← Research & Institutional Access
🔒 Posture document · v1
FERPA & Data-Handling Posture
For graduate program faculty, registrars, and IT review. This page is a plain-language summary, not a contract — your institution's data-protection addendum (DPA) governs.
Implicitify AI is not a school official by default.
We process trainee submissions only when your department creates a workspace and onboards students. Until your administrator signs the DPA appropriate to your institution, we treat the workspace as a sandbox rather than an education-record system of record.
📄 What we collect
- Trainee account: name, email, role within a department workspace.
- Assignment submissions: student-written interpretations of measure batteries, faculty rubric scores and comments.
- Supervised-practicum drafts: trainee-authored case write-ups using de-identified case aliases only — never patient names, MRNs, or other PHI.
- Cohort roster: membership and seat-licensing accounting.
We do not collect PHI in trainee accounts. The Department workspace is set to training_records_only by default; clinical PHI belongs in our separate clinician surface, not here.
🔒 FERPA applicability
| Scenario | FERPA status |
|---|---|
| Self-referred individual (no institutional affiliation) | Not applicable — not an education record |
| Student using platform independently, not via institutional workspace | Not applicable — no legitimate educational interest relationship |
| Student enrolled in a program workspace with DPA in place | FERPA-covered — we act as a school official under the DPA |
| Trainee practicum submissions within workspace | FERPA-covered education records |
🔓 Access controls
- Faculty can view their own sections; cross-section access requires program-administrator rights.
- Students see only their own submissions and faculty feedback — not classmates' data.
- Export of education records requires either student consent or a FERPA exception documented in the DPA.
- Workspace administrators can download a full audit log of access events on request.
👥 Subprocessors
- Hosting: Replit — US-based cloud infrastructure.
- Database: PostgreSQL (managed, US-region).
- Narrative scoring (PSE / CCRT): performed in-process by our own deterministic lexical content-analysis engine — no third-party AI/LLM model provider is involved, and narrative text is not sent off-platform for scoring.
Full subprocessor list available under your DPA on request.
📅 Retention & deletion
- Education records are retained for the duration of the institutional DPA plus 90 days.
- On DPA termination, all trainee records are purged within 30 days unless the program requests an extended transfer window.
- Students may request deletion of non-institutional (personal-account) data at any time via support.
Ready to set up a graduate program workspace?
Request institutional access →