Test Site Manager ("TSM," "we," "our," or "the Service") is an assessment day coordination platform designed exclusively for K–12 schools and school districts ("Schools") in the United States. This Privacy Policy describes how we collect, use, store, and protect student education records and other personal information in connection with our services.
Test Site Manager is designed to operate as a "school official" under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 C.F.R. Part 99. Schools that subscribe to TSM retain sole ownership and control of student education records. TSM acts solely as a service provider processing data on behalf of and under the direction of the School.
Schools may disclose student education records to TSM without prior parental consent because TSM performs a function for which the School would otherwise use its own employees, operates under the School's direct control with respect to education records, and is subject to FERPA requirements for use and redisclosure of personally identifiable information.
Schools are responsible for including TSM in their annual FERPA notification to parents and eligible students as a school official with a legitimate educational interest.
Because TSM serves K–12 schools, some students may be under the age of 13. TSM does not collect personal information directly from students — all student data is uploaded by authorized school staff. TSM operates under the "school consent" exception of COPPA (15 U.S.C. § 6501 et seq.), whereby the School acts as the agent of the parent in consenting to the collection of student information for educational purposes.
TSM does not:
When a School uploads a student roster to TSM, the following data elements may be collected:
| Data Element | Required | Purpose |
|---|---|---|
| Student ID (school-issued) | Required | Primary identifier for roster management and export |
| First and last name | Required | Student identification at check-in |
| Preferred/goes-by name | Optional | Displayed in place of legal first name if provided |
| Grade level | Required | Session assignment and room matching |
| Test subject | Optional | Room and session matching by subject |
| City, state, ZIP | Required | Demographic record for attendance export |
| Street address | Optional | Demographic record; not used functionally |
| Accommodations | Optional | Identifies students requiring accessibility room placement |
TSM records attendance status (present, absent, late) and optional staff notes for each student during check-in, including the timestamp of the last status change and the assigned session.
For school staff accessing TSM, we collect name, email address, and role designation (Administrator, Proctor, or Read-only). This information is used solely to authenticate users and enforce access controls.
TSM maintains a roster changelog recording each upload — which staff member performed it, the timestamp, and a field-level diff of changes made to student records. This log supports Schools' FERPA obligations to maintain accurate education records.
TSM does not collect Social Security numbers, government-issued ID numbers, financial account information, health or medical information (beyond the free-text accommodations field), biometric data, or precise geolocation data.
Student data collected through TSM is used exclusively for the following purposes:
Student data is never used for advertising, marketing, product improvement analytics, or any purpose unrelated to the School's testing event. TSM does not aggregate or de-identify student data for sale or research.
Student data is stored on TSM's hosted servers. Data is encrypted in transit using TLS and at rest using industry-standard encryption. TSM enforces district-level data isolation — each district's data is logically separated at the application layer and inaccessible to any other district.
TSM enforces role-based access controls limiting staff access to the minimum data necessary for their function. Administrator accounts have full access within their district. Proctor accounts are limited to day-of check-in functions. All access is authenticated via JWT tokens with short expiry windows and httpOnly refresh token rotation.
Each district operates on a dedicated subdomain (e.g., district.testsitemanager.com). Application-layer controls ensure that authenticated users at one district cannot access any data belonging to another district.
TSM retains school data for the duration of the active subscription plus 90 days following termination, after which all data is permanently deleted from our systems.
FERPA provides parents and eligible students the right to request deletion of education records. Schools are the data controllers and are responsible for fulfilling deletion requests. TSM will cooperate with deletion requests submitted by the School on behalf of a parent or eligible student. School administrators may delete individual events — which removes all associated roster and attendance data — at any time.
When an event is closed in TSM, the roster is locked and no further uploads or modifications are permitted. This preserves the integrity of the attendance record. Closed events remain accessible to authorized school staff for reference and export.
TSM does not sell, rent, trade, or share student education records with third parties except in the following limited circumstances:
In all cases, any permitted disclosure will be limited to the minimum information necessary and will be documented in our records.
FERPA grants the following rights to parents of K–12 students (and to eligible students aged 18 or older):
These rights are exercised through the School, which is the data controller. Requests should be directed to the School's designated FERPA official. TSM will cooperate with Schools in fulfilling these requests.
Complaints regarding FERPA compliance may be filed with: Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue SW, Washington, DC 20202.
TSM will notify Schools of material changes to this Privacy Policy at least 30 days prior to the changes taking effect. Continued use of the Service following notice constitutes acceptance of the updated policy. Schools may terminate their subscription if they do not accept the revised terms.
Questions about this Privacy Policy or TSM's data practices should be directed to: