Trust & complianceFor schools, districts& large nonprofits
Built to clear IT and legal review.
ClearedFor holds the least data it can: a youth’s medical and emergency details stay in the parent’s own encrypted profile and are destroyed on a retention clock after the activity. This page lays out our data-minimization posture, encryption, the contracts we can put in place, our accessibility approach, and an honest roadmap — so your review has the facts, stated plainly.
The system is designed so sensitive information about a minor never accumulates in an institution’s records. Each piece is held by the party that should hold it, for only as long as it is needed.
- Parent-owned PII
- A youth's medical conditions, allergies, medications, insurance, and emergency contacts live in the signing parent or guardian's own encrypted profile — not in the school's or organization's database.
- Thin institutional roster
- The organization holds only a deliberately thin reference — a youth's display name and group, optionally age or grade. No medical information is stored at the organization level.
- Frozen at signing
- A signed slip is a snapshot frozen at the moment of signing; later edits to a saved profile never change a signature already given. The legal record reflects exactly what was reviewed.
- Destroyed on a retention clock
- Each slip's sensitive payload is permanently destroyed a limited period after the activity ends, by crypto-shredding (below). Sensitive data is short-lived by default, not retained indefinitely.
- Collected documents & surveys, too
- When an activity also collects a document signed offline (like a provider physical) or asks a short survey, those are encrypted and destroyed on the same retention clock as a slip. ClearedFor collects a document; it does not verify the provider or the document's contents, and a survey is planning data, not a medical record.
Every sensitive payload sits behind two independent layers: an access control on the record, and encryption on the content. A leaked session that slipped past the first still cannot read the data without the second.
- Per-slip encryption
- Each slip's sensitive payload is encrypted under its own unique key. The key material is held in a hardware-backed key-management service and never enters our application memory. An uploaded document is encrypted under its own per-document key, and survey answers under a per-survey key — same key management, same crypto-shred.
- Access limited to the activity's leaders
- Database-enforced access controls restrict an activity's emergency data to the leaders assigned to that specific activity — not an organization-wide role.
- Audit-logged emergency reads
- When a leader views an emergency payload or exports a packet, we log who acted, the action, the target, IP, and time — so it can be shown who accessed what.
- Crypto-shred = unrecoverable
- When a slip's retention window closes, we destroy its key so the payload can no longer be read. Erasure is the absence of a key, not a best-effort delete.
- Encrypted in transit, processed in the US
- Data is encrypted in transit, and ClearedFor and its service providers process and store information in the United States.
ClearedFor is built to support an institution’s own legal obligations rather than to claim a status on your behalf. We state our posture plainly and put the binding terms in a contract.
- DPA available on request
- A data-processing agreement / student-data-privacy addendum is available on request. We process information on the institution's instructions, as its service provider, under that contract.
- FERPA: you stay the controller
- For schools, ClearedFor is designed to operate as a service provider under your direction — the school remains the controller of the education record. The specific contractual terms are set in the DPA.
- COPPA: parent-provided, not child-directed
- ClearedFor is for adults. Information about a youth is provided by their parent or guardian, who reviews it and consents on the child's behalf — we collect nothing directly from children.
- State privacy laws
- We honor access, correction, and deletion rights (CCPA/CPRA, UCPA, and comparable state laws) regardless of where a resident lives, to the extent they apply.
- No data monetization
- We never sell or share personal information for advertising, and we use no third-party advertising or analytics trackers. There is no incentive to monetize a youth's data.
The full list of sub-processors and retention periods is in our privacy policy.
Accessibility is a requirement, not an afterthought.
We build the signing flow and the leader dashboard to WCAG 2.1 AA as a design requirement — keyboard reachability, screen-reader semantics, contrast, and target sizes are part of our review gate, because a parent who can’t complete the signing path can’t give informed consent.
We do not claim a certification we don’t hold. A formal accessibility conformance statement (a VPAT) is on our roadmap; if your review needs our current status, contact us and we’ll share where we are honestly.
Some capabilities institutional buyers ask for aren’t built yet. We list them here rather than let a review surface them as a surprise. If one of these is a hard requirement, talk to us about your timeline.
- Single sign-on (SSO)
- Sign-in is a one-time email code or “Continue with Google,” on both login and the parent signing flow. District SSO via Clever or ClassLink is not available yet and is on the roadmap.
- SIS / roster import
- Rosters are entered or invited today. Bulk import from a student-information system is not available yet and is on the roadmap.
- SMS reminders
- Signing links and reminders go by email today. A text-message channel is not available yet; we're evaluating it.
- Translation / language access
- The parent signing flow — including the consent and Terms a parent agrees to — is available in English and Spanish. A leader can also include a translated release PDF in an activity's required set; further languages and a translated leader dashboard are on the roadmap.
Start your review — we’ll send what your team needs.
Talk to us →