FERPA Compliance and AI Data Usage Statement

1. Purpose

This document explains how ClassRanked ensures compliance with the Family Educational Rights and Privacy Act (FERPA) in all aspects of data handling, particularly regarding the use of Artificial Intelligence (AI) technologies within the ClassRanked platform. It provides transparency into data flow, access controls, model usage, and system architecture to ensure institutional confidence in ClassRanked’s data protection and privacy practices.

2. FERPA Compliance Overview

ClassRanked operates as a School Official under FERPA, with a legitimate educational interest in the data provided by partner institutions. All data handling, including AI-driven operations, complies with FERPA’s standards for safeguarding Personally Identifiable Information (PII) in student education records.

Key compliance assurances:

• Data is used exclusively for providing contracted educational services.
• No institutional data is used to train, fine-tune, or improve AI models.
• No data is shared with or visible to third parties beyond approved sub-processors (AWS).
• All systems operate within controlled and auditable environments managed by ClassRanked.

3. AI Model Infrastructure

3.1 Overview

ClassRanked’s AI capabilities run on AWS Bedrock, leveraging the Anthropic Claude 3.5 Sonnet model.

This setup allows ClassRanked to perform secure, controlled inference (not training) using institutional data within AWS’s compliant infrastructure.

• The model is accessed only through ClassRanked’s private AWS account via Bedrock APIs.
• The model is never directly exposed to the public internet.
• All interactions occur within AWS Lambda serverless functions that handle prompt orchestration and output formatting.
• These Lambda functions operate in a restricted AWS VPC under ClassRanked’s control, with no cross-tenant or public data access.

3.2 Prompt Orchestration and Data Flow

ClassRanked uses structured prompt orchestration to govern all LLM interactions:

• Generative and orchestration prompts define the context, expected output, and compliance boundaries for each operation.
• Prompts ensure that the LLM understands the data type (e.g., course evaluations, survey summaries) and produces deterministic, scoped outputs.
• Input data and model responses are processed in-memory only; no content is persisted to storage, logs, or model weights.
• Logs capture execution metadata only (timestamps, runtime status) — not input or output text.

3.3 Data Isolation and Security

• All AI-related data processing occurs within AWS Bedrock’s secure environment.
• AWS serves as a sub-processor under a FERPA-compliant shared responsibility model.
• AWS Bedrock does not retain or use customer data for training or model improvement per AWS’s data protection policy.
• All communications between Lambda and Bedrock are TLS 1.2+ encrypted and authenticated via scoped IAM roles.
• No institutional data leaves AWS or is shared with Anthropic directly.

4. Data Usage and Handling

4.1 Data Scope

ClassRanked processes only the data necessary to operate course evaluation and reporting features.

Typical categories include:

• Student and instructor identifiers (internal IDs)
• Course and section metadata
• Survey content and responses
• Administrative configuration data

4.2 AI Context Usage

• Institutional data may be provided temporarily in-memory for the AI model to generate summaries or structured responses.
• This data is not stored, cached, or reused.
• AI outputs are scoped to the requesting institution and are never shared across tenants.

4.3 No Training or Model Retention

• No institutional data is used to train, fine-tune, or improve any underlying AI models.
• All training data for the base model originates from non-institutional, publicly available, or internally generated sources vetted for compliance.
• The model’s internal parameters are static and cannot learn from runtime inputs.

5. Data Security and Privacy Controls

• Encryption at Rest: AES-256 encryption for all databases and file systems.
• Encryption in Transit: TLS 1.2+ enforced for all data transmission.
• Network Isolation: All AI and backend components are deployed within private subnets in AWS VPCs.
• Access Control: Principle of least privilege enforced via fine-grained IAM roles.
• Audit Logging: All API requests, user actions, and system events are logged and monitored.
• Backups: Encrypted backups stored in AWS S3 with versioning and restricted access.

6. Institutional Oversight and Data Rights

Partner institutions retain full ownership and control over their data. ClassRanked serves only as a data processor acting under institutional direction.

Institutions may:

• Request data access, correction, or deletion at any time.
• Review audit logs related to their data usage.
• Request written verification of data deletion upon contract termination.

All data retention and deletion follow a documented and verifiable process, consistent with institutional policy and FERPA requirements.

7. FERPA Alignment Summary

8. Shared Responsibility and Sub-Processor Policy

AWS acts as a sub-processor providing infrastructure and model access under the AWS Customer Agreement and Data Processing Addendum.

• AWS Bedrock explicitly prohibits the retention or training on customer data.
• ClassRanked maintains control over all encryption, access, and API invocation layers.
• Institutional data never leaves AWS’s compliant infrastructure.

ClassRanked conducts regular security reviews of sub-processor documentation and maintains written verification of AWS compliance with FERPA, SOC 2 Type II, and ISO 27001 standards.

9. Contact for Security and Compliance Inquiries