Context Spanish
Trust Center

Built so districts can say yes.

We follow the US laws that protect student data — FERPA and COPPA — and we'll sign your district's privacy agreement. Here's exactly what we collect, what we don't, and the documents your procurement team needs.

New to these terms? Skip to the plain-English glossary.

Contact usRead the Privacy Policy

How we handle student data

Six commitments that map directly to what district privacy officers ask about.

No ads. No resale. Ever.

We make money from school licenses and individual subscriptions. Student data is never sold, rented, or shared with advertisers.

No biometric collection

Audio is for playback only. We don't record student voices, store voiceprints, or process facial data.

14-month retention, in writing

Inactive student accounts and progress are deleted after 14 months — a school year, summer, and a grace period. No indefinite storage.

Encrypted in transit and at rest

All connections use TLS. Database storage is encrypted. Staff access is restricted and logged. We commit to 72-hour breach notification.

Privacy agreements — happy to talk

We don't have a standard DPA today. If your district requires one, send it our way and we'll review it in good faith — including the SDPC NDPA — and tell you honestly what we can and can't sign.

Schools control student data

When a school licenses Context Spanish, the school is the data controller for its students. We act as a school official with a legitimate educational interest.

Frameworks we align with

We say "aligned with" deliberately. Where we have a third-party audit, we'll say so. Until then, we describe what we do and don't do — in plain language.

Aligned with

FERPA

The US federal law that protects student education records.

We act as a school official with a legitimate educational interest. Student records are used only to deliver the service to the licensing school.

Aligned with

COPPA (April 2026 amendments)

The US federal law protecting kids under 13 online. The rules got stricter in April 2026 — we already meet the new bar.

Aligned with the FTC's updated COPPA Rule effective April 22, 2026: expanded personal-information definition (no biometric collection), written retention timeline, and verifiable parental or school consent for users under 13.

Aligned with

State student privacy laws

The state-level rules districts in California, New York, Illinois and others follow.

Practices designed to align with leading state frameworks including California (SOPIPA, AB 1584), New York (Ed Law §2-d), and Illinois (SOPPA). Specific state addenda available on request.

Written retention timeline

14 months. Then it's gone.

The April 2026 COPPA amendments prohibit keeping student data indefinitely. Our policy is concrete and enforceable.

  • Inactive student accountsDeleted after 14 months
  • Class records after teacher deletes classRemoved within 30 days
  • Deletion request from student, parent, or schoolCompleted within 30 days
  • Encrypted backupsOverwritten within 35 days
What data we collect

Every piece of data, in one table.

No surprises. If it isn't in this table, we don't collect it.

Data typeWhy we collect itWho can see itRetention
Account emailSign in, password reset, class invitations.The user, their teacher, school admin.Until account deletion or 14 months inactive.
Display nameShow progress in the teacher dashboard.The user, their teacher, school admin.Same as account.
Class enrollmentConnect a student to the right teacher and class.Student, teacher, school admin.Removed within 30 days of class deletion.
Lesson progressResume where you left off; teacher visibility into completion.Student, their teacher.Same as account.
Quiz responsesScore the quiz; show comprehension over time.Student, their teacher.Same as account.
Audio playback eventsResume audio; aggregate stats on which lessons get used.Engineering (aggregated only), the student.Same as account.
Support correspondenceAnswer your question and keep a record of what we agreed.Support staff who handle the ticket.24 months after the ticket closes.

What we never collect

  • Voice recordings or voiceprints
  • Facial or other biometric data
  • Precise (GPS-level) location
  • Advertising identifiers
  • Browsing history outside of Context Spanish
Procurement quick facts

Built for school purchasing.

The terms your finance department needs, up front. New to any of these? See the glossary.

NET-30 payment terms

30 days to pay after we invoice — standard for school purchase orders.

No auto-renewal

Subscriptions never auto-renew. You opt in to each renewal in writing.

30-day money-back guarantee

On single-classroom purchases. Full refund, no questions asked.

PO, ACH, or credit card

We accept all three. Purchase orders welcome.

SDPC NDPA — under review

The standard student-data contract many US districts use. Send it to us and we'll review it in good faith; we don't yet have it pre-signed on file.

State addenda available

California, New York Ed Law §2-d, Illinois SOPPA, and others on request.

Vendor information

Final legal entity details are confirmed on request. The placeholders below are filled in on signed agreements and W-9s — never on a public page.

Legal entity name
[PLACEHOLDER]
State of incorporation
[PLACEHOLDER]
EIN
[PLACEHOLDER]
DUNS / UEI
[PLACEHOLDER]
Primary remit-to address
[PLACEHOLDER]
Security practices

Encryption, isolation, audited access.

What's in place today. We list aspirational items separately so you always know where we are.

  • TLS 1.2+ for every connection between your browser and our servers
  • AES-256 encryption for data stored in the database and backups
  • Row-level security on every student data table — users only see their own rows
  • Least-privilege staff access with full audit logging
  • Automated daily backups, retained for 35 days then overwritten
  • 72-hour breach notification commitment to schools and parents
On the security roadmap

What we're working toward

  • SOC 2 Type II audit
  • Annual third-party penetration test
  • Public bug bounty program
Accessibility

Designed for every learner in the room.

We target WCAG 2.1 AA — the web accessibility standard US schools require. A formal VPAT is on the roadmap; here's where we are today.

  • Full keyboard navigation across stories, debates, and quizzes
  • Semantic HTML structure for screen readers
  • Color palette tested against WCAG 2.1 AA contrast targets
  • Every audio module ships with on-screen transcript at three reading levels
  • Built-in level toggle (A2 / B1 / B2) so the same lesson reaches mixed-ability classrooms
Accessibility roadmap

Coming next

  • Formal VPAT 2.5 accessibility report
  • Independent screen-reader audit
  • Optional dyslexia-friendly font
Product roadmap

What we're working on next

We're upfront about what isn't built yet. If your procurement requires any of these, tell us — we'll share an honest timeline.

SOC 2 Type II audit
SSO via Google, Microsoft, and Clever
Automated rostering via Clever and ClassLink
Documents

Available on request.

Click "Request" to send us a pre-filled email. We reply within two business days.

Data Privacy Agreement (DPA / SDPC NDPA)

We don't have a standard DPA today. Send us your district's form (or the SDPC NDPA) and we'll review it in good faith and confirm what we can sign.

Request

W-9

For setting us up as a vendor in your accounts payable system.

Request

Security questionnaire

We answer common questionnaires today; HECVAT Lite responses on the roadmap.

Request

School overview one-pager

PDF summary for principals, world-language chairs, and curriculum directors.

Request
Glossary

Every acronym on this page, explained.

You don't need to know any of these to use Context Spanish — they're here for when you forward the page to your principal or district.

FAQ

Questions district officers actually ask.

Have a DPA, W-9 form, or security questionnaire for us?

Email hello@contextspanish.com and we'll reply within two business days.

Contact usSee pricing