Last updated: March 24, 2026
Family Educational Rights and Privacy Act
Children's Online Privacy Protection Act
Service Organization Control Type 2
Future Readiness Program is designed from the ground up to comply with the Family Educational Rights and Privacy Act (FERPA). We understand that student data is sensitive and that schools have a legal and ethical obligation to protect it. This page outlines the specific measures we take to ensure compliance and protect student privacy.
All student data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Database connections use SSL. No unencrypted student data exists anywhere in our system.
Student data is accessible only to the school that administered the assessment. School administrators authenticate via secure login with hashed passwords. We maintain role-based access controls internally.
Schools can request deletion of all student data at any time. Upon account termination, all data is permanently deleted within 90 days. We do not retain student data beyond the school's active subscription.
Our platform runs on enterprise-grade cloud infrastructure with automated backups, DDoS protection, and continuous monitoring. We conduct regular security audits and vulnerability assessments.
We maintain comprehensive audit logs of all data access, including who accessed what data and when. These logs are available to school administrators upon request for compliance verification.
We provide Data Processing Agreements (DPAs) to all school partners, clearly defining our role as a data processor, the types of data processed, and our obligations under FERPA.
Under FERPA, Future Readiness Program operates as a "school official" with a "legitimate educational interest" in student data. This means schools can share student education records with us without obtaining prior parental consent, provided that our use of the data is limited to the educational purpose for which it was shared (career assessment and guidance).
We do not use student data for any purpose other than providing the career assessment service. We do not use student data for advertising, marketing, profiling, or any commercial purpose unrelated to the educational service. We do not sell student data. Ever.
We collect only the minimum student information necessary to provide the service: first name, grade level, and school code. We do not collect directory information such as addresses, phone numbers, photographs, or social security numbers.
Parents have the right to inspect and review their child's assessment data, request corrections, and request deletion. These rights can be exercised through the school administrator or by contacting us directly. We respond to all parental data requests within 45 days.
Our AI-powered report generation processes student assessment responses to create personalized career intelligence reports. This processing occurs on secure servers and the AI does not retain or learn from individual student data after report generation. Each report is generated independently and student data is not used to train or improve AI models.
In the unlikely event of a data breach affecting student information, we will notify affected schools within 72 hours of discovery. The notification will include the nature of the breach, the types of data affected, the measures taken to address the breach, and recommendations for schools to mitigate potential harm.
For FERPA compliance questions, Data Processing Agreement requests, or to report a concern, please contact our compliance team at [email protected].
We are committed to working with schools to meet all federal, state, and local student privacy requirements. If your school has specific compliance needs beyond what is described here, we are happy to discuss additional measures.