State-Specific Compliance Information

Closegap complies with all applicable federal and state student data privacy laws. Our practices are designed to ensure student information is collected, used, and protected solely for educational purposes under district direction.

Need more info? Email us at info@closegap.org

General State Compliance

Closegap complies with student privacy statutes across all states where we operate, including California (SOPIPA), New York (Ed Law 2-D), and Illinois (SOPPA).

Core Commitments Across States

  • Educational Purpose Only – Student data is collected and used exclusively for K–12 educational purposes at the direction of schools and districts.

  • No Sale or Advertising Use – Student data is never sold, used for marketing, or used for targeted advertising.

  • Security & Safeguards – Student data is protected by administrative, technical, and physical safeguards, including encryption in transit and at rest, access controls, monitoring, and staff training.

  • Transparency – Closegap provides districts with clear disclosures about the categories of student data collected, the purposes of use, subcontractors involved, and our retention/deletion practices.

  • Breach Response – In the event of a security incident, Closegap will notify the affected district without unreasonable delay and consistent with applicable law.

  • Data Retention & Deletion – At contract end, or at district request, student data is returned, transferred to a successor, or securely destroyed in accordance with industry standards. Student accounts are deleted by default after 12 months of inactivity.

California State Compliance (SOPIPA)

Closegap complies with California’s Student Online Personal Information Protection Act (SOPIPA, Cal. Bus. & Prof. Code §22584), which governs operators of online services used for K–12 school purposes.

Key Protections Under SOPIPA

  • No Targeted Advertising
    Closegap does not engage in targeted advertising to students or their families, whether on our platform or elsewhere, based on student information.

  • No Sale or Commercial Use
    Student information is never sold, disclosed, or used for marketing or commercial profiling.

  • No Unauthorized Disclosure
    We only disclose information to support educational purposes as directed by schools/districts, to comply with law or legal processes, to protect safety/security, or to service providers under contract who are bound to the same restrictions and safeguards.

  • No Profiling Beyond Educational Use
    Closegap’s student profiles are only created to support school purposes, period. Student data is not used for non-educational profiling.

  • Security Standards
    Closegap implements and maintains reasonable security procedures and practices appropriate to the sensitivity of covered information, protecting against unauthorized access, destruction, use, modification, or disclosure.

  • Data Deletion
    At the request of a school or district, Closegap will delete student covered information under its control. We automatically delete student information after 12 months of inactivity.

  • Permissible Uses
    Student data may be used in deidentified or aggregated form to maintain and improve our educational services, to demonstrate product effectiveness, and/or to support research or school-authorized educational purposes.

New York State Compliance (Ed Law 2-D)

Closegap complies with New York Education Law §2-d and all associated regulations. Our policies and practices ensure that personally identifiable information (PII) is collected, used, and safeguarded solely for authorized educational purposes under school or district direction.

Key Protections:

  • No Sale or Commercial Use
    Student data is never sold, used for advertising, or released for any commercial purpose.

  • Data Minimization
    Closegap collects only the minimum student information necessary to provide its services.

  • Parent & Student Rights
    Parents and eligible students have the right to inspect, review, and request corrections to education records through their district. Complaints regarding possible breaches of student data may be directed to the district, which will coordinate with Closegap.

  • Teacher & Principal Data
    Closegap does not collect or process teacher or principal annual professional performance review (APPR) data.

  • Training & Access
    All staff and contractors receive training on federal and state privacy laws, including Ed Law §2-d, before accessing any student data.

  • Data Security & Encryption
    Reasonable administrative, technical, and physical safeguards are in place to protect student data, including encryption while data is in motion and at rest.

  • Breach Notification
    In the event of a security breach involving student data, Closegap will notify the affected district without unreasonable delay.

  • Data Retention & Destruction
    At contract end—or at district direction—student data is returned, transferred to a successor contractor, or securely destroyed. Destruction is carried out in accordance with industry standards, and certification of destruction is available upon request. Student accounts are deleted by default after 12 months of inactivity.

  • Third-Party Contractors
    All subcontractors and service providers engaged by Closegap are bound by contractual agreements to follow the same data privacy and security requirements.

Illinois State Compliance (SOPPA)

Closegap complies with the Student Online Personal Protection Act (SOPPA, 105 ILCS 85), which governs operators like Closegap that receive student data from Illinois school districts.

