Built for Trust

Student privacy must always be the priority, not an afterthought. Tandem is designed with security at its core, protecting sensitive data with rigorous safeguards and a deep respect for the educators, students, and families.

Student Privacy First.

District-Controlled Data.

Clear Policies. No Surprises.

Safety

FERPA Compliant

Your students' data stays protected. We're fully FERPA-compliant, so you can focus on students, not on privacy concerns.

Trust

COPPA Compliant

Built for district-led use with clear safeguards and responsible data practices.

Privacy Policy

This Privacy Policy describes how Flying Point Education, Inc., doing business as Tandem™ (“FPE,” “we,” “our,” or “us”), collects, uses, and shares personal information in connection with the Tandem™ services (the “Services”).

By accessing or using the Services in any manner, you acknowledge that you accept the practices described in this Privacy Policy and you consent to our collection, use, and sharing of information as described below.

Your use of Tandem’s Services is always subject to Tandem’s Terms of Use, which incorporate this Privacy Policy. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Use.

If you have any questions or concerns about this Privacy Policy, please contact us at support@goingtandem.com and we will do our best to address them.

Privacy Commitments

We believe the commitments below are the most important things for schools and educators to know about how we handle personal information.

Scope of This Privacy Policy

This Privacy Policy describes the categories of information we collect and how we use and share that information. We do not intentionally exclude categories of collected information from this Privacy Policy.

No marketing to students or families

Tandem does not sell student data. We do not use, sell, share, or disclose personally identifiable information to market or advertise to students or their families or guardians. Data collected is only used for providing or improving the Services.

Tandem does not sell, share, or disclose personally identifiable information of educators or administrators collected through the Services for third-party marketing or advertising.

No advertising in the Services

Within the Tandem platform, we do not display advertising. We do not permit third parties to collect data for advertising purposes through the Services. We do not collect information for targeted advertising on third-party websites or services. enter into these Terms and to perform its obligations hereunder.

Legal Compliance

Tandem complies with applicable laws governing the protection of student and educator data, including the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. § 1232g (34 C.F.R. Part 99), the Individuals with Disabilities Education Act (“IDEA”), 20 U.S.C. § 1400 et seq., the Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501–6506, California Assembly Bill 1584, codified at California Education Code § 49073.1, and the Student Online Personal Information Protection Act (“SOPIPA”), codified at California Business and Professions Code § 22584 et seq., to the extent applicable.

Tandem also complies with applicable state student data privacy laws in the jurisdictions where it operates. Schools and districts may request information about Tandem's compliance with jurisdiction-specific requirements. Where specific state laws impose additional obligations beyond those described in this Privacy Policy, Tandem will comply with such requirements as applicable and may enter into supplemental agreements to document such compliance.

Tandem’s Services are designed for use by educators, administrators, and other authorized school or district personnel and are not directed to children under the age of 13. Tandem does not knowingly collect personal information directly from children.

To the extent Tandem processes student education records or personally identifiable information from education records (“Education Records”) on behalf of a school or district, Tandem acts as a School Official with a legitimate educational interest under FERPA and IDEA and uses such information solely as permitted by applicable law and the applicable agreement with the school or district.   For the avoidance of doubt, nothing in this Privacy Policy or the Terms of Use is intended to transfer ownership of Education Records from the applicable school or district to Tandem. Education Records processed through the Services remain the property of the school or district and are subject to the school or district's control in accordance with FERPA and applicable law.

To the extent Tandem processes personal information of children under the age of 13 on behalf of a school or district, Tandem relies on the school or district to provide appropriate consent or authorization as permitted under COPPA and applicable state law. Tandem provides this Privacy Policy and supplemental information as necessary to enable the school or district to provide informed consent on behalf of parents or guardians. Tandem uses such information solely for the educational purposes authorized by the school or district and does not use it for any commercial purpose unrelated to the provision of the Services. The school or district is responsible for obtaining and maintaining any required parental consent or authorization and for ensuring that its authorization to Tandem is consistent with its obligations under applicable law.

If Tandem becomes aware that personal information has been collected directly from a child under the age of 13 outside of the school- or district-authorized context described above, Tandem will promptly delete such information in accordance with applicable law.

Data Minimization

Tandem collects and processes only the personal information that is reasonably necessary to provide the Services and to fulfill the purposes described in this Privacy Policy. Tandem does not collect or retain personal information beyond what is needed for the educational purposes authorized by the applicable school or district.

Information You Provide to Us

Tandem collects and processes only the personal information that is reasonably necessary to provide the Services and to fulfill the purposes described in this Privacy Policy. Tandem does not collect or retain personal information beyond what is needed for the educational purposes authorized by the applicable school or district.

Tandem collects information that educators, administrators, or other authorized users provide directly in connection with accessing and using the Services. This may include names, email addresses, professional roles or titles, school or district affiliations, account credentials, and other information necessary to create and manage user accounts and administer access to the Services.

We also collect information that users choose to submit through the Services or provide to us directly, such as communications, support requests, feedback, or other correspondence.

In connection with providing the Services to schools and districts, Tandem may process student-related information that is provided by or on behalf of a school or district, including information derived from Individualized Education Programs (“IEPs”) and other special education records. Such information may include student identifiers, educational data, service details, and compliance-related information, as determined and supplied by the school or district.

Tandem recognizes that information derived from Individualized Education Programs ("IEPs") and other special education records is subject to heightened confidentiality protections under IDEA and applicable state law, in addition to FERPA. Accordingly:

a) IEP data and special education records processed through the Services are treated as confidential and are subject to access controls that limit access to authorized personnel with a legitimate educational interest;

(b) Tandem does not use IEP data or special education records for any purpose other than providing the Services to the applicable school or district, and such data is not included in aggregated or de-identified datasets without the prior written authorization of the school or district;

(c) Tandem maintains access logs for special education records processed through the Services and will make such logs available to the school or district upon reasonable request; and

(d) Upon termination of the Services, IEP data and special education records will be returned to the school or district or securely deleted in accordance with the Data Retention and Deletion provisions of this Privacy Policy and the applicable agreement with the school or district.

The Services are designed exclusively for use by educators, administrators, and authorized school or district personnel. Students do not have access to the Services and do not have user accounts. Any student-related information processed through the Services is provided by or on behalf of a school or district and is processed by Tandem solely in accordance with applicable law and the school or district’s documented instructions.

Single Sign-On (SSO)

If a school or district elects to use a third-party single sign-on service (such as Google, Clever, Microsoft, or similar providers) to access the Services, Tandem may receive limited information from that provider to authenticate users and enable account access (the “SSO Account”). This information may include a user’s name, email address, organization or district affiliation, unique user identifier, and authentication tokens necessary to support the single sign-on process, as permitted by the school or district’s configuration and the SSO provider’s privacy settings.

Tandem uses this information solely to authenticate users, provision accounts, and operate the Services. Tandem does not receive or store passwords for any SSO Accounts and does not access information from the SSO provider beyond what is necessary to support login and account management. Schools and districts are responsible for configuring their SSO settings and permissions, and are encouraged to limit the information shared to what is appropriate for their use of the Services.

SSO authentication tokens are retained only for the duration of the user's active session and are not stored after session expiration. If a user is deprovisioned or their account is deactivated by the school or district through the SSO provider, Tandem will disable the user's access to the Services upon the next authentication attempt or upon notification from the school or district, whichever occurs first.

Information Collected Automatically

When users access or use the Services, Tandem automatically collects certain technical and usage information necessary to operate, secure, and improve the Services. This information may include internet protocol (IP) addresses, browser type, device type, operating system, access times, pages or features accessed, and interactions with the Services.

This information is used to maintain the functionality and security of the Services, monitor performance, diagnose technical issues, and improve user experience. It is not used for advertising or marketing purposes.

Tandem may generate aggregated or de-identified information derived from usage of the Services and Client Data ("Anonymized Usage Data"), provided that such information has been de-identified in accordance with industry-accepted standards such that it cannot reasonably be used to identify any individual student, educator, or school. Tandem will not attempt to re-identify any Anonymized Usage Data, and will contractually prohibit any service provider or other third party from doing so. De-identification of data derived from special education records or IEP data will be subject to additional safeguards, including minimum aggregation thresholds, to prevent re-identification given the smaller population sizes typically associated with such data. Anonymized Usage Data may be used for lawful business purposes, including analytics, reporting, and product improvement.

Tracking Technologies

Tandem may use cookies, web beacons, and similar technologies to support the operation, security, and performance of the Services. These technologies are used to enable core functionality such as authentication, maintaining user sessions, protecting against unauthorized access, and ensuring the Services operate as intended.

Most web browsers allow users to control or disable cookies through their browser settings. Please note that disabling cookies may limit certain features or functionality of the Services.

Use and Sharing of Personal Information

This section explains how Tandem uses and shares personal information in a manner consistent with the commitments described in this Privacy Policy.

Use of Personal Information

Tandem uses personal information for the following purposes:

  • To provide, operate, and maintain the Services, including account provisioning, authentication, access management, feature functionality, and customer support;
  • To communicate with educators, administrators, and other authorized users regarding service updates, support requests, operational notices, and administrative matters;
  • To monitor, secure, and improve the performance, reliability, and functionality of the Services, including diagnosing errors and preventing misuse or unauthorized access;
  • To comply with applicable laws, regulations, legal processes, and contractual obligations;
  • To create aggregated or de-identified information for internal analytics, reporting, and product improvement purposes, in a manner that does not reasonably identify any individual, student, or Client.

Tandem does not use personal information to market or advertise to students or their families and does not create behavioral profiles of students for commercial purposes.

Sharing of Personal Information

Tandem shares personal information only as necessary to operate, maintain, and support the Services and in accordance with this Privacy Policy. Specifically, Tandem may share personal information in the following circumstances:

With Service Providers

Tandem engages trusted third-party service providers to support the operation of the Services and our business, including for cloud hosting, data storage, error and performance monitoring, security, analytics, customer support, and email delivery. Tandem may provide such service providers with, or authorize them to access, personal information solely as necessary to perform services on Tandem’s behalf.

In some cases, service providers may collect information directly from users on Tandem’s behalf (for example, through support tools or analytics services). Service providers are required to use personal information only to provide services to Tandem, to protect it using appropriate safeguards, and to act consistently with this Privacy Policy. Service providers are not permitted to augment, combine, or use personal information for their own purposes. If Tandem becomes aware that a service provider has used personal information in a manner inconsistent with this Privacy Policy, Tandem will take reasonable steps to address such misuse, which may include requiring deletion of the affected information.

Tandem does not share personal information with affiliates or subsidiaries for marketing or advertising purposes.

A current list of service providers that may process personal information in connection with the Services is available upon reasonable written request (which may take the form of an email). Tandem will provide schools and districts with reasonable advance notice of any material changes to the service providers that process Education Records, and the school or district may object to such changes in accordance with the applicable agreement.

With Schools and Districts

Tandem shares personal information with the applicable school, district, or other Client and their authorized personnel to enable administration, oversight, and use of the Services in accordance with applicable agreements and laws.

Automated Processing and Artificial Intelligence

Tandem may use automated processing tools, including artificial intelligence or machine learning features, solely to enhance the functionality and performance of the Services. If AI or automated processing features are used in connection with the Services: (a) Tandem will not use student data, Education Records, or IEP-related information to train, develop, or improve AI or machine learning models, whether Tandem's own or those of third parties; (b) Any AI or automated processing features will be used solely to support the educational purposes of the Services as authorized by the applicable school or district; (c) Tandem will provide schools and districts with information about the use of AI or automated processing features upon request, including the types of data processed and the purposes of such processing; (d) Tandem will not use AI or automated processing to make decisions that have legal or similarly significant effects on students without human review and oversight; and (e) If Tandem engages third-party AI service providers in connection with the Services, such providers will be subject to the same data protection obligations as other service providers described in this Privacy Policy, and student data shared with such providers will be subject to contractual restrictions prohibiting use of such data for purposes unrelated to the Services.

