Data Protection & Privacy Policy

At imaginX, protecting the privacy, security, and integrity of student data is not just a legal obligation - it is a core value. As a trusted partner to educational institutions, we follow rigorous safeguards aligned with federal and state regulations, including FERPA, to ensure student data is always handled with the highest level of care.

Use of Student Data

  • imaginX operates as a “school official” under FERPA with legitimate educational interest and adheres to all applicable data protection laws.
  • All student data is treated as strictly confidential, with access limited to authorized personnel only.
  • Student data is never sold, mined, or used for advertising or commercial purposes.
  • Data is accessed solely within secure, institution-approved environments and only with express written approval.
  • We prohibit the use of student data for product development, marketing, or research without explicit consent.

Data Minimization & Anonymization

  • We collect only the data necessary to fulfill the educational purpose agreed upon with our clients.
  • Any personally identifiable information (PII) not required is promptly de-identified and never re-identified.
  • Use of live data for testing is limited, temporary, and overseen by the client institution.

Data Security & Incident Response

  • imaginX maintains a comprehensive written information security program in line with industry best practices and applicable laws.
  • Technical, organizational, and physical safeguards are in place to protect against data loss, theft, and unauthorized access.
  • Regular risk assessments and timely remediation of vulnerabilities are standard procedures.
  • We maintain an active incident response plan, including 24-hour breach notification and full cooperation with clients for resolution and communication.
  • In the rare event of a data incident, we take full responsibility to mitigate impact, including coverage of reasonable out-of-pocket costs and legal compliance actions for our partners.

Data Retention & Destruction

  • At the end of a project - or at the client’s request - all student data is either returned or permanently deleted in compliance with NIST media sanitization standards.

Our Commitment

imaginX is committed to building lasting relationships with our clients through trust, transparency, and accountability. We recognize the sensitivity of student data and embed privacy and security into the foundation of our solutions.

For more information about our data privacy practices or to request a copy of our full Data Protection Policy, please contact us at info@imaginxavr.com.