This Privacy Policy explains how ProtectED, LLC ("ProtectED," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our websites, use our applications and services—including the ProtectED Safety Management Platform (the "Platform")—or otherwise interact with us (collectively, the "Services").
Important role distinction. In most cases, ProtectED acts as a service provider/processor to schools and school systems (each a "School Customer") for student, parent/guardian, and staff information processed in the Platform ("School Data"). For School Data, the School Customer is generally the controller or business under applicable law and determines how data is used. ProtectED processes School Data only as instructed by the School Customer and pursuant to our contracts. For information we collect through our websites, marketing, sales, recruiting, and general business operations ("Business Data"), ProtectED acts as a controller/business.
If you are a student, parent/guardian, or school staff member with questions about School Data, please contact your School Customer directly. We will forward any such requests to the appropriate School Customer when applicable.
1) Scope and Applicability
This Privacy Policy applies to information we process about:
Visitors to our websites and marketing properties;
Prospective and current customers, vendors, and partners;
Users of the Platform and related mobile or web applications as authorized by a School Customer; and
Job applicants.
This Policy does not apply to third-party websites, services, or applications that we do not control. Our Services are primarily intended for organizations, not for direct use by children.
2) Key Definitions
Personal Information / Personal Data: Any information that identifies or can reasonably be linked to a person. Definitions vary by jurisdiction.
School Data: Personal information provided to or collected by ProtectED on behalf of a School Customer for the purpose of delivering the Platform or professional services (e.g., emergency protocols, drill schedules, incident logs, staff rosters, limited student rosters where authorized, visitor management records).
Business Data: Personal information that ProtectED collects and uses for its own business purposes (e.g., website analytics, prospect/contact information, billing, support communications, recruiting data).
3) Information We Collect
3.1 Business Data we collect as a controller
Identifiers and Contact Data: name, email address, phone number, job title, organization, postal address, account credentials.
Professional and Commercial Data: company affiliation, role, purchasing history with ProtectED, service usage metrics (non-School Data), support tickets, and communications.
Internet/Network Activity: IP address, device and browser type, pages viewed, referring/exit pages, timestamps, clickstream data, and other analytics.
Marketing Preferences: communications preferences, consent choices, and interaction with marketing campaigns.
Payment and Billing Data: limited billing details (we use PCI-compliant processors; we do not store full payment card numbers).
Recruiting Data: resume/CV, employment history, education, references, and other information submitted or obtained during hiring.
3.2 School Data we process as a service provider/processor (examples)
The School Customer determines what School Data is provided and the lawful basis for processing. Typical categories may include:
Staff and Authorized User Data: names, school email addresses, roles, permissions, training completion status.
Operational Safety Records: emergency protocols, drill calendars and participation records, incident reports and follow-up actions, campus maps and location data used for emergency planning.
Visitor Management Records: names, contact information, visit timestamps, purpose of visit, and sign-in/out logs where the School Customer uses those features.
Limited Student Data (if authorized by the School Customer): class rosters, homeroom/grade, attendance in drills, parent/guardian contact information for reunification planning. ProtectED does not independently collect student data; any such processing occurs under contract solely to provide the Services.
3.3 Sensitive Information
We do not seek to collect sensitive information in Business Data (e.g., precise geolocation, biometrics, health information). For School Data, we may process information that a School Customer designates as sensitive (e.g., incident details) only under that customer’s instructions and subject to contractual and legal protections.
3.4 Children’s Information
Our websites and marketing properties are not directed to children. We do not knowingly collect Business Data directly from children under 13 (or a higher age as required by law). For School Data potentially relating to students, ProtectED processes such information only as a service provider to the School Customer and in a manner consistent with applicable laws (including FERPA and, where applicable, COPPA), and our contracts with the School Customer.
4) Sources of Information
Directly from you (forms, emails, calls, event registrations, support interactions).
Automatically via cookies, SDKs, and similar technologies when you use our websites or the Platform (see Cookies & Similar Technologies below).
From School Customers and their authorized users (for School Data).
