Trust Center · XODA · QuizMyBrainz
Raw student text never reaches any AI model.
That is not a policy commitment.
That is the architecture.
FERPA and HIPAA Safe Harbor Compliant
District procurement officers, legal teams, and data privacy coordinators: this page is for you.
When a superintendent approves a new diagnostic tool, someone else has to verify it. A data privacy coordinator. A district legal team. A school board liaison who was not in the original meeting.
This page exists for that person. It answers the questions a district compliance review will ask — in the order they will ask them. Every claim on this page is architectural, not aspirational. The system is built this way. It does not have a setting that turns it the other way.
Guarantees, not operations
What XODA does and does not do with student writing.
The XODA system incorporates a proprietary deterministic ruleset.
XODA does
- Produce a language development stage classification.
- Produce a mathematical cognitive signal classification.
- Return those classifications to the teacher.
- Operate under FERPA governance and HIPAA Safe Harbor de-identification methodology.
XODA does not
- Send student writing to any AI model, cloud API, or external service.
- Retain raw student text.
- Collect or store student names, IDs, or any re-identifiable attribute.
- Share data with any third-party vendor or contractor.
- Produce clinical diagnoses or SLD determinations.
What XODA collects, processes, and retains.
| Data Type | Collected | Processed | Retained |
|---|---|---|---|
| Raw student writing (verbatim text) | Yes — enters the system | De-identified internally | Never |
| Student name or ID | No | No | No |
| Personally identifiable information | No | No | No |
| Anonymized language signals | No raw text | Internal classification | Research corpus only |
| Mathematical cognitive signal | No raw text | Internal classification | Classification output only |
| District name in publications | No | No | Sealed under confidentiality |
| Audio, video, or biometric data | Never collected | — | — |
All data handling complies with FERPA (20 U.S.C. § 1232g) and the HIPAA Safe Harbor de-identification standard (45 CFR §164.514(b)(2)). No student-identifiable data is used in any published research output.
No third party receives student data. Ever.
Research team access only:
oscarpureco@quizmybrainz.com
antonieta@quizmybrainz.com
No third party — no vendor, no cloud service, no external contractor — receives student data under any circumstances. This is not a contractual restriction. It is a structural property of the XODA system: the architecture makes third-party data exposure impossible, not merely prohibited.
IRB and FERPA authorization.
All research is conducted under district IRB authorization, FERPA-compliant by architecture. The research protocol defines what data is collected, who has access, for how long, and under what governance. District identity is not disclosed in any published research output. District identification is available only to IRB reviewers and journal editors under sealed confidentiality.
For district legal teams reviewing pilot authorization scope: a full IRB Authorization Scope Summary is available on request. Contact the PI directly at oscarpureco@quizmybrainz.com.
Questions district compliance teams ask.
Does XODA send student writing to any external AI service?
No. Raw student text never reaches any AI model, cloud API, or third-party service. The XODA system incorporates a proprietary deterministic ruleset.
Is XODA FERPA compliant?
Yes. XODA operates under FERPA (20 U.S.C. § 1232g) governance. All data is de-identified under the HIPAA Safe Harbor method (45 CFR §164.514(b)(2)) adapted for educational data under FERPA. No student name, ID, or re-identifiable attribute is retained at any stage.
What does the district authorize when it approves a pilot?
A structured research deployment under district IRB authorization. The district authorizes collection of written mathematics responses from participating classrooms — text only, no audio, video, biometric, or behavioral data. The district's name and member schools are not identified in any published output. An IRB Authorization Scope Summary is available on request.
Who can access student data?
The research team only — PI and Co-PI. No vendor, no cloud service, no external contractor receives student data under any circumstances.
Where is student data stored?
No verbatim student text is linked to student identity. The research corpus is held under a separate data governance protocol restricted to the research team.
Is this a special education assessment tool?
No. XODA is a diagnostic system built to separate a student's mathematical ability from their language development stage. It is not a special education assessment tool and does not produce clinical diagnoses or SLD determinations.