Back to legal

FERPA Compliance Statement

Last updated: April 2026

Overview

Charter Vision is an AI-powered governance platform for charter school boards. We are committed to protecting the privacy of education records in accordance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99.

Data We Collect

Charter Vision collects and processes the following categories of data:

  • Board member information: Names, email addresses, board positions, and platform activity for registered users.
  • School profile data: School name, address, enrollment counts, charter agreement details, and fiscal year configuration.
  • Aggregate academic data: School-level proficiency rates, performance grades, and enrollment demographics sourced from public state agency data (e.g., NC DPI report cards). This data is de-identified and publicly available.
  • Financial data: School-level financial statements, budgets, and audit reports uploaded by school administrators.
  • Governance documents: Board policies, meeting agendas, meeting minutes, and other governance materials uploaded by school administrators.

What We Do NOT Collect

  • Individual student names, grades, or disciplinary records
  • Personally identifiable student information
  • Individual student assessment scores
  • Student health or counseling records
  • Social Security numbers or financial aid information

Charter Vision does not function as a Student Information System (SIS) and does not require access to individual student-level education records.

FERPA "School Official" Exception

To the extent that any data processed by Charter Vision constitutes "education records" under FERPA, Charter Vision operates as a "school official" with a "legitimate educational interest" under 34 CFR § 99.31(a)(1). Schools may share education records with Charter Vision without prior parental consent when:

  • Charter Vision is performing a service that would otherwise be performed by school employees (governance analysis, compliance monitoring, financial reporting).
  • Charter Vision is under the direct control of the school with respect to the use and maintenance of education records.
  • Charter Vision complies with the conditions governing the use and re-disclosure of education records as specified in 34 CFR § 99.33(a).

Data Security

  • All data is encrypted in transit using TLS 1.2+.
  • Data at rest is encrypted using AES-256 via our infrastructure provider (Supabase).
  • Access to school data is restricted by role-based permissions (Admin, Member, Stakeholder).
  • All administrative actions are logged in an immutable audit trail.
  • AI processing (Anthropic Claude) is governed by API terms that prohibit using input data for model training.

Data Retention & Deletion

School administrators may request deletion of their school's data at any time by contacting support or using the account deletion feature in platform settings. Upon deletion request:

  • All school-specific documents and embeddings are permanently deleted.
  • Conversation history associated with the school is deleted.
  • Financial data and reports are deleted.
  • Aggregate, de-identified data may be retained for platform improvement purposes in accordance with FERPA's research exception.

Small-N Suppression

When displaying academic performance data disaggregated by student subgroups, Charter Vision follows state agency suppression rules to prevent re-identification. Subgroup data with fewer than the state-mandated minimum student count is suppressed in all displays and AI contexts.

Data Processing Agreement

Schools may request a formal Data Processing Agreement (DPA) that documents our obligations as a service provider handling education-related data.

View our Data Processing Agreement template

Contact

For questions about FERPA compliance or to report a data concern, contact:

Charter Vision Data Privacy
Email: privacy@chartervision.app