Version: November 2025
Contact: support@liveschoolinc.com
Website: www.whyliveschool.com
1. Purpose & Commitment
LiveSchool helps K-12 schools improve climate and culture through positive behavior reinforcement and point-based rewards. We believe that operating a student-facing platform requires the highest standards of privacy, data protection, and regulatory compliance. LiveSchool is committed to protecting all student information entrusted to our platform.
LiveSchool complies with applicable federal and state laws, including the Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA). LiveSchool never sells student information and never uses student data for behavioral advertising.
2. SOC 2 Audit
LiveSchool’s security, privacy, and operational controls are audited annually by a third party. Our most recent 3rd-party audit, dated August 27, 2025, is available upon request to current and prospective district partners. To request a copy of our most recent SOC 2 audit, contact support@liveschoolinc.com.
3. Scope of Data We Collect
LiveSchool collects only the minimum data necessary to provide core platform functionality: LiveSchool does not require or store Social Security numbers, home addresses, medical records, IEP/504 details, or financial information.
4. Data Minimization & Retention
Data Type | Examples | Purpose |
Student Directory Information | Name, grade level, roster membership | Display students in classes for point and reward recording |
Behavior & Points Data | Behaviors selected, points awarded/deducted, optional comments | Behavior reporting and parent communication. |
Parent/Guardian Access Data (Optional) | Parent email | Enables parent access to view student progress |
Staff Account Data | Name, email, role, roster membership, profile picture (optional) | Provides secure authenticated access |
LiveSchool collects only the data required to support instructional and school culture workflows.
LiveSchool does not collect data directly from students or allow students to communicate with one another.
When a school or district stops using our service, student records are deleted by default within 60 days of service termination, unless other required by law or the Data Sharing Agreement.
Your school or district may download records at any time. Our team can help you securely automate the transfer of LiveSchool records to your own systems of record.
Your school or district may stop its use of our service at any time and request that your records be deleted.
5. Third-Party Data Processing & FERPA Compliance
LiveSchool works with third-party service providers solely for infrastructure or other subcomponents required to provide services to our customers. All third-party processors:
Operate under FERPA-compliant Data Processing Agreements
Are prohibited from:
Selling data
Reusing data for any purpose outside of service delivery
Using data for marketing or behavioral targeting
The table below lists the third-party service providers we use and indicates which providers are used to store or process Student Personally Identifiable Information (PII):
Service | Processes Student PII? | About the Service |
Amazon Web Services | ✔️ | Cloud computing resources. |
Dromo | ✔️ | Securely processing CSV uploads. This does not apply to customers using Clever.com or ClassLink |
Clever.com | ✔️ | Securely syncs students, staff, and rosters to LiveSchool based on district-set permissions. |
ClassLink | ✔️ | Securely syncs students, staff, and rosters to LiveSchool based on district-set permissions. |
Google Cloud Platform |
| Cloud computing resources. |
Segment |
| Securely routing product usage to support and communication tools |
Filepicker |
| Uploading staff “profile pictures” and Rewards images. |
Mixpanel |
| Analyzing product usage and improvement ideas. |
Intercom |
| Live help chat for school staff. |
6. Security Architecture
LiveSchool is hosted on Amazon Web Services (AWS), which maintains industry-recognized security certifications, including ISO 27001, SOC 2, and the FedRAMP framework, for its infrastructure services.
6.1 Encryption
Behavioral data is encrypted in transit and at rest, and is accessible only to authorized staff with district-controlled permissions.
Data State | Standard Used |
In Transit | TLS 1.2+ with AES-256 encryption |
At Rest | AES-256 encryption on all databases and storage systems |
Passwords are stored using salted, one-way cryptographic hashing.
6.2 Network Controls
Virtual Private Cloud (VPC) isolates all internal systems.
Security groups restrict inbound/outbound traffic by rule.
Administrative access requires VPN or an equivalent secure transport mechanism.
7. Access Controls
LiveSchool uses role-based access control (RBAC) aligned with school job responsibilities.
Access is granted on the basis of least privilege and need-to-know.
Access logs and changes are monitored.
8. Audit Logging & Monitoring
LiveSchool maintains:
Application access logs
System & database access logs
Administrative activity logs
Logs are retained for a minimum of 12 months and monitored for:
Unauthorized access patterns
Anomalous data extraction behavior
9. Safeguards Against Accidental Disclosure
To prevent unintended access, LiveSchool implements:
Internal review and approval steps before fulfilling any data export request
Logical separation of customer environments
Automated data validation during SIS sync or bulk roster upload
Permissions enforcement at the student, classroom, school, and district levels
10. Security Incident & Breach Notification Procedure
A Security Breach is defined as any unauthorized access, use, or disclosure of student data.
If LiveSchool becomes aware of a breach, we will:
Contain and mitigate the incident immediately.
Notify the District within two (2) business days.
Provide:
A description of the breach and affected systems
Types of data involved
The time frame of exposure
Remediation steps taken and planned
Coordinate any legally required notifications to affected individuals.
LiveSchool absorbs all costs associated with remediation and correction attributable to our systems.
11. Disaster Recovery & Business Continuity
Production data is stored in multiple U.S.-based geographic regions with <10-second replication latency.
Nightly automated backups are retained for 7 days.
Weekly full backups are retained for 30 days.
Disaster recovery objective:
RPO (Recovery Point Objective): < 24 hours
RTO (Recovery Time Objective): < 24 hours
12. Parent & Student Rights
Parents and legal guardians may request (i) a description of the types of personal information about their child that are collected through the LiveSchool Service; (ii) access to and copies of that personal information; (iii) corrections or deletions of that personal information; or (iv) to discontinue further collection of such information.
All such requests must be directed to the student’s school, which is the educational agency responsible for maintaining and controlling student records under FERPA. LiveSchool will only access, use, modify, or delete student personal information at the direction of the school or district.
13. Use of AI
LiveSchool does not include any AI-based features in the LiveSchool product. However, LiveSchool may offer optional, free AI-powered resources on our public website for professional use (for example, tools that help generate ideas or support staff planning). These resources are not connected to the LiveSchool product and are not designed to receive, store, or process student data.
14. Contact
For privacy or security questions, requests, or incident inquiries: support@liveschoolinc.com