Overview
Asan Digital LLC, operating as EduQueue ("we," "our," or "us"), is committed to protecting the privacy and security of educational data. This Data Sharing Policy explains how we collect, use, and share data in compliance with applicable educational privacy laws, including the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and state-specific student privacy laws.
Important: We are a service provider to educational institutions. We process data solely on behalf of and under the direction of the schools and districts we serve.
Data We Collect
In providing visitor management services to K-12 institutions, we may collect:
Visitor Information
- Full name and identification details
- Driver's license or state ID information
- Mobile phone number (for digital ID delivery)
- Purpose of visit
- Time and date of visits
- Photograph (if required by institution policy)
- Background check results (when authorized)
Staff Information
- Name and employee identification
- Contact information
- Access permissions and credentials
- Attendance records
Limited Student Information
- Student name (only for checkout purposes)
- Grade level and teacher information
- Parent/guardian authorization details
Our Data Sharing Practices
We DO NOT:
- Sell any personal information to third parties
- Share data for marketing or advertising purposes
- Use student data for targeted advertising
- Build profiles of students for non-educational purposes
- Share data with third parties except as outlined in this policy
We ONLY Share Data:
- With the educational institution: All data collected belongs to the school/district
- As directed by the institution: Following explicit instructions from authorized personnel
- For legal compliance: When required by law, court order, or subpoena
- For safety: To protect the safety of students, staff, or visitors
- With authorized service providers: Who assist us in providing services (see Third Parties section)
FERPA Compliance
We comply with the Family Educational Rights and Privacy Act (FERPA) by:
- Acting as a "school official" under the direct control of the educational institution
- Using education records only for the purposes authorized by the school
- Not re-disclosing personally identifiable information without consent
- Maintaining the confidentiality of all education records
- Allowing schools to maintain full control over their data
School Control: Educational institutions maintain full ownership and control of all data. We process data solely as their authorized agent.
COPPA Compliance
For children under 13, we comply with the Children's Online Privacy Protection Act (COPPA) by:
- Not collecting personal information directly from children
- Only processing children's information as directed by the school
- Relying on schools to obtain necessary parental consent
- Not using children's information for commercial purposes
- Implementing appropriate security measures for children's data
Third-Party Service Providers
We may engage carefully selected third-party service providers to assist in delivering our services. These providers:
- Are contractually required to protect data confidentiality
- May only use data to provide contracted services
- Are prohibited from using data for their own purposes
- Must comply with all applicable privacy laws
Types of Service Providers:
- Amazon Web Services: Secure cloud hosting and data storage
- Twilio: SMS messaging for digital ID cards and emergency alerts
- Background check services: When authorized by the institution
- Technical support: System maintenance and troubleshooting
SMS Data Sharing: Phone numbers are shared with Twilio solely for delivering digital visitor passes and emergency notifications. Twilio is contractually prohibited from using this data for any other purpose.
Parent and Guardian Rights
Parents and legal guardians have the right to:
- Access their child's information through their educational institution
- Request corrections to inaccurate information
- Request deletion of their child's information (through the school)
- Opt-out of certain data uses (subject to school policies)
- File complaints regarding data handling
Note: Parents should direct all requests regarding their child's data to their educational institution, as they maintain control over all student information.
Data Retention
We retain data according to the following principles:
- Visitor logs: As specified by the educational institution's policy
- Security footage: Typically 30-90 days unless required for an investigation
- Background check results: According to legal requirements and school policy
- System logs: 90 days for security and troubleshooting purposes
Upon contract termination, we will:
- Transfer all data to the institution as requested
- Delete all data from our systems within 90 days
- Provide certification of data deletion upon request
Security Measures
We implement industry-standard security measures to protect data:
- Encryption: All data encrypted in transit and at rest
- Access controls: Role-based permissions and multi-factor authentication
- Monitoring: 24/7 security monitoring and intrusion detection
- Auditing: Regular security audits and penetration testing
- Training: Regular privacy and security training for all staff
- Incident response: Documented procedures for security incidents
Breach Notification: In the event of a data breach, we will notify affected institutions within 48 hours and cooperate fully in their notification to affected individuals.
State-Specific Provisions
We comply with all applicable state student privacy laws, including but not limited to:
- California: AB 1584, SB 1177 (SOPIPA)
- New York: Education Law 2-d
- Connecticut: PA 16-189
- Other state-specific student privacy statutes
Updates to This Policy
We may update this Data Sharing Policy to reflect changes in our practices or legal requirements. We will notify educational institutions of material changes and post the updated policy on our website.
Contact Information
For questions about data sharing practices or to exercise your rights, please contact:
For Parents: Please contact your child's school directly for access to educational records. Schools control all student data within our system.