Skip to main content

🔒 Privacy, Compliance & Data Governance

iLernt is built privacy-first. We comply with all applicable education data privacy legislation in Canada and the United States.

🇺🇸 FERPA — Family Educational Rights and Privacy Act

  • Operates as a 'school official' under FERPA with legitimate educational interest.
  • No disclosure to third parties without explicit written consent.
  • Students retain full rights to inspect, review, and amend records.
  • Data processing agreements specify purpose limitation and breach notification.
  • Annual FERPA compliance training for all employees with data access.
  • De-identification protocols ensure no individual is identifiable in analytics.

🇺🇸 COPPA — Children’s Online Privacy Protection Act (2025)

  • Verifiable parental consent required for under-13, per 2025 opt-in amendments.
  • No behavioral advertising or data monetization — ever.
  • Parents can review, delete, and withdraw consent via the Parent Portal.
  • K-12 agreements may authorize consent per FTC guidelines.
  • Data deleted within 30 days of account closure or consent withdrawal.

🇨🇦 PIPEDA — Personal Information Protection and Electronic Documents Act

  • Complies with all 10 Fair Information Principles.
  • Meaningful consent obtained with clear, plain-language explanations.
  • Users may access, correct, or delete personal information at any time.
  • Breach notification 'as soon as feasible' for real risk of significant harm.
  • Cross-border safeguards ensure comparable protection between CA and US.

🇨🇦 FIPPA — Freedom of Information and Protection of Privacy Act (Ontario)

  • FIPPA-compliant data processing agreements for Ontario public institutions.
  • Personal information not disclosed without consent except as required by law.
  • Data residency defaults to Canadian infrastructure for Ontario partners.
  • IPC guidance on cloud computing followed for all vendor relationships.
  • Provincial equivalents (BC FIPPA, Alberta FOIP, Quebec Law 25) addressed via addenda.

🇨🇦🇺🇸 Accessibility Compliance

  • WCAG 2.1 AA compliance across all interfaces.
  • Ontario AODA — Integrated Accessibility Standards.
  • US Section 508 and ADA Title III compliance.
  • Regular third-party accessibility audits.
  • Screen reader compatible, keyboard navigable, high-contrast mode.

🔐 Data Security & Architecture

  • AES-256 at rest; TLS 1.3 in transit.
  • SOC 2 Type II certified infrastructure.
  • Role-based access control with principle of least privilege.
  • Annual penetration testing by third-party firms.
  • Student data ownership — export in JSON. Full portability.
  • AI processing: the Claude API is ephemeral. No training on student data.
Questions about data governance?
Contact our Data Protection Officer at privacy@ilernt.com