Privacy Policy

Effective Date: November 14, 2023

ShieldCampus, LLC ("ShieldCampus") is committed to safeguarding individual privacy and ensuring the confidentiality and security of personally identifiable information (“Personal Information”). This privacy policy (“Policy”) applies to our services, software, website, and applications (“Platform”) and describes how we collect, use, disclose, and protect Personal Information and other data, including our practices for satisfying the requirements of the Children’s Online Privacy Protection Act (“COPPA”) and ensuring the Platform’s alignment with the Family Educational Rights and Privacy Act (“FERPA”), the Individuals with Disabilities Education Act (“IDEA”), and other applicable state and federal privacy laws and regulations. We do not sell or use Personal Information for targeted advertising. We only disclose Personal Information when required by law, or when such disclosure is permitted by law for the delivery or maintenance of the Platform, as outlined in this Policy.

We may update this Policy periodically and will communicate any material changes to our collection, use, or disclosure practices through our website (www.shieldcampus.com). By using ShieldCampus’ Platform, school districts and schools (“Customers”), students, parents, school visitors, and school employees (collectively “Users”) agree to the Policy’s terms.

ShieldCampus’ Customers and their related third-party partner sites and services may also collect, use, and disclose data they obtain in connection with using the Platform. This Policy covers only how ShieldCampus collect, use, disclose, and protect Personal Information. For information about how Customers and their related third-party partner sites and services manage Personal Information, you must refer to their privacy policies. This Policy does not supersede the terms of any agreement between ShieldCampus and Customers or any other party, nor does it affect the terms of any agreement between a User and their school, employer, or any third-party.

If you have any questions, concerns, or requests regarding your privacy or this Policy, please contact us at:

ShieldCampus, LLC

Customer Support

6772 Jamestown Dr.

Alpharetta, Ga 30005

(678) 480-4721

[email protected]

ShieldCampus Platform Uses

ShieldCampus licenses the Platform’s use to Customers to account for students on campus and at off campus events, manage student behavior and mental wellness, and enable the schools to manage a crisis. These services include support for the following types of school administrative functions: attendance management; behavior and discipline; mental wellness; crisis management; substitute teacher management; health management; visitor check in and out; digital hall pass; mass communication; alerts and notification; staff accountability; 504 disciplinary guardrails; and special education guardrails. ShieldCampus subcontracts with the following cloud data storage providers – IBM SoftLayer and HostGator – and their privacy policies can be accessed on their websites.

Each ShieldCampus Customer tailors the Platform’s uses to their specific needs, including customizing the Personal Information collected and maintained by the Platform. The Personal Information that could be collected by the Platform from students, school staff, school visitors, parents, and other adults includes the information described below.

Children’s Online Privacy Protection Act

ShieldCampus must comply with the Children’s Online Privacy Protection Act (COPPA) which provides special protections for the Personal Information of children younger than age 13 that we collect directly. This section and the broader Policy serve to notify Customers, including parents, and Users of ShieldCampus’s information collection, use, and disclosure practices as required by COPPA. Only schools or school districts are permitted to license and use ShieldCampus’s Platform. COPPA requires operators of websites or online services like ShieldCampus to obtain verifiable parental consent, before collecting Personal Information online from children younger than age 13. ShieldCampus does not collect, use, or disclose any Personal Information from a child younger than age 13 without having verifiable parent consent. The Platform collects Personal Information from students younger than age 13 only for the use and benefit of the school and students, and for no other commercial purpose. Therefore, COPPA permits schools that license ShieldCampus’s Platform to act as the parent’s agent and provide verifiable consent to the Platform’s collection of children’s information on the parent’s behalf, so long as the school has direct notice, as provided by the Policy and other actions, regarding ShieldCampus’s practices as to the collection, use, or disclosure of Personal Information from children. Through this Policy, Customers and Users are on notice that ShieldCampus:

