FERPA & Student Data Statement
Effective date: July 14, 2026
This statement describes how the Impuls Deutsch Vocabulary Trainer (the “Service”) handles student data in compliance with the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g; 34 CFR Part 99) and related student-privacy expectations. It is intended for institutions evaluating the Service and their privacy/IT reviewers.
School official / legitimate educational interest
When an institution uses the Service with its students, we act as a “school official” with a “legitimate educational interest” under the FERPA exception at 34 CFR § 99.31(a)(1). Specifically, we:
- perform an institutional service or function (vocabulary study and progress reporting) that the institution would otherwise use its own staff to perform;
- are under the direct control of the institution with respect to the use and maintenance of education records;
- use education records only for the authorized educational purpose of providing the Service; and
- do not re-disclose education records to any third party except the vetted service providers needed to operate the Service, under contract, or as required by law.
What we consider education records
Study activity that is tied to an identifiable student and used by an instructor — for example, mastery levels, quiz results, grades/scores, points, and time studied — is treated as an education record and protected accordingly, along with the student’s name and email.
No secondary use
We do notsell student data; use it for advertising or marketing; build commercial profiles; or use student personal information to train artificial-intelligence or machine-learning models. Student data is used solely to provide the Service to the student and the student’s institution.
Service providers
We rely on a small set of U.S.-based infrastructure providers (database, hosting, and speech services) that process data only on our instructions under confidentiality and security obligations. The current list is in our Privacy Policy, Section 4.
Access, correction, and deletion
Consistent with FERPA, the institution controls its students’ education records. We support institution requests to access, correct, export, return, or delete student data, and we will return or securely delete an institution’s student data upon request or upon termination of the relationship.
Security and breach notification
We protect education records with encryption in transit and at rest, access controls, and salted password hashing. In the event of a data breach affecting an institution’s student data, we will notify the institution without undue delay and cooperate with its response obligations.
Directory information and consent
We do not designate or publish “directory information.” The institution remains responsible for any FERPA notices and consents required of it. For students under 13 (e.g., dual-/concurrent-enrollment high schoolers), the institution provides school consent for a school-directed educational purpose as described in our Terms and DPA.
Signing a data agreement
We are glad to countersign a reasonable data-protection/FERPA addendum. A ready-to-use template is available at our Data Processing Agreementpage, and we can review an institution’s own form. Contact privacy@impulsdeutsch.com.