Student Data Privacy
FERPA & COPPA Compliance
Last updated: May 7, 2026
QLM Crucible is designed from the ground up to protect student privacy and comply with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and state student data privacy laws.
What We Collect
- Learning interactions: Which simulations a student uses, which missions they attempt, which objectives they complete, their prediction accuracy, and time spent.
- Assessment data: Skill mastery levels, error patterns, and progress toward NGSS standards.
- Account information: Name and email (as provided by the school via roster import or SSO). We do not ask students to create accounts independently.
What We Do Not Collect
- Social media accounts or profiles
- Geolocation or GPS data
- Biometric data (face, voice, fingerprint)
- Browsing history outside of QLM Crucible
- Personal photographs or videos
- Advertising identifiers or tracking cookies for third-party ads
How Data Is Stored
- Infrastructure: Supabase (PostgreSQL) hosted on AWS in US data centers (Oregon, Virginia).
- Encryption: All data encrypted at rest (AES-256) and in transit (TLS 1.3).
- Access control: Row-level security ensures teachers see only their classroom, administrators see only their school, and district admins see only their district.
- No third-party sharing: Student data is never sold, rented, or shared with third parties for advertising or any non-educational purpose.
Who Can Access Student Data
- The student: Can view their own progress, lab notebooks, and mastery data.
- The teacher: Can view students in their assigned classroom(s) only.
- The school administrator: Can view aggregate data for their school.
- The district administrator: Can view aggregate data across schools in their district.
- QLM staff: Only authorized engineers for technical support, under NDA, with audit logging.
Data Retention & Deletion
- Student data is retained for the duration of the school's active license.
- Upon license expiration or non-renewal, all student data is deleted within 90 days.
- Schools may request immediate deletion at any time by emailing privacy@quantumlearningmachines.com.
- Individual student records can be deleted upon parent/guardian request.
COPPA Compliance (Under 13)
For students under 13, QLM Crucible operates under the "school official" exception to COPPA. The school acts as the parent's agent and consents on behalf of parents for the collection of student data for educational purposes only. We do not collect more data than necessary to provide the educational service.
Parent & Guardian Rights
- Access: Parents may request to view their child's data by contacting the school or emailing us directly.
- Correction: Parents may request corrections to inaccurate data.
- Deletion: Parents may request deletion of their child's data at any time.
- Opt-out: Parents may opt their child out of QLM Crucible by notifying their school.
Student Data Privacy Agreements (DPA)
We are happy to sign your district's Student Data Privacy Agreement. We support the Student Data Privacy Consortium (SDPC) National DPA template and have signed DPAs with districts across the country. Contact us to initiate your DPA.
State Compliance
QLM Crucible complies with state student data privacy laws including but not limited to: California (SOPIPA, CalOPPA), New York (Education Law 2-d), Illinois (ISSPA), Colorado (SB 16-068), Connecticut (PA 16-189), and all states that have adopted Student Data Privacy Consortium standards.