• May collect, when it has verifiable parent consent, the following Personal Information from children younger than age 13 who attend schools or school districts that license the Platform: first name, last name, name, email, and phone number, and geolocation information.
• Never sells or uses this Personal Information for targeted advertising. Personal Information is only used by ShieldCampus for the educational context authorized by the Customer school or school and for no other commercial purpose.
• Ensures that this Personal Information remains the property of and under the direct control of the parent and Customer school. Schools and parents may review, withdraw their consent, and request deletion of the Personal Information collected by the Platform from their students. Withdrawing consent may limit, or make impossible, the child’s use of certain Platform features or functions.
• Takes the following steps to maintain the security, confidentiality, and integrity of the Personal Information that it collects, including taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security. User information and data, including Personal Information, is accessed in the Platform via an encrypted connection (https, SSL or SFTP), and user data is stored in restricted-access and encrypted databases on our protected network and servers. In addition, Personal Information is encrypted via Secure Socket Layer (SSL) and TLS technology. The computers and servers on which the Platform stores and processes Personal Information and other data are kept in a secure environment.
• Uses Personal Information to support the internal operations of the Platform, such as maintaining or analyzing the functioning of the website or online service; performing network communications; authenticating users of, or personalize the content on, the website or online service; protecting the security or integrity of the user, website, or online service; ensuring legal or regulatory compliance; and fulfilling a request of a Customer, parent, or other User. These internal operations include disclosing the data to applicable employees and ShieldCampus’s cloud data storage provider partners: IBM SoftLayer and HostGator.
• Ensures that Personal Information collected online from students will only be maintained for only as long as is necessary to fulfill the purpose for which it was collected and will be deleted using reasonable measures to protect against its unauthorized access or use.
• Does not enable children to make their Personal Information publicly available.
• Enables Customers and Users, including schools and parents, to review, delete, and withdraw their consent to our processing of a child’s Personal Information at any time by contacting us at:

ShieldCampus, LLC

6772 Jamestown Dr.

Alpharetta, Ga 30005

(678) 480-4721

[email protected]

Family Educational Rights and Privacy Act, Individuals with Disabilities Education Act, and Protection of Pupil Rights Amendment.

ShieldCampus is committed to responsible data privacy protections for the Personal Information of students provided to us through Customer’s licensing and use of the Platform. Because our Customers are schools and school districts, our Platform is designed in accordance with the Family Educational Rights and Privacy Act (“FERPA”, 20 U.S.C. §§1232g), the Individuals with Disabilities Education Act (“IDEA”, “20 U.S.C. §§1400), and the Protection of Pupil Rights Amendment (“PPRA”, 20 U.S.C. §§1232h) and other applicable federal and state privacy laws and regulations where we do business with regard to the collection, use, disclosure, and retention of student’s Personal Information.

FERPA provides parents with the right to access their student’s education records, protect against unconsented disclosures of the personally identifiable information from those records, and other related rights. Under FERPA, Customers (schools and school districts) function as an “educational agency” and ShieldCampus as a “School Official” as those terms are defined by the U.S. Department of Education’s FERPA regulations (34 CFR Part 99). FERPA permits schools to outsource institutional services or functions such as those described by this Policy to School Officials like ShieldCampus, because ShieldCampus:  

1. Performs an institutional service or function, as described above by this Policy, for which Customer would otherwise use its employees.
2. Ensures that the Personal Information collected and processed by the Platform always remains under the Customer’s direct control with respect to the information’s maintenance and use, and only permits access to the Personal Information to ShieldCampus employees and subcontractors who have a legitimate educational interest.
3. Only uses the Personal Information for the purposes for which the disclosure was made by the Customer; and
4. Ensures that it meets the criteria specified in the Customer’s required annual notification of FERPA rights for being a School Official with a legitimate educational interest in the education records.

