Privacy Policies for Tutoring and EdTech: A Practical Guide

Start by mapping the student data you collect—names, grades, schedules, device IDs, IP addresses, behavioral metrics—and tie each element to a purpose and retention period. If you serve K–12, align consent with FERPA (20 U.S.C. §1232g; 34 C.F.R. Part 99) and COPPA (16 C.F.R. Part 312). Clarify whether you act as a “school official” under FERPA via written agreements and limit use to authorized educational purposes. LegalDocs.ai can auto-generate a data inventory and embed those limits into your privacy policy and vendor contracts.

Address video sessions explicitly. State whether you record, how long you retain, who can access, and how to opt out. Obtain prior consent consistent with state recording laws (e.g., two‑party consent in CA and PA) and consider biometric rules if you use facial recognition or voiceprints (Illinois BIPA, 740 ILCS 14). For minors under 13, combine COPPA verifiable parental consent with clear notices. Use secure platforms, enable end‑to‑end encryption where available, restrict downloads, and document your security measures and audit logs.

Include a rights and transparency section. For U.S. consumers, outline CCPA/CPRA rights for California residents (notice at collection, opt‑out of sales/sharing, deletion), plus similar rights under VCDPA and CPA. If you reach EU students, add GDPR lawful bases and DPA/UK GDPR specifics. Under FERPA, explain access and amendment rights and directory‑information opt‑outs. Publish vendor lists, cross‑border transfer mechanisms, and retention schedules. LegalDocs.ai offers editable templates and a consent manager to collect parent approvals and track revocations across your systems.