Schedule Free Consultation

Privacy Policy

Privacy Policy

Dynamic Education Consulting and Solutions, LLC

Effective Date: June 30, 2025     Last Updated: May 7, 2026

1. Introduction

Dynamic Education Consulting and Solutions, LLC (“DECS,” “we,” “our,” or “us”) is a Washington limited liability company that provides program review, audit, coaching, training, and related advisory services to public and private K-12 school systems and other education organizations. DECS also delivers professional learning to educators through an online learning management system (“LMS”) hosted on Canvas (the “Online Learning Platform”). We are committed to protecting the privacy and security of personal information that we collect, receive, or otherwise process in connection with our website at www.DEC.Solutions (the “Site”), our consulting services (the “Services”), and the Online Learning Platform.

This Privacy Policy describes the categories of information we collect, how we use and disclose that information, the safeguards we apply, and the rights and choices available to individuals whose information we process. Because our work routinely involves K-12 student records and educator records, this Policy also explains how we comply with the Family Educational Rights and Privacy Act (“FERPA”), the Individuals with Disabilities Education Act (“IDEA”), Section 504 of the Rehabilitation Act (“Section 504”), the Protection of Pupil Rights Amendment (“PPRA”), the Children’s Online Privacy Protection Act (“COPPA”), and Washington’s student data privacy framework, including chapter 28A.604 RCW and related laws.

2. Scope of this Policy

This Policy applies to information that DECS collects or receives:

  • Through the Site, including pages, contact and intake forms, downloads, and any communications you send to us;
  • In connection with the Services we deliver to clients, including school districts, educational service districts, charter schools, and similar entities (each a “Client” or “District”);
  • Through the Online Learning Platform, including educator accounts, course participation, and assessment activity; and
  • In our day-to-day business operations, including communications with prospective clients, vendors, and the public.

When we provide Services or Online Learning Platform access to a District, the District typically remains the controller of the personal information we receive (including any student or educator records). In those cases, we act as a service provider, processor, or “school official” with a legitimate educational interest, as further described in Sections 5 and 7 of this Policy. The District’s own privacy notices and policies govern the underlying collection of that information from students, families, employees, and others. This Policy is intended to supplement, not replace, those notices.

3. Information We Collect

3.1 Information you provide directly

We may collect the following information when you interact with the Site or contact us:

  • Identifiers and contact details, such as your name, title, employer, work email address, work phone number, and mailing address;
  • Professional information, such as your role, organization size, areas of interest, and the nature of any inquiry or request for proposal;
  • Communications and content, such as messages you send through contact or intake forms, email correspondence, meeting notes, and documents you provide to us; and
  • Marketing preferences, such as your subscription status for newsletters or other communications.

3.2 Information collected automatically through the Site

When you visit the Site, we and our service providers may automatically collect limited technical information, including IP address, device and browser type, operating system, referring and exit pages, pages viewed, dates and times of access, and similar log data. This information is collected through cookies, pixels, and similar technologies for the purposes described in Section 13 below.

3.3 Information we receive through the Services

In the course of delivering Services to a District, we may receive or have access to:

  • District operational records, such as policies, procedures, organizational charts, board materials, financial summaries, staffing rosters, and other internal documents;
  • Personnel information about District employees, contractors, and consultants, including names, job titles, schedules, certifications, evaluation summaries (where shared), and information collected through interviews, focus groups, walk-throughs, and surveys;
  • Student records and personally identifiable information (“Student PII”), which may include names, dates of birth, grade levels, schools, demographic information, attendance and discipline data, assessment results, special education and Section 504 records (including IEPs, evaluation reports, behavior plans, and service logs), English learner status, multilingual program participation, and other education records as defined by FERPA; and
  • Family contact information that appears within District-provided records, such as parent/guardian names, addresses, and phone numbers.

We collect Student PII only in the form and to the extent reasonably necessary to perform the Services described in the applicable Master Services Agreement, Statement of Work, or similar engagement document (collectively, the “Engagement Documents”). Wherever practical, we ask Districts to share aggregated or de-identified data and to mask or redact Student PII before sharing it with us.

