Our Approach to Compliance
We use facial recognition to track attendance for K-12 students. That means we handle biometric data from minors — some of the most regulated data there is. Here's how we approach that responsibility.
Where We Are Today
We're a young company in beta. We don't have SOC 2 or other formal certifications yet. But we've built the platform with privacy regulations in mind from the start — role-based access control, data isolation between schools, audit logging, and encryption in transit. We'd rather be upfront about where we are than overstate things.
Regulations We Design For
FERPA
Family Educational Rights and Privacy Act
FERPA governs how student education records are handled. We've built AttendEase to operate as a "school official" under FERPA, meaning:
- We use student data only for the attendance tracking purpose the school contracted us for
- Schools own and control their data — we process it on their behalf
- We don't share student records with anyone outside the school without proper authorization
- Parents and eligible students can request to see their data through their school
- Access is role-based: teachers see their classes, parents see their children, admins see their school
COPPA
Children's Online Privacy Protection Act
COPPA applies because many of our users are under 13. Here's how we approach it:
- Students don't create their own accounts — school administrators set them up
- Schools act as the intermediary for obtaining parental consent, as permitted under COPPA's school consent exception
- We collect only the information needed for attendance tracking (names, grade, class assignments, biometric data)
- Parents can request access to or deletion of their child's data through their school or by contacting us directly
BIPA
Biometric Information Privacy Act (Illinois)
BIPA is one of the strictest biometric privacy laws in the country, and it directly applies to what we do. Our approach:
- Written consent must be obtained from parents/guardians before any biometric data is collected
- We provide schools with guidance and sample consent forms
- We never sell, lease, or trade biometric data
- Biometric data is deleted when a student leaves the school or when consent is withdrawn
- Schools can configure retention periods for photos and camera frames
State Student Privacy Laws
Many states have their own student data privacy and biometric privacy laws — some stricter than federal requirements. Several states have specific restrictions on facial recognition in schools. We're working to understand and meet the requirements of each state where we operate. If you need information about a specific state, reach out and we'll discuss it.
What We Commit To
No Selling Data
We will never sell student data or biometric information. Period.
No Advertising
We don't run ads. We don't use student data for marketing. There are no third-party trackers in our platform.
Purpose-Limited Use
Data is used only for attendance tracking. That's the service we provide, and that's all we use data for.
Data Deletion
We honor deletion requests. When consent is withdrawn or a student leaves, their data is removed.
Parental Consent
Because we collect biometric data from students, schools need to get parental consent before enrollment. Here's what we require:
Provide Notice
Tell parents what biometric data is collected, how it's used, and how long it's kept
Get Written Consent
Obtain signed consent from parents or guardians before any biometric enrollment
Offer Alternatives
Provide QR code check-in, badge scanning, or manual entry for students who opt out
Allow Withdrawal
Let parents withdraw consent at any time — we'll delete the biometric data
We provide schools with sample consent forms and guidance materials to help them meet these requirements.
Looking Ahead
As we grow past beta, we plan to pursue formal certifications like SOC 2 and undergo third-party security audits. We're building the right foundation now so those certifications are achievable down the road.
If you have specific compliance questions or need documentation for a procurement process, we're happy to talk through our setup in detail.