A legally sound enrollment agreement for an online K-12 school must address several unique issues that standard service agreements miss:

Parent/Guardian Authority

• Signing authority verification - The enrolling adult must have legal authority over the child's education. This matters in custody disputes.
• Divorced parent provisions - Who can make enrollment decisions? Who receives report cards? What happens if parents disagree?
• Emergency contacts and decision rights - For virtual schools, this may seem less relevant but matters for counseling referrals, etc.

Service Description Precision

• Synchronous vs. asynchronous - Clearly define what "online school" means. Live classes? Recorded content? Teacher interaction frequency?
• Academic calendar and schedules - When are classes held? What time zones? This matters for international families.
• Technology requirements - What hardware/software/internet speed is required? Who's responsible if the student can't access classes?
• Teacher-student ratios - If you advertise small class sizes, this becomes a contractual commitment.

Academic Outcomes (Careful!)

• Avoid guarantees - Never promise specific academic outcomes, grade improvements, or college acceptance.
• "College prep" claims - If you market as college preparatory, you need substantiation. What does this actually mean?
• Credit transfer representations - Be very careful promising credits will transfer to other schools. They may not.

Refund policies for educational services are heavily regulated and vary by state. What's legal in Florida may violate California law.

Pro-Rata Refund Requirements

Many states require pro-rata refunds for educational services when students withdraw. California Education Code, for example, requires private postsecondary schools to follow specific refund calculations. While K-12 private schools have more flexibility, consumer protection principles still apply.

Key Refund Policy Elements

• Cooling-off period - Consider a 3-7 day full refund window after enrollment. This reduces chargebacks and complaints.
• Mid-term withdrawal - How is the refund calculated? By day? By week? By percentage of term completed?
• Non-refundable fees - Registration fees, material fees, etc. must be clearly disclosed BEFORE enrollment.
• Trial periods - If you offer trial classes, when does the commitment begin?

Cancellation Process

• Written notice requirements - Can parents cancel by email? Phone? Only in writing?
• Effective date - When does cancellation take effect? Immediately? End of billing cycle?
• Refund timing - How quickly must refunds be processed? Many states require 30 days or less.

Your handbook likely contains policies you want to enforce: academic integrity, behavior standards, attendance requirements, technology use. But is the handbook actually binding?

Incorporation by Reference

For handbook provisions to be enforceable, they must be properly incorporated into the enrollment agreement:

• Explicit reference - The enrollment agreement must clearly state the handbook is incorporated and binding.
• Accessibility - Parents must have access to the handbook BEFORE signing (not just after enrollment).
• Acknowledgment - Best practice is a separate signature/checkbox confirming handbook receipt and agreement.
• Version control - Which version applies? Can you change the handbook mid-year?

Modification Rights

If you want to change handbook policies during the school year, your enrollment agreement needs a clear modification clause:

• Notice requirements - How much advance notice before changes take effect?
• Material changes - For significant changes, consider requiring renewed consent.
• Retroactive application - Can new policies apply to past conduct? Generally, no.

Disciplinary Procedures

If your handbook includes suspension or expulsion procedures, they may create contractual due process rights. Once you commit to a procedure in writing, you must follow it.

California Business & Professions Code sections 17600-17606 impose strict requirements on any automatic renewal or continuous service offer. Even if you're a Florida school, California law applies if you have California students.

Disclosure Requirements (BEFORE Initial Payment)

• Clear and conspicuous - Auto-renewal terms must be displayed in a way that's easy to notice (not buried in fine print).
• Renewal price - Disclose the renewal amount. If price may increase, disclose that too.
• Renewal frequency - Monthly? Annually? Per semester?
• Cancellation procedure - Must explain exactly how to cancel.

Affirmative Consent

You must obtain the consumer's "affirmative consent" to auto-renewal terms BEFORE the initial charge. This typically means:

• A checkbox that is NOT pre-checked
• Clear acknowledgment of the recurring nature
• Consent to the specific terms (amount, frequency, cancellation)

Post-Purchase Confirmation

After enrollment, you must provide written acknowledgment (email is fine) that includes:

• Confirmation of auto-renewal terms
• Cancellation policy and procedure
• Contact information for cancellation requests

Cancellation Mechanism

Critical: Cancellation must be as easy as enrollment. If parents can enroll online, they must be able to cancel online. You cannot require phone calls or written letters if enrollment was digital.

