Privacy Policy

Last updated: February 20, 2026

In Plain English: Your school owns its data. We protect it. We don't sell it. We don't use student information for advertising. We act as your service provider under FERPA, which means we handle education records only for the purposes you've authorized. If you have questions about student data, contact your school first — they're the data controller.

1. Introduction

This Privacy Policy explains how Acadesync (operated by SMPL.CX LLC, a Georgia limited liability company) collects, uses, protects, and shares information when you use our cloud-based K-12 school management platform.

Acadesync provides software-as-a-service to schools for managing student information, tuition billing, enrollment, attendance, grades, and related school operations. We take data privacy seriously — especially when it comes to children and education records.

Who Controls the Data?

Your school is the data controller. Schools determine what information is collected, how it's used, and who has access. Acadesync acts as a data processor (or "service provider") on behalf of the school. We process data only as directed by the school and in accordance with our agreement with them.

2. Information We Collect

From Schools (Administrators)

  • School name, address, contact information
  • Administrator and staff account information (names, email addresses, roles)
  • Billing information (payment methods, invoices)
  • School configuration preferences (logo, colors, settings)

Student Information (Provided by Schools)

Schools upload or enter the following types of student information into Acadesync:

  • Names, date of birth, grade level, student ID numbers
  • Emergency contact information (parent/guardian names, phone numbers, addresses)
  • Medical and allergy information (for nurse/health portals)
  • Attendance records, grades, assignments, behavior notes
  • Photos (if uploaded by school or parents)
  • Enrollment applications and documents

Parent and Guardian Information

  • Names, email addresses, phone numbers, mailing addresses
  • Payment methods (for tuition and fee payments)
  • Communication preferences
  • Login credentials (for parent portal access)

Automatically Collected Information

When you use our platform, we automatically collect:

  • Device information (browser type, operating system, IP address)
  • Usage data (pages viewed, features used, time spent on platform)
  • Cookies and similar tracking technologies (see Section 9)

Payment Information

Payment card data is processed by third-party payment processors (Square, Nuvei, and Stripe). We do not store full credit card numbers on our servers. We retain only tokenized references and the last 4 digits for display purposes.

3. How We Use Information

We use the information we collect to:

  • Provide and maintain the platform — enabling schools to manage student records, billing, attendance, grades, and communications
  • Process tuition payments and billing — generating invoices, processing payments, sending receipts
  • Send notifications — attendance alerts, grade updates, billing reminders, school announcements
  • Improve our services — analyzing usage patterns to enhance features, fix bugs, and optimize performance
  • Comply with legal obligations — responding to lawful requests, court orders, and regulatory requirements
  • Provide customer support — responding to school inquiries and troubleshooting issues

We do NOT:

  • Sell personal information to third parties
  • Use student data for advertising or marketing purposes
  • Create advertising profiles based on student behavior
  • Share data with third parties except as described in Section 5

4. FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. When schools use Acadesync, we act as a "school official" under FERPA with a legitimate educational interest.

What This Means:

  • We use education records solely for the purposes agreed upon with the school (e.g., managing enrollment, billing, grades)
  • We do not re-disclose student information without the school's authorization or a legal exception
  • Schools retain ownership of all student data — they can export or delete it at any time
  • Parents have the right to inspect and review their children's education records through their school (not directly through Acadesync)

Your FERPA Rights

If you are a parent or eligible student and have questions about your education records, please contact your school directly. FERPA rights include:

  • The right to inspect and review education records
  • The right to request corrections to inaccurate records
  • The right to consent to disclosures (with certain exceptions)
  • The right to file a complaint with the U.S. Department of Education

5. Data Sharing and Disclosure

We do not sell your data to third parties. We share information only in the following limited circumstances:

Service Providers (Subprocessors)

We use trusted third-party vendors to help us operate our platform. These vendors are contractually required to protect your data and use it only for the purposes we specify:

  • Payment processors — Square, Nuvei, Stripe (for processing tuition payments)
  • Email delivery — MailKit, email service providers (for sending notifications and receipts)
  • Cloud hosting — Secure cloud infrastructure providers (for data storage and computing)
  • Document signing — DocuSeal (for enrollment forms and contracts)

Legal Requirements

We may disclose information if required by law or legal process, such as:

  • In response to court orders or subpoenas
  • To comply with valid government requests
  • To protect the rights, property, or safety of Acadesync, our users, or the public

With School Consent

We will share data with third parties if a school explicitly requests or authorizes us to do so (e.g., integrations with other school systems).

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit — All data transmitted over the internet is encrypted using TLS 1.2 or higher
  • Encryption at rest — Sensitive data is encrypted in our databases using AES-256 encryption
  • Isolated database schemas per school — Each school's data is stored in a separate database schema for tenant isolation
  • Two-factor authentication (2FA) — Available for all user accounts
  • Audit trails — Complete logs of all data changes and access
  • Regular security assessments — We continuously monitor for vulnerabilities and threats
  • Secure cloud infrastructure — Our hosting environment uses firewalls, intrusion detection, and access controls

While we take extensive precautions, no system is 100% secure. If we become aware of a data breach affecting personal information, we will notify affected schools and individuals as required by law.

