Built for School Privacy Requirements

Data Practices at a Glance

Practice	UserAuthGuard Policy
Sell student data	Never
Advertise to students	Never
Use data for non-educational purposes	Never
Data encryption (transit)	TLS 1.2+
Data encryption (at rest)	AES-256
School can delete data on demand	Yes
Data deleted after contract ends	Within 30 days
Location tracking	On-demand only (lost mode)
Screen monitoring	No — screenshot only for device recovery (Enterprise, optional)
Third-party data sharing	Only with school authorization
CISA Secure by Design Pledge	Yes — Signed

FERPA Compliance

UserAuthGuard operates as a "school official" with a "legitimate educational interest" under FERPA's school official exception (34 CFR 99.31(a)(1)). We perform a service that your school would otherwise need its own staff to perform — managing and securing school-owned Chromebook devices.

We use education records solely for the purpose of providing device management services. We do not disclose personally identifiable information from education records to any third party except as directed by the school or as required by law.

Read our full FERPA policy in Section 8 of our Privacy Policy →

COPPA Compliance

When a school chooses to use UserAuthGuard, the school acts as the agent of parents to consent to our collection and use of student information, as permitted by COPPA and confirmed by FTC guidance. We do not collect personal information directly from students or ask students to create accounts.

We collect only the minimum information necessary: student name and school email (from Google Workspace), device assignment records, and check-in/check-out timestamps. Device location is collected only on-demand when lost mode is activated by a school administrator.

Read our full COPPA policy in Section 9 of our Privacy Policy →

Industry Commitments

CISA K-12 Secure by Design Pledge — UserAuthGuard has signed the CISA Secure by Design Pledge, the federal-backed initiative that replaced the Student Privacy Pledge (which sunset in July 2025). This pledge demonstrates our commitment to building security into our product from the ground up.

State Student Privacy Laws

In addition to federal FERPA and COPPA compliance, UserAuthGuard is designed to meet the requirements of state student privacy laws including:

• • California — SOPIPA (Student Online Personal Information Protection Act)
• • New York — Education Law 2-d
• • Illinois — SOPPA (Student Online Personal Protection Act)

If your state has specific student data privacy requirements, contact us at privacy@userauthguard.com and we will work with your district to ensure compliance.

Security Practices

We protect student data with industry-standard security measures:

• ✓ Encryption of data in transit (TLS) and at rest (256-bit AES)
• ✓ Role-based access controls limiting data access to authorized school personnel
• ✓ Secure data storage on AWS with access logging
• ✓ Regular security assessments and monitoring
• ✓ Data deleted within 30 days of contract end or deletion request

Data Processing Agreement (DPA)

We provide a pre-signed Data Processing Agreement modeled on the SDPC National Data Privacy Agreement (NDPA) framework. Districts can download, review, and countersign.

Contact Our Privacy Team

For questions about our compliance practices, data handling, or to request a customized Data Processing Agreement:

Email: privacy@userauthguard.com
Phone: (267) 639-8522
Address: Asan Digital LLC, 13 Station Ave, Schwenksville PA 19473