Contract effective date: September 18, 2024. Audit release: July 9, 2026. Runtime consent and session timestamps are recorded when users actually interact with NEXQ systems.
Education and FERPA Policy
Template and counsel-review notice. This document is a website/app integration template, not a legal opinion. Before publication, replace bracketed placeholders, confirm actual data flows, obtain advice from qualified counsel for each jurisdiction and regulated workflow, and approve final wording through privacy, security, product, marketing, health/clinical, and executive stakeholders. Do not promise controls, certifications, response times, retention periods, or legal rights unless they are actually implemented and operationally supported.
Effective date: September 18, 2024
Last updated: September 18, 2024
Organization: NEXQ Inc.
Services covered:
NEXQ websites, web applications, protected workspace surfaces, mobile app surfaces, APIs, secure healthcare and healthtech workflow demonstrations, quantum encryption, diagnostics, oncology, longevity, research collaboration, support, and related services
Privacy contact: hello@nexq.us
Security contact: hello@nexq.us
Mailing address: Irvine, CA, United States — contact hello@nexq.us for legal notices
1. Scope
This policy applies to school-directed services, education technology, learning management integrations, student accounts, parent/guardian workflows, teacher dashboards, classroom analytics, school customer contracts, and education records.
2. FERPA operating model
When acting for a school, district, institution, or education agency, we may receive student personally identifiable information only under the applicable school authorization, contract, and permitted FERPA exception. The school must retain direct control over the use and maintenance of education records where required.
3. Use limitations
Student PII may be used only for the specific educational purpose authorized by the school/customer contract. Do not use student PII for behavioral advertising, unrelated profiling, model training unrelated to the contracted education service, data brokerage, or secondary commercial purposes unless the school and law clearly permit it.
4. Access, correction, deletion, and return
Support school/customer requests to access, correct, delete, return, or export student data. Parents and eligible students generally exercise FERPA rights through the school, not directly through the vendor, unless the school instructs otherwise.
5. Security controls
Apply least privilege, encryption, logging, tenant isolation, secure deletion, vendor/subprocessor review, incident response, and employee training. School data must be segregated from general marketing and analytics systems.
6. Children and minors
School-directed services must also assess COPPA, state student privacy laws, state minor/teen privacy laws, accessibility laws, and app-store child-safety requirements. Do not collect more student data than needed for the educational purpose.