VCA Virtual
Privacy Policy
How we handle student and family information.
Effective 2026-05-27 · Version 1.0
1. Scope
This policy covers the Virtue learning platform operated for VCA Virtual. It explains what we collect, why, who has access, and your rights as a parent or guardian.
This policy applies to data inside Virtue. It does not govern third-party tools (like IXL) that have their own privacy policies — see the vendor list below.
2. What we collect
- Student records: name, grade level, enrolled courses, attendance, lesson completions, submissions, grades, comments from teachers.
- Family records: parent/guardian name, email, phone, relationship to student.
- Account credentials: hashed passwords (never stored in plain text after 30 days). A short-term cleartext copy may exist for support purposes and is auto-purged.
- Activity logs: login timestamps, lesson views, submission timestamps. Retained for compliance and audit purposes.
- Communications: emails and messages we send to families are logged in our internal CRM for audit. We do not log incoming personal email.
We do not collect: payment information, health data, government IDs, location data, advertising identifiers, or biometric data.
3. COPPA (Children's Online Privacy Protection Act)
For students under 13, federal law requires verifiable parental consent before we collect personal information online.
- By enrolling your child, you consent to our collection and use of the categories listed in Section 2 for educational purposes.
- You may review your child's data at any time by requesting it in writing.
- You may revoke consent and request deletion at any time. We will delete or de-identify within 30 days, subject to records we are required by law to retain.
- We do not share children's personal information with third parties for advertising or marketing.
4. FERPA-Aligned Practice
As a private school, VCA Virtual is not directly bound by FERPA, but follows FERPA-aligned practices as a matter of policy:
- Parents (and students 18+) may inspect and review education records.
- Parents may request correction of records they believe are inaccurate.
- We disclose records only to school officials with a legitimate educational interest, to organizations conducting studies on our behalf, or as required by law.
- Directory information (name, grade level, photo) is not published without consent.
5. Wisconsin Pupil Records — § 118.125
Wisconsin Statute § 118.125 governs pupil records at public and choice-participating schools. As a Wisconsin Parental Choice Program (WPCP/RPCP) participant, VCA Virtual applies these standards:
- Behavioral and progress records: retained for 1 year after graduation/withdrawal, then destroyed.
- Academic records (transcripts): retained permanently.
- Disclosure requires written consent except in narrow exceptions enumerated in § 118.125(2).
- Parents have the right to inspect, copy, and challenge the contents of records.
6. Wisconsin Breach Notice — § 134.98
If personal information held by Virtue is acquired by an unauthorized person, we will notify affected families within 45 days of discovery, as required by Wisconsin § 134.98 and applicable federal rules.
Notice will be made by email to the address on file, and by US mail if email is undeliverable.
7. Third-Party Vendors
The following services receive limited data necessary to operate the platform. Each has its own privacy policy.
| Vendor |
What they receive |
| Amazon Web Services (AWS) |
Server hosting (Lightsail, US-East). All student data resides here. |
| Microsoft 365 |
Outbound email from virtual@vcaschool.org for credentials + notifications. |
| IXL Learning |
Math + ELA practice. Student name + grade level transmitted; no academic content stored on our side. |
| Forum CRM (self-hosted) |
Family correspondence tracking. Same AWS box as Virtue. |
| Cloudflare |
DNS + CDN for vcavirtual.org. No student records transit Cloudflare. |
| Let's Encrypt |
TLS certificates. No personal data shared. |
8. Data Retention
- Active enrollment: data retained for the duration of enrollment.
- After withdrawal/graduation: behavioral records 1 year, academic records permanent.
- Daily backups retained 90 days; long-term archival snapshots may extend further.
- Cleartext password copies used for support: purged automatically after 30 days.
- Audit logs and login events: retained 7 years to support DPI and audit review.
9. Your Rights
- Access: request a copy of your student's records.
- Correction: request changes to inaccurate records.
- Deletion: request deletion of your student's data, subject to legal retention requirements.
- Withdraw consent: for under-13 students, withdraw COPPA consent and stop further collection.
- Complaint: file a complaint with us, or with the state DPI / Attorney General, or with the FTC.
To exercise any of these rights, contact your school administrator. We respond within 30 days.
10. Contact
Privacy inquiries: contact your school's administrator. All requests are logged in our internal portfolio system.
This policy may be updated. Material changes will be communicated by email to families and re-posted here with a new effective date. Prior versions are available on request.