Key Protections Under SOPPA:

  • No Sale or Commercial Use
    Closegap does not sell student data or use it for advertising, marketing, or profiling outside of educational purposes.

  • Parent & Student Rights
    Parents and eligible students have the right to inspect, review, and request corrections to student data maintained by Closegap through their district.

  • Security Measures
    Closegap maintains reasonable administrative, technical, and physical safeguards to protect student data, including encryption in transit and at rest, access controls, and staff training.

  • Breach Notification
    In the event of a data breach involving Illinois student data, Closegap will notify the affected district without unreasonable delay, consistent with SOPPA requirements of within 30 days.

  • Data Retention & Deletion
    At contract end, or at district direction, student data is returned, transferred to a successor, or securely destroyed. Student accounts are deleted by default after 12 months of inactivity.

  • Data Transparency
    Closegap may collect the following categories of student data to provide and improve Closegap’s K-12 student support services.

    • Basic Identifiers: first and last name, school-issued ID, grade level, teacher/classroom assignment.

    • Account Information: username, password, log-in email address.

    • Student Check-In Responses: emotional state selections, needs indicators (e.g., physical, emotional, academic), free-text optional responses.

    • Usage & Engagement Data: timestamps of logins/check-ins, completion status, frequency of use, tool interactions.

    • Device/Technical Information: IP address, browser type, operating system, and device identifiers used for session management and security.

  • Written Agreements
    Closegap will enter into written agreements with Illinois school districts as required.

Ohio State Compliance

Closegap complies with all applicable student data privacy requirements under Ohio Revised Code §§ 3313.6011, 3319.321, and related state student records provisions, as well as federal laws incorporated by reference.

Key Protections in Ohio

  • Educational Use Only
    Student data is collected and used solely for K–12 educational purposes at the direction of schools and districts.

  • No Sale or Commercial Use
    Closegap does not sell student data, use it for marketing, or allow it to be used for targeted advertising.

  • Student Records Confidentiality
    Consistent with ORC §3319.321, personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction.

  • Parent & Student Rights
    Parents and eligible students maintain the right to access and request corrections to student records through their district/

  • Data Security
    Closegap implements administrative, technical, and physical safeguards appropriate to the sensitivity of student data, including encryption at rest and in transit, access controls, and staff privacy/security training.

  • Breach Notification
    In the event of a security incident involving Ohio student data, Closegap will notify the affected district without unreasonable delay.

  • Data Retention & Deletion
    At contract end, or at district direction, student data is returned, transferred, or securely destroyed in accordance with industry standards (NIST 800-88), with certification available upon request. Student accounts are deleted by default after 12 months of inactivity.

Funding Alignment

Closegap also supports Ohio districts in meeting requirements tied to the Student Wellness & Success Funds (ORC §3317.26). Our platform provides a privacy-compliant, low-barrier tool for collecting and using student well-being data to support mental health, early intervention, and whole child initiatives — directly aligning with how these funds are designed to be spent.

Pennsylvania State Compliance

Closegap complies with all applicable student data privacy requirements under Pennsylvania’s Public School Code (24 P.S. §13-1303a, §15-1532, and related student records provisions), as well as FERPA and other federal laws incorporated by reference.

Key Protections in Pennsylvania

  • Educational Purpose Only
    Student data is collected and used solely for educational purposes at the direction of schools and districts.

  • No Sale or Commercial Use
    Closegap does not sell, lease, or trade student data, nor use it for advertising, marketing, or non-educational profiling.

  • Student Records Confidentiality
    Consistent with 24 P.S. §15-1532 and 24 P.S. §13-1303a, personally identifiable information is treated as confidential and is not disclosed except as authorized by law or district instruction.

  • Parent & Student Rights
    Parents and eligible students retain the right to inspect, review, and request corrections to student data through their district, consistent with Pennsylvania law and FERPA.

  • Data Security
    Closegap uses administrative, technical, and physical safeguards appropriate to the sensitivity of student data, including encryption at rest and in transit, access controls, monitoring, and staff privacy/security training.

  • Breach Notification
    In the event of a security incident involving Pennsylvania student data, Closegap will notify the affected district without unreasonable delay.

  • Data Retention & Deletion
    At contract end, or at district direction, student data is returned, transferred to a successor, or securely destroyed - with certificates available upon request. Student accounts are deleted by default after 12 months of inactivity.

