Data Processing & Compliance

Family Educational Rights and Privacy Act

QLM operates as a "school official" under the FERPA school official exception (34 CFR 99.31(a)(1)). This means:

• ✓Legitimate educational interest — We process data solely for the purpose of improving assessment quality for the institution. We have no independent use for student data outside this purpose.
• ✓No re-disclosure — Student data is never shared with third parties, used for marketing, sold, or disclosed for any purpose other than the contracted assessment optimization service.
• ✓Institutional control — The institution retains full ownership and control of all student data. Data is deleted upon contract termination or institutional request.
• ✓Contractual guarantee — Our standard data processing agreement includes FERPA-specific provisions. We sign the institution's DPA if preferred.

General Data Protection Regulation

For institutions operating under EU jurisdiction or processing data of EU residents:

• ✓Data processing agreement — Standard GDPR-compliant DPA available for execution. Covers Articles 28 and 32 requirements including sub-processor disclosure, breach notification, and data protection impact assessment cooperation.
• ✓Data residency — Default processing region is United States. EU data residency option available for enterprise customers. Data never leaves the designated region.
• ✓Right to deletion — Individual learner records can be deleted via API at any time. Deletion is permanent and cascades to all derived data (calibration contributions, ability estimates, response history).
• ✓Data portability — All data associated with your organization is exportable in structured JSON format via API at any time.
• ✓Lawful basis — We process data under "legitimate interest" of the controller (the institution) for assessment quality improvement. No separate consent from learners is required when the institution has established its own lawful basis.

High-Risk Educational AI Classification

The EU AI Act classifies AI systems used in education as high-risk (Annex III, Category 3). QLM is designed to meet the requirements for high-risk AI systems:

• ✓Algorithmic transparency — Every selection decision is explainable. The /v1/decisions/{id}/explanation endpoint returns the inputs, scoring factors, and ranking logic for any item selection. No black-box decisions.
• ✓Human oversight — Every QLM decision can be overridden. The contestability mechanism allows institutions to flag any selection decision, exclude specific items, or override ability estimates. The engine is advisory; your platform remains authoritative.
• ✓Bias monitoring — Continuous differential item functioning analysis (described in our Validation documentation) provides ongoing bias detection. Items showing significant DIF are automatically flagged and can be automatically excluded from selection.
• ✓User recourse — Learners (via the institution) can flag any assessment result for review. The engine provides the full decision trace and allows the institution to adjust or override the result.
• ✓Risk management — Documented risk management system covering data quality, model performance degradation, and failure modes. Available to institutional compliance teams on request.

SOC 2 Type II In Progress

SOC 2 Type II audit is currently in progress with expected completion in Q3 2026. The audit covers the Trust Service Criteria for Security, Availability, and Confidentiality.

During the audit period, we provide:

• ✓Security questionnaire — Completed CAIQ (Consensus Assessments Initiative Questionnaire) and SIG (Standardized Information Gathering) available on request. See our Security Questionnaire.
• ✓Penetration test results — Most recent third-party penetration test summary available under NDA.
• ✓Architecture review — Detailed infrastructure and data flow documentation available for your security team's review.