The Individuals with Disabilities Education Act (IDEA) provides added privacy safeguards for students identified for and receiving special education and associated services. ShieldCampus’s Platform is designed to align with the IDEA's privacy requirements to support Customer’s compliance with the law, including adhering to the following practices:

• Parental Consent: Customers (schools or school districts) must secure parental consent before sharing the Personal Information of a child identified for IDEA services unless the disclosure is permitted by one of the FERPA’s disclosure exceptions. As with other education records serviced through the Platform, schools and school districts may disclose IDEA protected Personal Information to the Platform by utilizing FERPA’s School Official exception and its related requirements. Under FERPA, Customers (schools and school districts) function as an “educational agency” and ShieldCampus as a “School Official” as those terms are defined by the U.S. Department of Education’s FERPA regulations (34 CFR Part 99). Like other Personal Information serviced through the Platform, this student data is only used for the purposes for which the disclosure was made by the Customer.
• Data Destruction and Handling: As required by IDEA, when parents or legal guardians request the deletion of a student’s Personal Information, ShieldCampus promptly works with Customers to ensure its proper deletion from the Platform. We also work closely with Customers to make sure Personal Information collected and processed by the Platform meets IDEA standards about storage, third-party disclosures, and the retention and destruction of information.

The Protection of Pupil Rights Amendment (“PPRA”) safeguards the rights of parents and students pertaining to certain educational surveys, instructional materials, physical exams, and the collection of Personal Information. Among other requirements, the PPRA obligates schools to notify parents and obtain their consent before students participate in certain U.S. Department of Education funded surveys that delve into certain topics. ShieldCampus assists Customers with satisfying the PPRA’s notice and other privacy requirements whenever applicable to the Platform’s use.

Physical, Technical, and Administrative

ShieldCampus take robust precautions to protect all Personal Information collected and serviced through the Platform. Customer and User information and data, including Personal Information, is accessed in the Platform via an encrypted connection (https, SSL or SFTP), and User data is stored in restricted-access and encrypted databases on our protected network and servers. In addition, Personal Information is encrypted via Secure Socket Layer (SSL) and TLS technology. The computers and servers on which the Platform stores and processes Personal Information and other data are kept in a secure environment.

ShieldCampus uses a security program that is reasonably designed to help protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented technical, contractual, administrative, and physical security steps and other organizational safeguards designed to protect Personal Information. This includes the use of authentication technologies, encryption where appropriate, and a securely configured network.

ShieldCampus uses SSAE16/SOC Type 2 compliant hosting facilities for all servers and databases. Attained through a rigorous third-party audit by a leading national accounting and advisory firm, SSAE16/SOC Type 2 certifications affirm that the hosting facility’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

ShieldCampus safeguards all Personal Information using AES 256-bit encryption when stored on any media type. Advance Encryption Standard (AES) is an international standard that ensures data is encrypted/decrypted following this approved standard. It ensures high security and is adopted by the U.S. government and other intelligence organizations across the world.

We disclose Personal Information to service providers and ShieldCampus employees only as reasonably necessary to carry out that service provider’s or employee's specific role. Certain Personal Information is accessible to specific administrative users (such as teachers, staff, and other school personnel) from the Platform. When we are instructed to create login credentials, administrative users can see Personal Information from the relevant Platform services including information such as student schedules, attendance, hall pass usage, or other items. Schools are responsible for ensuring that their administrative users are acting in compliance with relevant data privacy statutes and regulations, including ensuring that all users with have a legitimate educational purpose for accessing the data as required by FERPA.

ShieldCampus retains logged Personal Information at the direction of the Customer school or school district to which it is providing services and complies with all Customer requests to delete Personal Information when it is no longer necessary for the purpose for which it was collected. Personal Information is destroyed as directed by the Customer, or as otherwise required by law. Additionally, Customers must also comply with federal and state laws regarding the collection, use, disclosure, and retention of Personal Information.

