Compliance Center
Everything your district's legal team needs to verify that SmileCharts meets enterprise security and privacy standards.
Compliance Documents
These documents are available upon request for any school district evaluating or currently using SmileCharts.
Annual Security & Privacy Assessment
SOC 2 Trust Services Criteria Structure
Comprehensive annual assessment of SmileCharts' security controls, infrastructure, identity management, vulnerability management, and EdTech-specific compliance (FERPA/COPPA). Includes our full subprocessor inventory, data classification matrix, and encryption standards.
- SOC 2 TSC-aligned structure
- Full infrastructure & subprocessor inventory
- Vulnerability scanning & testing results
- FERPA/COPPA audit logging evidence
- Data retention & disposal documentation
Management's Assertion Letter
CEO-Signed Security & Privacy Attestation
Formal attestation from SmileCharts' CEO asserting that security and privacy controls are implemented and operating effectively. Covers authorized use, security safeguards, regulatory compliance, data sovereignty, data minimization, and disposal protocols.
- CEO-signed on company letterhead
- Covers all NDPA v2.2 required controls
- Attached as cover to the Security Assessment
- NIST Cybersecurity Framework aligned
Incident Response Plan Summary
NIST SP 800-61 Rev. 2 Aligned
Summary of SmileCharts' written Data Breach response plan, provided upon reasonable written request per NDPA v2.2, Article V, Section 5.4. Covers our incident classification matrix, NIST-aligned response process, 72-hour notification protocol, and post-incident review procedures.
- NIST SP 800-61 Rev. 2 aligned
- 4-phase response process documented
- 72-hour LEA notification protocol
- Post-incident review & remediation process
- Annual tabletop exercise commitment
Data Processing Agreement (DPA)
Pre-Signed NDPA for School Districts
SmileCharts offers a pre-signed Standard Student Data Privacy Agreement (NDPA) based on the national template. Download the signed agreement or contact us to execute a district-specific DPA.
- Pre-signed NDPA available for immediate download
- Full Exhibit B (data elements) documented
- Exhibit C (subprocessors) with all 7 vendors
- Exhibit F (data disposition verification)
- State Supplemental Terms (Exhibit G) supported
Security at a Glance
Key security metrics and controls that protect your student data.
How to Request Compliance Documents
Contact Us
Email us at your convenience or use the contact form. Include your district name, your role, and which documents you need.
Verification
We verify your identity as an authorized representative of the school district. For existing DPA partners, we respond within 2 business days.
Document Delivery
Documents are delivered via secure email. The DPA is available for immediate download. Assessment reports and the IRP Summary are provided within 5 business days.
Our 72-Hour Notification Commitment
In the event of a confirmed data breach involving Student Data, SmileCharts will notify your district within 72 hours of confirmation, in full compliance with NDPA v2.2, Article V, Section 5.4. Our notification includes:
- Provider identification and direct contact information
- Incident timeline with date of breach and date of discovery
- Plain-language description of what happened
- Specific Student Data elements affected (referencing Exhibit B)
- Identification of impacted individuals
- Corrective actions taken and ongoing remediation steps
Ready to Partner with SmileCharts?
We make compliance easy. Get your DPA signed, review our security documentation, and onboard your school in days — not months.