1) Introduction
Niche Apps, LLC (“Niche Apps,” “we,” “us,” or “our”) provides the School Loop Pickup App (the “App”), a tool for schools to track student attendance and manage secure parent pickup. We prioritize privacy and security, particularly for students and educators who use the App under a school’s direction.
2) Scope & Audience
This policy applies to use of the App by schools, school staff, and other authorized representatives. While Niche Apps primarily serves U.S. schools, the App is not explicitly limited to U.S. users; where applicable, we also address international requirements (e.g., GDPR/UK GDPR).
3) Information We Collect
- Student information: Student names only, entered by authorized school personnel for attendance and pickup purposes.
- School staff accounts: Names, work emails, role/permission level, and basic account activity necessary to operate the App.
- Operational data (non-student PII): Technical logs (e.g., timestamps, event types, performance metrics) used to maintain security and reliability. These logs do not include student personal information beyond the student name stored in the App’s records.
We do not collect student addresses, phone numbers, grades, health data, behavioral data, precise geolocation, advertising identifiers, or biometric data.
4) How We Use Information
- To provide attendance tracking and secure dismissal/parent pickup workflows.
- To administer staff accounts, permissions, and audit trails for authorized users.
- To maintain, secure, and improve the App (e.g., troubleshooting, performance, and fraud/security monitoring).
No commercial use: We do not sell or rent student data, and we do not use student data for advertising or marketing.
5) Roles & Legal Bases
- Schools are the data controllers/owners of student information. Niche Apps acts as a service provider/processor and processes student data solely under the school’s instructions and applicable law.
- FERPA (U.S.): We operate as a “school official” with a legitimate educational interest, subject to the school’s control over education records.
- COPPA (U.S.): We do not collect data directly from children under 13. Where COPPA applies, schools provide or obtain consent on parents’ behalf for the use of the App in the school context.
- State student privacy laws (e.g., CA, NY, FL): We use student data only for educational purposes as directed by the school and prohibit its sale or targeted advertising.
- GDPR/UK GDPR (if applicable): For schools in the EEA/UK, the school is typically the controller and Niche Apps the processor. Processing is based on the school’s chosen legal basis (e.g., public task or legitimate interests). Where we act independently for staff account administration or service security, we may be a controller for that limited purpose.
6) Data Sharing & Service Providers
We share data only as necessary to operate the App:
- Service providers (processors): Trusted vendors (e.g., secure cloud hosting, support tooling) under written contracts that require confidentiality and ban secondary use.
- Legal compliance: If required by law, subpoena, court order, or to protect rights, safety, and security.
We never sell student data.
7) Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information, including:
- Encryption in transit (TLS) and access controls based on user roles and school authorization.
- Least-privilege access for Niche Apps personnel with logging and review.
- Secure software development and vulnerability management practices.
No system can be guaranteed 100% secure. If we become aware of a security incident affecting student information, we will notify the school without undue delay and cooperate as required by applicable law.
8) Retention & Deletion
- Student names: Retained for the duration of the school’s use of the App and deleted upon the school’s request or service termination.
- Default deletion timeline: When a school terminates service or requests deletion, we aim to delete student names within 30 days, subject to standard backup cycles.
- Operational logs: Retained only as long as necessary for security, audit, and reliability, then deleted or de-identified.
9) Rights of Parents, Students, and Schools
- Schools control access: Parents/guardians wishing to access, correct, or delete student names should contact their school. We act on school-verified instructions.
- Under COPPA/FERPA: Parents may review and request deletion of their child’s information via the school.
- GDPR/UK GDPR: Where applicable, data subject rights (access, rectification, erasure, restriction, objection) are facilitated through the school as controller.
10) International Data Transfers
Data is primarily processed and stored in the United States. If international transfers occur, we implement appropriate safeguards (e.g., Standard Contractual Clauses where applicable) to protect personal data.
11) Children’s Privacy
The App is used by schools and is not directed to children for direct registration or data submission. Student names are provided by authorized school personnel for educational purposes. Where required, schools obtain any necessary consents from parents/guardians.
12) Data Processing Agreements
Upon request, Niche Apps will enter into a written data protection/data processing agreement with a school to reflect the roles, instructions, and required safeguards under applicable law.
13) Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to schools, and the “Last Updated” date will be revised.
Niche Apps, LLC