FERPA Notice

Version: 2026-05-28 Effective Date: 2026-05-28 Authoritative Privacy Policy: /legal/privacy §6 (Schools and FERPA) Companion DPA: /legal/dpa This notice explains how Koydo handles education records under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g; 34 CFR Part 99, when Koydo provides services to an educational agency or institution (the "School").

• Koydo acts as a school official with a legitimate educational interest under § 99.31(a)(1)(i)(B) when contracted by a School.
• Education records are never used for advertising, profiling, sale, or AI model training.
• Parents and eligible students may inspect, request amendment of, and consent to disclosure of education records through their School; Koydo provides the tooling.
• AI prompt-and-response logs created when a student uses an AI feature are treated as education records and retained for 90 days unless the School configures a shorter window.
• Personal data breach notice to the School is delivered within 72 hours of confirmation.
• All sub-processors that handle education records are listed at /legal/subprocessors and bound by FERPA-equivalent obligations.

When a School contracts with Koydo, Koydo is a school official with a legitimate educational interest under the FERPA school-official exception (34 CFR § 99.31(a)(1)(i)(B)). Specifically, Koydo:

• Performs an institutional service for which the School would otherwise use employees;
• Is under the School's direct control with respect to the use and maintenance of education records; and
• Is subject to the use and re-disclosure requirements of § 99.33(a) governing personally identifiable information from education records.

Koydo does not use education records for any purpose other than providing the contracted Service. Koydo does not sell education records, run advertising against them, or use them to behaviorally profile students. Education records are not used to train any AI model. Sub-processor model providers are configured with no-train flags and audited quarterly.

In the course of the Service, Koydo handles the following categories on the School's behalf as education records. | Category | Examples |

|---|---| | Identifiers | name, school-assigned student ID, school email | | Roster + enrollment | grade level, class section, cohort, attendance | | Learning records | lesson progress, vocabulary mastery, pronunciation attempts, homework submissions, gradebook entries | | Assessment results | placement-test outcomes, formative-assessment scores, AI-graded essay scores subject to teacher override | | Communications | messages between students, parents, and authorized teachers within the Service; teacher-issued feedback | | AI prompt-and-response logs | inputs and model outputs generated when a student uses an AI feature routed through Koydo's AI Gateway (see §5) | The following are not education records under FERPA and are handled outside this notice:

• Sole-possession notes a teacher keeps for personal use;
• Aggregated, irreversibly de-identified analytics that meet the U.S. Department of Education PTAC de-identification standard;
• Administrative billing and license-management data for the School itself, which is governed by Koydo's general Privacy Policy as controller.

Koydo does not designate or disclose any data as directory information by default. Where a School designates specific fields as directory information under its own FERPA-compliant policy and notifies parents and eligible students with a right to opt out, Koydo will follow the School's written instructions. Koydo will never publish a student photograph, name, or other identifier without the School's documented direction.

Koydo supports the School in honoring rights guaranteed by FERPA. The Service exposes the tooling; the School makes the substantive determinations. | Right | FERPA section | Koydo's role |

|---|---|---| | Inspect and review records | § 99.10 | Export tools surface every education record on demand; fulfillment within 45 days. | | Request amendment | § 99.12, 99.20–22 | Contested records can be flagged for amendment; the School's decision is surfaced in the student view. Koydo does not make amendment decisions. | | Consent before disclosure | § 99.30 | Disclosures occur only as the School directs, or as a § 99.31 exception clearly permits, or as compelled by lawful process under § 99.31(a)(9). The School is notified before Koydo complies with a subpoena, unless the order forbids notice. | | Annual notification | § 99.7 | Template language for the School's annual FERPA notification is available on request. | | File a complaint | § 99.63 | Complaints may be filed with the U.S. Department of Education's Student Privacy Policy Office at studentprivacy.ed.gov. |

When a student's utterance is processed by Koydo's AI features and routed through the AI Gateway to a hosted language model, both the prompt and the model response are treated as education records under this notice. The following controls apply: | Control | Default | Configurable by School? |

|---|---|---| | Retention period | 90 days from the conversational turn | Yes — shorter window only | | Destruction on verified deletion request | Within 7 business days | No (floor enforced) | | Sub-processor model training on logs | Disabled (no-train flags) | No (always disabled) | | On-device routing where available | Apple Foundation Models served on-device; no server-side log | Yes — can be required | | Audit log of Koydo personnel access | Immutable, retained 7 years | No (floor enforced) | When Apple Foundation Models (AFM) are available on the student's device, prompts may be served on-device and no server-side log is created.

Koydo's sub-processors that may handle education records are listed at /legal/subprocessors. Each is bound by a written agreement that imposes FERPA-equivalent obligations, prohibits re-disclosure, and requires destruction or return on contract termination. Koydo notifies Schools of material changes to the sub-processor list at least 30 days in advance via the customer portal and email; Schools may object in writing within the notice window.

Koydo follows the technical and organizational controls described in the Data Processing Agreement and the Privacy Policy §11. These include encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access, single sign-on with SAML or OIDC for Schools that require it, immutable audit logging, and a documented incident-response program.

In the event of a Personal Data Breach affecting education records, Koydo notifies the School in writing without undue delay and in any case within 72 hours of confirmation. The notice includes the categories and approximate number of students affected, the records involved, the likely consequences, the measures taken, and the contact for further information. Notice format follows Koydo's Breach Protocol.

On termination of the contract (or earlier, at the School's written request), Koydo returns or destroys all education records within 90 days, except where retention is required by law. A written destruction certificate is provided on request.

When a student transfers to another institution that is also a Koydo customer, Koydo will not transfer that student's records between institutions without the originating School's written direction or the parent's / eligible student's consent. This applies even where both institutions use the same Service.

• General privacy and FERPA inquiries: privacy@koydo.app
• School administrator support: schools@koydo.app
• Data Protection Officer: dpo@koydo.app
• Trust and Security: trust@koydo.app

For complaints to the U.S. Department of Education: studentprivacy.ed.gov.

This notice is reviewed at every Privacy Policy revision and at every change to Koydo's sub-processor list or retention defaults. Material changes will be communicated to Schools at least 30 days before they take effect. The current authoritative version is recorded in Koydo's legal version history.

FERPA notice v2026-05-28 — Effective May 28, 2026 — koydo.app/legal/ferpa