Student Data Privacy Agreement

US School Districts: This is your document. This Student Data Privacy Agreement (SDPA) is the US-specific counterpart to our GDPR Data Processing Agreement. Most US districts require a signed SDPA before any pilot or purchase. Email supports@nostaview.com to receive a countersigned copy for your procurement records.

✓FERPA CompliantTreated as school official; no re-disclosure

✓COPPA CompliantNo PII from under-13 without school consent

✓No Data SaleStudent data never sold or monetized

✓US ServersData stored in the United States

✓24-Hour Breach NoticeSchools notified within 24 hours

✓Deletion on RequestFull deletion within 30 days

1. Parties & Purpose

Local Educational Agency (LEA)

The school, school district, or other educational institution that has subscribed to NostaView. The LEA acts as the Data Controller — it determines the purposes for which student data is processed.

NostaView (Operator / Processor)

NostaView, the operator of the QR-based photo crowdsourcing platform at nostaview.app. NostaView processes student data only as directed by the LEA for the purpose of providing the Service.

This Student Data Privacy Agreement ("SDPA" or "Agreement") is entered into between the LEA and NostaView and is incorporated into the NostaView Terms of Service. This Agreement governs NostaView's collection, use, storage, disclosure, and destruction of student data on behalf of the LEA.

This SDPA supplements and supersedes any conflicting student data provisions in the Terms of Service with respect to US student data. It is intended to comply with applicable federal and state student data privacy laws.

2. Definitions

Term	Definition
Student Data	Any personally identifiable information (PII) directly related to a student, including but not limited to: student names, photos containing identifiable students, grades, education records as defined by FERPA, and any other data protected under applicable state student privacy law.
Education Records	Records, files, documents, and other materials that contain information directly related to a student and are maintained by an educational agency or institution, as defined by FERPA (20 U.S.C. § 1232g).
Covered Information	Personally identifiable student information that NostaView collects, maintains, or uses in connection with the Service.
Operator	NostaView, as the operator of an internet service or online application used in the school context.
School Official	NostaView acting as a school official under direct control of the LEA with a legitimate educational interest, as permitted by FERPA (34 C.F.R. § 99.31(a)(1)).
De-identified Data	Data from which all personally identifiable information has been removed such that the data cannot reasonably be used to identify an individual student.

3. Data Collection Scope

What NostaView Collects

In connection with providing the Service to the LEA, NostaView may collect, maintain, or process the following categories of Covered Information:

Category	Specific Data	Collected From	Required?
School Administrator Data	Name, email address, school name, job title	Administrator account signup	Yes — for account operation
Event Photo Content	Photos uploaded to events (may contain student images)	Administrators and QR contributors	Yes — core service function
Photo Metadata	Upload timestamp, file size, image dimensions, moderation status	Automatically generated at upload	Yes — for service operation
Anonymous Contributor Data	IP address (security only), temporary session token	QR upload flow (no account required)	Security/fraud prevention only
Usage Analytics	Event counts, upload counts, feature usage (school-level aggregate)	Platform usage logs	Platform improvement only

Minimum Necessary Collection NostaView is designed with data minimization as a core principle. QR contributors are not required to create accounts, provide names, or provide email addresses. NostaView collects only the data necessary to deliver the photo collection service.

What NostaView Does NOT Collect

Student names, student ID numbers, or student email addresses from the upload flow
Student grades, disciplinary records, or academic information
Biometric data or facial recognition templates
Health, medical, or special education information
Behavioral profiles, engagement scores, or student tracking data
Geolocation data beyond IP address (used for security only)
Social security numbers or government identification

4. Use Limitations

NostaView agrees to the following use limitations with respect to Covered Information:

Permitted Uses

Service Delivery: Operate, maintain, and provide the photo crowdsourcing service to the LEA, including storing and displaying uploaded photos within events, enabling admin review and moderation, and serving event collection pages to authorized viewers.
Legitimate Educational Purpose: Assist the LEA in carrying out legitimate educational functions for which it uses the Service.
Legal Compliance: Comply with applicable laws, regulations, and legal process.
Security and Integrity: Detect, investigate, and prevent fraud, unauthorized access, and security incidents.
De-identified Research: Use aggregate, de-identified data to improve service quality, provided that no individual student can be identified.

