Privacy Policy

EnrollSage ("we," "us," or "our") respects your privacy and is committed to protecting the personal data of schools, families, and students who use our enrollment platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please read this policy carefully. If you do not agree with the terms of this policy, please do not access the Service.

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2.1 Information You Provide

We collect information you voluntarily provide, including:

• Account Information: Name, email address, phone number, and role (administrator, staff, parent)
• School Information: School name, address, enrollment capacity, and administrative contacts
• Student Records: Student names, dates of birth, grade levels, enrollment status, and academic records
• Family Information: Parent/guardian names, contact details, emergency contacts, and household information
• Payment Information: Billing addresses and payment method details (processed securely by our payment provider)
• Communications: Messages you send through our contact forms or support channels

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP addresses, access times, and referring URLs
• Cookies: See our Cookie section below for details

We use the information we collect to:

• Provide the Service: Process enrollments, manage admissions, and facilitate payments
• Communicate: Send service-related notifications, respond to inquiries, and provide support
• Improve: Analyze usage patterns to enhance features and user experience
• Secure: Detect and prevent fraud, unauthorized access, and other security threats
• Comply: Meet legal obligations and respond to lawful requests
• Marketing: Send newsletters and updates (only with your consent, and you can unsubscribe anytime)

For users in the European Economic Area (EEA) and UK, we process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Improving our services, preventing fraud, and ensuring security
• Consent: Marketing communications and optional data collection (you can withdraw consent anytime)
• Legal Obligation: Compliance with applicable laws and regulations

We do not sell your personal data. We may share your information with:

• Service Providers: Third parties who help us operate the Service, including:
  • Payment processors (Stripe) for secure payment handling
  • Email service providers (Brevo) for transactional and marketing emails
  • Cloud hosting providers for data storage
  • Analytics providers for usage insights
• School Administrators: Information about students and families is shared with authorized school staff
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

Depending on your location, you have certain rights regarding your personal data:

6.1 Rights Under GDPR (EEA/UK Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 Rights Under CCPA (California Users)

• Right to Know: Request information about data collection, use, and sharing
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising these rights

To exercise your rights: Contact us at jake@dubsado.com or use our contact form. We will respond within 30 days (or sooner as required by law).

We retain your personal data only as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active, plus 7 years for legal compliance
• Student Records: Retained according to your school's retention policy and applicable education laws
• Payment Records: Retained for 7 years for tax and accounting purposes
• Marketing Preferences: Retained until you unsubscribe or request deletion

Upon account termination, we will delete or anonymize your data within 90 days, unless retention is required by law.

We implement robust security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access ensures only authorized personnel can access data
• Infrastructure: We use secure cloud providers with SOC 2 Type II compliance
• Monitoring: Continuous security monitoring and regular penetration testing
• Employee Training: All staff receive regular security and privacy training
• Incident Response: We have procedures to detect, respond to, and notify you of any data breaches

While we strive to protect your data, no method of transmission or storage is 100% secure. Please notify us immediately if you suspect any unauthorized access.

Your data may be transferred to and processed in countries outside your location, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all service providers
• Compliance with the EU-U.S. Data Privacy Framework where applicable

We use cookies and similar technologies to improve your experience:

• Essential Cookies: Required for the Service to function (authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

Our Service is designed for use by schools and does process data about students, including minors. We comply with the Children's Online Privacy Protection Act (COPPA) and similar regulations:

• We only collect student data as directed by schools (acting as the school's data processor)
• Schools are responsible for obtaining necessary parental consent
• We do not use student data for advertising or create student profiles
• Parents can request to review, correct, or delete their child's information through the school

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

We encourage you to review this policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: jake@dubsado.com
• Contact Form: enrollsage.com/contact

For GDPR-related inquiries, you may also contact your local data protection authority. A list of EU data protection authorities can be found at edpb.europa.eu.