From service providers (e.g., analytics, payment, communications) and public sources (e.g., LinkedIn or company websites) for Business Data.
5) How We Use Information
5.1 Business Data (controller)
We use Business Data to:
Provide, maintain, and enhance the Services;
Communicate with you (including product, security, and administrative notices);
Process transactions and manage billing and account administration;
Provide customer support and training;
Conduct analytics, research, and service improvement;
Market and promote our Services to organizational customers (you may opt out of marketing communications at any time);
Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our terms;
Comply with law and enforce legal rights.
5.2 School Data (processor/service provider)
We process School Data strictly to:
Deliver and support the Platform and professional services as specified by the School Customer;
Implement safety workflows (e.g., drills, reunification planning, incident documentation, visitor logs);
Provide analytics and reporting to the School Customer about their own use of the Platform;
Maintain security, availability, and integrity of the Platform;
Comply with the School Customer’s lawful instructions and applicable law.
5.3 Automated decision-making / profiling
We may use limited automation to assist with routing support requests, prioritizing training reminders, or flagging anomalous activity. We do not make solely automated decisions that produce legal or similarly significant effects about individuals.
6) Legal Bases for Processing (EEA/UK/Switzerland)
When acting as a controller for Business Data, our processing may rely on:
Performance of a contract (providing Services to you or your organization);
Legitimate interests (e.g., improving Services, securing systems, marketing to organizational customers, and preventing fraud), balanced against your rights and freedoms;
Consent (where required, such as for certain cookies or marketing);
Legal obligations (tax, accounting, compliance).
When acting as a processor for School Data, the School Customer is responsible for identifying appropriate legal bases.
7) Cookies & Similar Technologies
We and our service providers use cookies, local storage, and similar technologies to operate our websites and the Platform, remember preferences, perform analytics, and—for websites only—measure the effectiveness of our marketing. You can manage preferences through your browser or our cookie banner (where available). Some features may not function properly without certain cookies.
Where required by law, we obtain consent before setting non-essential cookies. We will honor applicable opt-out signals (e.g., Global Privacy Control) for activities considered a "sale" or "sharing" under relevant law, if and when such activities occur.
8) How We Disclose Information
We may disclose information as follows:
To Service Providers/Processors: cloud hosting, security, analytics, communications, support, billing, and professional advisors, subject to contractual confidentiality and data protection obligations.
To School Customers: School Data and related logs are available to the School Customer and its authorized users in accordance with their settings and instructions.
Legal, Safety, and Compliance: where we believe disclosure is required by law or to protect rights, safety, and security of individuals, the School Customer, ProtectED, or others.
Business Transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to continued protections consistent with this Policy.
We do not sell Business Data or School Data, and we do not engage in cross‑context behavioral advertising using School Data. If our practices change for Business Data, we will update this Policy and provide required notices and opt‑out mechanisms.
9) Data Retention
We retain Business Data for as long as necessary to fulfill the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context.
For School Data, we retain information in accordance with our agreements with the School Customer and their instructions. Upon termination or upon request by the School Customer, we will return or delete School Data within the timelines and subject to exceptions provided by our contract and applicable law (e.g., for legal holds, security logs, or backup integrity).
10) Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including (without limitation): encryption in transit, access controls based on least privilege, audit logging, vulnerability management, and employee training. No security program is impenetrable; if we learn of a security incident affecting personal information, we will notify the relevant School Customer and/or affected individuals and regulators as required by law and our contracts.
11) International Data Transfers
We are based in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, or processed in the U.S. and other countries that may have data protection laws different from your jurisdiction. Where required, we use appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum. If we rely on any adequacy decision or certification mechanism (e.g., the EU‑U.S. Data Privacy Framework), we will indicate so on our website or in our agreements.
12) Your Privacy Rights
Depending on where you live, you may have rights regarding your personal information.
12.1 If you are in the EEA, UK, or Switzerland (GDPR/UK GDPR)
You may have the right to request access, correction, deletion, restriction, portability, and to object to certain processing. Where processing is based on consent, you may withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority.
