Educational & Regional Compliance
Consisto is designed to serve students and educational institutions globally. We take proactive measures to ensure compliance with major regional and educational privacy laws.
1. FERPA Compliance (United States)
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. When Consisto is utilized by a U.S. educational institution:
- We act as a "School Official" with a legitimate educational interest.
- We only process student data as directed by the educational institution (the Data Controller).
- We do not sell student data, nor do we use it for targeted advertising.
- We support schools in fulfilling parental and student rights regarding access and amendment of records.
2. Digital Personal Data Protection Act (DPDP) Compliance (India)
Under the DPDP Act of India, Consisto acts as a Data Fiduciary (when serving direct consumer users) or a Data Processor (when serving institutions). We adhere to the core principles of the DPDP:
- Notice & Consent: We collect data only with clear, affirmative consent.
- Purpose Limitation: Data is used strictly for providing the educational service.
- Data Minimization: We only collect what is strictly necessary.
- Right to Erasure: Users have a clear, unencumbered path to delete their data completely.
3. GDPR & CCPA Statement
For users in the European Economic Area (EEA) and California:
- We provide standard contractual clauses and a formal Data Processing Agreement (DPA) for institutional clients.
- We support all Data Subject Access Requests (DSARs), including the Right to be Forgotten and Data Portability.
- We do not sell your personal data as defined under the CCPA.
4. Age Restrictions
The Service is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction) without explicit, verified parental consent or authorization through an affiliated educational institution. If we become aware that we have collected personal data from a child under the age of digital consent without valid authorization, we will take steps to securely delete that information.