Security & privacy for schools
MeritBoard turns student work into verified proof — and treats student data with the care schools require. Here is what your IT and procurement teams need to know.
Our posture
Teacher-certified results
The computer does a first-pass assessment; a teacher reviews and must Confirm & Publish every result. Nothing goes public automatically.
Student work never trains AI
Submissions are sent to providers only to judge that contest. Neither we nor they use the data to train models.
FERPA & COPPA aligned
We operate as a "school official" under FERPA, with parental-consent flows for younger students. We do not sell data.
Minimized public data
Public pages show a first name and last initial, or a screen name chosen by the teacher or family.
Deletable within 30 days
Teachers and families can delete any data anytime; deletion completes within 30 days.
We sign your DPA
We execute your district’s Data Privacy Agreement or a standard SDPC/NDPA exhibit on request.
Who processes the data
Full list and links to each provider’s policy in the Privacy Policy, §5.
Compliance
MeritBoard aligns with FERPA (as a "school official"), COPPA, and SOPIPA, with data minimization and teacher certification of every result. We are in the process of earning:
- SDPC National Data Privacy Agreement (in progress)
- Common Sense Privacy rating (in progress)
- 1EdTech TrustEd Apps, incl. GenAI self-assessment (in progress)
Full documents
District Trust Packet
The forwardable summary for IT, leadership, and legal.
OpenPrivacy Policy
Data collected, processing, retention, security, and a DPA contact.
OpenAI Policy Kit
Classroom-policy templates, a vendor clause, and a parent letter.
OpenHow Judging Works
Computer scores → teacher reviews → teacher certifies.
OpenProcurement questions?
We’re ready to sign your DPA or answer any IT, security, or privacy question.