Last updated: 19th August 2025

Cactus Communications (“CACTUS”/”Us”/”We”) is committed to protecting the privacy of student education records in full compliance with the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). FERPA is the federal law governing the privacy of “education records” and personally identifiable information (PII) for any school, college, or university (collectively referred to as “Institutions”) that receives Department of Education funding. It guarantees students and parents the right to access and review their education records, request corrections, and control disclosures of PII, while protecting that information from unauthorized use. As a trusted partner to leading universities and institutions, we understand our critical role in safeguarding sensitive student information.

Under FERPA, Institutions retain ultimate responsibility for the privacy of their students’ education records. To engage CACTUS in support of your institution’s needs, CACTUS can be designated as a “school official with legitimate educational interest” pursuant to 34 CFR § 99.31(a)(1)(i)(B) and institutions shall record that designation in their FERPA disclosure log per § 99.32(b) before sharing any education records with CACTUS. Upon such designation, institutions may share student PII with CACTUS to perform the contracted institutional services and in full compliance with FERPA.

Our Commitments as a School Official

When acting under FERPA’s school official exception, we uphold the following principles:

• Use Limitation: We use student data only for the institution’s authorized purpose.
• No Unauthorized Redisclosure: We do not disclose or reuse student data/PII except as permitted by FERPA or as required by law.
• Institutional Control: We operate under the institution’s direct control regarding data handling and maintenance.
• Data Minimization: We collect and retain only the minimum data necessary to fulfill our contractual obligations.
• Robust Security: We implement comprehensive technical, administrative, and physical safeguards and handle data in accordance with our Privacy Policy:
• Data Retention & Secure Destruction: Student data is retained only as long as necessary or contractually mandated. Upon request, data is securely destroyed or returned to the institution. Properly de-identified data may be retained for product improvement.

Supporting Student & Parent Rights

If CACTUS receives any request to inspect, review, or amend a student’s education record, we will promptly notify the originating institution and assist them in fulfilling the request. We do not respond directly to such requests or release data without the institution’s authorization.

Transparency and Accountability

We maintain transparency through clear privacy policies and terms of service. All employees who handle PII receive mandatory and regular training to ensure adherence to our policies and best practices.

For questions or further information on our data privacy and security practices with respect to FERPA or Student Education Records, please contact privacy@cactusglobal.com.