
The 7-Layer California Student Data Privacy Stack
If your district's privacy strategy begins and ends with "our vendor says they're FERPA-certified," you have a compliance gap. Not a small one. A seven-layer one.

If your district's privacy strategy begins and ends with "our vendor says they're FERPA-certified," you have a compliance gap. Not a small one. A seven-layer one.

School administrators collect useful data — attendance, grades, discipline incidents, demographics, enrollment trends — but asking a quick question usually means a BI tool, a ticket, or a spreadsheet export. Most "AI" assistants route the question to a cloud API, which is a non-starter when the data includes student information. I built Local First Education Data Stack (LFED), a Gradio assistant that lets school staff ask plain-English questions and get answers from a local DuckDB database. The live demo runs on Hugging Face ZeroGPU; the product itself can run offline with llama.cpp + GGUF. No data leaves the machine. This is what I learned building it for the HF Build Small Hackathon "Backyard AI" chapter.

Your district's data infrastructure has a debt problem. And unlike financial debt, it doesn't show up on a balance sheet — it shows up at 11 PM on a Wednesday, when your data analyst is manually cross-referencing CSV exports because the vendor system that was supposed to produce the board report can't deliver. This is institutional data debt — the compounding accumulation of manual workarounds, fragmented software silos, and inaccessible records that accumulate every time a district patches a workflow instead of fixing it. It's not a technical nuisance. It's a strategic threat.