3.4 Information we receive through the Online Learning Platform

When DECS provides the Online Learning Platform to a District, the District provides DECS with a roster of authorized educators (such as teachers, paraeducators, administrators, and other District staff designated to participate, each a “Participant”). DECS uses that roster to provision Participant accounts on the Canvas LMS hosted by Instructure, Inc. (“Instructure”). In connection with the Online Learning Platform, DECS receives, generates, or processes the following categories of information:

  • Account information, such as Participant first and last name, work email address, District affiliation, building or department, role or job title, and any unique identifier supplied by the District for roster matching;
  • Authentication information, such as login records, password hashes (managed by Instructure), session tokens, multi-factor authentication signals, and IP address;
  • Course access and engagement data, such as enrollment in courses or sections, dates and times of access, page and module views, click-stream activity, time on task, and similar usage telemetry;
  • Assignment and assessment data, such as assignment submissions, written responses, file uploads, discussion posts, quiz answers, scores, rubric ratings, instructor feedback, completion status, and certificates of completion;
  • Communications, such as messages sent through the LMS inbox, course discussions, announcements, and any support tickets submitted to DECS in connection with the Online Learning Platform; and
  • Device and technical information collected by Instructure to operate the Canvas service, such as browser type, operating system, device identifiers, and crash logs.

Participant data collected through the Online Learning Platform consists of records concerning adult District employees engaged in professional learning. It is not Student PII or “education records” of K-12 students under FERPA. It is, however, treated by DECS as confidential personnel and professional learning information, and is protected consistent with the District’s policies, applicable employee privacy laws, and this Policy. Where the District designates DECS as a “school official” with respect to any Student PII used within the Online Learning Platform (for example, anonymized case examples or de-identified scenarios), the FERPA protections in Section 5 also apply.

3.5 Information from third parties

From time to time we may receive information from publicly available sources (such as state agency reports, OSPI publications, or District websites) or from service providers we use to support our operations (such as scheduling, accounting, file storage, identity, and analytics providers). Any such information is handled in accordance with this Policy.

4. How We Use Information

We use information for the following purposes:

  • Delivering the Services described in the Engagement Documents, including data collection, analysis, reporting, coaching, training, and implementation support;
  • Operating, securing, and improving the Online Learning Platform, including provisioning and maintaining Participant accounts, enrolling Participants in courses, delivering instructional content, evaluating assignments and assessments, providing instructor feedback, and issuing certificates or records of completion;
  • Reporting Participant progress, completion, and assessment results to the District as set forth in the applicable Engagement Documents (which may include detailed scores and assignment-level data for clock hours, professional development credit, evaluation, or compliance purposes);
  • Communicating with you, responding to inquiries, scheduling meetings, providing technical support, and administering accounts and contracts;
  • Operating, maintaining, securing, and improving the Site and the Services;
  • Producing aggregated, de-identified, or anonymized analyses, benchmarks, training examples, and research, provided that the resulting outputs do not reasonably permit identification of any individual student, family, employee, or District;
  • Sending administrative messages, service updates, and (where permitted) marketing communications you may opt out of at any time;
  • Complying with legal obligations, responding to lawful requests, enforcing our agreements, and protecting our rights, the rights of our Clients, and the safety of others; and
  • Other purposes that are clearly disclosed at the time information is collected or that are reasonably necessary and consistent with the purposes above.

We do not use Student PII or Participant information for advertising, profiling, or any commercial purpose unrelated to the Services or the Online Learning Platform. We do not sell Student PII or Participant information, and we do not use Student PII to build personal profiles of students, except as expressly directed by the District for an authorized educational purpose.

5. Legal Basis for Processing School Records

When we receive education records from a District, we rely on the following legal bases and frameworks:

FERPA “school official” exception. Where a District designates DECS as a “school official” with a “legitimate educational interest” under 34 C.F.R. § 99.31(a)(1)(i)(B), the District may disclose education records to DECS without separate parental consent. DECS will (a) perform a service or function for which the District would otherwise use its own employees, (b) be under the District’s direct control with respect to the use and maintenance of education records, and (c) use education records only for authorized purposes and not redisclose them except as permitted by FERPA and the District.