Prohibited Uses

NostaView will NEVER use student data for these purposes:

✕ Advertising or targeted marketing to students, parents, or staff
✕ Creating behavioral profiles for commercial purposes
✕ Selling, renting, or licensing student data to any third party for commercial purposes
✕ Disclosing student data to data brokers
✕ Training AI or machine learning models on identifiable student photos without explicit LEA written consent
✕ Using student data for any purpose not related to the educational purpose for which it was collected
✕ Combining student data from the LEA with data from other schools for any commercial purpose
✕ Re-disclosing student education records to any third party without the LEA's written consent, except as required by law

5. Prohibition on Sale of Student Data

NostaView certifies and agrees that it does not and will not sell student data. This prohibition applies to:

Any personally identifiable information about students
Event photos that contain identifiable students
De-identified data where re-identification is reasonably possible
Aggregate data derived from student-level data, sold in identifiable form

This prohibition is absolute and is not subject to exception, opt-out, or override by the LEA or any individual school. It survives termination of this Agreement.

NostaView's Business Model NostaView is a subscription software service. Revenue comes from school subscriptions, not from data monetization. This is a structural commitment, not just a policy preference.

6. Data Security

NostaView implements and maintains reasonable administrative, technical, and physical safeguards designed to protect Covered Information from unauthorized access, disclosure, alteration, or destruction:

Technical Safeguards

Encryption at Rest: AES-256 encryption for all stored data, including photo files, metadata, and account information
Encryption in Transit: TLS 1.2 or higher for all data transmitted between users and NostaView servers
Access Controls: Role-based access control (RBAC); school administrators can only access their own school's data; contributor access limited to their own uploads
Authentication: Secure login with session timeouts and credential protection
Photo Moderation: Admin-controlled approval workflow; all uploaded photos require administrator review before inclusion in the event collection

Administrative Safeguards

Security policies and procedures governing employee access to student data
Confidentiality agreements for all personnel with access to student data
Privacy training for all personnel who handle student data
Annual security review procedures

Physical Safeguards

Data stored exclusively on US-based infrastructure (Render, Oregon data center; Cloudflare R2 US region)
Physical access controls at hosting facilities per provider security standards

Incident Response

NostaView maintains a written incident response plan for security incidents involving student data. The plan includes: incident detection and containment procedures, breach assessment methodology, notification procedures, remediation steps, and post-incident review.

7. Data Breach Notification

In the event of a confirmed or reasonably suspected security breach that involves or may involve Covered Information, NostaView will:

Timeline	Action
Immediately (0–2 hours)	Isolate affected systems; preserve evidence; begin forensic investigation
Within 24 hours	Notify the LEA's designated contact via email and phone with initial incident summary
Within 72 hours	Provide the LEA with a written incident report including: nature of the breach, categories of data affected, approximate number of students or records affected, likely consequences, and measures taken or proposed to address the breach
Ongoing	Provide progress updates as investigation develops; provide final written remediation report

LEA Notification Responsibilities Upon receiving NostaView's notification, the LEA is responsible for determining whether and how to notify affected parents, students, and applicable regulatory authorities (e.g., state AG, law enforcement) per applicable law. NostaView will provide all reasonable assistance requested by the LEA in connection with such notifications.

