Privacy Policy

1. Who We Are

boardofeducations.org/ is an independent informational guide that publishes practical, step-by-step guides to U.S. State Boards of Education, state Departments of Education, local school district boards, and the federal K-12 oversight framework. We are the business and the controller for the personal information described on this page.

For any privacy-related question, contact us at info@boardofeducations.org with the subject line “Privacy request” and we will respond within the time limits set out below.

2. Scope of This Policy — Important

3. The Personal Information We Collect About You

We do not collect Sensitive Personal Information as defined under CCPA/CPRA — no Social Security numbers, government identification numbers, financial accounts, precise geolocation, racial or ethnic origin, religious beliefs, union membership, contents of mail/email/text, genetic data, biometric data, sex-life or sexual-orientation data, or specific health information about you. We do not ask for it and you should not send it through our contact channel.

4. Student Records and Education Records — FERPA Carve-Out

If you accidentally include student-identifying information in a message to us — a child’s name and IEP details, for example — we will not use it, and we will delete the message after responding (or sooner if requested). We strongly suggest not sending student-specific information through any unsecured channel, including email.

5. How We Collect Personal Information

• Directly from you — when you email us, complete a contact form, or set cookie preferences.
• Automatically — when you visit the site, your browser sends standard technical information so the page can load.
• From third-party services we use — analytics and advertising providers, but only after you have given consent through our cookie banner.

6. Business Purposes for Collection and Use

• Providing the website and its content
• Responding to questions, corrections, and feedback
• Securing the site and protecting against abuse, fraud, and unauthorized access
• Auditing interactions and measuring site performance (analytics, where consented)
• Supporting display advertising that funds the site (where consented)
• Complying with legal obligations and responding to lawful requests

We do not use personal information for automated decision-making with legal or similarly significant effects, and do not engage in profiling within the meaning of state privacy laws.

7. Who We Share Personal Information With

8. “Sale” and “Sharing” of Personal Information

We do not sell personal information for money. However, under CCPA/CPRA the term “sale” is broad, and use of certain advertising cookies may meet the CCPA/CPRA definition of “sharing for cross-context behavioral advertising.” Where that applies, you have the right to opt out — see Section 11 for the California-specific procedure and Section 9 for the cookie controls.

The site honors the Global Privacy Control (GPC) signal as a valid opt-out of “sale” and “sharing” under CCPA/CPRA, the Colorado Privacy Act, and the Connecticut Data Privacy Act.

9. Cookies, Analytics, and Advertising

For full detail — including the cookies used, third-party services, and how to manage them — see our Cookie Policy. Key controls: the cookie banner, the “Cookie settings” link in the footer, browser-level controls, and industry opt-outs (NAI, DAA).

10. How Long We Keep Personal Information

11. California Rights (CCPA / CPRA)

To exercise these rights, email info@boardofeducations.org with the subject line “California privacy request.” We respond within 45 days as required by CCPA, with one possible 45-day extension. You may also escalate to the California Privacy Protection Agency at cppa.ca.gov or the California Attorney General.

12. Texas Rights (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024, gives you:

• Right to confirm and access — to confirm processing and access your personal data
• Right to correct — to correct inaccuracies
• Right to delete — to delete personal data
• Right to data portability — to obtain a copy in a portable, technically feasible format
• Right to opt out — of (a) targeted advertising, (b) sale of personal data, and (c) profiling that produces legal or similarly significant effects

To exercise your TDPSA rights, email us with subject “Texas privacy request.” We respond within 45 days. Escalation: Texas Attorney General at texasattorneygeneral.gov.

13. Florida Rights (FDBR)

Florida residents have rights under the Florida Digital Bill of Rights (FDBR), effective July 1, 2024 (with size thresholds for which businesses are covered):

• Right to confirm processing and access personal data
• Right to correct inaccurate personal data
• Right to delete personal data provided by or obtained about you
• Right to data portability
• Right to opt out of targeted advertising, sale of personal data, and profiling for decisions that produce legal or similarly significant effects

To exercise FDBR rights, email us with subject “Florida privacy request.” Escalation: Florida Attorney General at myfloridalegal.com.

14. Other State Privacy Rights

To exercise these rights, email us with the subject line “[State] privacy request.” We respond within the period required by the applicable law (typically 45 days, with possible extensions).

15. How to Exercise Your Rights

For all privacy requests, email info@boardofeducations.org. Include enough information for us to identify the data you’re asking about. We may need to verify your identity before responding — most commonly by confirming you control the email address that submitted the request.

16. Children — COPPA Compliance

This site is not directed at children under 13 and we do not knowingly collect personal information from children under 13. We comply with the federal Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§6501–6506, and its implementing regulations at 16 C.F.R. Part 312. If we learn we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly.

17. Security

We apply technical and organizational measures appropriate to the risk: encryption of data in transit (HTTPS across the site), access controls on administrative tools, regular software updates, secure authentication for our editorial team, and contractual security commitments from vendors. If we become aware of a breach involving your personal information, we will notify you and applicable authorities consistent with state breach-notification laws including those of Texas (Tex. Bus. & Com. Code §521.053), California (Cal. Civ. Code §1798.82), and similar laws in other states.

18. International Visitors (GDPR / UK GDPR)

The site is operated for a U.S. audience but is accessible globally. EU and UK visitors have rights under the EU GDPR and UK GDPR — access, rectification, erasure, restriction, portability, and objection. UK residents may complain to the Information Commissioner’s Office at ico.org.uk.

19. Changes to This Policy

We update this policy when our practices change or when state privacy laws change. The “Last reviewed” date at the top reflects the current version. Substantive changes will be flagged on the homepage banner for at least 30 days. This policy is read alongside our Cookie Policy, Terms of Service, and Disclaimer.