Privacy at Syncc

1. Our role

Syncc is provided to schools and districts (our "customers") and processes data on their behalf. For student records, we act as a school official / service provider under FERPA, using school data only to provide the service. The district owns and controls that data and remains the data controller. Parents and eligible students exercise their rights through their school or district, which we support.

2. Information we process

Roster & schedule data the district provides (a one-time/periodic CSV export, or an authorized read-only Clever connection): names, school email, and role; grade level, schools, course sections, periods, terms, and enrollments; room assignments where available.

Account & sign-in data: identifiers and tokens via Google, Microsoft, or Clever single sign-on, or a local account / magic link.

Operational data created in the product: records the school generates by using Syncc — hall-pass entries, drill/emergency roll-call records, announcements, front-desk visitor logs, and sign-in records.

Technical & usage data: standard log data (IP address, device/browser type, timestamps) used to operate, secure, and troubleshoot the service.

3. How we obtain roster data — and what we don't do

We obtain roster data only with the district's authorization, by CSV import or a read-only Clever connection, and the district controls which schools and fields are shared. We connect to Clever read-only — we do not write back to, or modify, your student information system. We request the minimum data needed to run the features the school enables.

4. How we use information

To provide and operate the features the school enables; authenticate users and secure accounts; maintain, troubleshoot, and improve reliability and performance; communicate with the school's administrators; and comply with legal obligations.

We do not sell personal information, use student personal information for advertising or to build advertising profiles, or use student personal information to train artificial-intelligence models. If we add AI-assisted features in the future, we will update this policy first and design them to be PII-free (only de-identified inputs leave our systems).

5. Sharing and subprocessors

We share information only with service providers that help us run Syncc, under contracts limiting them to that purpose — cloud hosting/infrastructure, rostering and single sign-on (e.g., Clever, Google, Microsoft), and email delivery. We may also disclose information where required by law. A current subprocessor list is available to customers on request. We do not otherwise share personal information with third parties.

6. Storage, location, and security

Syncc is deployed per-district, with each district's data logically separated from other customers'. Data is stored in the United States. We protect data in transit with encryption (HTTPS/TLS) and apply administrative, technical, and organizational safeguards appropriate to the data. No method of transmission or storage is completely secure, but we work to protect your data.

7. Retention and deletion

We retain school data for as long as the district uses Syncc, or as the customer agreement specifies. On a district's request, or after the agreement ends, we delete or return the district's personal data except where retention is required by law, and backups are purged on our standard cycle. A district or school administrator may request correction or deletion of specific records at any time.

8. Children's privacy (COPPA)

Syncc is designed for use by schools, is not marketed to children, and does not knowingly collect personal information directly from children for our own purposes. Where Syncc is used with students under 13, the school/district provides consent and direction on the parents' behalf, consistent with COPPA's school-authorization framework, and we use student data only to provide the service to the school.

9. Your choices and rights

Because the district controls the data, parents, students, and staff should direct requests to access, correct, or delete information to their school or district, which we will support. Administrators can manage and export data within the product.

10. Changes to this policy

If we make material changes, we will update the "last updated" date above and notify customer administrators.