Effective Date: November 14, 2023
We may update this Policy periodically and will communicate any material changes to our collection, use, or disclosure practices through our website (www.shieldcampus.com). By using ShieldCampus’ Platform, school districts and schools (“Customers”), students, parents, school visitors, and school employees (collectively “Users”) agree to the Policy’s terms.
ShieldCampus’ Customers and their related third-party partner sites and services may also collect, use, and disclose data they obtain in connection with using the Platform. This Policy covers only how ShieldCampus collect, use, disclose, and protect Personal Information. For information about how Customers and their related third-party partner sites and services manage Personal Information, you must refer to their privacy policies. This Policy does not supersede the terms of any agreement between ShieldCampus and Customers or any other party, nor does it affect the terms of any agreement between a User and their school, employer, or any third-party.
If you have any questions, concerns, or requests regarding your privacy or this Policy, please contact us at:
6772 Jamestown Dr.
Alpharetta, Ga 30005
ShieldCampus Platform Uses
ShieldCampus licenses the Platform’s use to Customers to account for students on campus and at off campus events, manage student behavior and mental wellness, and enable the schools to manage a crisis. These services include support for the following types of school administrative functions: attendance management; behavior and discipline; mental wellness; crisis management; substitute teacher management; health management; visitor check in and out; digital hall pass; mass communication; alerts and notification; staff accountability; 504 disciplinary guardrails; and special education guardrails. ShieldCampus subcontracts with the following cloud data storage providers – IBM SoftLayer and HostGator – and their privacy policies can be accessed on their websites.
Each ShieldCampus Customer tailors the Platform’s uses to their specific needs, including customizing the Personal Information collected and maintained by the Platform. The Personal Information that could be collected by the Platform from students, school staff, school visitors, parents, and other adults includes the information described below.
Children’s Online Privacy Protection Act
ShieldCampus must comply with the Children’s Online Privacy Protection Act (COPPA) which provides special protections for the Personal Information of children younger than age 13 that we collect directly. This section and the broader Policy serve to notify Customers, including parents, and Users of ShieldCampus’s information collection, use, and disclosure practices as required by COPPA. Only schools or school districts are permitted to license and use ShieldCampus’s Platform. COPPA requires operators of websites or online services like ShieldCampus to obtain verifiable parental consent, before collecting Personal Information online from children younger than age 13. ShieldCampus does not collect, use, or disclose any Personal Information from a child younger than age 13 without having verifiable parent consent. The Platform collects Personal Information from students younger than age 13 only for the use and benefit of the school and students, and for no other commercial purpose. Therefore, COPPA permits schools that license ShieldCampus’s Platform to act as the parent’s agent and provide verifiable consent to the Platform’s collection of children’s information on the parent’s behalf, so long as the school has direct notice, as provided by the Policy and other actions, regarding ShieldCampus’s practices as to the collection, use, or disclosure of Personal Information from children. Through this Policy, Customers and Users are on notice that ShieldCampus:
6772 Jamestown Dr.
Alpharetta, Ga 30005
Family Educational Rights and Privacy Act, Individuals with Disabilities Education Act, and Protection of Pupil Rights Amendment.
ShieldCampus is committed to responsible data privacy protections for the Personal Information of students provided to us through Customer’s licensing and use of the Platform. Because our Customers are schools and school districts, our Platform is designed in accordance with the Family Educational Rights and Privacy Act (“FERPA”, 20 U.S.C. §§1232g), the Individuals with Disabilities Education Act (“IDEA”, “20 U.S.C. §§1400), and the Protection of Pupil Rights Amendment (“PPRA”, 20 U.S.C. §§1232h) and other applicable federal and state privacy laws and regulations where we do business with regard to the collection, use, disclosure, and retention of student’s Personal Information.
FERPA provides parents with the right to access their student’s education records, protect against unconsented disclosures of the personally identifiable information from those records, and other related rights. Under FERPA, Customers (schools and school districts) function as an “educational agency” and ShieldCampus as a “School Official” as those terms are defined by the U.S. Department of Education’s FERPA regulations (34 CFR Part 99). FERPA permits schools to outsource institutional services or functions such as those described by this Policy to School Officials like ShieldCampus, because ShieldCampus:
The Individuals with Disabilities Education Act (IDEA) provides added privacy safeguards for students identified for and receiving special education and associated services. ShieldCampus’s Platform is designed to align with the IDEA's privacy requirements to support Customer’s compliance with the law, including adhering to the following practices:
The Protection of Pupil Rights Amendment (“PPRA”) safeguards the rights of parents and students pertaining to certain educational surveys, instructional materials, physical exams, and the collection of Personal Information. Among other requirements, the PPRA obligates schools to notify parents and obtain their consent before students participate in certain U.S. Department of Education funded surveys that delve into certain topics. ShieldCampus assists Customers with satisfying the PPRA’s notice and other privacy requirements whenever applicable to the Platform’s use.
