Compliance & Student Data Privacy

Built for the people who actually read the privacy addendum.

KBS Coverage is FERPA-aligned, COPPA-aware, and signs district Data Privacy Agreements at no cost. Here is exactly what we collect, how we protect it, and what rights districts and parents keep.

Four things that should never be vague

Privacy promises only matter when they are specific. Here are ours.

FERPA-aligned by design

KBS operates as a school official under FERPA's school official exception. We collect only what we need to cover a device, run a claim, and complete a repair.

COPPA-aware for under-13s

No advertising, no profiling, no resale. Data on students under 13 is collected only with verifiable school or parent authorization, and only for the coverage service itself.

State DPAs, no charge

We sign SDPC National DPAs and state exhibits (California SOPIPA, NY Ed Law 2-d Part 121, Illinois SOPPA, and similar) as standard onboarding.

Data minimization, not collection sprees

Name, school, device asset, claim history. Parent contact when a parent enrolls. That is the list. No grades, no attendance, no IEPs, no health data.

Technical safeguards

Encryption, access control, and audit logs.

Every record (devices, claims, parent details) is encrypted in transit with TLS and at rest with AES-256. Role-based access keeps parents, staff, technicians, and admins in separate lanes. Every privileged action is logged.

  • TLS in transit, AES-256 at rest

    Nothing leaves your district unprotected.

  • Role-based access by default

    Parents see their kids. Schools see their school. Techs see the open ticket. Nothing more.

  • Audit logs on privileged actions

    Approvals, exports, role changes, and admin overrides are timestamped and attributed.

  • Export and delete on request

    Portable export plus permanent deletion from production within 30 days of request or contract end.

Compliance questions, answered straight

The questions every district legal and technology team asks before they sign.

Is KBS Coverage FERPA compliant?

KBS is built around FERPA-aligned data handling. We act as a school official with a legitimate educational interest under FERPA's school official exception when a district contracts with us. We collect the minimum personally identifiable information needed to enroll a device, file a claim, or complete a repair. Access is strictly role-based, audit logs are retained, and parents and districts can request export or deletion of records at any time.

Is KBS Coverage COPPA compliant?

Yes. For any student under 13, KBS only collects information needed to provide the coverage and repair service, and only with verifiable school or parent authorization. We do not sell student data, we do not use it for advertising, and we do not build behavioral profiles. Parents can request access, correction, or deletion of their child's data through their school administrator or directly via support@kbscoverage.com.

Does KBS support state student data privacy laws (SOPIPA, NY Ed Law 2-d, Student DPA frameworks)?

Yes. KBS supports the Student Data Privacy Consortium (SDPC) National Data Privacy Agreement framework and state-specific addenda including California SOPIPA, New York Education Law 2-d Part 121, Connecticut, Illinois SOPPA, Colorado, Virginia, and similar state regimes. Districts can request a signed DPA before going live.

What student data does KBS actually collect?

For most programs, KBS only stores: student first and last name, school and grade, assigned device serial or asset tag, and claim or repair history for that device. Parent or guardian contact information is stored when the parent enrolls or files a claim. We do not store SSNs, grades, attendance, IEPs, health records, or any academic data.

How is student and parent data protected technically?

All data is encrypted in transit with TLS and at rest with AES-256. Authentication uses industry-standard secure password hashing and supports single sign-on. Access is enforced through role-based permissions: parents see only their student, school staff see only their school, technicians see only the open ticket, and super-admin actions are audit-logged.

Who has access to my district's data inside KBS?

Only personnel explicitly invited by your district administrator have school-level access. KBS staff access is limited to the engineers and support agents required to operate the platform, gated by role-based access control, and logged. We never share or sell district or student data to third parties for marketing.

Can a district delete its data when the contract ends?

Yes. On contract end or written request, KBS will export your district's records in a portable format and permanently delete them from production systems within 30 days, with backups purged on their normal rotation schedule.

Does KBS sign Data Privacy Agreements with school districts?

Yes. We sign district-provided DPAs (including SDPC NDPA, state exhibits, and district riders) at no cost as part of standard onboarding. Email support@kbscoverage.com to start the DPA process.

Need a signed DPA or a privacy review?

Send your district's DPA or privacy questions to support@kbscoverage.com or call 844-202-5679. Most are signed and back to you within a few business days.