Data Privacy Agreement.
A school district's student data is the district's. MLCN's standard agreement for it is the National Data Privacy Agreement (NDPA) — the form Minnesota districts already use — so the terms are ones your privacy office recognizes on sight. MLCN will sign it with your district on request, and is equally glad to execute the district's own agreement instead.
Last updated: July 17, 2026
When a member school runs a Strength-Indicator survey, MLCN processes a small amount of student data on the school's behalf. MLCN's standard agreement for that is the National Data Privacy Agreement (NDPA), version 2.2 — the model maintained by the Student Data Privacy Consortium and used by thousands of districts nationally, including through Minnesota's state alliance. To put it in place, or to have MLCN review and sign your district's own form instead, contact info@mnlcn.org.
Why the standard form
Rather than ask districts to review a custom agreement, MLCN adopts the NDPA unchanged. Its terms are the recognized baseline: the school keeps ownership and control of all student data; MLCN acts as a FERPA “school official” under the school's direction; data is used only to run the survey; it is never sold and never used for advertising; and the agreement is governed by the law of the school's own state and venue.
To be straightforward about where this stands: MLCN has not yet executed the NDPA with a district, and is not currently listed on the SDPC registry that districts often use to find a vendor's existing agreement. Today a district executes directly with MLCN — ask, and MLCN will sign. The NDPA's General Offer of Privacy Terms, which lets other districts adopt identical terms without renegotiating, is a route MLCN intends to open once a first district has signed.
What MLCN actually collects
The NDPA includes a full schedule of student-data categories a vendor might touch. MLCN's footprint is deliberately tiny — the blanks on that schedule are the point:
- Student name — from the roster the school uploads. Purged automatically (see below).
- Student email — optional, only when a school distributes the survey by email rather than printed codes. Purged with the roster.
- Homeroom or class label — optional, only when a school adds it as a way to slice its own report.
- Survey responses — the answers and any free-text reflections, kept de-identified after the roster purge.
MLCN does not collect demographics, race or ethnicity, date of birth, health or disability data, IEP/504 status, free-or-reduced-price-lunch status, discipline records, transcripts, transportation, or government identifiers. The survey is also intentionally designed not to ask about the sensitive categories protected under the Protection of Pupil Rights Amendment (PPRA); the full instrument is available for the school to review before an administration opens.
How the data is protected
- Roster auto-purge. Names, emails, class labels, and tokens are deleted automatically 90 days after an administration closes. The de-identified answer rows remain so the report stays valid. This exceeds the agreement's requirement to dispose of data within 60 days of a written request, which MLCN also honors.
- Aggregate-only upstream. MLCN staff see school-level rollups, not individual respondent rows tied to names. Cross-school network comparisons appear only when at least two schools contribute.
- Free-text stays in the school. Open-text reflections are visible to that school's administrators and are never name-attributed or surfaced in MLCN aggregates.
- Small-cell suppression. Indicators with too few valid responses are withheld from reports so individuals can't be inferred.
- Encryption & least privilege. Data is encrypted in transit and at rest, access is restricted to staff who need it, and database-level rules keep names and answers from being read together.
If something goes wrong
If MLCN confirms a security incident affecting student data, MLCN will notify the affected school within 72 hours, describe the nature of the incident and the data involved, and cooperate with the school's investigation and any notification obligations the school has under Minnesota or federal law (including, for public bodies, Minn. Stat. § 13.055).
Subprocessors
MLCN uses a limited set of U.S.-based infrastructure providers — Supabase (database and authentication), Vercel (hosting), and Resend (transactional email) — each bound by its own security and privacy commitments to handle student data no less protectively than this agreement requires. MLCN remains responsible for them and will give notice of a material change to this list.
Parents and the law
Because the school controls the data, requests from parents or eligible students to access, correct, or delete it are directed to and fulfilled by the school; MLCN supports the school in responding. For Minnesota public schools, student data is also governed by the Minnesota Government Data Practices Act (Minn. Stat. ch. 13) and Minnesota's student-data-privacy provisions. Schools remain responsible for any PPRA-required notice and parental opt-out, and for any parental consent their policy or COPPA requires for students under 13.
How MLCN's documents fit together
This Data Privacy Agreement governs student data specifically and controls over any conflicting language elsewhere for that data. MLCN's general Terms of Service cover the broader membership relationship, and the privacy policy explains MLCN's platform-wide commitments in plain language.
Execute or review
To put the NDPA in place for your school or district — or to send MLCN your own student-data-privacy agreement to review and sign — contact info@mnlcn.org.