IDEA confidentiality. Special education records are also subject to the confidentiality provisions of the Individuals with Disabilities Education Act, 34 C.F.R. §§ 300.610-300.626, and chapter 392-172A WAC. We treat special education records as confidential and access them only as necessary to perform the Services.

Section 504 and the ADA. Records of students with disabilities under Section 504 and the Americans with Disabilities Act are protected and used only for purposes consistent with the Services and applicable law.

PPRA. We do not administer surveys to students that include the protected categories described in 20 U.S.C. § 1232h(b) without the District’s express direction and confirmation that any required parental notice or consent has been obtained.

Washington student data privacy. When applicable, we comply with chapter 28A.604 RCW and related Washington statutes, including limitations on the use, disclosure, and retention of student personal information collected from K-12 students. We do not engage in targeted advertising to students or their families, do not sell student personal information, and use student personal information only for authorized educational purposes specified by the District.

Educator and personnel information. Participant information processed in connection with the Online Learning Platform is treated as confidential employment-related information of the District. DECS uses this information only to deliver the Online Learning Platform and to report on Participant progress and completion as authorized by the District, consistent with the District’s personnel policies and applicable Washington law (including, where relevant, RCW 42.56.230 and other personnel records protections).

6. How We Disclose Information

We disclose information only as described in this Policy and as permitted or required by law:

Within DECS. To members, employees, and contractors of DECS who have a need to know the information to deliver the Services, operate the Online Learning Platform, or operate our business, and who are bound by written confidentiality and data protection obligations.

To the District. We share findings, deliverables, supporting materials, and Online Learning Platform activity reports (including detailed scores and assignment-level data for individual Participants) with authorized District personnel as set forth in the Engagement Documents.

Service providers and subprocessors. We use a limited set of vendors to support our operations, such as cloud storage, communication, scheduling, accounting, and security tools, and we use Instructure to host and operate the Canvas LMS that powers the Online Learning Platform. These vendors process information on our behalf under written terms that require appropriate confidentiality and security safeguards. We do not authorize subprocessors to use Student PII or Participant information for their own commercial purposes. A current list of subprocessors is available to Districts upon request and is summarized in Section 7 below.

Legal and safety reasons. We may disclose information when we have a good-faith belief that disclosure is required or permitted by applicable law, court order, subpoena, or other lawful process; to comply with a regulatory or governmental request; to enforce our agreements; or to protect the rights, property, or safety of DECS, our Clients, students, employees, or others. Where reasonably possible and legally permitted, we will notify the relevant District before disclosing Student PII or Participant information pursuant to legal process.

Business transfers. If DECS is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred to the successor entity, subject to obligations consistent with this Policy. We will not transfer Student PII or Participant information as part of such a transaction except as permitted under applicable law and contracts, and we will require the successor to honor the protections in this Policy.

Aggregated or de-identified information. We may share aggregated or de-identified information that cannot reasonably be used to identify any individual.

No sale of personal information; no targeted advertising. We do not sell, rent, or trade personal information, and we do not use personal information for cross-context behavioral or targeted advertising.

7. Subprocessors

DECS engages a limited set of trusted subprocessors to support the Site, the Services, and the Online Learning Platform. Each subprocessor is bound by written terms that include confidentiality, information security, and data-use limitations consistent with this Policy and applicable law. Key subprocessors include:

Instructure, Inc. (Canvas LMS). Instructure hosts and operates the Canvas LMS that powers the Online Learning Platform, including account management, course delivery, assessments, and grade book features. DECS configures the Canvas instance, manages course content, and controls Participant access. Instructure processes Participant data on behalf of DECS under its applicable customer and data processing terms. More information about Instructure’s privacy and security practices is available at www.instructure.com.

Cloud infrastructure, productivity, and communication providers. We use established providers for email, file storage, document collaboration, scheduling, video conferencing, and similar functions. These providers process information on our behalf under their applicable customer terms and data protection commitments.