Funding Alignment

Closegap also supports Pennsylvania districts in meeting requirements tied to the Student Mental Health Supports and Safe Schools initiatives. By providing a low-barrier, privacy-compliant tool for student well-being check-ins and data-informed early interventions, Closegap aligns with state priorities for improving student safety, access to mental health supports, and whole-child outcomes.

Washington State Compliance

Closegap complies with Washington’s Student User Privacy in Education Rights (SUPER) Act (RCW 28A.604), which protects the privacy and security of K–12 student data used by online service providers.

Key Protections in Washington

  • Educational Purpose Only
    Closegap collects and uses student data solely for educational purposes directed by schools and districts.

  • No Sale or Targeted Advertising
    Closegap does not sell student data, nor use it for targeted advertising, marketing, or profiling outside of educational purposes.

  • Student Records Confidentiality
    Personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction, consistent with RCW 28A.604 and FERPA.

  • Parent & Student Rights
    Parents and eligible students retain the right to access, review, and request corrections to student data through their district.

  • Security Measures
    Closegap maintains reasonable administrative, technical, and physical safeguards to protect student data, including encryption of data in transit and at rest, access controls, monitoring, and staff training.

  • Breach Notification
    In the event of a security incident involving Washington student data, Closegap will notify the affected district without unreasonable delay.

  • Data Retention & Deletion
    At contract end—or at district direction—student data is returned, transferred to a successor, or securely destroyed in accordance with industry standards (e.g., NIST 800-88), with certification available upon request.

Arizona State Compliance

Closegap complies with Arizona’s Student Data Privacy Law (ARS §15-1046, as amended by SB 1314 and related statutes), which governs the collection, use, and disclosure of K–12 student data by online service providers.

Key Protections in Arizona

  • Educational Purpose Only
    Student data is collected and used solely for K–12 school purposes at the direction of Arizona schools and districts.

  • No Sale or Targeted Advertising
    Closegap does not sell student data or use it for targeted advertising, marketing, or profiling beyond educational purposes.

  • Student Records Confidentiality
    Personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction.

  • Parent & Student Rights
    Parents and eligible students retain the right to access, review, and request corrections to student data through their district. Closegap supports school and districts in providing parents with notice and opt-out opportunities before releasing directory information. See our

  • Data Deletion
    At a district’s request, Closegap will delete covered student information under its control within a reasonable timeframe. Student accounts are automatically deleted 12-months after inactivity. Certificates of deletion are available upon request.

  • Security Measures
    Closegap employs reasonable administrative, technical, and physical safeguards to protect student data, including encryption in transit and at rest, access controls, and staff privacy/security training.

  • Breach Notification
    In the event of a security incident involving Arizona student data, Closegap will notify the affected district without unreasonable delay.

Funding Alignment

Closegap also supports Arizona districts in meeting objectives tied to School Safety and Student Support initiatives, including state investments in school counselors, social workers, and mental health resources. Our platform provides a privacy-compliant, low-barrier tool for student well-being check-ins and early intervention, directly aligning with Arizona’s funding priorities around school safety and student wellness.

Michigan State Compliance

Closegap complies with Michigan’s Student Online Personal Protection Act (SOPPA, Public Act 197 of 2020) and related provisions under the Michigan Revised School Code, which govern the collection, use, and protection of K–12 student data by online service providers.

Key Protections in Michigan

  • Educational Purpose Only
    Student data is collected and used solely for K–12 educational purposes at the direction of Michigan schools and districts.

  • No Sale or Targeted Advertising
    Closegap does not sell student data or use it for targeted advertising, marketing, or profiling outside of educational purposes.

  • Student Records Confidentiality
    Personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction, consistent with Michigan law and FERPA.

  • Parent & Student Rights
    Parents and eligible students retain the right to inspect, review, and request corrections to student data through their district.

  • Data Transparency
    In alignment with Michigan SOPPA, Closegap provides districts with:

    • A description of the student data elements collected (basic identifiers, account credentials, check-in responses, usage data, technical session data).

    • The educational purposes for which data is used.

    • A list of subcontractors with access to student data, bound by equivalent privacy and security obligations.

    • Data retention and destruction practices.

  • Security Measures
    Closegap implements reasonable administrative, technical, and physical safeguards to protect student data, including encryption at rest and in transit, access controls, and staff privacy/security training.

  • Breach Notification
    In the event of a security incident involving Michigan student data, Closegap will notify the affected district without unreasonable delay.