The Restore Online Shoppers' Confidence Act (ROSCA) is federal law that applies to all online subscription services. The FTC actively enforces this against education companies.

ROSCA Requirements

• Material terms disclosure - Before billing, clearly disclose all material terms of the transaction.
• Express informed consent - Obtain consent to be charged BEFORE taking payment information.
• Simple cancellation - Provide a simple mechanism for stopping recurring charges.

2024 FTC Click-to-Cancel Rule

The FTC's updated rule (effective 2024-2025) adds teeth to these requirements:

• Click-to-cancel - If consumers can sign up online, they must be able to cancel online with equal ease.
• No retention offers during cancellation - Limited ability to use "save" scripts or offers during the cancellation flow.
• Annual reminders - For certain subscriptions, annual reminders may be required before renewal.

Using Stripe Payment Links or Stripe Billing introduces additional compliance considerations. Stripe's terms don't protect you from auto-renewal law violations.

Payment Link Issues

• Disclosure placement - Auto-renewal disclosures must appear BEFORE the Stripe checkout, not just on the payment page.
• Card-on-file consent - Saving payment methods for future charges requires explicit consent.
• Subscription vs. one-time - Make crystal clear whether this is a recurring charge.

Chargeback Patterns to Watch

Education businesses see specific chargeback patterns:

• "Child signed up without permission" - Common with free trials that convert to paid. Solution: Require clear adult acknowledgment.
• "Didn't know it was recurring" - Failed disclosure compliance. Solution: Fix your ARL compliance.
• "Service not as described" - Enrollment agreement doesn't match marketing. Solution: Align all materials.
• "Couldn't cancel" - Cancellation was too difficult. Solution: Simplify cancellation process.

Stripe Account Health

High chargeback rates can get your Stripe account terminated. Education businesses are considered higher-risk due to:

• Long fulfillment periods (semester/year-long services)
• Subjective satisfaction (academic outcomes vary)
• High average transaction values

Multiple privacy laws may apply to your online school. Here's how they compare:

*FERPA only applies to schools receiving federal education funds. Most private schools don't.
**CCPA/CPRA applies if you meet revenue/data thresholds or sell personal information.

Recording live classes for replay or review creates both COPPA and wiretapping law issues. You need multiple forms of consent.

Two-Party Consent States

In these states, ALL parties to a conversation must consent to recording:

• California - Penal Code 632
• Florida - Two-party consent state
• Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Washington

If ANY participant (student, parent, teacher) is in a two-party consent state, you need everyone's consent.

Consent Best Practices

• Enrollment agreement clause - Include recording consent in the enrollment process
• Class-by-class announcement - State at the start of each recorded class that it's being recorded
• Opt-out alternative - What happens if a parent refuses recording consent? Offer an alternative (camera off, etc.)
• Retention policy - How long are recordings kept? Who can access them?

Recording Content Considerations

• Other students visible - Your recording captures other families' children. You need their consent too.
• Chat/comments - Student chat during class may be captured. Plan for this.
• Student work shared on screen - Additional data being collected.

When your school uses third-party tools (Zoom, Google Classroom, Canvas, etc.), you're sharing student data with those vendors. COPPA makes YOU responsible for ensuring vendors comply.

Required Due Diligence

• Vendor privacy policies - Review each vendor's privacy policy for COPPA compliance claims
• Data use limitations - Ensure vendors only use student data for school purposes, not advertising
• Data Processing Agreements - Get written agreements limiting how vendors use student data
• Student Privacy Pledge - Check if vendors have signed the Student Privacy Pledge

Common EdTech Risks

• Free tiers with data monetization - Some "free" EdTech tools monetize student data. Not COPPA-compliant.
• Consumer vs. education versions - Google Workspace for Education is different from consumer Gmail. Use the right version.
• Analytics and tracking - Some tools install cookies/trackers that collect COPPA-covered data.

Data Deletion Obligations

Under COPPA, parents can request deletion of their child's personal information. You need to:

• Have a process for receiving and honoring deletion requests
• Be able to direct your vendors to delete data
• Document what data exists and where

Private schools operate under different regulatory frameworks than public schools. Understanding your status is critical for compliance.

