# Sukma FERPA Readiness Statement

Effective Date: February 27, 2026

Sukma is designed to support FERPA-ready institution-managed learning
workflows. We provide the governance controls, retention settings,
auditability, and contractual posture that colleges and learning
organizations need when deploying AI-native learning experiences.

FERPA is a legal framework, not a product certificate. Final compliance
depends on how an institution governs the deployment, configures its
controls, and defines the contractual relationship.

## What This Covers

- Institution-managed session data generated during live learning workflows
- User data used for role-based access, administration, and governance
- Course data used to provide learning context and session continuity
- Session artifacts such as audience queries, examples, assessments, whiteboards, and summaries
- Policy, evidence, and audit records used for institutional review

## Core Controls

- Institution-governed handling of student-related records
- Audience question lifecycle tracking for accountability in live sessions
- Configurable retention window from 7 to 90 days
- Post-retention redaction for governed conversation payloads while metadata is preserved for audit history
- Explicit organization purge for governed conversation records and selected session artifacts
- Session-summary continuity without indefinite raw-conversation retention
- Evidence records that support procurement, security review, and governance

## Scope Boundary

This statement applies to institution-managed use. Independent learner
accounts are governed by Sukma's Privacy Notice and Terms of Service.

## Positioning

Appropriate language:
- FERPA-ready
- FERPA-aligned

Institutional counsel review is recommended before contract execution.