Privacy by Design Not by Afterthought
Student data privacy isn't a checkbox β it's the foundation. FERPA, COPPA, CIPA compliant. No data sold. No ads. Ever.
The ed-tech industry has a privacy problem.
Most ed-tech treats privacy as an afterthought
of ed-tech apps collect more data than needed for their purpose
of school districts have experienced a student data breach
of ed-tech vendors share data with third-party advertisers
Privacy built into every layer
From encryption to compliance to audit trails β privacy isn't a feature, it's the foundation.
End-to-End Encryption
Data encrypted at every stage β device to storage
All student data is encrypted with TLS 1.3 in transit and AES-256 at rest. Zero plaintext exposure at any point. Encryption keys are rotated automatically and managed with enterprise-grade key management.
Compliance Verification
FERPA, COPPA, CIPA, SDPC, CSA STAR β all covered
KyberGate meets or exceeds every major student data privacy standard. SDPC National DPA ready, CSA STAR CAIQ completed, E-Rate eligible (SPIN: 143055219). We provide all documentation needed for board review.
Full Audit Trail
Every data access logged and exportable
Every access to student data is logged with timestamps, actor identity, and action details. Full audit trail available for compliance reviews, parent inquiries, and board reporting. Exportable to CSV for external audits.
Privacy You Can Measure
KyberGate's privacy commitments in numbers
0
Data Sold
0-bit
Encryption Standard
0+
Compliance Certs
<0h
Breach Notification
Our Privacy Pledge
We will not sell student personal information
We will not use student data for targeted advertising
We will not build profiles beyond educational purposes
We will not share data with data brokers or third parties
We enforce strict, configurable data retention limits
We support data access and deletion requests within 30 days
We maintain enterprise-grade encryption at rest and in transit
We are transparent about all data collection and processing
We notify districts within 24 hours of any data breach
We will not change privacy practices without 60 days notice
What We Will Never Do
Sell or rent student data to anyone
Target advertising to students or schools
Share data with data brokers
Use student data for AI model training
Store browsing page content (only URLs/metadata)
Retain data longer than authorized by the district
Access student data without school admin authorization
Make changes to privacy policies without advance notice
Frequently Asked Questions
βKyberGate was the only vendor that had their SDPC DPA, CSA STAR CAIQ, and state compliance documentation ready before we even asked. Our board approved them in one meeting β that never happens.β
Sarah Thompson
Chief Privacy Officer, Maplewood School District Β· 12,000 students
Ready for Board Review?
We'll provide your procurement team with every document they need β DPA, security overview, compliance certifications, and CSA STAR CAIQ.