NostaView's 24-hour notification to the LEA will include:

Date and time the breach was discovered
Nature of the breach (unauthorized access, accidental disclosure, system compromise, etc.)
Categories of Covered Information involved
Approximate number of students or records affected
Steps taken to contain and remediate the breach
Point of contact for follow-up questions

8. Data Retention & Destruction

Data Type	Retention During Service	After Account Termination
Event photos and media	Full access; read-only if over plan limits	Deleted within 60 days of account deletion
Event metadata and collection data	Full access; read-only if over plan limits	Deleted within 60 days of account deletion
Administrator accounts and profiles	Active	Deleted within 30 days of account deletion
Anonymous contributor session data (IP)	90-day rolling window (security logs only)	Deleted within 90 days of collection
Backup copies	Standard backup rotation	Securely wiped within 30 days of account deletion
Billing and transaction records	Retained per subscription	Retained 7 years (tax/accounting compliance)

Destruction Method

All Covered Information is destroyed in a manner that renders it unreadable and unrecoverable, consistent with NIST SP 800-88 guidelines for media sanitization. NostaView will provide the LEA with written certification of destruction upon request.

Early Deletion Rights

The LEA may request deletion of all Covered Information at any time — during or after the subscription period. NostaView will complete deletion within 30 days of receiving a written deletion request and provide written confirmation.

To request deletion, email supports@nostaview.com with subject "Student Data Deletion Request" or use the account deletion feature in the administrator dashboard.

9. Subcontractors & Third-Party Sharing

Approved Subcontractors

NostaView uses the following subcontractors to provide the Service. Each subcontractor is bound by confidentiality and data protection obligations at least as protective as this Agreement:

Subcontractor	Function	Data Accessed	Location
Cloudflare R2	Photo and media storage	Photo files only	United States
Render	Application hosting and infrastructure	Infrastructure access only	United States (Oregon)
SendGrid (Twilio)	Transactional email delivery	School admin email address only	United States
Stripe	Payment processing	Billing info only; no student data	United States
Google Cloud Vision	AI photo quality analysis (Pro tier only)	Photo content only; not linked to student PII	United States

Changes to Subcontractors

NostaView will provide the LEA with 30 days' advance written notice before engaging any new subcontractor that will process Covered Information. The LEA may object on reasonable grounds, including data security concerns.

Disclosure Exceptions

NostaView may disclose Covered Information only in the following limited circumstances:

To the LEA upon request
To the approved subcontractors listed above, solely for service delivery
As required by applicable law, court order, or valid legal process — in which case NostaView will notify the LEA before disclosure where legally permitted
In response to a life-threatening emergency involving the student, after notifying the LEA

In all other cases, NostaView will not disclose Covered Information to any third party without prior written consent from the LEA.

10. LEA Access & Control Rights

The LEA retains full control over all Covered Information. NostaView provides the LEA with the following access and control capabilities:

Data Access: The LEA can access, review, and export all event photos and data at any time via the administrator dashboard
Data Export: Export all event photos and metadata in standard formats (ZIP for photos, CSV for metadata)
Data Correction: Administrators can update event information, moderate photos, and correct any inaccurate data
Data Deletion: Administrators can delete individual photos, entire events, or request full account deletion at any time
Access Management: Administrators control which school staff have access to the school's NostaView account
Event Control: Administrators control whether QR upload links are active, can close events at any time, and approve or reject all uploaded photos

The LEA owns all Covered Information. NostaView does not claim ownership of any student data, event photos, or content uploaded to the Service.

11. Parental & Student Rights

FERPA Rights

Under FERPA, parents (and eligible students age 18+) have the right to:

Inspect and review education records maintained by the school or its service providers
Request correction of inaccurate or misleading records
Consent to disclosure of education records, with certain exceptions
File a complaint with the U.S. Department of Education if they believe their rights have been violated

Schools using NostaView must include NostaView in their annual FERPA notice to parents, disclosing that it is used to collect event photos and that student photos are treated as education records.

COPPA Rights (Children Under 13)

For students under 13, parents have the right to:

Review any photos uploaded by or of their child
Request deletion of any photos involving their child
Revoke consent for future photo collection of their child

NostaView's QR upload flow is designed to minimize data collection from students under 13 — no account, name, or email address is required to upload. IP addresses logged for security are not displayed publicly or linked to individual students.

