FERPA Compliance
FERPA compliance in Korus is architectural, not only contractual. The platform is built so that the things FERPA protects are protected by the system, not just by policy.
Identity separated from responses
Student identity data is stored under strict access controls and separated from survey response records in normal operations. In the day-to-day flow of the system, faculty and administrators cannot link a specific response to a specific student using any technological markers.
Configurable minimum response threshold
Results are suppressed until response count meets the institution's configured minimum, protecting individual identities in small-enrollment courses.
Controlled re-identification pathway
A controlled re-identification pathway exists for documented institutional safety needs — for example, when response content indicates a potential threat to the campus community. Access is restricted to authorized personnel, requires documented justification, and is recorded in the audit trail.
Honest disclosure to students
Student disclosure language shown at survey open accurately reflects how the system works — no overclaiming, no misleading anonymity language.
DPA and BAA available
A FERPA-compliant Data Processing Agreement and Business Associate Agreement are available for institutional customers.
For the full FERPA documentation, DPA, BAA, or to talk to your institutional compliance office about specifics, contact team@heykorus.com. See also our Trust & Security page.