Privacy Policy

Last updated: 2026-05-05 · Effective date: pending legal sign-off

1. Who we are

Omni Forge SIS (the “Product”) is a Student Information System operated by Omni Forge LLC (“we”, “us”) for K-12 school districts in the United States. School districts using the Product are referred to in this policy as “Districts.” This policy describes how the Product processes information and how Districts, parents, and eligible students may exercise their rights with respect to that information.

2. Roles under FERPA, COPPA, and state law

Districts are the FERPA-covered education-records holders for student records entered into the Product. The Product acts as the District's “school official” under 34 C.F.R. § 99.31(a)(1)(i)(B), processing education records solely on the District's instructions and only to provide the Product's functions. We do not use student records for advertising, do not sell student records, and do not build profiles of students for any purpose unrelated to school services authorized by the District.

For students under 13, the Product is operated under the District's authority to consent on parents' behalf to the collection of personal information from students for the use and benefit of the school, as permitted by FTC COPPA FAQ §M and analogous state laws (e.g., NJ Student Privacy Act).

3. What the Product collects

Categories of personal information the Product processes on behalf of Districts:

• Student roster data: name, date of birth, gender, race/ethnicity, home language, photo, contact information, parent/guardian links, emergency contacts, medical alerts, district-issued IDs (local ID, state SSID/SMID), school-of-attendance, grade level, enrollment dates.
• Academic data: attendance, grades, assignment scores, course enrollment, transcript records, graduation requirements progress, IEP / 504 / gifted records.
• Behavioral and discipline data: incident reports, HIB investigations, consequences, restraint/seclusion logs (where applicable).
• Health data: nurse visit notes, medication administration, immunization records, screening results.
• Family financial data: meal-eligibility application contents (income, household size), fee payment records.
• Authentication and audit data: email addresses, hashed passwords, session identifiers, IP addresses, user-agent strings, audit log entries (who did what, when, from where).
• Communications: messages sent through the Product (parent notifications, district announcements, staff invitations).

4. Where the data lives and how it's isolated

The Product stores all District data in a single relational database in the United States, partitioned by an explicit districtId column on every row. Application middleware enforces tenant isolation: every database query is scoped to the calling user's District. No District's data is queryable from another District's session. Backups are encrypted and stored in the same United States region.

5. Subprocessors [REVIEW — confirm complete list with counsel]

We use the following subprocessors to deliver the Product. Each is bound by a data-processing agreement and is restricted to the purposes shown:

• DigitalOcean (US): compute hosting, managed database, object storage. Region: NYC3.
• Anthropic (US): AI text generation for grounded prompts (report-card comments, parent Q&A, nurse-note expansion, etc.). The Product sends only the input the prompt requires; AI providers are contractually prohibited from training on submitted data.
• Resend (US): outbound transactional and bulk email delivery.
• Twilio (US): outbound SMS where Districts have opted in.
• Stripe (US): processing of fee payments where Districts have opted in. Stripe is a separate controller for payment-card data.

We do not transfer student personal information outside the United States.

6. How long we keep data

Active student records are retained while the student is enrolled with a District using the Product, plus the retention period the District specifies in its records-retention schedule (typically 5 years post-graduation for academic records, longer for transcripts; District policy controls). Audit logs are retained for 7 years per FERPA-aligned best practice. Backups are retained for 7 days locally and indefinitely in the encrypted backup bucket per District configuration.

On District termination, the District may export data via the Product's export tools and request deletion of the District's tenant. We delete production data within 30 days of confirmed District export and retain only backup copies as required by contract; backup copies are deleted on the standard backup-rotation schedule (no longer than 30 days after deletion).

7. Parent and eligible-student rights

Under FERPA, NJ Student Privacy Act, and equivalent laws:

• Right to access: Parents (and students 18+ or in postsecondary education) may inspect their education records by contacting the District.
• Right to seek correction: If records are inaccurate or misleading, an amendment request may be filed with the District.
• Right to consent to disclosure: The District obtains consent before disclosing personally identifiable information from education records, except where FERPA permits disclosure without consent (e.g., school officials with legitimate educational interest).
• Right to file a complaint: with the U.S. Department of Education at studentprivacy.ed.gov.

Direct all access, correction, and deletion requests to the District's records office. We will support the District in honoring such requests within the timelines required by applicable law.

8. Security

We use industry-standard administrative, technical, and physical safeguards: TLS 1.2+ in transit, encryption at rest, Argon2id password hashing, multi-factor authentication for staff accounts, least-privilege role-based access control, per-tenant data isolation, audit logging on every state change, and regular security reviews of new code. Despite these measures, no system is perfectly secure; we will notify Districts of any security incident affecting their data without unreasonable delay and in any case within the timelines required by applicable law.

9. Cookies and tracking

The Product uses one essential session cookie (HttpOnly, Secure, SameSite=Lax) to keep authenticated users signed in. We do not use third-party advertising or analytics trackers in the authenticated application. Public marketing pages may use limited first-party analytics; these do not track student users.

10. Changes to this policy

We will post material changes here with a new “Last updated” date and, for Districts, provide direct notice through their administrator account.

11. Contact

Privacy questions about a specific student record should be directed to the student's District. Vendor-level privacy questions about the Product itself may be sent to privacy@omniforge.click.

This document is a draft prepared by Omni Forge LLC for review by qualified legal counsel before public posting. References to specific statutes and rights are for orientation; the binding text of those laws controls.