Elysian

Compliance & Standards

Elysian adheres to international standards and regulations to ensure we meet the highest requirements for educational technology and student data protection.

Our Compliance Framework

As an educational technology platform serving students globally, we maintain strict compliance with international, regional, and local regulations. Our compliance program is regularly reviewed and updated to reflect changing legal requirements and best practices.

COPPA (Children's Online Privacy Protection Act)

We comply with COPPA requirements when collecting information from children under 13, including obtaining verifiable parental consent and limiting data collection to what is reasonably necessary.

  • Parental consent mechanisms for users under 13
  • Limited data collection for young users
  • No third-party data sharing without consent

FERPA (Family Educational Rights and Privacy Act)

We align with FERPA standards to protect student education records and ensure proper access controls for educational institutions.

  • Student education records protection
  • Institutional data sharing agreements
  • Student and parent access rights

GDPR (General Data Protection Regulation)

We support GDPR requirements for European users, providing transparency and control over personal data processing.

  • Right to access and data portability
  • Right to erasure (right to be forgotten)
  • Transparent data processing notices
  • Lawful basis for processing personal data

Regional Compliance

Asia-Pacific Region

We comply with data protection laws in Singapore (PDPA), Australia (Privacy Act), and other Asia-Pacific jurisdictions where we operate.

United States

In addition to federal laws, we comply with state-specific privacy laws including CCPA (California) and other state educational privacy requirements.

Data Processing Agreements

We provide comprehensive Data Processing Agreements (DPAs) to institutional clients that outline:

  • Roles and responsibilities for data protection
  • Types of data processed and purposes
  • Security measures and data breach notification procedures
  • Data retention and deletion policies
  • Sub-processor disclosure and management