  • Data Retention & Deletion
    At contract end—or at district direction—student data is returned, transferred to a successor, or securely destroyed in accordance with industry standards (e.g., NIST 800-88), with certification available upon request.

Funding Alignment

Closegap also supports Michigan districts in meeting priorities tied to 31n Mental Health and Student Wellness funds and other state mental health grant programs. Our platform provides a privacy-compliant, low-barrier tool for student well-being check-ins, early identification of needs, and data to support whole-child initiatives, aligning directly with Michigan’s focus on expanding access to school-based mental health supports.

Texas State Compliance

Closegap complies with Texas’s Student Data Privacy and Security Act (SB 820, Tex. Educ. Code §32.151 et seq.) and related provisions of the Texas Education Code, which require strong data privacy and cybersecurity protections for K–12 student information.

Key Protections in Texas

  • Educational Purpose Only
    Student data is collected and used solely for educational purposes at the direction of Texas schools and districts.

  • No Sale or Targeted Advertising
    Closegap does not sell student data or use it for targeted advertising, marketing, or profiling outside of educational purposes.

  • Student Records Confidentiality
    Personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction, consistent with Texas law and FERPA.

  • Parent & Student Rights
    Parents and eligible students retain the right to access, review, and request corrections to student data through their district.

  • Cybersecurity Alignment
    Closegap aligns with the cybersecurity requirements established by SB 820, which mandate that school districts adopt a framework based on nationally recognized standards (e.g., NIST). Closegap maintains administrative, technical, and physical safeguards consistent with these standards, including encryption, access controls, monitoring, and incident response protocols.

  • Breach Notification
    In the event of a security incident involving Texas student data, Closegap will notify the affected district without unreasonable delay and consistent with applicable law and contractual requirements.

  • Data Retention & Deletion
    At contract end—or at district direction—student data is returned, transferred to a successor, or securely destroyed in accordance with industry standards (e.g., NIST 800-88), with certification available upon request.

Funding Alignment

Closegap also supports Texas districts in meeting priorities tied to Safe and Supportive Schools, Texas Mental Health Grants, and School Safety Allotment funds. Our platform provides a privacy-compliant, low-barrier tool for student well-being check-ins, early identification of student needs, and data to support MTSS and whole-child initiatives, aligning directly with state funding objectives for mental health and school safety.

Colorado State Compliance

Closegap complies with Colorado’s Student Data Transparency and Security Act (C.R.S. §22-16-101 et seq.), which establishes requirements for the collection, use, and protection of K–12 student data by both districts and education technology providers.

Key Protections in Colorado

  • Educational Purpose Only
    Student data is collected and used solely for educational purposes at the direction of Colorado schools and districts.

  • No Sale or Targeted Advertising
    Closegap does not sell student data, nor use it for targeted advertising, marketing, or profiling outside of educational purposes.

  • Student Records Confidentiality
    Personally identifiable student information is treated as confidential and is not disclosed except as authorized by law or district instruction, consistent with the Colorado Student Data Transparency and Security Act and FERPA.

  • Parent & Student Rights
    Parents and eligible students retain the right to inspect, review, and request corrections to student data through their district.

  • Data Transparency
    To support district compliance with Colorado’s public disclosure requirements, Closegap provides:

    • A list of student data elements collected (basic identifiers, account credentials, check-in responses, usage data, technical session data).

    • The educational purposes for which the data is used.

    • A list of subcontractors with access to student data, bound by contractual privacy and security obligations.

    • Data retention and destruction practices.

  • Security Measures
    Closegap maintains reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of student data, including encryption at rest and in transit, access controls, annual staff training, and incident response protocols.

  • Breach Notification
    In the event of a security incident involving Colorado student data, Closegap will notify the affected district without unreasonable delay and consistent with applicable law and contract requirements.

  • Data Retention & Deletion
    At contract end—or at district direction—student data is returned, transferred to a successor, or securely destroyed in accordance with industry standards (e.g., NIST 800-88), with certification available upon request.

Funding Alignment

Closegap also supports Colorado districts in meeting priorities tied to School Health Professional Grants, Behavioral Health Funding, and Student Wellness programs. Our platform provides a privacy-compliant, low-barrier tool for well-being check-ins, early identification of student needs, and data to strengthen MTSS frameworks, aligning directly with Colorado’s emphasis on mental health and whole child supports.

Need more information?

Contact us at info@closegap.org