Parents may exercise their COPPA rights by contacting their school administrator or emailing supports@nostaview.com with subject "Parental COPPA Request."

School Consent Responsibility

The LEA is responsible for:

Obtaining appropriate parental consent before enabling photo uploads for events involving students under 13, consistent with COPPA's school exception (16 C.F.R. § 312.5(b)(1))
Including NostaView in the school's annual FERPA notice to parents
Responding to parental requests for access to or deletion of student records
Ensuring that school events on NostaView are used only for legitimate educational purposes

12. State Student Privacy Law Compliance

In addition to federal FERPA and COPPA requirements, NostaView complies with applicable state student data privacy laws. Key state laws NostaView is designed to comply with include:

State	Law	Key Requirements Met
California	SOPIPA, AB 1584, CCPA (school context)	No sale; no targeted advertising; data deletion; no behavioral profiling
New York	Ed. Law § 2-d	Data use restrictions; breach notification; parental rights; data disposal
Texas	SCOPE Act	Use limitations; no sale; parental rights; deletion rights
Illinois	SOPPA	No targeted advertising; no sale; data minimization; deletion rights
Colorado	CRS § 22-16-107	Use limitations; security requirements; deletion
Washington	HB 2965	No targeted advertising; data security; transparency
All States	FERPA + applicable state law	School official status; educational purpose limitation; no re-disclosure

If your district operates under a specific state student privacy law not listed above, contact supports@nostaview.com to confirm compliance or request a state-specific addendum.

Student Data Privacy Consortium (SDPC)

This Agreement is modeled on the SDPC National Data Privacy Agreement template. Districts that use the SDPC registry may contact us to list NostaView on their state's approved vendor registry.

13. Term & Termination

This Agreement is effective upon the LEA's acceptance of the NostaView Terms of Service and remains in effect for the duration of the LEA's subscription to the Service.

Termination by LEA

The LEA may terminate this Agreement at any time by canceling the NostaView subscription. Upon termination, NostaView will destroy or return all Covered Information per Section 8 of this Agreement.

Termination by NostaView

NostaView may terminate this Agreement upon 30 days' written notice for material breach or violation of the Terms of Service. NostaView will work with the LEA to ensure a smooth transition and data return during the notice period.

Effect of Termination

Upon termination:

The LEA retains the right to export all data for 60 days post-termination
NostaView destroys all Covered Information per the retention schedule in Section 8
NostaView provides written certification of data destruction upon request
Obligations of confidentiality and non-sale survive termination

14. Governing Law & Dispute Resolution

This Agreement is governed by applicable federal law (FERPA, COPPA) and the law of the state in which the LEA is located, without regard to conflict-of-law principles.

Nothing in this Agreement limits the right of parents or students to exercise rights under FERPA by filing a complaint with the Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue SW, Washington, DC 20202.

Amendments

NostaView will provide 30 days' written notice of any material changes to this Agreement. Changes that reduce privacy protections or expand data use require affirmative consent from the LEA. Continued use of the Service after notice constitutes acceptance of non-material changes.

Entire Agreement

This Agreement, together with the NostaView Terms of Service and Privacy Policy, constitutes the entire agreement between the parties with respect to student data privacy. In the event of a conflict, this Agreement supersedes the Terms of Service and Privacy Policy with respect to student data.

15. Contact & Signing

Request a Countersigned SDPA for Your District

US school districts typically require a signed copy for procurement and compliance records. Email us with your district name and we'll return a countersigned PDF within 2 business days.

✎ Request Signed SDPA

Privacy & Legal Contacts

Student data privacy inquiries: supports@nostaview.com
SDPA signature requests / legal: supports@nostaview.com — Subject: "SDPA Signature Request"
COPPA parental requests: supports@nostaview.com — Subject: "Parental COPPA Request"
Data breach notification: supports@nostaview.com — Subject: "Security Incident"
Data deletion requests: supports@nostaview.com — Subject: "Student Data Deletion Request"

We aim to respond to all student data privacy inquiries within 2 business days.