Safe for Schools
FERPA and COPPA compliant language learning
Zero data collection. Fully offline. Perfect for classroom use.
Compliance Status: FULLY COMPLIANT
NidoVoix employs a privacy-by-design approach with zero external data transmission, comprehensive encryption, and robust parental controls.
COPPA Compliant FERPA Compliant Zero PII Collection Local-Only Storage
Key Compliance Features
- Zero PII Collection — No personally identifiable information collected
- Local-Only Storage — All data stays on device, never transmitted
- Encrypted Storage — AES-256 encryption for preferences and consent
- Parental Consent — Verifiable consent system with age verification
- Privacy Policy — Comprehensive 3,500+ word policy in-app
- Data Processing Agreement — DPA available for schools
- Backup Exclusion — Student content excluded from cloud backups
What We DON’T Collect
No Personal Info
No names, emails, student IDs, demographics, or device identifiers
No Tracking
No analytics, telemetry, behavioral tracking, or advertising
No Third Parties
No external APIs, cloud services, data sharing, or subprocessors
No Network
Works fully offline with zero internet connection required
Benefits for Educators
- Fully Offline — No internet required, works anywhere
- No Accounts — No student logins or registrations
- Device-Controlled — All data stays on school-owned devices
- No Vendor Access — We never see or access student content
- Easy Deployment — Install on any iPad, complete consent, start learning
- 18 Languages — Support ESL, heritage languages, and world language curricula
Security Architecture
NidoVoix implements multi-layer protection:
| Layer | Protection |
|---|---|
| App Sandboxing | iOS-enforced isolation, no cross-app data access |
| Platform Encryption | iOS Keychain with AES-256-GCM encryption |
| Backup Exclusion | Student content excluded from iCloud/iTunes |
| Device Security | Protected by device passcode and secure enclave |
| Network Isolation | Zero external API calls, fully offline capable |
Deployment Guidance
Pre-Deployment
- Legal/IT review of privacy policy
- Review Data Processing Agreement (if required by district)
- Execute DPA if required by district policy
- Configure device management (MDM) if applicable
Deployment
- Install app on school-owned iPads via VPP
- Admin completes parental consent on each device
- Configure language packs for curriculum
- Document deployment in IT records
VPP/MDM Compatible: Available through Apple Volume Purchase Program for institutional deployment. Compatible with all major MDM solutions.
FERPA Classification
- App creates “education records” (student work)
- Records stored locally, not disclosed to vendor
- School maintains full control via device ownership
- No “school official” designation needed (no vendor access)
Data Processing Agreement
Schools requiring a formal DPA or compliance documentation can request one at any time. Our DPA includes:
- Definition of “education records”
- Data handling specifications
- Security requirements
- Breach notification procedures
- Liability and indemnification
- Termination and data deletion
Institutional Inquiries
For questions about compliance, Data Processing Agreements, or volume licensing:
Email: [email protected]
DPA Requests: Response within 10 business days
Privacy Questions: Response within 5 business days
Common Questions
Do we need a DPA to use this app?
It depends on your district policy. Since the app is local-only with no vendor access, some districts may not require a DPA. We provide one if needed.
How do we classify this under FERPA?
The app creates “education records” (student work), but those records stay on school-owned devices. No “disclosure” to a third party occurs.
Can students access this from home?
If installed on personal devices, parents should provide consent. For school devices taken home, existing school policies apply.
What if our state has additional student privacy laws?
Our zero-transmission, local-only approach generally exceeds state requirements. Contact us for specific state compliance questions.
How do we handle data breaches?
Since data never leaves the device, traditional “data breach” (external compromise) cannot occur. Device loss/theft is handled per your existing device security policies.