Physical, Technical, and Administrative
ShieldCampus take robust precautions to protect all Personal Information collected and serviced through the Platform. Customer and User information and data, including Personal Information, is accessed in the Platform via an encrypted connection (https, SSL or SFTP), and User data is stored in restricted-access and encrypted databases on our protected network and servers. In addition, Personal Information is encrypted via Secure Socket Layer (SSL) and TLS technology. The computers and servers on which the Platform stores and processes Personal Information and other data are kept in a secure environment.
ShieldCampus uses a security program that is reasonably designed to help protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented technical, contractual, administrative, and physical security steps and other organizational safeguards designed to protect Personal Information. This includes the use of authentication technologies, encryption where appropriate, and a securely configured network.
ShieldCampus uses SSAE16/SOC Type 2 compliant hosting facilities for all servers and databases. Attained through a rigorous third-party audit by a leading national accounting and advisory firm, SSAE16/SOC Type 2 certifications affirm that the hosting facility’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
ShieldCampus safeguards all Personal Information using AES 256-bit encryption when stored on any media type. Advance Encryption Standard (AES) is an international standard that ensures data is encrypted/decrypted following this approved standard. It ensures high security and is adopted by the U.S. government and other intelligence organizations across the world.
We disclose Personal Information to service providers and ShieldCampus employees only as reasonably necessary to carry out that service provider’s or employee's specific role. Certain Personal Information is accessible to specific administrative users (such as teachers, staff, and other school personnel) from the Platform. When we are instructed to create login credentials, administrative users can see Personal Information from the relevant Platform services including information such as student schedules, attendance, hall pass usage, or other items. Schools are responsible for ensuring that their administrative users are acting in compliance with relevant data privacy statutes and regulations, including ensuring that all users with have a legitimate educational purpose for accessing the data as required by FERPA.
ShieldCampus retains logged Personal Information at the direction of the Customer school or school district to which it is providing services and complies with all Customer requests to delete Personal Information when it is no longer necessary for the purpose for which it was collected. Personal Information is destroyed as directed by the Customer, or as otherwise required by law. Additionally, Customers must also comply with federal and state laws regarding the collection, use, disclosure, and retention of Personal Information.
Please be aware that despite our best efforts, no data security measures can guarantee 100% security. Customers and users should take steps to protect against unauthorized access to passwords, phones, and computers or other devices by, among other things, signing off after using a shared computer or other device, choosing a robust password that no other person knows or can easily guess, and keeping log-in and passwords private. We cannot guarantee that the Platform will always be perfectly secure, and we are not responsible for any lost, stolen, or compromised passwords or for any activity on accounts via unauthorized password activity.
If ShieldCampus learns of a security breach that poses a serious risk of harm, we will attempt to notify Customers and Users electronically (subject to any applicable breach notification and other laws) so that Customers and Users can take appropriate protective steps. For example, we may post a notice on the ShieldCampus website or elsewhere on the Platform and may send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing by mail.
Information Provided to ShieldCampus by Customers
Using the Platform, Customer’s collect, and ShieldCampus processes on their behalf, Personal Information on Users including students, parents, school staff members, employees, visitors, or volunteers that enter a Customer’s building. If you have questions about Customer control in relation to Platform, please contact the Customer who provided access to the Platform. Personal Information collected and used on the Platform includes, but is not limited to, the following categories of information:
We can also collect other information that a student or other individual provided to Customers or that Customer has asked us to collect on their behalf. We also receive Personal Information from other sources, including third parties who contract with Customers and share Personal Information with us, and combine this data with Personal Information we already have. This exchange, at Customer’s direction, helps us to properly support integrations between our Services and the services of a third party for Customers and allows us to improve our existing Services, develop new Services, and engage in analytics.
Use of the Platform may require basic information about students which may include name, grade level, school ID number, health records, behavior records, class schedule, parent, legal guardian and other Personal Information as required by Customers to use the Platform. This Personal Information is provided to us by Customers either directly via manual entry from the Customer’s Personal Information System (SIS) or other systems with appropriate information. We may also collect Personal Information from the Customer about a student’s parents or legal guardian (s) and their contact information.
Customers may also choose to provide additional Personal Information to us for enabling additional reporting capabilities through our Services. As with other information stored on the Platform, it will only be used for the purpose for which it was collected.
Passive Collection and Tracking Technologies
ShieldCampus collects other information automatically in connection with Customer’s use of the Platform. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Providers (ISP), referring/exit pages, the files viewed (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Platform’s services.