Please be aware that despite our best efforts, no data security measures can guarantee 100% security. Customers and users should take steps to protect against unauthorized access to passwords, phones, and computers or other devices by, among other things, signing off after using a shared computer or other device, choosing a robust password that no other person knows or can easily guess, and keeping log-in and passwords private. We cannot guarantee that the Platform will always be perfectly secure, and we are not responsible for any lost, stolen, or compromised passwords or for any activity on accounts via unauthorized password activity.

If ShieldCampus learns of a security breach that poses a serious risk of harm, we will attempt to notify Customers and Users electronically (subject to any applicable breach notification and other laws) so that Customers and Users can take appropriate protective steps. For example, we may post a notice on the ShieldCampus website or elsewhere on the Platform and may send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing by mail.

Information Provided to ShieldCampus by Customers

Using the Platform, Customer’s collect, and ShieldCampus processes on their behalf, Personal Information on Users including students, parents, school staff members, employees, visitors, or volunteers that enter a Customer’s building. If you have questions about Customer control in relation to Platform, please contact the Customer who provided access to the Platform. Personal Information collected and used on the Platform includes, but is not limited to, the following categories of information:

• First and last name.
• Job title.
• Organization and contact information (such as physical address, email address and phone number).
• Student status.
• Government-issued identification, such as a national identification number (e.g., passport number, permanent resident card number, military ID), state or local identification number (e.g., driver’s license of state ID number).
• An image of the relevant identification card and the information that may be contained on the card.
• Copy of information that may be readable through a barcode on the relevant ID card.
• Service credentials provided to you by Customers for support purposes.
• Usernames, passwords, and other credentials associated with Platform.
• Information about your use of the Services If you are affiliated with a Customer.
• Information provided to us by the Customer about you, which may include your email address, job title, and other contact information.
• E-mail address of an individual on a support ticket submitted by Customers or Users; and
• First and last name when changing the main contact on a customer support ticket.

We can also collect other information that a student or other individual provided to Customers or that Customer has asked us to collect on their behalf.  We also receive Personal Information from other sources, including third parties who contract with Customers and share Personal Information with us, and combine this data with Personal Information we already have. This exchange, at Customer’s direction, helps us to properly support integrations between our Services and the services of a third party for Customers and allows us to improve our existing Services, develop new Services, and engage in analytics.

Use of the Platform may require basic information about students which may include name, grade level, school ID number, health records, behavior records, class schedule, parent, legal guardian and other Personal Information as required by Customers to use the Platform. This Personal Information is provided to us by Customers either directly via manual entry from the Customer’s Personal Information System (SIS) or other systems with appropriate information. We may also collect Personal Information from the Customer about a student’s parents or legal guardian (s) and their contact information.

Customers may also choose to provide additional Personal Information to us for enabling additional reporting capabilities through our Services. As with other information stored on the Platform, it will only be used for the purpose for which it was collected.

Passive Collection and Tracking Technologies

ShieldCampus collects other information automatically in connection with Customer’s use of the Platform. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Providers (ISP), referring/exit pages, the files viewed (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Platform’s services.

In connection with our browser-based services, ShieldCampus uses cookies or similar technologies (such as local storage, Pixel tags, JavaScript and ETags) to analyze trends, administer our services, track users’ movements around our services, and to gather demographic information about Users. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain Platform features or functions.

This information is only used as described by this Policy and our licensing agreements with Customers. We do not sell any of the information we collect through the Platform, and we do not engage in profiling or targeted advertising.

How We Disclose Personal Information

We only disclose Personal Information when required by law, or when such disclosure is permitted by law for the delivery or maintenance of the Platform, as outlined in this Policy.

Consistent with this Policy, we may share Personal Information with subcontractors and other third parties to support the Platform’s use and operations, including with our cloud data storage provider partners: IBM SoftLayer and HostGator. All ShieldCampus contractors take reasonable steps to protect Personal Information consistent with the safeguards described by this Policy.

Customers may direct us to integrate the Platform with an offering, software, or application provided by another third party. In those cases, we will share Personal Information with third parties only at the Customer’s direction. If you have questions about Customer-directed sharing with third parties, please contact the Customer (your school or school district), the data controller.

