SetFlow
SetFlow
Sign up free

Compliance

The frameworks we operate under and how they show up in product.

FERPA

We operate as a school official with legitimate educational interest under FERPA when serving institutional customers. We sign data processing agreements that codify this relationship. Full detail on the school side is at FERPA & student records.

COPPA

SetFlow can be used by students under 13 only when offered through a school that has provided consent on the parents' behalf, consistent with COPPA's school-authorization safe harbor. We do not collect personal information from under-13 users beyond what's required to provide the educational service.

GDPR

Privacy

For EEA users, SetFlow is the data processor and the school (or the individual user, for personal accounts) is the data controller. We support data subject rights — access, rectification, deletion, portability — through the same self-serve flows and the privacy@ email.

U.S. state laws

  • Texas Education Code 32.151 — supported via DPA addendum.
  • California Student Online Personal Information Protection Act (SOPIPA) — we don't advertise to students, don't sell student data, and don't profile students.
  • Illinois SOPPA, New York Education Law 2-d, and similar laws — supported via state-specific DPA addenda on request.

SOC 2

Note

SOC 2 Type II audit is in progress. Email [email protected] for the latest report and current status. We share the auditor's letter with prospects and customers under NDA.

Can't find what you need? Email support.