FERPA-compliant. Built on SOC-2 infrastructure. Student data is never sold, never used to train AI, never accessed beyond what's needed to serve your district.
PULSE is designed to support FERPA compliance, not burden it. When PULSE is used by a school district, the district is the responsible educational agency. The Inclusive Practice, LLC acts as a "school official" providing services under the district's direction.
PULSE runs on infrastructure providers that maintain SOC-2 Type II certification — including Supabase (database & auth), Vercel (hosting), and Stripe (payments). Each is bound by a data processing agreement.
PULSE stores only the service-delivery data needed to calculate workload and verify schedule compliance. We do not store Social Security numbers, medical records, psychological evaluations, or Protected Health Information.
Student data entered into PULSE is owned by the district, not by The Inclusive Practice, LLC. Districts may request deletion of all student data at any time.
We don't share student data with third parties except as required by law or as directed by the district. We don't use student data for advertising. We don't build student profiles for any non-educational purpose.
Student data is never used to train AI models without explicit, separate consent. The AI features in PULSE (PLAAFP draft assistance, schedule extraction) operate on individual student records to produce outputs for that student only — never to learn from across districts.
TLS encryption in transit. AES-256 encryption at rest via Supabase. Row-level security ensures users only access their own organization's data. We notify affected users promptly in the event of a data breach.
When providers upload weekly schedules or bell schedules, those files are processed in memory to extract structured scheduling data and are never stored, saved to disk, or retained after processing. Any student names that appear in uploaded documents are never read, recorded, or stored.
Districts in states with specific edtech privacy requirements (including California, New York, Colorado, Virginia, Texas, and Connecticut) may request a Data Processing Agreement. Contact us below.
If you're a parent, district administrator, or compliance officer, we're happy to answer specific questions about our data practices, share copies of our DPA, or walk through our security setup.
See also: Privacy Policy · Terms of Service