What Private Schools Generally DON'T Have to Do

• FERPA - Only applies to schools receiving federal education funds
• IDEA special education - Private schools don't have the same IEP obligations as public schools
• State curriculum mandates - Most states give private schools curriculum flexibility
• Teacher certification - Requirements vary widely by state

What Private Schools DO Have to Do

• State registration - Most states require private schools to register or file affidavits
• Attendance records - Compulsory education laws require tracking attendance
• Immunization records - Even for online schools, states may require documentation
• Non-discrimination - Some states have non-discrimination requirements for private schools

Florida-Specific Requirements

Florida private schools must:

• Register annually with the Florida Department of Education
• Maintain attendance and immunization records
• Have an annual educational evaluation for each student
• Provide a sequentially progressive curriculum

Accreditation claims are a major source of FTC and state AG enforcement actions against educational institutions. Be very careful here.

Types of Accreditation

• Regional accreditation - The "gold standard" (e.g., WASC, SACS). Rigorous standards.
• National accreditation - Various national bodies with different standards.
• Programmatic accreditation - For specific programs (less relevant for K-12).
• State approval - Different from accreditation. Registration ≠ accreditation.

Dangerous Claims

• "Accredited" without specifics - Must name the accreditor and what's actually accredited.
• "Credits transfer anywhere" - Almost never true. Transfer decisions are made by receiving schools.
• "Diploma recognized by colleges" - Needs substantiation. Which colleges? Under what conditions?
• "Equivalent to public school" - What does this mean? How is it measured?

Private schools have limited special education obligations compared to public schools, but you can still create liability by over-promising.

What Private Schools Are NOT Required to Do

• Free appropriate public education (FAPE) - That's a public school obligation
• Individualized Education Programs (IEPs) - Not required for private schools
• Child Find - Identifying and evaluating students with disabilities

What Private Schools MAY Be Required to Do

• ADA Title III - Places of public accommodation must provide "reasonable modifications" unless they create "undue burden" or "fundamental alteration"
• Section 504 - If you receive ANY federal funds (including federal student aid in higher ed contexts)

The Risk: Over-Promising

The real danger for private schools is making representations about accommodations that become contractual obligations:

• Marketing to students with learning differences - If you specifically market to this population, expectations are higher
• Handbook accommodation policies - If you promise specific accommodations, you must deliver
• Enrollment discussions - Verbal promises during enrollment can create obligations

Serving international families creates unique legal issues around jurisdiction, data transfers, and visa status.

Visa and Immigration

• F-1 visas - Only SEVP-certified schools can issue I-20s for student visas. Most online schools are NOT SEVP-certified.
• No I-20 = No F-1 - If you can't issue an I-20, international students cannot come to the U.S. on student visas based on your enrollment.
• Marketing implications - Don't imply enrollment helps with U.S. immigration if it doesn't.

Governing Law & Jurisdiction

• Choice of law clause - Specify which state/country's law governs the agreement.
• Dispute resolution - Arbitration? Courts? Which location?
• Enforceability concerns - A U.S. judgment may be difficult to enforce against a family in another country.

GDPR for EU Students

If you have students in the European Union, GDPR likely applies:

• Data processing lawful basis - Contract performance, consent, or legitimate interest
• Data subject rights - Access, erasure, portability, etc.
• Cross-border transfer mechanisms - Standard Contractual Clauses for EU-US data transfers
• Children's data - GDPR has special rules for processing children's data (under 16 in most countries)

Payment & Currency

• Currency specification - Clearly state all prices are in USD (or specify currency)
• International payment processing - Higher fees, potential fraud issues
• Chargebacks - International chargebacks can be more difficult to contest

Online schools face potential oversight from multiple agencies. Understanding who has jurisdiction helps you prioritize compliance.

Federal Regulators

• Federal Trade Commission (FTC)
  • COPPA enforcement (children's privacy)
  • Deceptive practices (false advertising, unsubstantiated claims)
  • Auto-renewal violations (ROSCA)
• Department of Education
  • Limited jurisdiction over private K-12
  • May be involved if you participate in any federal programs

State Regulators

• State Attorneys General
  • Consumer protection enforcement
  • State UDAP (unfair/deceptive practices) laws
  • Auto-renewal law enforcement
• State Education Departments
  • Private school registration/approval
  • Curriculum and attendance requirements
  • Teacher qualification (in some states)
• State Privacy Regulators
  • California Privacy Protection Agency (CCPA/CPRA)
  • Other state privacy law enforcement

Practical Risk Assessment