Business operations. We use a limited number of vendors for accounting, payroll, payment processing, contract management, and similar back-office functions. These vendors do not have routine access to Student PII or Participant assessment content.

A current, detailed list of subprocessors is available to Districts on request. We provide reasonable advance notice to active District Clients of any material change in the subprocessors that process Student PII or Participant information.

8. Our Role as Service Provider and “School Official”

When we provide Services or the Online Learning Platform to a District that involve access to education records or Participant information, we act as a service provider, processor, and (where applicable to education records) “school official” under FERPA. The District is and remains the data controller and the educational agency or institution responsible for the underlying records. We process such information solely on documented instructions from the District as set forth in the Engagement Documents and this Policy, and we do not use such information for any purpose other than to provide the Services, operate the Online Learning Platform, or as required by law.

We will not redisclose education records or Participant information to any third party except (a) to authorized District personnel, (b) to subprocessors that meet the standards in Section 7, (c) as required by law, or (d) as the District otherwise expressly authorizes in writing. We will reasonably cooperate with the District in responding to requests from parents, eligible students, Participants, or regulators concerning records held by DECS.

9. Data Security

DECS maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These safeguards are reasonable in light of the sensitivity of the information and applicable legal standards, and include:

  • Access controls, including role-based access, unique user accounts, strong password requirements, and multi-factor authentication on systems that store personal information, including the DECS-administered Canvas environment;
  • Encryption of personal information in transit using current industry standards and at rest where supported by our service providers;
  • Use of reputable cloud and learning-platform services configured to limit external sharing of files containing Student PII or Participant assessment data;
  • Logical separation of Client data, including, where reasonable, separate folders, projects, Canvas sub-accounts, or workspaces per District;
  • Workforce training on confidentiality, FERPA, IDEA, student data privacy, and personnel records obligations, with written confidentiality acknowledgments for personnel who access Student PII or Participant information;
  • Vendor management practices, including written contracts that impose confidentiality and security obligations on subprocessors (including Instructure);
  • Periodic review of safeguards and access privileges, including timely deactivation of Participant accounts when an individual is no longer authorized; and
  • A documented incident response process described in Section 11 below.

No system can be guaranteed to be completely secure. While we work hard to protect personal information, we cannot guarantee its absolute security and disclaim any such warranty to the extent permitted by law.

10. Data Retention and Deletion

We retain personal information only for as long as reasonably necessary to provide the Services and the Online Learning Platform, satisfy the purposes described in this Policy, comply with applicable legal, accounting, or reporting obligations, resolve disputes, and enforce our agreements. Retention periods for District data are typically governed by the Engagement Documents.

Unless the Engagement Documents specify otherwise, we will return or delete Student PII and other District-provided personal information within sixty (60) days after the earlier of (a) the District’s written request, (b) completion or termination of the engagement, or (c) a date specified in the Engagement Documents.

For the Online Learning Platform, course completion and assessment records are retained for the duration of the District’s subscription and for a reasonable period thereafter to support the District’s recordkeeping needs (such as clock-hour verification or professional development audits), not to exceed the period specified in the Engagement Documents. Following that period, Participant accounts will be deactivated and Participant assessment content will be deleted or returned to the District. We may retain de-identified or aggregated information, internal work product, and routine business records (such as invoices and engagement letters) as permitted by law.

11. Incident Response and Breach Notification

We maintain an incident response process designed to detect, contain, investigate, and remediate security incidents involving personal information, including incidents originating in the Online Learning Platform or in the systems of any subprocessor. If we determine that an unauthorized acquisition, access, use, or disclosure of personal information has occurred, we will:

  • Promptly investigate the incident and take reasonable steps to contain and mitigate it;
  • Notify the affected District without unreasonable delay, and in any event within the timeframes required by the Engagement Documents and applicable law;
  • Provide the District with information reasonably necessary for the District to satisfy its own notification obligations under federal and Washington law, including RCW 19.255.010, RCW 42.56.590, and chapter 28A.604 RCW, as applicable; and
  • Reasonably cooperate with the District in providing notice to affected individuals and regulators, when required.

