Technology Help Desk
988 Crisis Hotline Safe2Say Parent Portal Staff Login ADA Compliance

Educational Application Vetting and Approval Process

Overview

To protect student privacy and ensure instructional quality, all new educational applications must go through a formal review and approval process before use with students. This process evaluates educational value, student data privacy, advertising, and compliance with district standards and COPPA requirements.

This is a staged review process involving the teacher, Application Support Coordinator, building principal, and Technology Director.

Stage 1: Teacher Request

The teacher initiates the request by identifying the application and providing basic information.

Required Steps:

  1. Identify the application.

  2. Copy the application website URL.

  3. Provide a brief description of the application, including:

    • What the application does

    • How it functions in instruction

  4. Provide justification for educational use, including:

    • How it benefits student learning

    • How it supports curriculum or instructional goals

    • Is the application on the 1EdTech.org TrustEd Apps Directory with a vetting and/or certification?

  5. Email this information to the Application Support Coordinator.

Stage 2: Application Support Coordinator Review

The Application Support Coordinator reviews the application for educational alignment, privacy compliance, and advertising practices.

Description and Justification Review

The coordinator may assist in clarifying or improving the description and justification.

Student Privacy and Data Collection Review

Applications are classified based on the type of student data collected:

Unacceptable (Non-Compliant – Prohibited)

The application requires or collects personally identifiable information (PII) beyond what is permitted under FERPA or allowed through district authorization under COPPA.

Examples include:

  • Student last name (when not authorized as directory information)

  • Home address, phone number, or precise location

  • Personal email address not issued or controlled by the district

  • Student account creation requiring parent personal email

  • Persistent identifiers used to track students across services for advertising or profiling

  • Biometric data, photos, voice recordings, or videos not explicitly authorized

  • Any data used for commercial purposes, behavioral advertising, or sale of student information

FERPA Alignment: Unauthorized disclosure or collection of PII without legitimate educational interest is prohibited.
COPPA Alignment: Schools may only consent to collection of student data for educational purposes, not commercial use.

Action: Application is rejected.

Passable (Concern Noted – Requires Administrative Review)

The application collects limited PII necessary for educational use, but introduces privacy considerations requiring review.

Examples include:

  • First name and last initial

  • District-issued student email address

  • Student username tied to district identity systems

  • Persistent identifiers used strictly for login/session management

  • Cookies or usage analytics that may track identifiable users

Conditions required for approval:

  • Data collection must be limited to a legitimate educational purpose

  • Vendor must provide a FERPA-compliant privacy policy

  • Vendor must confirm no sale, profiling, or advertising use of student data

  • District must be able to act as the COPPA consent authority

FERPA Alignment: Permissible if vendor qualifies as a “school official” with legitimate educational interest and data protection safeguards.
COPPA Alignment: School may consent on behalf of parents only when data use supports educational purposes.

Best Practice: Application is a vetted and certified on 1EdTech TrustEd Apps Directory.

Action: Administrative approval required before use.

Promising (Low Risk – Generally Acceptable)

The application collects minimal student information and limits data collection to operational functionality.

Examples include:

  • Anonymous or pseudonymous identifiers

  • District-controlled login credentials only

  • Anonymous usage analytics

  • Session cookies not used for tracking outside the educational context

Restrictions:

  • No advertising or commercial data use

  • No external tracking across unrelated services

  • Data use limited strictly to educational functionality

FERPA Alignment: No unauthorized disclosure of student PII.
COPPA Alignment: No collection of personal information beyond educational necessity.

Action: Typically approvable with standard review.

Best (Privacy-Protective – Fully Preferred)

The application collects no personally identifiable student information.

Examples include:

  • No student login required, or anonymous access

  • No personal identifiers, persistent identifiers, or tracking

  • No cookies beyond basic functionality

  • No student accounts created or stored

FERPA Alignment: No education records created or disclosed.
COPPA Alignment: No personal information collected.

Action: Approved with minimal review.

Required Vendor Assurances (FERPA & COPPA Safeguards)

Applications collecting any student data must confirm:

  • Data used only for authorized educational purposes

  • Vendor functions as a School Official under FERPA

  • Vendor does not sell, rent, or commercially exploit student data

  • Vendor does not engage in behavioral advertising

  • Vendor provides a clear privacy policy

  • Vendor provides data security protections

  • Vendor allows district to request data deletion

Important FERPA and COPPA Guidelines

FERPA allows schools to share student information without parental consent only when:

  • Vendor is performing a service for the school

  • Vendor acts under district control

  • Vendor uses data only for educational purposes

  • Vendor protects confidentiality

COPPA allows schools to consent on behalf of parents only when:

  • Service is used for educational purposes

  • Data is not used for commercial gain

  • Data is not used for advertising or profiling

Schools cannot consent to commercial or unrelated data use.

Advertising Review

Applications are also reviewed based on advertising presence:

Unacceptable

  • Contains inappropriate advertisements

  • Contains excessive or disruptive advertising

Passable (Concern Noted)

  • Advertisements are appropriate but frequent or somewhat excessive

  • Advertising does not reach unacceptable levels but raises concern

Promising

  • No inappropriate advertisements

  • Advertising is minimal and acceptable

Best

  • No advertisements present

Stage 3: Building Principal Review

The building principal reviews the collected information, including:

  • Educational value

  • Privacy assessment

  • Advertising assessment

  • Overall appropriateness

The principal makes a recommendation to approve or deny and forwards the request to the Technology Director.

Stage 4: Technology Director Final Approval

The Technology Director performs a final review and makes the official approval decision.

If approved, the application may be:

  • Added to Clever for rostering

  • Added to district approved application lists

  • Added to filtering whitelist

  • Supported by district systems

If denied, the application may not be used with students.

Summary of Approval Flow

  1. Teacher submits request

  2. Application Support Coordinator reviews privacy, advertising, and educational value

  3. Building Principal reviews and recommends approval or denial

  4. Technology Director makes final approval decision

Important Reminder

Applications must be approved before use with students. Using unapproved applications may expose student data and violate district policy and federal privacy laws.

Back to Home