12.2 U.S. State Privacy Laws (e.g., CA, CO, CT, UT, VA)
Residents of certain U.S. states may have rights to:
Know/access the categories and specific pieces of personal information we have collected about you;
Correct inaccuracies;
Delete personal information;
Opt out of (i) sales, (ii) sharing for cross‑context behavioral advertising, and/or (iii) targeted advertising;
Limit use and disclosure of sensitive personal information (where applicable);
Appeal our decision regarding a rights request (e.g., VA, CO, CT).
School Data: If your information was provided to ProtectED by a School Customer, please submit your request directly to that School Customer. We will support them in responding as required by law and our contract.
Business Data: To exercise rights for Business Data, please use the methods below. We will respond within the timeframes required by applicable law (e.g., 45 days in California, 45 days in Colorado/Virginia, with permissible extensions) and will verify your identity before fulfilling the request. Authorized agents may submit requests where allowed by law.
How to submit a request (Business Data only):
Email: hello@protectedsafety.com
To appeal a decision (where applicable), reply to our response with "Appeal" in the subject line and a brief explanation. If your appeal is denied, you may contact your state Attorney General.
13) FERPA, COPPA, and Education Privacy
For School Data, the School Customer controls access consistent with the Family Educational Rights and Privacy Act (FERPA) and any applicable state student privacy laws. ProtectED does not disclose School Data except as authorized by the School Customer, permitted by law, or required for safety, security, or legal compliance. Where the Children’s Online Privacy Protection Act (COPPA) applies, the School Customer (as the parent’s agent or with parental consent) authorizes ProtectED’s processing on the School’s behalf.
ProtectED does not use School Data to build profiles for advertising or for any purpose other than providing and improving the Services for the School Customer.
14) Third‑Party Links and Integrations
Our Services may link to or integrate with third‑party tools (e.g., mapping, communications, analytics, identity providers). Your use of those tools is governed by the third party’s terms and privacy policies. We encourage you to review them.
15) Data Minimization and De‑Identification
We adhere to principles of data minimization and purpose limitation. Where feasible, we may de‑identify or aggregate information for analytics and service improvement. We will not attempt to re‑identify de‑identified data except solely to test the effectiveness of our de‑identification processes.
16) Records Management and Backups
Operational backups, logs, and high‑availability replicas may retain copies of data for a limited period after deletion to ensure reliability and integrity. Such copies are automatically purged on a scheduled basis. We implement controls to prevent re‑ingestion of deleted data into production systems.
17) Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version and update the "Last Updated" date. Where required by law, we will provide additional notice or obtain consent.
18) Contact Us
ProtectED, LLC
Email: hello@protectedsafety.com
General inquiries: hello@protectedsafety.com
19) Region‑Specific Disclosures
California (CPRA)
We do not sell or share personal information as defined by CPRA. We process sensitive personal information only for permitted purposes. You may exercise the rights described in Section 12.2. If we ever engage in activities considered a sale or sharing, we will provide a "Do Not Sell or Share My Personal Information" link and honor opt‑out preference signals.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)
Residents have rights described in Section 12.2. For Virginia and Colorado, an appeals process is available as described above.
EEA/UK/Switzerland
ProtectED, LLC is the controller for Business Data and the processor for School Data. For questions about international transfers or to contact our EU/UK representative (if applicable), please email hello@protectedsafety.com
20) Additional Terms for Job Applicants
If you apply for a role with ProtectED, we will process your information for recruiting and, if successful, onboarding. We may retain your information to consider you for future roles unless you request deletion, subject to legal and business recordkeeping requirements.
21) Miscellaneous
Financial Incentives: We do not offer programs that provide different prices or rates in exchange for personal information. If this changes, we will describe the program and obtain any required consents.
Do Not Track: Our websites currently do not respond to browser DNT signals. We will honor applicable Global Privacy Control signals related to sales/sharing if such activities occur.
Accessibility: If you need this Policy in an alternative format, contact hello@protectedsafety.com