For purposes of clarity, the District remains the entity primarily responsible for issuing breach notifications to affected students, parents, eligible students, employees, Participants, and regulators concerning education records and other personal information for which the District is the controller. DECS will support the District in fulfilling those obligations.

12. Your Rights and Choices

12.1 Site visitors and direct contacts

You may contact us at any time using the information in Section 17 to ask about the personal information we hold about you, request access, correction, or deletion, or opt out of marketing communications. We will respond consistent with applicable law.

12.2 Online Learning Platform Participants

Participants may access and update certain account information directly within the Canvas LMS (for example, profile name and notification preferences). Requests to correct or delete account, course participation, or assessment records held by DECS on behalf of a District should ordinarily be directed to the District, which is the controller of those records. DECS will reasonably cooperate with the District in responding.

12.3 Parents, eligible students, and District employees

Where we hold personal information on behalf of a District, the District is the appropriate point of contact for requests to access, inspect, correct, or amend education records and personnel-related records. If we receive such a request directly from a parent, eligible student, Participant, or District employee, we will refer the requester to the District and reasonably support the District in responding.

12.4 State privacy rights

Depending on your jurisdiction and the nature of the information involved, you may have additional rights under state law (for example, certain rights under the California Consumer Privacy Act for California residents). Most of the information we process about students, families, and District employees is exempt from these laws because it is governed by FERPA, employment laws, or related sectoral regimes. To exercise applicable state privacy rights related to information we hold as a controller, please contact us using the information in Section 17.

13. Cookies and Similar Technologies

The Site uses cookies and similar technologies (such as pixels and local storage) to enable basic functionality, remember preferences, measure traffic, and improve performance. The Online Learning Platform uses cookies and tokens that are necessary for authentication, session management, and core LMS functionality, as configured by Instructure. We may use first-party and limited third-party analytics tools that aggregate visitor and Participant activity for the purpose of operating and improving our offerings. We do not use the Site or the Online Learning Platform to deliver targeted advertising to students or Participants. You can control cookies through your browser settings; disabling certain cookies may affect Site or LMS functionality.

14. Children’s Privacy

The Site and the Online Learning Platform are intended for adult professionals, including District administrators, educators, and education leaders. They are not directed to children under the age of 13, and we do not knowingly collect personal information from children through them. To the extent that we receive personal information about students under the age of 13 from a District in connection with the Services (for example, embedded references in a Statement of Work or program review), we treat that information as Student PII subject to FERPA, COPPA (where applicable), Washington law, and the protections in this Policy. We act on the District’s instructions and do not direct services or marketing to children.

15. Third-Party Links and Tools

The Site, the Online Learning Platform, and our communications may contain links to third-party websites, integrations, or tools (for example, external readings, video providers, or assessment integrations within Canvas). We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third party before sharing information with them.

16. Where We Operate; Changes to this Policy

DECS is based in the State of Washington in the United States, and our Services and Online Learning Platform are intended primarily for K-12 systems and educators located in the United States. Information you provide to us is processed in the United States, where data protection laws may differ from those of your jurisdiction.

We may update this Policy from time to time. The “Last Updated” date at the top of this Policy indicates when it was last revised. Material changes will be posted on the Site and, where appropriate, communicated to active Clients. Your continued use of the Site, the Services, or the Online Learning Platform after the effective date of an update constitutes acceptance of the updated Policy.

17. Contact Information

Questions, concerns, or requests regarding this Policy may be directed to:

Dynamic Education Consulting and Solutions, LLC

Attn: Chief Operations Officer/Privacy Officer

1281 Alpine Lane

Fircrest, WA 98466

Email: HGbenro@DEC.Solutions

Web: www.DEC.Solutions

Phone: 253-376-4062

For requests concerning education records, parents, eligible students, and District employees should first contact their school district’s records or privacy officer. DECS will reasonably cooperate with the District in responding to such requests.