FERPA Compliance
Last Updated: April 28, 2026
1. Our Commitment to FERPA
Quarlo Software LLC ("Quarlo") is committed to protecting student privacy and complying with the Family Educational Rights and Privacy Act (FERPA). We work with higher education institutions to ensure that student data is handled appropriately and in accordance with federal regulations.
This page provides information for institutional partners about our FERPA compliance practices and how to establish a Data Processing Agreement (DPA) with Quarlo.
2. School Official Designation
Under FERPA §99.31(a)(1)(i)(B), Quarlo operates as a "school official" with a "legitimate educational interest" when contracted by an educational institution. This designation allows us to access student education records necessary to provide our services without requiring individual student consent.
Legitimate Educational Interest: Quarlo provides AI-powered interview preparation services that support student career readiness and employment outcomes — a core educational mission of higher education institutions.
2.1 Conditions for the School Official Exception
For the school official exception to apply lawfully, three conditions must be met by both the institution and Quarlo. Each is a contractual commitment in the executed Data Processing Agreement and is also stated here for transparency:
- Annual FERPA Notification.The institution must include Quarlo, by category of contractor or by name, in its annual FERPA notification to students under §99.7. This is a precondition for Quarlo's school-official designation; the institution is responsible for providing that notification.
- Direct Institutional Control.Quarlo processes student education records only under the direct control of the institution with respect to use and maintenance. The institution retains the right at any time to (a) instruct Quarlo to limit, correct, or cease processing of specific records; (b) audit or request attestations of Quarlo's compliance; and (c) terminate the school-official designation by terminating the contract.
- Use Limited to Contracted Purpose. Quarlo will use student education records only for the educational purposes specified in the institutional contract (interview preparation and related career-readiness services), and will not re-disclose personally identifiable information from education records to any party except as the institution directs or as required by law (§99.33).
3. Student Data We Process
Quarlo processes minimal student data necessary to provide our services:
| Data Type | Purpose | Retention |
|---|---|---|
| Institutional Email | Account authentication, institution verification | Until account deletion |
| Resume Content | AI-powered interview prep generation | User-controlled deletion |
| Job/Company Information | Tailored interview preparation | User-controlled deletion |
| Community Contributions | Interview questions and experiences shared voluntarily | Anonymized upon deletion |
| Practice Session Data | Interview practice recordings transcribed for delivery feedback | Audio deleted within 24 hours; transcripts and scores retained until account deletion |
4. Data Retention & User Deletion Rights
Students have full control over their data:
- Delete individual preps: Users may delete any interview preparation at any time from their dashboard
- Delete account: Users may delete their entire account, removing all personal information
Data Deletion Policy: When a user deletes their account, all interview preps are permanently deleted. Contribution records are scrubbed to minimal non-PII fields (company name, job title, interview date, contribution quality scores, and community helpfulness votes), preserving interview questions for the community research pipeline while removing all personal information. Scrubbed data cannot be traced back to any individual.
4.1 Community Contribution Architecture and Re-Disclosure
Quarlo operates a shared community-contribution corpus that surfaces interview questions submitted by students at one institution to students at other institutions. Because this is a deliberate design choice with FERPA re-disclosure implications under §99.33, the architectural and process safeguards are documented here:
- Question text is stored separately from user identity. The individual interview-question records used to generate community responses contain only the question text and non-PII metadata (e.g., interview round, question type, upvote count). They do not contain a direct user identifier — there is no
user_idcolumn on the question record. Submitter identity is retained on the parent contribution row solely for ownership and moderation purposes and is never surfaced to other users. - Vector embeddings index question text only. The semantic-search embeddings used to retrieve relevant questions are computed from the question text. They do not encode submitter identity, institution, or any other personally identifying field.
- Submitters consent at the point of submission. Contributing to the community corpus is voluntary and requires the submitter to actively share at least one interview question. Contributions are not auto-created from passive use of the Service. The submitting user grants a license under our Contribution License and Section 5.2 of the Terms of Service.
- Acceptable-use rules prohibit PII in the question text itself. Our Acceptable Use Policy (Terms §4) prohibits submitting confidential information, NDA-protected content, or content that identifies specific individuals beyond public business identifiers (company name, role title). Submissions are subject to moderation under Terms §5.5.
- Adults only. Per Terms §2.1, only users aged 18 or older may submit Community Contributions, ensuring a valid contractual license grant.
- Removal on request. A student or institution may request removal of any specific contribution by emailing privacy@quarlo.co. We will action verifiable requests within 30 days, including suppression of the question record and the corresponding embedding from search.
