iepOS
ResourcesTrustHelpContact
Open demo
Back to home

Trust Center

iepOS is built for the most sensitive context in K–12 education: special-education records. Every student's data is protected by FERPA, IDEA, and applicable state law. This page is your single source of truth for our legal, security, privacy, and accessibility commitments.

Questions? Contact tanis@zldagroup.com

Legal Agreements

Governing documents that define how iepOS handles your data and your obligations as an operator.

  • Privacy PolicyAvailable
  • Terms of ServiceAvailable
  • Data Processing Agreement (DPA)Coming soon
  • National Data Privacy Agreement (NDPA)Coming soon
  • Business Associate Agreement (BAA — HIPAA)Coming soon

Privacy & Student Data

How we collect, use, protect, and delete student personally-identifiable information (PII).

  • FERPA Alignment SummaryComing soon
  • COPPA ComplianceComing soon
  • HIPAA Alignment (healthcare data ingestion)Coming soon
  • California SOPIPA ComplianceComing soon
  • Florida §1002.222 ComplianceComing soon
  • Subprocessor ListComing soon

AI Use Policy

How iepOS uses AI — what AI can suggest, what it cannot decide, and how human oversight is maintained.

  • AI Use PolicyComing soon
  • AI Guardrails & Human Approval WorkflowAvailable
  • AI Transparency ReportComing soon

Security

Technical and organizational measures protecting student data in iepOS.

  • Vulnerability Disclosure PolicyComing soon
  • SOC 2 Type II ReportComing soon
  • Penetration Test SummaryComing soon
  • Encryption at Rest & In TransitComing soon
  • Incident Response PolicyComing soon

Accessibility

iepOS is built for educators and families with diverse needs. We target WCAG 2.1 AA conformance.

  • Accessibility Statement (WCAG 2.1 AA)Coming soon
  • Voluntary Product Accessibility Template (VPAT)Coming soon

Our commitments to schools and families

iepOS is built specifically for special-education workflows in K–12. Student data in iepOS exists for one purpose: to deliver the service to the student’s school or district.

  • No selling. No ads. No profiling. iepOS does not sell student data, does not use it for advertising, and does not build commercial profiles from it.
  • Schools stay in control. The district or school is the data controller for student records. iepOS operates as a school official / service provider under FERPA, IDEA, COPPA, and applicable state student-privacy laws.
  • Data Privacy Agreements.Before production student data is loaded, iepOS will execute the district’s required DPA. We are prepared to sign the SDPC National Data Privacy Agreement and applicable state exhibits upon district request.
  • Security baseline. Encryption in transit and at rest, role-based access, audit logging on every record touch, and a documented incident-response process. Independent attestations (SOC 2 Type II, third-party penetration test) are on our roadmap and will be posted here as they complete.
  • AI with a human in the loop. AI-generated content (goal drafts, accommodations, progress summaries) is always reviewed and approved by a credentialed educator before it reaches a parent or becomes part of an IEP.

For a security review, DPA, or to request our subprocessor list, contact tanis@zldagroup.com.

iepOS© 2026 iepOS
ResourcesTrust CenterPrivacyTermsContact