FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) is a U.S. federal law that protects the privacy of students’ education records. When educational institutions collect or process student data, they must ensure any vendors involved, including survey platforms follow FERPA-aligned safeguards.

BlockSurvey is built on a privacy-first, zero-knowledge architecture designed to keep all student information fully protected and under the control of the institution collecting it. Our technical design ensures that any educational records or personally identifiable information (PII) collected through BlockSurvey remain private, secure, and inaccessible to BlockSurvey at all times.

End-to-End Encryption Controlled by the Institution

All student data collected through BlockSurvey is encrypted end-to-end using keys controlled by the institution.

  • Data is encrypted in transit and at rest.
  • BlockSurvey cannot decrypt, read, or access any student information.
  • Only the institution (survey owner) can view and manage the data.

Zero-Knowledge Platform

BlockSurvey operates on a strict zero-knowledge model.

  • We do not have access to your encryption keys.
  • We cannot view, modify, or share any data collected through your surveys.
  • Student data remains private even from BlockSurvey staff.

Decentralized Identity & Secure Key Management

BlockSurvey uses decentralized identity (DID) and secure, hardware-backed key protection.

  • Each institution’s keys are stored securely using Hardware Security Modules (HSMs).
  • Keys cannot be recovered or accessed by BlockSurvey.
  • Institutions retain full ownership and control of all data they collect.

Dedicated Data Isolation

Each institution’s data is logically isolated to prevent cross-access between customers and ensure a secure environment.

No Ability to Disclose or De-Identify Student Data

Because all data is encrypted with keys controlled by the institution:

  • BlockSurvey cannot disclose, share, or alter student information.
  • Any request for student PII is always directed back to the institution’s administrator.

Industry-Standard Security Controls

While we cannot access customer data, our underlying infrastructure follows robust security frameworks, including SOC2, ISO 27001, and GDPR-aligned practices, ensuring the platform is secure and compliant.

Please see our Privacy Policy for information on how we support FERPA compliance.