Why We Built This

Student data privacy is a tricky topic.

Process often gets confused with outcomes. Too often, we see companies and institutions focus on the process - checking the right boxes, saying the right things, and filling out the paperwork. But the reality is that the process is only a means to an end and the "security theater" is often just that - a show.

The end goal is always to deliver excellent products and services to schools while ensuring the safety of their most sensitive data. But the theater causes problems that people don't expect until a crisis arises.

Too often, we hear about companies checking boxes they don't fully understand and making promises they can't keep. They often don't even know what they're signing up for - only that they'll "lose a deal" if they don't just say yes. At the same time, we see IT departments in districts and universities load up DPAs with overly burdensome requirements that make compliance impractical or impossible. In virtually all cases, vendor claims go completely unverified and admins rely on loose certifications and trust that the vendors are doing the right thing.

Districts and universities manage hundreds or thousands of technology vendors. More often than not, they don't have the resources to thoroughly verify the claims of each and every vendor.

We want to help.

Our Approach

We started with a few questions in mind:

1. How can we help get the paperwork done faster so everyone can focus on delivering great products and services?
2. How can we ensure that basic privacy and security requirements are met, especially in schools that are understaffed?
3. How can we help decision makers understand the aggregate risk that they bear across all of their vendors or customers?
4. How can we highlight the strong practices of the companies that are doing it right while flagging the ones that are not?
5. How can we help institutions verify the claims of their vendors without becoming a "certifying" organization ourselves?
6. What actions have the highest impact-to-effort ratio for ensuring data privacy and security?

We are building a platform that tries to address each of these questions. Our goal isn't to tell your insitution what to do, nor serve as a "governing body" in the space. Our goal is to help you make better decisions, faster, and follow through with the execution of your commitments.

What the Platform Does Today (and Will Do in the Future)

At first, we're focused on automating DPAs. Getting the paperwork done faster so everyone can focus on delivering great products and services. We're making it easier for schools to manage templates, ensure that all vendors have a DPA on file, and making sure that they're all up to date. For vendors, we're focused on making it painless to fill out all of the relevant information, and helping them understand their obligations.

Over time, we'll add more features like:

• Automated lifecycle management for agreement (e.g. sending reminders, automatically renewing agreements, etc.)
• Ensuring that data is destroyed when an agreement is terminated
• Making sure that the correct data is shared with the correct parties (oversharing of data is a common problem)
• Surfacing anomalies in particular agreements (e.g. clauses that are not in the agreement, non-standard language, etc.)
• Helping the various parties understand the aggregate risk that they bear across all of their vendors / customers
• Letting companies show off their strong practices and certifications to potential customers

Getting Involved

We're always looking for help from the community. If you have ideas or would like to share more about how your company or school handles data privacy and security, we'd love to hear from you. Please let us know by filling out the form below.