Student Data Privacy Policy - Art to Remember Skip to main content

Enter Order Code

Help

Toll Free: (800) 895-8777

Hours: Mon-Fri – 8:00 AM – 5:00 PM, EST

Student Data Privacy Policy

Art to Remember Student Data Privacy Policy 

Last modified: August 2025 

This Privacy Policy for Student Data supplements the information contained in A2R, Inc.’s d/b/a Art to Remember (“We,” “Us,” “AtR,” or the “Company”) Privacy Policy. We adopt this notice to comply with the federal guidelines for the handling and use of student data.  

Compliance with FERPA 

The Company is committed to protecting the privacy of student education records and complies fully with the Family Educational Rights and Privacy Act (FERPA 20 U.S.C. § 1232g; 34 C.F.R. Part 99). We collect, use, and maintain student information only as necessary to support school fundraising and art education activities and only with appropriate school or parental consent. We do not sell or share student information with third parties for commercial purposes. All data is handled in accordance with applicable laws and school agreements. 

The only personally identifiable information (PII) we collect is classified as directory information under FERPA guidelines—such as student names and grade levels as submitted by schools. We never collect or use any student education records as defined under FERPA. 

As detailed under “Class List,” for schools that have policies prohibiting providing full names, School Coordinators may submit a modified Class List which only provides a Student’s first name and last initial, last name and first initial, or unique codes for each Student. 

A form to request the deletion of a particular Student’s directory information is available here and is subject to verification of the identity of the parent or guardian. 

After “Class List” information is received from School Coordinators and entered into our encrypted databases, emails pertaining to and copies of documents containing directory information of students will be purged within one calendar year of receipt. 

Upon request, Schools and Districts with strict data handling policies may obtain an agreement from the Company to fully expunge all directory information from encrypted databases within an agreed upon timeframe. 

The Company cannot control what information is submitted by School Coordinators or Parents. Except as set forth above, we will not knowingly collect personal information about children without obtaining parental consent. 

Compliance with COPPA 

The Company complies with the Children’s Online Privacy Protection Act (COPPA 15 U.S.C. §§ 6501–6506). We do not knowingly collect personal information from children under the age of 13. Our services are intended to be used by schools and parents, and we do not engage in direct communication with children or request personal information from them. We do not market to children. All interactions and data collection are conducted through authorized school personnel or parents in accordance with applicable laws. 

Security Compliance 

The Company aligns its information security practices with the Center for Internet Security (CIS) Critical Security Controls. These well-established guidelines help us safeguard sensitive data through prioritized actions such as access management, system monitoring, and secure configuration. While we are not formally certified, we implement and regularly review these controls internally to reduce risk, protect against cyber threats, and ensure a strong foundation for responsible data handling.