What Data We Collect
Complete list of data elements we collect, why we collect them, and how they're protected.
Our Approach to Data Collection
Impact Suite follows the principle of data minimization, collecting only the information necessary to provide our safety and wellness platform services. All data collection serves specific educational and student safety purposes and is protected by comprehensive security controls.
Key Principles
Purpose Limitation: Data is collected only for specific, explicit educational and safety purposes
Data Minimization: We collect the minimum data necessary to provide services
Transparency: Clear documentation of what data is collected and why
Security: All data protected with encryption and access controls
Retention: Data retained only as long as necessary or required by law
Data Elements We Collect
The following tables provide a complete inventory of data elements that Impact Suite may collect through our platform. Note that actual data collected varies based on your implementation and the integrations you enable.
Category: Student Information (FERPA Protected)
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Student Name (First and Last) | Required | Identity verification, case management, reporting | Encrypted at rest, role-based access controls |
Student Date of Birth | Required | Age verification, intervention planning | Encrypted at rest, access controls |
Student Email Address | Optional | Communications, account access (high school students) | Encrypted at rest, access controls |
Student Phone Number | Optional | Emergency contact, notifications | Encrypted at rest, access controls |
Student Gender | Optional | Demographic reporting, intervention planning | Encrypted at rest, access controls |
Student Grade Level | Required | Age-appropriate interventions, reporting | Encrypted at rest, access controls |
Student Race/Ethnicity | Optional | Demographic reporting, equity analysis | Encrypted at rest, sensitive data handling |
Student School/Building Assignment | Required | Location-based services, reporting, permissions | Encrypted at rest, access controls |
Student SIS ID | Required | Unique identification, SIS integration, record matching | Encrypted at rest, access controls |
Student Safety Status | Optional | Risk assessment, intervention tracking | Encrypted at rest, strict access controls |
Student Tier Classification | Optional | Intervention level tracking | Encrypted at rest, access controls |
Assigned Counselor | Optional | Case management, responsibility tracking | Encrypted at rest, access controls |
Student Class Enrollments | Optional | Academic context, teacher notifications | Encrypted at rest, access controls |
Student Academic Performance | Optional | Risk factor assessment, intervention planning | Encrypted at rest, access controls |
Student Attendance Records | Optional | Risk factor assessment | Encrypted at rest, access controls |
Category: Guardian/Family Information
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Guardian Name (First and Last) | Required | Family communication, emergency contact | Encrypted at rest, access controls |
Guardian Email Address | Required | Notifications, communications, emergency contact | Encrypted at rest, access controls |
Guardian Phone Number | Required | Emergency contact, notifications | Encrypted at rest, access controls |
Guardian Date of Birth | Optional | Identity verification | Encrypted at rest, access controls |
Guardian Gender | Optional | Demographic reporting | Encrypted at rest, access controls |
Guardian Race/Ethnicity | Optional | Demographic reporting | Encrypted at rest, sensitive data handling |
Guardian Relationship to Student | Required | Proper contact identification, permissions | Encrypted at rest, access controls |
Guardian Address | Optional | Mailing communications, emergency contact | Encrypted at rest, access controls |
Is Parent/Guardian Designation | Required | Legal contact hierarchy | Encrypted at rest, access controls |
Guardian SIS ID | Optional | SIS integration | Encrypted at rest, access controls |
Category: Staff/Faculty Information
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Staff Name (First and Last) | Required | Identity verification, permissions, reporting | Encrypted at rest, access controls |
Staff Email Address | Required | Account access, notifications, communications | Encrypted at rest, access controls |
Staff Phone Number | Optional | Contact information, notifications | Encrypted at rest, access controls |
Staff Date of Birth | Optional | Identity verification | Encrypted at rest, access controls |
Staff Gender | Optional | Demographic reporting | Encrypted at rest, access controls |
Staff Race/Ethnicity | Optional | Demographic reporting | Encrypted at rest, sensitive data handling |
Staff Role/Position | Required | Role-based permissions, reporting | Encrypted at rest, access controls |
Staff School/Building Assignment | Required | Location-based permissions, reporting | Encrypted at rest, access controls |
Staff District Assignment | Required | Organizational permissions | Encrypted at rest, access controls |
Staff Team Memberships | Optional | Collaboration, case assignment | Encrypted at rest, access controls |
Staff SIS ID | Optional | SIS integration | Encrypted at rest, access controls |
Staff Class Assignments | Optional | Teacher-student relationships | Encrypted at rest, access controls |
Category: Behavioral Concerns & Tips
