FERPA & Student Data Statement
Last updated: [DRAFT — date to be set on publication]
The short version
Seatcrafter never receives your students' data. Rosters, IEP/504 status, accommodations, behavioral notes, and seating charts live as a file inside your own ecosystem — your device, and (optionally, later) an encrypted backup that only you can unlock. That data never reaches our servers in readable form.
Because we never hold student records, Seatcrafter is not a "school official" with access to education records under FERPA — there's nothing for us to access, disclose, or lose. The teacher and school remain the sole custodians of the data, exactly as they were with a paper seating chart.
For district technology officers: Section 8 below is a ready-to-paste vendor questionnaire covering data storage, sub-processors, breach exposure, AI training, and authentication. The short answer to most questions is "Seatcrafter does not store student data, so this does not apply."
1. Why this document exists
Teachers handle some of the most sensitive data in any profession: which students have IEPs, which have behavioral plans, who needs preferential seating, and private notes about how each child learns. Much of this is protected by federal law — chiefly FERPA, the Family Educational Rights and Privacy Act.
Most classroom software asks you to upload that data to the vendor's servers, then asks you to trust the vendor's promises about how it's handled. Seatcrafter takes a different approach: we designed the product so we never receive the data at all.
This document explains exactly how that works, in plain language for teachers and in audit-ready detail for the district technology and privacy officers who vet classroom tools. It complements our Privacy Policy, which covers the (small) amount of data we do collect about you, the teacher.
2. How Seatcrafter handles student data
Seatcrafter runs in your web browser, but the work happens on your own computer, not on our servers. When you type a roster, flag an accommodation, or arrange a seating chart, that information is held in your browser and saved to a file that you control.
- Local-first by design. Your classroom data is stored on your device — in your browser's local storage and, when you choose to save, as a file you keep (on your computer, a school drive, or wherever your district policy directs).
- No server round-trip for student data. Entering a student's name or IEP status does not send a request to Seatcrafter. There is no database on our end with a row for any student. We have no API that receives roster data.
- You move the file, not us. If you want the same roster on another device, you move the file the same way you'd move any document. Seatcrafter doesn't broker that transfer.
- Exports stay with you. When you export a PDF seating chart, it downloads directly to your device. We never see its contents.
The optional encrypted backup feature (described in Section 7) is the one case where data leaves your device — but only as ciphertext we cannot read. Even then, the readable data never reaches us.
3. What we never receive
O'Hare Educational, LLC does not receive, store, process, transmit, or have any access to:
- Student names, ages, dates of birth, or ID numbers
- IEPs, 504 plans, disability status, or accommodations
- Grades, test scores, or academic records
- Behavioral notes, discipline records, or private teacher observations
- Class rosters, seating arrangements, or group assignments
- The names of schools, districts, classrooms, or class periods
We cannot disclose, sell, lose, or be compelled to produce data we never received. A subpoena served on Seatcrafter for a particular student's records would return nothing, because no such records exist in our systems.
4. Our position under FERPA
FERPA governs "education records" — records maintained by a school or by a party acting for the school that contain information directly related to a student. It restricts how those records are disclosed to third parties.
Many education-technology vendors receive student data and rely on the FERPA "school official" exception to do so lawfully: the school designates the vendor as a school official with a "legitimate educational interest," and the vendor agrees to use the data only under the school's direction and not to re-disclose it.
Seatcrafter's position is simpler: we do not receive education records at all, so there is nothing for us to be entrusted with.
The teacher enters student information into a tool that keeps it on the teacher's own device. From a FERPA standpoint, this is materially the same as a teacher writing a seating chart in a notebook or a spreadsheet on their own laptop. The education record never leaves the control of the school and its staff. Seatcrafter is the notebook, not a party that receives the records.
Because we hold no education records:
- There is no disclosure of education records to Seatcrafter that would require a FERPA exception or parental consent.
- There is no re-disclosure risk from us, because we have nothing to re-disclose.
- A school does not need to designate Seatcrafter as a "school official" in order to use it compliantly — though a district may still wish to document its review, and we're glad to support that (see Section 8).
Schools and districts remain responsible for their own FERPA obligations, including how their staff store and safeguard the files Seatcrafter produces. We help by never adding ourselves to the chain of custody.
5. COPPA and students under 13
The Children's Online Privacy Protection Act (COPPA) regulates the online collection of personal information from children under 13. COPPA is triggered when an online service collects personal information directly from a child.
Seatcrafter does not collect personal information from students of any age. Students do not use Seatcrafter, do not have accounts, and never interact with our service. A teacher enters information about students into a tool that keeps that information on the teacher's own device; that information is never transmitted to us. Because no personal information about a child is ever collected by us, COPPA's collection requirements are not implicated for our service.