In certain situations, ShieldCampus may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet law enforcement or national security requirements. We also may share Personal Information as required by other laws, including in response to a court order, subpoena, or other legal process or, when we believe in good faith that disclosure is necessary to protect our rights, protect Users safety or the safety of others; to investigate fraud; or to respond to a lawful government request.

If ShieldCampus is acquired by or merged with another company, if substantially all of ShieldCampus’s assets are transferred to another company, or if we are part of a bankruptcy proceeding, we may transfer Personal Information stored on the Platform to the other company, provided the successor entity is subject to equivalent privacy and security commitments as ShieldCampus with regard to the Personal Information, and the Personal Information continues to be used only to provide Platform services at the direction of Customers. Additionally, we may use and share de-identified information, which cannot reasonably be linked to your identity, with third parties for research and analytical purposes.

Customer and User Rights to Review, Delete and Control Our Use of Personal Information

ShieldCampus respects Customers and Users privacy and is committed to maintaining the accuracy and relevance of Personal Information on the Platform. We provide mechanisms to help Customers and Users review, update, and correct information as needed or desired. Customers and Users have the right to control, review, and request the deletion of Personal Information.

The Personal Information collected by the Platform will be deleted whenever it is no longer required for the purpose for which it was collected. Customers and Users are in control, and you can opt out of using the Platform entirely or request the deletion of specific user account data based on your preferences and our policies. To exercise these rights, please notify your school or school district.

If, at any point, we discover that we have unintentionally collected Personal Information about a Customer or User without proper consent, we will work with Customers to ensure that this information is deleted.

Mobile Applications Information Collection Practices

General Data Collection: When Customers and Users download and use the Platform’s mobile application-based services, ShieldCampus may automatically collect information about the type of device used, operating system version, and the device identifier. We also track geolocation-based information from your mobile device when you use certain Platform services that utilize geofencing technology, particularly in emergency situations.

Analytics and Usage Data: Our use of mobile analytics software helps us better understand the functionality of our mobile software on your device. This includes recording how often the application is used, events within the application, aggregated usage, performance data, and the source of the application download. We ensure that the information stored in the analytics software is not linked to any Personal Information that Customers or Users submit within the mobile application.

Face Data Collection and Use: Specifically, our mobile application collects face data for creating a visitor sticker/badge and for use as a profile picture within the application. This collection is conducted with the utmost respect for the sensitive nature of this data, and we ensure that it is not retained beyond its intended purpose.

Storage and Security of Data: All collected data, including face data, is stored securely. Face data is retained for a limited duration of one school calendar year, aligning with our commitment to enhance security measures and support potential security investigations. After this period, all face data is systematically deleted from our records.

Third-Party Sharing and Privacy Assurance: In line with our pledge to uphold user privacy, we guarantee that no collected data, including face data, is shared with any third parties. This stands as a testament to our commitment to never compromise on user privacy.

This policy demonstrates ShieldCampus' dedication to user security and privacy. We adopt these practices to ensure transparency and the highest level of data security. For any concerns regarding these policies, users are encouraged to contact us using the provided information.

Data Retention

ShieldCampus will only retain Personal Information for the period necessary to fulfill the purposes outlined in this Policy and our End User License agreements with Customers. Upon notice from our Customers and Users, we will return, delete, or destroy all Personal Information stored by us in accordance with applicable law and our Customer’s requirements.

ShieldCampus Contact Information

Customers and Users may contact us with questions about this Policy at [email protected]. or write to us at, as applicable, ShieldCampus, LLC at the address below:

ShieldCampus Support

6772 Jamestown Drive

Alpharetta GA 30005

Incorporation into End User Licensing Agreement

Customers’ and Users’ use of the Platform, and any dispute over privacy of Personal Information, is subject to this Policy and our Enterprise Licensing agreement with Customers, including its applicable limitations on damages and resolution of disputes.