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Concern Description | Required | Documentation of behavioral concerns | Encrypted at rest, strict access controls |
Concern Date/Time | Required | Timeline tracking, reporting, analysis | Encrypted at rest, access controls |
Concern Location | Optional | Incident analysis, location-based interventions | Encrypted at rest, access controls |
Concern Type/Category | Required | Classification, reporting, trend analysis | Encrypted at rest, access controls |
Concern Urgency Level | Required | Prioritization, response protocols | Encrypted at rest, access controls |
Students Involved | Required | Case association, intervention planning | Encrypted at rest, strict access controls |
Staff Reporter | Required | Accountability, follow-up communications | Encrypted at rest, access controls |
Anonymous Tip Flag | Automatic | SafeTip anonymous reporting | Encrypted at rest, access controls |
SafeTip ID (8-character) | Automatic | Anonymous tip tracking | Encrypted at rest, access controls |
Tip Submitter Information | Optional | Contact for follow-up (if provided voluntarily) | Encrypted at rest, strict access controls |
Associated Files/Photos | Optional | Evidence documentation | Encrypted at rest and in transit, strict access controls |
Concern Messages/Updates | Required | Case communication, progress tracking | Encrypted at rest, strict access controls |
Mandatory Reporting Flag | Automatic | Legal compliance tracking | Encrypted at rest, access controls |
Category: Threat & Suicide Risk Assessments
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Assessment Type | Required | Framework identification (CSTAG, NTAC, Salem-Keizer, ASQ, CSRS) | Encrypted at rest, strict access controls |
Assessment Date/Time | Required | Timeline documentation | Encrypted at rest, strict access controls |
Assessment Status | Required | Workflow management | Encrypted at rest, access controls |
Risk Level Classification | Required | Safety planning, intervention prioritization | Encrypted at rest, strict access controls |
Interviewer Information | Required | Accountability, professional responsibility | Encrypted at rest, access controls |
Interview Notes | Required | Clinical documentation | Encrypted at rest, strict access controls, PHI handling |
Suicidal Ideation Assessment | Required (suicide assessments) | Risk evaluation, safety planning | Encrypted at rest, strict access controls, PHI handling |
Threat Specificity Details | Required (threat assessments) | Risk evaluation, target protection | Encrypted at rest, strict access controls |
Behavioral Observations | Required | Professional assessment documentation | Encrypted at rest, strict access controls |
Mental Health History | Optional | Risk factor assessment | Encrypted at rest, strict access controls, PHI handling |
Substance Use History | Optional | Risk factor assessment | Encrypted at rest, strict access controls, PHI handling |
Trauma History | Optional | Risk factor assessment | Encrypted at rest, strict access controls, PHI handling |
Family Environment Assessment | Optional | Support system evaluation | Encrypted at rest, strict access controls |
Academic Performance Context | Optional | Stressor identification | Encrypted at rest, access controls |
Weapon Access Information | Required | Safety risk evaluation | Encrypted at rest, strict access controls |
Previous Attempts/Threats | Required | Historical risk factors | Encrypted at rest, strict access controls |
Protective Factors | Required | Strength-based planning | Encrypted at rest, access controls |
Parent/Guardian Interview Notes | Required | Family involvement documentation | Encrypted at rest, strict access controls |
Category: Intervention Plans & Safety Planning
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Safety Plan Details | Required | Student protection, crisis prevention | Encrypted at rest, strict access controls |
Supervision Requirements | Required | Safety protocol implementation | Encrypted at rest, access controls |
Environmental Modifications | Optional | Risk mitigation | Encrypted at rest, access controls |
Behavioral Interventions | Required | Skill development, behavior change | Encrypted at rest, access controls |
Mental Health Services | Optional | Treatment coordination | Encrypted at rest, strict access controls, PHI handling |
Academic Accommodations | Optional | Educational support | Encrypted at rest, access controls |
Family Involvement Plan | Required | Support system engagement | Encrypted at rest, access controls |
Monitoring Schedule | Required | Progress tracking, safety verification | Encrypted at rest, access controls |
Emergency Contacts | Required | Crisis response protocols | Encrypted at rest, access controls |
Restricted Areas/Activities | Optional | Safety precautions | Encrypted at rest, access controls |
Coping Strategies | Required | Self-regulation skills | Encrypted at rest, access controls |
Progress Monitoring Data | Required | Intervention effectiveness | Encrypted at rest, access controls |
Plan Modification History | Required | Clinical decision documentation | Encrypted at rest, strict access controls |
Category: Training & Compliance
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Training Completion Records | Required | Compliance tracking, reporting | Encrypted at rest, access controls |
Training Date/Time | Required | Compliance verification | Encrypted at rest, access controls |
Training Duration | Automatic | Completion tracking | Encrypted at rest, access controls |