For Legal and Safety Purposes

Tandem may disclose personal information as necessary to comply with applicable law, regulation, legal process, or lawful government request, or to protect the rights, property, or safety of Tandem, its users, schools, districts, or others, including to investigate or prevent fraud, security incidents, or misuse of the Services.

Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the unlikely event of insolvency or bankruptcy, personal information may be transferred as part of that transaction. Any successor or acquiring entity will be required to comply with the terms of this Privacy Policy with respect to personal information acquired in the transaction. With respect to Education Records, Tandem will provide affected schools and districts with at least sixty (60) days' advance notice prior to any transfer and will provide the school or district with the option to: (a) have its data returned or securely deleted prior to the transfer, or (b) continue under the successor entity's stewardship subject to the same or substantially equivalent privacy protections. Schools and districts may exercise these rights by providing written notice within the notice period.

Security

Tandem employs reasonable administrative, technical, and physical safeguards designed to protect the personal information we collect and process through the Services. These safeguards are intended to protect against unauthorized access, disclosure, alteration, or destruction of personal information.

Access Controls and Account Security

Access to the Services is restricted to authorized users designated by the applicable school, district, or Client. User access is managed through role-based and assignment-based permissions.

Users are only able to access information that is relevant to their role and assigned responsibilities. For example, a special education coordinator, teacher, or staff member assigned to a specific student or case will have access only to that student’s records and related information, and will not have access to records for other students or cases to which they are not assigned. Administrative users may have broader access solely for purposes of system administration, compliance, oversight, or support, as authorized by the Client.

User accounts are protected by authentication credentials. If single sign-on (“SSO”) is enabled by the Client, authentication is handled through the Client’s chosen identity provider, which may apply additional security controls. Users are responsible for safeguarding their login credentials, not sharing access with others, and taking reasonable steps to prevent unauthorized access to their accounts.

While Tandem takes reasonable steps to protect personal information, no system can be guaranteed to be completely secure. Unauthorized access, hardware or software failures, or other factors beyond Tandem’s control may compromise information security.

Security Incident Notification

In the event Tandem discovers or is notified of a breach or unauthorized release of personally identifiable information or Education Records (a "Security Incident"), Tandem will:

(a) Notify the affected school or district without unreasonable delay and in no event later than seventy-two (72) hours after discovery or notification of the Security Incident;

(b) Provide written notice that includes, to the extent known at the time of notification: (i) a description of the nature of the Security Incident, including the categories and approximate number of records affected; (ii) the date or estimated date of the Security Incident; (iii) a description of the measures taken or proposed to be taken to address the Security Incident and mitigate its effects; and (iv) a designated contact person for ongoing communications regarding the Security Incident;

(c) Cooperate with the affected school or district in investigating and remediating the Security Incident, including providing reasonable assistance with any notifications required under applicable law;

(d) Take reasonable steps to contain and remediate the Security Incident and prevent recurrence; and

(e) Provide updated information as it becomes available during the investigation of the Security Incident.

Tandem will not delay notification to a school or district due to an ongoing internal investigation unless required by law enforcement. Nothing in this section limits the obligation to provide breach notifications as required under applicable federal or state law.

Internal Security Measures

Tandem uses industry-standard security practices appropriate to the nature of the Services and the sensitivity of the information processed. These measures include, where appropriate:

  • providing role-based access so that users and Tandem personnel may access personal information only as necessary to perform their assigned functions within the Services;
  • using encryption to protect personal information in transit and at rest;
  • implementing logical and physical access controls for systems that store or process personal information; and
  • periodically reviewing and updating security practices to address evolving risks.

