Compliance & FERPA

When your institution uses Nexxora to manage student information, you remain the owner and controller of that data. Nexxora AI Technology acts as a service provider that processes data on your documented instructions — to deliver the platform, keep it secure, and support your team.

Nexxora is built for institutions subject to the Family Educational Rights and Privacy Act (FERPA). We treat student education records as confidential and process them only to provide the contracted services, for security and operational purposes, or as required by law.

• Role-based access so only authorized users see student records.
• Audit logging of significant actions for accountability and review.
• Tools to help you respond to access, correction, and disclosure requests.
• We do not use student education records for advertising or unrelated purposes.

As the institution, you remain responsible for obtaining required consents and providing the notices FERPA and comparable state laws require.

For institutions that require one, Nexxora AI Technology offers a Data Processing Agreement describing how we process institutional and student data, our confidentiality commitments, and our handling of sub-processors. Request a copy during onboarding or through our contact page.

We protect data with encryption in transit and at rest, multi-tenant isolation, least-privilege access for our team, monitoring, and regular patching. Full details are on our Security page, and how we handle personal information is described in our Privacy Policy.

Nexxora helps institutions meet accreditation and Title IV expectations through attendance and clock-hour records, document retention, audit trails, and exportable reporting. These tools are designed to produce the evidence reviewers ask for without manual reconstruction.

We use carefully vetted sub-processors for hosting, email, SMS, payment processing, and monitoring. Each is evaluated for security posture and bound by contractual data protection terms. A current list of sub-processors is available to Customers on request.

Nexxora runs on cloud infrastructure that may process data in the United States and other regions. Where required, we apply appropriate safeguards for cross-border transfers consistent with our agreements with Customers.

Customers and prospective customers can request our DPA, sub-processor list, and security overview by emailing support@nexxoracloud.ai. We are happy to support your procurement, privacy, and compliance reviews.