At StudentConnect, we are committed to protecting the security and privacy of our customers’ data. This includes
ensuring that our customers in the education sector are compliant with the Federal Education Rights
and Privacy Act (FERPA).
Information Security and Privacy are both key components central to FERPA
How does StudentConnect protect its customers data?
StudentConnect’s commitment to protecting the security and privacy of our customers’ data includes:
• Submitting our privacy practices to independent assessment and certification
• Undergoing an annual SSAE-16 SOC 2 audit by a qualified independent third-party
• Performing regular vulnerability scans and penetration tests to evaluate our security posture
and identify new threats
What is FERPA?
FERPA is a U.S federal law that protects the privacy of student educational records. FERPA gives
parents certain rights with respect to their children’s education records. These rights transfer to the
student when he or she reaches the age of 18 or attends school beyond the high school level.
To what institutions does FERPA apply?
FERPA applies to all academic institutions that receive funds under applicable U.S. Department of
StudentConnect and FERPA
FERPA Compliance Guide
What are “education records”?
Education records directly relate to a student and are maintained by an educational institution or
by a party on behalf of the agency or institution. Video recordings/streams may be considered
education records under certain circumstances and may require parental consent if a minor is under
the age of 18. More information on this topic can be found at the ed.gov website.
Are there any FERPA certification programs?
No. Currently there are not any specific FERPA certification programs to assess third-party compliance.
The academic institution must perform its own assessment to determine if a product or service
affects its ability to comply.
How does StudentConnect help with FERPA compliance?
StudentConnect uses privacy practices and technical security measures to ensure that customer data is
protected. Our security and privacy measures include:
• Providing a variety of in-meeting product security features
• Protecting data in transit by TLS 1.2 and at rest using 256-bit Advanced Encryption Standard
• Leveraging the physical and environmental protection of our data center providers.
hosting facilities have 24×7 manned security and monitoring through multiple layers of
physical security controls including perimeters fences, manned lobbies, surveillance cameras
(CCTV), man trap, locked cages, motion detectors, and biometric access requirements
• Not monitoring, viewing, or tracking the video or audio content of your video meetings or
• Not sharing customer data with third parties
• Not storing customer data other than account information which consists of email address
use for UserID, first and last name, optional company name, optional phone number, and
optional profile picture
• Only retaining accounts for 30 days after termination to assist with product reactivation (if
requested by customer). After 30 days have passed, the account is permanently deleted