FERPA Compliance

Nextup is committed to keeping your data private and secure.

We understand that customers in the education sector are subject to specific compliance obligations, including those under the Federal Education Rights and Privacy Act (FERPA). So, we have created this guide to help inform our education customers about what Nextup is doing to support them with their unique compliance responsibilities. Nextup’s privacy practices, technical controls, and security measures are designed to protect the data its customers submit to Nextup, as defined in our privacy policy.

What is FERPA?

FERPA is a United States federal law that protects the privacy of students in their educational records from unauthorized disclosure. Rights under FERPA transfer from the parents of a student to the student when the student turns 18 years of age or enrolls in school beyond the high school level at any age. FERPA applies to all academic institutions that receive funds from a Department of Education program.

What are educational records? FERPA classifies educational records as records that directly relate to a student and are maintained by an educational agency, academic institution, or by a party acting for the agency or institution.

Is there a FERPA certification? There are not currently any certification programs approved by the federal government that assess third-party compliance with FERPA. Academic institutions must perform their own assessments to determine whether a third-party product or service affects their compliance.

Here’s how Nextup supports education-sector customers with their FERPA compliance.

  • Data Privacy. We store data only as specified in our privacy policy. In most cases this will mean that all applicable data under FERPA will never be stored in our systems.
  • Data Security. We support the latest recommended secure cipher suites and protocols to encrypt Customer Data in transit and at rest. We also perform regular vulnerability scans and application-level penetration tests by independent entities. For more information on our security visit our security center.
  • Transparent security and privacy practices. Our policies and practices are customer-conscious, and transparent. Our security practices and privacy policy are publicly available. Customers can review our third-party audit reports, including our annual SOC-2 report, upon their request (and they are available to potential customers after signing an NDA).
  • Subprocessor Transparency. We are also transparent about our subprocessors —third-party data processors that help support the delivery of our Services with whom we share Customer Data. View our current list of subprocessors.
  • Physical Safeguards. Amazon Web Services (AWS) is our third-party hosting provider. AWS has world-class physical and environmental security, including strictly controlled perimeters, ingress points with video surveillance, on-site security, and two-factor authentication. More on AWS’s physical and environmental security is available here.

Our Security Infrastructure and Certifications

Protecting our customers’ information and their users’ privacy is extremely important to us. As a cloud-based company we’ve set high standards for security. We’ve received security certifications from the American Institute of Certified Public Accountants such as SOC 2 and can be configured for HIPAA compliance.

Nextup has invested in building a robust security team, one that can handle a variety of issues — everything from threat detection to building new tools. In accordance with GDPR requirements around security incident notifications, Nextup will continue to meet its obligations and offer contractual assurances.

If you’d like to learn more about Nextup’s security policies and procedures, please see our security page. It provides detailed information on how we approach security, and includes information on how Nextup ensures user data security in particular, including our technical and organizational measures (TOMs) as well as our encryption standards.

If you would like a copy of our security reports or penetration tests we are happy to provide the details for your teams review.


At Nextup, we are committed to the security and privacy of your data. So we’re glad to comply and help you comply with the FERPA. If you have any questions about your rights under the FERPA as a user or how Nextup can help you with compliance as a Customer, we hope you’ll reach out to us at privacy@nextup.ai.

Please also visit our Trust Center to learn more about our privacy, security and compliance programs.