FERPA Compliance

Kernex LLC (“Kernex,” “we,” “us,” or “our”) supports and complies with the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. § 1232g and its implementing regulations at 34 C.F.R. Part 99—the federal law that safeguards the privacy of student education records. We work with schools and universities that use our platform (KernexLab, KGrader, KernexCheck, and HelpRoom) and we take their FERPA obligations seriously. This page explains how we handle education records and support institutional compliance. It is for transparency only and is not legal advice. Each institution is responsible for its own FERPA compliance and for how it uses our Services.

1. What FERPA Covers

FERPA applies to “education records”—records that are directly related to a student and maintained by a school or by someone acting for the school. It gives eligible students (and, where applicable, parents) rights to inspect, review, and seek amendment of those records, and to control disclosure of personally identifiable information (“PII”) except where the law allows otherwise. Schools that get certain federal funds must follow FERPA. Generally, PII from education records may not be disclosed without consent unless a statutory exception applies (for example, to school officials with legitimate educational interests, or in health/safety emergencies).

2. Student Records and Our Role

Student records. When we receive personally identifiable information from the institutions we work with, we do so in a way that fits FERPA’s “school official” framework. We use that information only for the purposes we’re given—running the platform, delivering grading and feedback, supporting help rooms, and operating our integrity tools—and for no other use. Our contracts, our Privacy Policy, and the law govern how we use and disclose student PII. We do not sell student data or use it for advertising. We help institutions meet their FERPA duties by using data only as needed to run the Services, keeping strong safeguards in place, and working with them when they must respond to parent or student requests or to audits.

3. What We Process and Who Sees It

To provide the Services we may process data that can be part of “education records” when held by or for an institution. That can include: account and identity information (e.g., name, email, course); code and assignment submissions and grading outcomes; and usage or participation data (e.g., help room activity). We use this data only to run, secure, and improve the Services under our contract and our Privacy Policy.

Sharing. We do not give student information to third parties unless the institution or the student has asked or allowed it, or FERPA or other law permits or requires it. Any disclosure follows our agreement with the institution, our Privacy Policy (including where we use service providers under strict obligations to run the platform), or legal process.

4. Who Can Access Records and How We Protect Them

Access. Only people who need access to run the Services and who are bound by our security and confidentiality practices can access student records. We keep tight control over who can see what and review access as needed.

Data protection. We use strong technical and organizational measures to protect the confidentiality and accuracy of student education records. That includes access controls, encryption where appropriate, secure development and operations, and clear rules for any vendors that handle data. We do not use student PII for marketing and we do not sell it.

5. When and How We Dispose of Records

When student records are no longer needed for the purposes they were collected, or when an institution or eligible student asks us to dispose of them, we follow defined procedures to delete or destroy the data securely so it cannot be recovered or misused. We also follow any retention or disposal terms in our agreements and in law.

6. Correcting or Deleting Records; Working With Institutions

Amendment and deletion. If an institution or an eligible student asks us to correct or delete student records, we do so in line with FERPA and our agreement with the institution. Institutions remain responsible for FERPA—including responding to inspect/amend requests and deciding when disclosure is allowed. When we hold data that is part of an institution’s education records, we work with that institution to support those responses (for example, by providing copies or making corrections or deletions as agreed). Parents or eligible students should usually contact the institution first; the institution can then involve us as needed. We may also handle direct requests by referring them to the institution or as our agreement and the law provide.

7. Notices and Consent

Institutions that use the Services for their courses are responsible for giving any required FERPA notices (e.g., annual notice of rights) and for getting any needed consents. Our contracts with institutions spell out how we may use and disclose student data and how we protect it in line with FERPA and the institution’s own policies.

If you use Kernex, you agree to our collection, use, and disposal of your data as set out in these terms and under FERPA.

8. Updates and How to Contact Us

We may change this page as our practices or FERPA (or related rules) change. For questions about how we handle education records or support FERPA compliance, contact: Kernex LLC, 325 E. Grand River Avenue, Suite 345, East Lansing, Michigan 48823; email support@kernex.org; website kernex.org.