Together these measures are designed so that the cross-institution community corpus does not re-disclose personally identifiable information from any student's education records. The corpus carries voluntarily-shared, de-identified interview- question text only.
4A. State Student Privacy Laws
In addition to FERPA, U.S. states have enacted student-data-privacy frameworks that impose specific obligations on educational-technology vendors. Quarlo's standard Data Processing Agreement is designed to comply with the substantive requirements common across these frameworks — purpose limitation, no targeted advertising or non-educational profiles, no sale of student data, reasonable security, deletion on request, breach notification to the institution, and named (in the DPA) sub-processor disclosures.
Where an institution's procurement office requires a state-specific addendum or published supplement (for example, a Parents' Bill of Rights addendum for certain New York public-system contracts), Quarlo will execute the institution's required addendum or provide an equivalent at contract execution. Requests: legal@quarlo.co.
4B. Data on Contract Termination or Account Deletion
When an institution's contract ends or a student deletes their account, the following applies:
- Personal data is deleted within 30 days. Account profile, resumes, tracked jobs, generated preps, and any uploaded files associated with the affected student are permanently deleted from production systems within 30 days, subject to reasonable rolling-backup retention windows that are themselves cleared on a 90-day cycle.
- Anonymized contribution content is retained. Voluntarily-submitted interview questions that have already been de-identified per the architecture in §4.1 may be retained in the shared community corpus consistent with the license grant in Terms §5.2. No institution-specific or personally-identifiable data persists in the corpus after contract termination.
- Institution-controlled exception.If the institution's contract directs full removal of the institution's student contributions on termination, Quarlo will action that direction. The default is anonymized retention as described above.
- Data return. Upon institution request before termination, Quarlo will provide an export of institutional student data in a reasonable structured format (JSON/CSV) prior to deletion.
5. Sub-processors
Quarlo uses the following sub-processors to deliver our services. All sub-processors are based in the United States and maintain appropriate security measures:
| Category | Purpose | Data Processed |
|---|---|---|
| AI Language Model Provider | AI interview prep generation | Resume text, job descriptions (cached up to ~10 min for prep generation; not retained after) |
| Backup AI Provider | Fallback AI processing | Resume text, job descriptions (zero retention) |
| Embedding Service | Text embeddings for search | Content text (converted to vectors) |
| Database Provider | Database and authentication | All user data (encrypted at rest) |
| Hosting Provider | Application hosting | Request logs (anonymized) |
| Company Research Service | Employer intelligence gathering | Company names, job titles |
| Email Delivery Service | Transactional email | Email addresses |
| Error Monitoring Service | Application health | Technical metadata (may include email in error context) |
We will notify institutional partners of any changes to our sub-processor list with at least 30 days notice.
Our Data Processing Agreement, available to partner institutions upon request, includes a complete list of named sub-processors with their legal names, processing roles, and data handling commitments.
6. Security Measures
Quarlo implements industry-standard security measures to protect student data:
- Encryption in transit: All data transmitted using TLS 1.3
- Encryption at rest: Database encryption using AES-256
- Access controls: Role-based access with row-level security policies
- Authentication: Secure authentication via institutional email verification
- Audit logging: Access logs maintained for compliance purposes
- Regular security reviews: Ongoing assessment of security practices
7. Data Breach Notification
Initial Notification (72 hours): For institutions with a signed Data Processing Agreement, Quarlo will provide an initial breach notification within 72 hours of discovering a Security Breach affecting Student Data, including a preliminary description of the nature of the breach and immediate containment steps taken.
Formal Written Notification:Quarlo will provide a formal written breach report to the Institution without undue delay, and within any timeframe required by applicable state data breach notification law. FERPA itself does not impose a breach notification deadline; any statutory deadline to notify students or regulators is set by state law and is the Institution's responsibility to determine. Quarlo will supply all information the Institution reasonably needs to meet those obligations.
Our breach notification will include:
- Description of the nature of the breach
- Types of data potentially affected
- Approximate number of students impacted
- Steps taken to contain and remediate the breach
- Recommended actions for the institution
- Contact information for questions
8. Prohibited Uses of Student Data
Quarlo will never use student data for:
- Targeted advertising or marketing to students
- Sale to third parties
- Building profiles for non-educational purposes
- Any purpose unrelated to the educational services contracted
9. Request a Data Processing Agreement
Educational institutions interested in partnering with Quarlo can request a formal Data Processing Agreement that includes:
- FERPA compliance commitments
- Data security requirements
- Breach notification procedures
- Data retention and deletion terms
- Audit rights
- Indemnification provisions
Contact us to discuss your institution's requirements
Subject Line: FERPA DPA Request - [Institution Name]