This information is only used as described by this Policy and our licensing agreements with Customers. We do not sell any of the information we collect through the Platform, and we do not engage in profiling or targeted advertising.
How We Disclose Personal Information
We only disclose Personal Information when required by law, or when such disclosure is permitted by law for the delivery or maintenance of the Platform, as outlined in this Policy.
Consistent with this Policy, we may share Personal Information with subcontractors and other third parties to support the Platform’s use and operations, including with our cloud data storage provider partners: IBM SoftLayer and HostGator. All ShieldCampus contractors take reasonable steps to protect Personal Information consistent with the safeguards described by this Policy.
Customers may direct us to integrate the Platform with an offering, software, or application provided by another third party. In those cases, we will share Personal Information with third parties only at the Customer’s direction. If you have questions about Customer-directed sharing with third parties, please contact the Customer (your school or school district), the data controller.
In certain situations, ShieldCampus may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet law enforcement or national security requirements. We also may share Personal Information as required by other laws, including in response to a court order, subpoena, or other legal process or, when we believe in good faith that disclosure is necessary to protect our rights, protect Users safety or the safety of others; to investigate fraud; or to respond to a lawful government request.
If ShieldCampus is acquired by or merged with another company, if substantially all of ShieldCampus’s assets are transferred to another company, or if we are part of a bankruptcy proceeding, we may transfer Personal Information stored on the Platform to the other company, provided the successor entity is subject to equivalent privacy and security commitments as ShieldCampus with regard to the Personal Information, and the Personal Information continues to be used only to provide Platform services at the direction of Customers. Additionally, we may use and share de-identified information, which cannot reasonably be linked to your identity, with third parties for research and analytical purposes.
Customer and User Rights to Review, Delete and Control Our Use of Personal Information
ShieldCampus respects Customers and Users privacy and is committed to maintaining the accuracy and relevance of Personal Information on the Platform. We provide mechanisms to help Customers and Users review, update, and correct information as needed or desired. Customers and Users have the right to control, review, and request the deletion of Personal Information.
The Personal Information collected by the Platform will be deleted whenever it is no longer required for the purpose for which it was collected. Customers and Users are in control, and you can opt out of using the Platform entirely or request the deletion of specific user account data based on your preferences and our policies. To exercise these rights, please notify your school or school district.
If, at any point, we discover that we have unintentionally collected Personal Information about a Customer or User without proper consent, we will work with Customers to ensure that this information is deleted.
Mobile Applications Information Collection Practices
General Data Collection: When Customers and Users download and use the Platform’s mobile application-based services, ShieldCampus may automatically collect information about the type of device used, operating system version, and the device identifier. We also track geolocation-based information from your mobile device when you use certain Platform services that utilize geofencing technology, particularly in emergency situations.
Analytics and Usage Data: Our use of mobile analytics software helps us better understand the functionality of our mobile software on your device. This includes recording how often the application is used, events within the application, aggregated usage, performance data, and the source of the application download. We ensure that the information stored in the analytics software is not linked to any Personal Information that Customers or Users submit within the mobile application.
Face Data Collection and Use: Specifically, our mobile application collects face data for creating a visitor sticker/badge and for use as a profile picture within the application. This collection is conducted with the utmost respect for the sensitive nature of this data, and we ensure that it is not retained beyond its intended purpose.
Storage and Security of Data: All collected data, including face data, is stored securely. Face data is retained for a limited duration of one school calendar year, aligning with our commitment to enhance security measures and support potential security investigations. After this period, all face data is systematically deleted from our records.
Third-Party Sharing and Privacy Assurance: In line with our pledge to uphold user privacy, we guarantee that no collected data, including face data, is shared with any third parties. This stands as a testament to our commitment to never compromise on user privacy.
This policy demonstrates ShieldCampus' dedication to user security and privacy. We adopt these practices to ensure transparency and the highest level of data security. For any concerns regarding these policies, users are encouraged to contact us using the provided information.
ShieldCampus will only retain Personal Information for the period necessary to fulfill the purposes outlined in this Policy and our End User License agreements with Customers. Upon notice from our Customers and Users, we will return, delete, or destroy all Personal Information stored by us in accordance with applicable law and our Customer’s requirements.
ShieldCampus Contact Information
Customers and Users may contact us with questions about this Policy at [email protected]. or write to us at, as applicable, ShieldCampus, LLC at the address below:
6772 Jamestown Drive
Alpharetta GA 30005
Incorporation into End User Licensing Agreement
Customers’ and Users’ use of the Platform, and any dispute over privacy of Personal Information, is subject to this Policy and our Enterprise Licensing agreement with Customers, including its applicable limitations on damages and resolution of disputes.