Shared Responsibility

Client administrators control user provisioning, role assignments, and access permissions within the Services. As a result, the security of information within the Services also depends on the Client’s internal access controls, role assignments, and security practices. Clients are responsible for managing user access appropriately and in accordance with their own policies and applicable law.

While Tandem implements safeguards to protect personal information within the Services, Client and its Users play an important role in maintaining security. Client and Users are responsible for protecting their account credentials, including selecting strong passwords or sign-on mechanisms, keeping such credentials confidential, and not sharing them with others. Users should take reasonable steps to prevent unauthorized access to their accounts and any associated information, including securing the devices and browsers used to access the Services and signing out after each session.

Data Retention & Deletion

Tandem retains personal information only for as long as reasonably necessary to provide the Services, comply with applicable law, fulfill contractual obligations, resolve disputes, enforce agreements, and protect the security and integrity of the Services.

Information processed through the Services is provided and controlled by the applicable school or district. Tandem does not independently determine the accuracy of such information and relies on the school or district to manage updates, corrections, or changes to education records.

During an active subscription, authorized Client users may access, update, or manage information within the Services based on their assigned roles and permissions. Certain information may only be modified or deleted by designated administrators within the Client’s organization.

Upon termination or expiration of the Services, or upon Client’s written request, Tandem will make Client Data available for export for a period of not less than sixty (60) days, after which Tandem will delete Client Data, including all Education Records and IEP-related information, within thirty (30) days. Copies of Client Data residing in backup systems will be deleted in accordance with Tandem's standard backup rotation schedule, but in no event later than ninety (90) days following the primary deletion. Tandem will provide written confirmation of deletion upon request.

Tandem may retain aggregated or de-identified information derived from Client Data for internal analytics, reporting, and product improvement purposes, provided that such information does not reasonably identify any individual, student, or Client.

Requests relating to access, correction, or deletion of education records are generally handled by the applicable school or district, which controls such records. Authorized Users may also contact Tandem with questions or requests related to data within the Services. Where permitted by law and consistent with the Client’s instructions and role-based permissions, Tandem will assist the Client and its authorized users in addressing such requests.

United States Operation

Tandem is based in the United States, and the Services are operated and supported from the United States. Personal information processed through the Services may be stored and processed in the United States or in other locations where Tandem or its service providers operate.

If you access or use the Services from outside the United States, you understand that your information may be processed in jurisdictions where data protection laws may differ from those in your location.

To the extent Tandem processes personal information on behalf of schools or districts, Tandem does so as a service provider or data processor, in accordance with applicable data protection laws and its agreements with those schools or districts.

Changes to This Privacy Policy

Tandem may update this Privacy Policy from time to time to reflect changes in our Services, data practices, or applicable laws.

Tandem will provide at least thirty (30) days' advance notice of any material changes to this Privacy Policy by email to the designated contact at each school or district and by posting a notice within the Services or on Tandem's website. Material changes affecting the processing of Education Records will not take effect with respect to a school or district until the end of the notice period unless the school or district provides affirmative consent to the earlier effective date. The emergency exception for immediate changes is limited to changes required to comply with applicable law, respond to an active security threat, or provide additional rights or protections to users and schools.

We reserve the right to implement important changes more quickly when necessary, including to comply with legal requirements, respond to security threats, address emergency situations, or provide additional rights or protections. In such cases, changes may take effect immediately, and notice will still be provided by email and/or through a banner or notice within the Services or on our website.

Please note that if you have opted not to receive legal or administrative emails from Tandem, or if you have not provided an email address, these notices will still govern your use of the Services, and you remain responsible for reviewing and understanding any updates to this Privacy Policy.

How to Contact Tandem

If you have any questions, concerns, or requests regarding this Privacy Policy or Tandem’s data practices, you may contact us at:

Email: support@goingtandem.com

Effective Date: March 1, 2026

Tandem by Flying Point Education

Purpose-built tools for educators, grounded in clarity, collaboration, and calm.

© 2026 Flying Point Education. All rights reserved.

Terms of Use   |   Privacy Policy