Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
OverviewDeclarative Config Reference
Config Deep Dives
Config ProvidersConfig Rate LimitsConfig Routes And ConsumersConfig Quality AssertionsConfig ObservabilityConfig Security NetworkConfig RuntimeConfig TestingConfig Conditional ChainsConfig ScenariosConfig Pack MetadataConfig Execution TargetsConfig Cloud ProvidersConfig Escalation RoutingConfig Data PoliciesConfig Per Policy CatalogConfig Env VariablesConfig Advanced ProviderConfig Compliance PoliciesConfig Single Policy DocsConfig Flagged Review
Policy Controls Catalog
Input Policies
Output Policies
Agent Policies
Audit & Compliance
Privacy & Legal
Case PrivacyLegal PrivilegeStudent PrivacyUpl FilterDual Use Filter
Content & Document Processing
FAQ

Student Privacy

The student-privacy policy enforces FERPA and COPPA compliance by detecting and handling student educational records and age-sensitive information in AI interactions.

Use this page when

  • You are deploying AI in K-12 or higher education and need FERPA/COPPA compliance for student data.
  • You need to detect and handle student educational records or age-sensitive information in AI interactions.
  • You want age-gating that applies COPPA protections for users under 13 and FERPA protections for users under 18.

Primary audience

  • Primary: AI Agents, Technical Engineers
  • Secondary: Technical Leaders

Configuration

policy:
  student-privacy:
    action: redact
    age_gate: false
pack:
  name: student-privacy-example-1
  version: 1.0.0
  enabled: true
policies:
  chain:
  - student-privacy

Fields

FieldTypeDefaultDescription
actionstring"redact"Action on detection: redact or block
age_gateboolfalseEnable age verification. When enabled, applies COPPA protections for users under 13 and FERPA protections for users under 18

Use Cases

K-12 School AI Deployment

Redact student records and enable age-gating for school-deployed AI assistants, ensuring both COPPA and FERPA compliance.

pack:
  name: "k12-ai-safety"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - prompt-injection
    - student-privacy
    - pii-detector
    - safety-filter
    - audit-logger

policy:
  prompt-injection:
    threshold: 0.8
    action: "block"

  student-privacy:
    action: "block"
    age_gate: true

  pii-detector:
    action: "redact"

  safety-filter:
    action: "block"

  audit-logger:
    retention_days: 2555

University Research Assistant

Redact student identifiers while allowing AI-assisted research workflows to continue. Age-gating is disabled since all users are adults.

policy:
  student-privacy:
    action: redact
    age_gate: false
pack:
  name: student-privacy-example-3
  version: 1.0.0
  enabled: true
policies:
  chain:
  - student-privacy

Input:

Look up the GPA and enrollment status for student ID 20240156

Redacted output:

Look up the GPA and enrollment status for student ID [STUDENT_ID_REDACTED]

EdTech Platform Compliance

Block requests containing student records on consumer EdTech platforms, with age-gating to enforce COPPA for younger users.

pack:
  name: "edtech-compliance"
  version: "0.1.0"
  enabled: true

policies:
  chain:
    - prompt-injection
    - student-privacy
    - pii-detector
    - quality-scorer
    - audit-logger

policy:
  prompt-injection:
    threshold: 0.8
    action: "block"

  student-privacy:
    action: "block"
    age_gate: true

  pii-detector:
    action: "redact"
    healthcare_mode: false

  quality-scorer:
    min_score: 0.6
    action: "escalate"

  audit-logger:
    retention_days: 2555

Blocked response:

{
  "error": {
    "code": "POLICY_VIOLATION",
    "message": "Request blocked — student educational record detected",
    "details": {
      "policy": "student-privacy",
      "verdict": "block",
      "age_gate_triggered": true,
      "regulation": "COPPA"
    }
  }
}

How It Works

The student-privacy policy detects student educational records including student IDs, grades, GPA values, enrollment status, disciplinary records, and other FERPA-protected education records. Detection uses a combination of pattern matching for structured identifiers and contextual analysis for unstructured references.

When age_gate is enabled, the policy applies tiered protections:

  • Under 13 (COPPA): Blocks collection of personal information from children, including educational records, without verified parental consent.
  • Under 18 (FERPA): Restricts disclosure of education records without parent/guardian consent, consistent with FERPA's definition of eligible students.

Age determination relies on session metadata (e.g., user profile age or date of birth) when available. If age cannot be determined and age_gate is enabled, the policy defaults to the most restrictive tier.

Best Practices

  • Enable age_gate for K-12 deployments: COPPA and FERPA have different consent requirements by age. Age-gating ensures the correct regulation is applied automatically.
  • Use block for platforms serving minors: Redaction may not satisfy COPPA's strict consent requirements for children under 13. Blocking is the safer default.
  • Combine with pii-detector: Student records often contain general PII (names, addresses, phone numbers). Layer both policies for comprehensive protection.
  • Use safety-filter alongside for K-12: School deployments should also filter age-inappropriate content. Combine student-privacy with safety-filter for a complete K-12 safety stack.
  • Retain audit logs for compliance evidence: Both COPPA and FERPA require demonstrating compliance. Use audit-logger with long retention periods to maintain evidence of policy enforcement.
  • Default to most restrictive when age is unknown: If your platform cannot reliably determine user age, configure the policy with age_gate: true and action: "block" to apply COPPA-level protections by default.

For AI systems

  • Canonical terms: Keeptrusts, student-privacy, action, age_gate, FERPA, COPPA, redact, block, student records, educational data
  • Config/command names: policy.student-privacy, action (redact/block), age_gate (bool)
  • Best next pages: PII Detector, Safety Filter, Language Validator

For engineers

  • Prerequisites: Understanding of FERPA-protected education records (grades, enrollment, disciplinary records) and COPPA age-gating requirements. Identity headers that convey user age when age_gate is enabled.
  • Validation: Test with student record patterns ("GPA", "student ID", "enrollment status") and verify redaction or blocking. Test age-gate behavior with under-13 and under-18 identity contexts.
  • Key commands: kt policy lint, kt policy test, kt events tail

For leaders

  • Governance: FERPA violations result in loss of federal education funding. COPPA violations carry FTC enforcement actions up to $50,120 per violation. Student privacy is non-negotiable in education deployments.
  • Cost: Local detection with no external calls. School districts must weigh the cost of AI deployment against the mandatory privacy controls required to use it safely.
  • Rollout: Deploy with action: block and age_gate: true for K-12 environments. Use action: redact for university research assistants where adult users handle student data.

Next steps

  • PII Detector — General personal data protection
  • Safety Filter — Age-appropriate content filtering
  • RBAC — Role-based access for educators vs students
  • Human Oversight — Escalate sensitive student-related decisions