT Coordination: Coordination with campus IT security when appropriate
• Legal Compliance: Compliance with institutional legal and policy requirements
• Professional Cooperation: Professional cooperation while maintaining student privacy

Data Security & Protection

Technical Safeguards

• Encryption: End-to-end encryption for sensitive student communications
• Secure Storage: Industry-standard secure storage for all student data
• Access Controls: Strict access controls limiting who can view student information
• Regular Audits: Regular security audits and penetration testing

Administrative Safeguards

• Staff Training: All staff trained on FERPA requirements and student privacy
• Access Limitations: Staff access limited to job functions requiring student data access
• Privacy Policies: Comprehensive privacy policies covering all student data handling
• Incident Response: Detailed incident response plan for any privacy breaches

Physical Safeguards

• Secure Facilities: Physical security for all systems processing student data
• Device Protection: Security measures for devices accessing student information
• Disposal Procedures: Secure disposal procedures for any physical materials
• Environmental Controls: Environmental controls protecting data infrastructure

Data Retention & Deletion

Student-Controlled Deletion

• Account Deletion: Complete account and data deletion available in app settings
• Immediate Deletion: Individual content deleted immediately upon request
• 30-Day Timeline: Complete data removal within 30 days of account deletion
• Verification Process: Confirmation process to prevent accidental deletions

Automatic Deletion Schedules

• Analytics Data: Anonymous analytics data deleted after 1 year
• Email Logs: Email verification logs deleted after 30 days
• Session Data: Login session data deleted after 24 hours
• Temporary Files: Temporary processing files deleted immediately

Legal Retention Requirements

• Safety Records: Safety incident reports retained only as required by law
• Investigation Data: Data related to ongoing investigations retained per legal requirements
• Audit Trails: Security audit trails maintained for compliance purposes
• Court Orders: Compliance with valid court orders for data preservation

International Student Privacy

Global Privacy Compliance

International Student Support

• Multi-Language Support: Privacy information available in multiple languages where possible
• Cultural Liaison: Support for international students navigating privacy rights
• Visa Compliance: Understanding of how privacy rights interact with visa requirements
• Embassy Coordination: Coordination with embassies when appropriate for student safety

Student Privacy Support & Resources

Getting Help with Privacy

• Student Privacy Officer: Dedicated contact for all student privacy questions
• Response Timeline: Guaranteed response within 7 business days for all privacy inquiries
• Free Assistance: No cost assistance with exercising your privacy rights
• Educational Resources: Resources to help you understand your privacy rights

Contact Information & Compliance