We know that data privacy matters, especially when you're working with students. Here's what AOM collects, what we don't, and how we handle compliance.

What we collect from instructors

When you sign up, we collect your email address (used for login and communication) and your name. If you subscribe, Stripe processes your payment information. We do not store credit card numbers. We also collect your instructor evaluation responses after each class.

What we collect from participants

Participants provide their name and email address (if added via roster) or just an email address (if they register via a registration page). After a class, participants complete an evaluation that includes multiple-choice and open-ended questions about their experience, plus optional demographic information (age, gender, race/ethnicity). Evaluation responses are not linked to individual student academic records.

What we don't collect

We do not collect student ID numbers, Social Security numbers, grades, academic records, financial aid information, or any data protected under FERPA as part of a student's education record. AOM is not an academic tool and does not integrate with your school's student information system.

FERPA

Because AOM does not access or store education records as defined by FERPA, the platform operates outside the scope of FERPA in most use cases. The email addresses and evaluation responses we collect are generated within the AOM platform, not pulled from institutional systems. That said, if your institution requires a FERPA compliance statement as part of its vendor review, we have one available. Email support@artopeningminds.org and we'll send it over.

Security and subprocessors

AOM uses the following services to operate the platform: Clerk (authentication), Xano (backend/database), Stripe (payments), HubSpot (email communications), Cloudinary (media hosting), and PostHog (analytics). Each of these vendors maintains its own security and privacy practices. If your institution requires a Data Processing Agreement (DPA) or a HECVAT Lite assessment, we have both available on request.

Tips & Notes

• Participant evaluation responses are anonymous by default. Instructors see aggregated and individual responses but cannot link them to specific students unless the participant voluntarily includes identifying information in an open-ended response.
• If your institution has specific data privacy requirements, email support@artopeningminds.org and we'll work through them with you. We've been through many postsecondary institutional review processes and are happy to provide whatever documentation you need.
• For more on our approach to evaluation data, see "How to Access and Interpret Participant Evaluation Results" in the Learning Center.