Training Module Progress | Automatic | Detailed completion tracking | Encrypted at rest, access controls |
Quiz Results | Required | Knowledge verification | Encrypted at rest, access controls |
Certificate Generation | Automatic | Documentation, audit trail | Encrypted at rest, access controls |
Training Topic/Module | Automatic | Compliance categorization | Encrypted at rest, access controls |
Policy Acknowledgements | Required | Legal compliance, audit trail | Encrypted at rest, access controls |
Policy Change Log Tracking | Automatic | Version control, compliance | Encrypted at rest, access controls |
Training Rollout Tracking | Automatic | Implementation management | Encrypted at rest, access controls |
Category: Case Management
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Case Title | Required | Case identification | Encrypted at rest, access controls |
Case Type | Required | Workflow management, reporting | Encrypted at rest, access controls |
Case Status | Required | Progress tracking | Encrypted at rest, access controls |
Case Priority/Urgency | Required | Resource allocation | Encrypted at rest, access controls |
Assigned Case Manager | Required | Responsibility tracking | Encrypted at rest, access controls |
Case Start/End Dates | Required | Timeline management | Encrypted at rest, access controls |
Case Notes | Required | Progress documentation | Encrypted at rest, strict access controls |
Associated Concerns | Required | Comprehensive case view | Encrypted at rest, access controls |
Case Files/Attachments | Optional | Supporting documentation | Encrypted at rest and in transit, strict access controls |
Team Collaboration Notes | Optional | Multi-disciplinary coordination | Encrypted at rest, access controls |
Category: System & Usage Data
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Login/Access Logs | Required (automatic) | Security monitoring, audit trail, FERPA compliance | Encrypted at rest, 6-year retention |
IP Address | Required (automatic) | Security monitoring, fraud prevention | Encrypted at rest, access controls |
Session Information | Required (automatic) | Application functionality, security | Encrypted at rest, temporary storage |
Authentication Tokens (JWT) | Required (automatic) | Secure access management | Encrypted, 90-minute expiration |
Failed Login Attempts | Required (automatic) | Security monitoring | Encrypted at rest, access controls |
Password Reset Tokens | Required (automatic) | Account security | Encrypted, time-limited |
Admin Impersonation Logs | Required (automatic) | Administrative oversight, audit trail | Encrypted at rest, strict access controls |
File Upload/Download Activity | Required (automatic) | Security monitoring, audit trail | Encrypted at rest, access controls |
API Activity Logs | Required (automatic) | Integration monitoring, security | Encrypted at rest, access controls |
Category: AI Chat & Knowledge Management
Data Element | Required/Optional | Purpose for Use | Security Measures |
|---|---|---|---|
Chat Messages | Required | AI assistance, knowledge retrieval | Encrypted at rest, access controls |
Chat Metadata | Automatic | Performance optimization, usage analytics | Encrypted at rest, access controls |
AI Response Feedback | Optional | Service improvement | Encrypted at rest, access controls |
Knowledge Base References | Automatic | Contextual assistance | Encrypted at rest, access controls |
Custom Knowledge Entries | Optional | Organization-specific guidance | Encrypted at rest, access controls |
Data We Do NOT Collect
Impact Suite is committed to data minimization. We do not collect:
Social Security Numbers
Financial/payment card information
Biometric data (fingerprints, facial recognition, etc.)
Geolocation tracking (beyond school building assignment)
Student browsing history or online activity outside our platform
Student social media content
Student religious affiliation
Political views or affiliations
Detailed family income information
Immigration status
Personal medical records unrelated to school safety assessments
SIS Integration Data
When integrated with your Student Information System via secure APIs or SFTP connections, we receive data automatically. The specific data elements received depend on your SIS configuration and what you choose to share.
Common SIS Data Elements
Student roster (name, ID, grade, demographics)
Guardian contact information
School/building assignments
Class enrollment and teacher assignments
Academic session information
Staff roster and assignments
Data Mapping
We work with you during implementation to map only the necessary fields from your SIS to our platform. You maintain complete control over what data is shared.
Data Retention Periods
Impact Suite retains data according to the following standards:
Standard Retention
Data Type | Retention Period |
|---|---|
Active Student Records | Retained while student is enrolled and account is active |
Graduated/Transferred Students | 7 years from last enrollment date |
Behavioral Concerns & Cases | 7 years from case closure |
Threat & Suicide Risk Assessments | 7 years from completion |
Intervention Plans | 7 years from case closure |
Training Records | 7 years from completion |
Access Logs (FERPA/HIPAA Audit Trail) | 6 years |
AI Chat Data | Retained while account is active |
Operational Logs | 30 days (unless involved in security incident) |
Upon Contract Termination
Data available for export for 90 days
After 90 days (or upon request), data securely deleted per NIST 800-88 standards