As with FERPA, the school and its staff remain responsible for safeguarding the information they enter and the files they produce.
6. Data ownership and control
You own your data, fully and exclusively. Specifically:
- You control the file. It lives where you put it. You can copy it, move it, or delete it at any time without involving us.
- Deletion is real and immediate. Because we hold no copy, deleting your file deletes the data. There is no "also request deletion from the vendor" step, because there's nothing on our side to delete.
- No lock-in. Your data is saved in a structured, documented file format. You are never trapped inside Seatcrafter.
- The trade-off: because the data is yours alone, recovery is also yours alone. If you lose the file and have no backup, we cannot restore it for you — we never had it. Section 9 covers how to protect against that.
7. Encrypted backup (zero-knowledge sync)
A planned Seatcrafter feature will let you back up and sync your classroom file across your own devices. It is built so that this does not compromise the core promise: your data stays inside your ecosystem.
- Encrypted on your device, before it leaves. The file is encrypted on your computer using a key derived from your password. Only the encrypted result — unreadable ciphertext — is uploaded.
- Zero-knowledge. We never receive your password or your encryption key. We store only ciphertext. We cannot read your backup, and neither can anyone who might compel or breach us.
- Recovery key. Because we can't reset a password we never hold, you'll be given a one-time recovery key when you enable encrypted backup. Keep it safe — it is the only way to recover an encrypted backup if you forget your password. We cannot recover it for you.
This feature is optional. If you never turn it on, your data never leaves your device at all. When it ships, this statement and our Privacy Policy will be updated with the final technical details.
8. For district technology officers
The following answers the questions that appear most often on district software-review and data-privacy questionnaires. If your district uses a standard form (for example, a state student-data-privacy agreement or an SDPC/NDPA-style addendum), email [email protected] and we'll work through it with you.
| Does the product collect or store student personally identifiable information (PII)? | No. Student data is entered and stored locally on the teacher's device. It is never transmitted to or stored by us. |
| Where is student data hosted? | On the teacher's own device, and (optionally) in an encrypted backup the vendor cannot read. There is no vendor-side database of student records. |
| Who are your sub-processors for student data? | None. No sub-processor receives student data because we do not receive it ourselves. (Our infrastructure vendors — listed in our Privacy Policy — handle only the teacher's account/site data, never student records.) |
| Do you sell or share student data? | No, and we could not — we don't have it. |
| Do you use student data to train AI or machine-learning models? | No. We have no access to student data, and we do not train models on any customer data. |
| What is your data-breach exposure for student records? | A breach of our systems cannot expose student records, because none are stored there. Encrypted backups, if enabled, would expose only ciphertext that is unreadable without the teacher's key. |
| Do you sign Data Processing Agreements / student-data-privacy agreements? | We're glad to review your district's agreement. Note that the typical processor obligations may not apply in the usual way, since we do not process student data. We'll work with your counsel to document the actual data flows accurately. |
| How do teachers authenticate? | Teacher accounts (email-based, optionally with single sign-on) authenticate to manage subscription and settings only — never to access student data, which is not stored with us. |
| What teacher/account data do you hold? | Email address, authentication credentials (hashed), and subscription status. Details in our Privacy Policy. |
| How is data encrypted? | All traffic uses HTTPS. Optional backups are encrypted client-side (zero-knowledge) before upload. Account data is encrypted at rest by our infrastructure providers. |
| Can we audit or review the product? | Yes. Contact us and we'll walk your team through the architecture and the data flows. |
9. Teacher and district responsibilities
Because the data stays with you, safeguarding it is shared between you and your district. We recommend:
- Protect the device. Use a password or PIN, keep your operating system and browser updated, and follow your district's device-security policy.
- Mind where you save the file. Follow district guidance on approved storage locations (district drive, managed cloud storage, etc.). The file contains student PII and should be handled like any other record that does.
- Back it up. Keep a copy somewhere safe so a lost or wiped device doesn't lose a year of work. The optional encrypted backup (Section 7) is one way; a district-approved drive is another.
- Handle exports per policy. Exported PDF seating charts contain student information. Store, print, and share them according to your district's records policy.
- Use a strong, unique password for your Seatcrafter account and (if enabled) your encrypted backup. Store the recovery key securely.
Seatcrafter's design removes us from the chain of custody. It does not remove the ordinary duty to safeguard student records that every educator already carries.
10. Contact us
For questions about student-data handling, FERPA, a district privacy review, or a data-privacy agreement:
O'Hare Educational, LLC
Email: [email protected]
Subject line: "Student Data" or "District Review"
We're happy to support your district's review process, complete your standard forms, and answer technical questions about the architecture.