Privacy Policy

1. Information We Collect

We collect only the information needed to track attendance and manage the system. Here's what that looks like for each type of user:

Student Information

• Full name, date of birth, and grade level
• Email and phone number (if provided by the school)
• Facial photos used for enrollment
• Facial geometry data (biometric embeddings) used for recognition
• Class assignments and attendance records with timestamps
• Guardian/parent relationships

Parent/Guardian Information

• Name, email, and phone number
• Relationship to student(s)
• Account credentials

Teacher & Administrator Information

• Name, email, and phone number
• Role and access permissions
• Account credentials (passwords stored using secure hashing)

Technical Information

• Camera system metadata and diagnostics
• Camera frame images used for facial recognition processing
• System access logs for security auditing

2. Biometric Data & Facial Recognition

What We Collect

Cameras in classrooms capture images which are processed to create a 512-dimensional mathematical representation (called a "facial embedding") of each enrolled student. These embeddings are what the system uses to match faces for attendance — not the photos themselves. However, enrollment photos and camera frame images are also stored for system operation and administrator review.

How Biometric Data is Stored

• Facial embeddings are stored as mathematical vectors in the database. They are not human-readable and cannot be used to reconstruct a photo of someone's face.
• Enrollment photos and camera frame images are stored in cloud storage with access controls limiting who can view them.
• Data isolation: Each school's data is fully separated from other schools. Teachers only see their own classes, parents only see their own children, and administrators only see their own school.
• Adaptive embeddings: The system may generate additional embeddings over time from camera observations to improve recognition accuracy. These are treated with the same protections as enrollment data.

Biometric Data is Never Used For:

• Marketing or advertising
• Sale to third parties
• Law enforcement (unless required by valid legal process such as a subpoena or court order)
• Any purpose beyond attendance tracking

3. How We Use Information

Information collected through AttendEase is used for:

• Attendance tracking: Automatically recording when students are present in their classrooms
• Reporting: Generating attendance reports for teachers, administrators, and parents
• Analytics: Providing aggregated attendance trend data to school administrators
• System operation: Maintaining camera systems, syncing with student information systems, and keeping the platform running
• Recognition accuracy: Improving the system's ability to correctly identify enrolled students

4. Consent & Parental Rights

Obtaining Consent

Before any biometric data is collected from students:

• Schools must obtain written informed consent from parents or guardians for students under 18
• Students 18 and older must provide their own written consent
• Consent forms must explain what data is collected, how it's used, and how long it's kept
• Consent is voluntary and can be withdrawn at any time

Opt-Out Rights

Parents, guardians, and eligible students can opt out of biometric data collection at any time. Students who opt out will use alternative attendance methods such as QR code check-in or manual teacher entry. Opting out will not result in any penalty or loss of educational services.

5. Data Protection & Security

We use multiple layers of security to protect the data in our system:

For more details on our security measures, see our Security page.

6. Data Retention & Deletion

Retention Periods

Data Deletion

• When consent is withdrawn or a student leaves, their biometric data (embeddings and photos) will be deleted within 30 days
• Schools may request deletion of all their data at any time
• Upon contract termination, all data is deleted within 30 days
• Attendance audit logs are retained as required for compliance, even after other data is deleted

7. Third-Party Services

We do not sell, rent, or share personal information or biometric data with third parties for marketing or commercial purposes.

We use the following types of third-party services to operate AttendEase:

• Cloud hosting & storage: For storing application data, photos, and camera frames
• Authentication services: For managing user accounts and login
• SIS integration providers: For syncing student and class roster data from your school's student information system (e.g., via OneRoster)

Data may also be disclosed in these limited circumstances:

• Legal requirements: When required by valid legal process (subpoena, court order)
• Safety emergencies: To protect the safety of students or staff in emergency situations

8. Your Rights

Parents, guardians, and eligible students have the right to:

• Access: Request information about what personal data we hold
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of personal and biometric data
• Opt-out: Withdraw consent for biometric data collection at any time
• Information: Know what data is collected and how it's used

To exercise these rights, contact your school administrator or email us at tommy@attend-ease.com.

9. Regulatory Compliance

AttendEase is designed to support compliance with the following regulations. We're currently in beta and working toward formal certifications, but these regulations guide how we build and operate:

For more detail on how we approach each of these, visit our Compliance page.

10. Contact Us

If you have questions about this policy or want to exercise your privacy rights: