Privacy Policy

Last Updated: August 23, 2025

1. Introduction

EduTrack, Inc. ("we," "our," or "us") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our educational management platform ("Service").

We comply with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and other applicable privacy laws and regulations.

2. Information We Collect

2.1 Student Educational Records

We collect and process educational records as defined by FERPA, including:

  • Student identification information (names, student IDs, grade levels)
  • Academic performance data (grades, test scores, assignment submissions)
  • Attendance and enrollment records
  • Disciplinary records when relevant to academic progress
  • Communication records between educators and students

2.2 Account Information

When you create an account, we collect:

  • Name and contact information
  • Institution affiliation
  • Role and access permissions
  • Login credentials (encrypted)

2.3 Technical Data

We automatically collect certain technical information:

  • Device information and browser type
  • IP addresses and location data (when necessary for security)
  • Usage patterns and feature interactions
  • Log files and system performance data

3. Purposes for Data Processing

We process personal information for the following purposes:

3.1 Educational Services

  • Providing learning management and tracking capabilities
  • Generating academic reports and analytics
  • Facilitating communication between educators and students
  • Supporting individualized learning plans

3.2 Platform Operations

  • Maintaining system security and preventing fraud
  • Providing technical support and customer service
  • Improving platform functionality and user experience
  • Ensuring compliance with legal obligations

4. Legal Bases for Processing

Our legal bases for processing personal information include:

  1. Contractual Necessity: Processing necessary to perform our agreement with educational institutions
  2. Legal Obligation: Compliance with FERPA, COPPA, and other applicable laws
  3. Legitimate Interests: Improving educational outcomes and platform security
  4. Consent: Where explicitly provided for specific processing activities

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain user sessions and preferences
  • Ensure platform security
  • Analyze usage patterns to improve our Service
  • Provide personalized educational experiences

You can control cookie preferences through your browser settings, though some functionality may be limited if cookies are disabled.

6. Analytics and Performance Monitoring

We use analytics tools to understand how our Service is used and to identify areas for improvement. This includes:

  • Aggregated usage statistics (no personally identifiable information)
  • Performance monitoring to ensure optimal service delivery
  • Error tracking to identify and resolve technical issues

All analytics data is anonymized and aggregated to protect individual privacy.

7. Data Sharing and Disclosure

We do not sell, rent, or trade personal information. We may share information only in the following circumstances:

7.1 Within Educational Institutions

  • Between authorized educators within the same institution
  • With school administrators for legitimate educational purposes
  • As directed by the institution's data sharing policies

7.2 Service Providers

  • Cloud hosting and infrastructure providers
  • Security and monitoring service providers
  • Customer support and communication tools

All service providers are contractually obligated to protect personal information and use it only for specified purposes.

7.3 Legal Requirements

We may disclose information when required by law, court order, or to protect the safety and security of our users and the Service.

8. Data Retention

We retain personal information only as long as necessary for:

  • Providing educational services during the active subscription period
  • Complying with legal and regulatory requirements
  • Resolving disputes and enforcing our agreements

Student educational records are typically retained according to the institution's retention policies and applicable law. When an institution terminates their subscription, they have 30 days to export their data before permanent deletion.

9. Data Security

We implement comprehensive security measures including:

9.1 Technical Safeguards

  • End-to-end encryption for data in transit and at rest
  • Multi-factor authentication and role-based access controls
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems

9.2 Operational Safeguards

  • Employee background checks and privacy training
  • Access logging and monitoring
  • Incident response and breach notification procedures
  • SOC 2 Type II compliance certification

10. International Data Transfers

Our Service is primarily hosted in the United States. If you access our Service from outside the US, your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

We implement appropriate safeguards for international transfers, including standard contractual clauses and adequacy decisions where applicable.

11. Your Rights and Choices

You have the following rights regarding your personal information:

11.1 Access and Portability

  • Request access to your personal information
  • Obtain copies of your data in a machine-readable format
  • Export educational records and course content

11.2 Correction and Updates

  • Update account information and preferences
  • Correct inaccurate educational records
  • Modify access permissions and roles

11.3 Deletion and Restriction

  • Request deletion of personal information (subject to legal retention requirements)
  • Restrict processing for specific purposes
  • Object to certain types of data processing

To exercise these rights, please contact us using the information provided in Section 14.

12. Children's Privacy

We are committed to protecting children's privacy in compliance with COPPA. When processing information of children under 13:

  • We collect only information necessary for educational purposes
  • We do not use children's information for marketing or advertising
  • We provide parents and schools with access and control over children's information
  • We maintain enhanced security measures for children's data

Schools act as agents for parents in providing consent for educational use of children's information as permitted under COPPA.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will provide notice of material changes through the Service or via email to account administrators. Your continued use of the Service after such notice constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Privacy Officer

EduTrack, Inc.
123 Education Lane
Tech Valley, CA 94105
Email: privacy@edutrack.com
Phone: +1 (555) 123-4567

Response Times

  • General privacy inquiries: 5 business days
  • Access requests: 30 days
  • Deletion requests: 30 days (subject to legal requirements)
  • Security incidents: Immediate response

Effective Date: This Privacy Policy is effective as of August 23, 2025. We are committed to transparency and will continue to update this policy as our practices evolve and new regulations take effect.