7. Data Retention and Deletion

How Long We Keep Data

  • We retain data for as long as the school's account is active
  • Schools can request a full data export at any time
  • Upon account termination, data is deleted within 90 days unless the school requests an extension for compliance purposes
  • Backup copies are retained for 30 days after deletion for disaster recovery purposes

Requesting Deletion

Schools can request deletion of their data by contacting us at hello@acadesync.com. We will permanently delete the data from our active systems and backups within 90 days (or as otherwise agreed).

8. Children's Privacy (COPPA Compliance)

The Children's Online Privacy Protection Act (COPPA) regulates the collection of personal information from children under 13. Here's how we comply:

  • We do not knowingly collect information directly from children under 13
  • All student data is provided by schools or parents/guardians who have the authority to share it
  • Schools are responsible for obtaining any necessary parental consent before sharing student information with Acadesync
  • We do not use student data for behavioral advertising or profiling

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our services:

Essential Cookies

These are required for the platform to function properly:

  • Authentication cookies (keep you logged in)
  • Session cookies (maintain your preferences during your visit)
  • Security cookies (detect fraud and abuse)

Analytics Cookies

We use analytics tools to understand how users interact with our platform. These cookies can be disabled in your browser settings without affecting core functionality.

What We Don't Do

  • We do not use third-party advertising cookies
  • We do not track students across websites for advertising purposes
  • We do not sell cookie data to advertisers

10. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights:

Access Your Data

Schools and parents can request a copy of the information we have about them or their students.

Correct Inaccurate Data

If information in the platform is incorrect, contact your school to request corrections. Schools can update records directly in the platform.

Request Deletion

You can request deletion of your data, subject to school policies and legal requirements (e.g., financial records retention). For student data, contact your school first.

Data Portability

Schools can export their data from Acadesync at any time in standard formats (CSV, PDF).

Opt Out of Communications

Parents can adjust their notification preferences in the parent portal. You can opt out of non-essential emails, but some notifications (e.g., billing reminders) may be necessary for account management.

For Student Data Concerns: Contact your school first. Under FERPA, schools control education records. We process data on their behalf and can make changes only at their direction.

11. United States Residents — State Privacy Rights

California (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know — You can request what personal information we collect, use, disclose, and sell
  • Right to Delete — You can request that we delete personal information we collected from you
  • Right to Correct — You can request correction of inaccurate personal information
  • Right to Opt Out of Sale/Sharing — You can opt out of the sale or sharing of your personal information for targeted advertising
  • Right to Limit Sensitive Personal Information — You can limit the use of sensitive personal information
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights

Important: Acadesync does not sell personal information. We do not use student data for advertising or profiling. We process data only to provide the school management services described in this policy.

California "Shine The Light" Law: California Civil Code Section 1798.83 permits California residents to request information about personal data disclosed to third parties for direct marketing purposes. Since we do not disclose personal information to third parties for their direct marketing, no such disclosure list applies.

To exercise your California privacy rights, contact us at hello@acadesync.com.

Other US States

Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have similar rights under their respective state privacy laws, including:

  • Right to access your personal data
  • Right to correct inaccuracies
  • Right to delete your personal data
  • Right to obtain a copy of your data
  • Right to opt out of targeted advertising, sale of personal data, or profiling

To exercise these rights, contact us using the information in Section 14 below. If we decline your request, you may appeal by emailing hello@acadesync.com.

Do-Not-Track Signals

Some browsers include a Do-Not-Track ("DNT") feature. Because there is no uniform technology standard for recognizing DNT signals, we do not currently respond to them. If a standard is adopted that we must follow, we will update this policy accordingly.

California Users and Residents

If any complaint with us is not satisfactorily resolved, you can contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834, or by telephone at (800) 952-5210 or (916) 445-1254.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify schools via email at least 30 days in advance
  • We will post the updated policy on this page with a new "Last Updated" date
  • Continued use of the platform after the effective date constitutes acceptance of the updated policy

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: hello@acadesync.com
Legal: hello@acadesync.com
Mail: SMPL.CX LLC
        Attn: Privacy Officer
        58 Altama Village Drive #1030
        Brunswick, GA 31525
        United States
Phone: (+1) 706-955-2095
Fax: (+1) 706-842-5474

For student data concerns: Please contact your school's administration directly. They are the data controller and can address your specific questions about education records.

FERPA Complaints: If you believe your FERPA rights have been violated, you may file a complaint with:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202

Thank you for trusting Acadesync with your school's data. We're committed to protecting it.