Privacy Policy for Student Tech Usher

1. Introduction

At Student Tech Usher, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you visit our platform, in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).

2. Scope of this Policy

This Policy applies to the processing of personal data of:

• Students using the platform for academic planning and communication;
• Academic Advisors interacting with students for guidance and evaluation;
• Institutional Administrators managing user roles and academic programs.

3. Data Controller

The data controller is:

For data protection matters, please contact our Data Protection Officer at: [DPO Email]

4. Categories of Personal Data Collected

Important: All student data we collect is provided directly by you. We do not collect data from third parties without your knowledge.

Depending on your role, we may process the following data:

For Students:

Name, contact details, academic records (that you provide), course enrollments, graduation plans, login credentials, communications with advisors, career goals and preferences.

You control what information you provide to the platform. You may upload your transcript, enter course information, and create graduation plans. We only know what you tell us.

For Advisors:

Name, institutional role, contact details, student notes, meeting schedules.

For Admins:

User role management data, institutional settings, system access logs.

5. Legal Basis for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

• Performance of a contract (e.g., providing educational services) – Art. 6(1)(b);
• Legal obligation (e.g., academic records retention) – Art. 6(1)(c);
• Legitimate interests (e.g., ensuring platform security, analytics) – Art. 6(1)(f);
• Consent for optional features like newsletter subscriptions – Art. 6(1)(a).

6. Purpose of Data Processing

We use your data to:

• Facilitate academic planning and communication;
• Enable access to educational tools and resources;
• Monitor usage and improve platform functionality;
• Comply with legal and institutional obligations.

7. Data Sharing and Access

Who Can See Your Data:

Your student data (including graduation plans) may be accessed by:

• You: Full access to all your data;
• Authorized Academic Advisors: Only advisors approved by your institution for your specific academic program(s) have limited access to view and edit details in your graduation plans to provide guidance;
• Your Institution's Administrators: Staff designated by your university to manage the platform;
• IT Service Providers: Technical personnel under strict data protection agreements (for system maintenance only, not for viewing student information);
• Legal Authorities: Only if required by law or valid legal process.

Access Control: Advisors can only access graduation plans for students in programs they are authorized to advise. They cannot see data for students outside their assigned programs.

International Data Transfers:

We do not transfer personal data outside the EEA unless adequate safeguards are in place in line with Chapter V of the GDPR. For U.S.-based institutions, data is stored and processed within the United States.

What We Do NOT Do:

• We do NOT sell your data to third parties;
• We do NOT share your data with marketing companies;
• We do NOT use your academic records for purposes unrelated to educational planning;
• We do NOT allow unauthorized advisors to access your information.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined or as required by law. Retention periods vary by data category and user role.

9. Your Data Protection Rights

You have the following rights under GDPR:

• Right of access (Art. 15);
• Right to rectification (Art. 16);
• Right to erasure ("right to be forgotten") (Art. 17);
• Right to restriction of processing (Art. 18);
• Right to data portability (Art. 20);
• Right to object (Art. 21);
• Right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact [DPO Email].

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies in accordance with the ePrivacy Directive and Article 5(3) thereof. You can manage your preferences via our Cookie Settings Page.

11. FERPA Compliance (U.S. Educational Institutions)

For students at U.S. educational institutions, we comply with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g.

Your Rights Under FERPA:

• Right to inspect and review your education records;
• Right to request amendment of inaccurate records;
• Right to consent to disclosures of personally identifiable information;
• Right to file a complaint with the U.S. Department of Education.

FERPA-Permitted Disclosures:

We disclose your information only as permitted under FERPA, including:

• School Officials with Legitimate Educational Interest: Authorized advisors and administrators at your institution who need access to fulfill their professional responsibilities;
• With Your Consent: When you provide written consent for specific disclosures;
• As Required by Law: In response to lawfully issued subpoenas or court orders.

Institutional Role:

Your educational institution retains ownership and control of your education records. We act as a service provider on behalf of your institution. Your institution's FERPA policies and procedures apply to the data stored in this platform.

Questions about FERPA? Contact your institution's Registrar or FERPA Compliance Officer. To file a FERPA complaint, contact: Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue, SW, Washington, DC 20202.

12. Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you. AI features are advisory only and all decisions remain with you and your advisors.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest;
• Role-based access controls limiting who can view your data;
• Regular security audits and vulnerability assessments;
• Employee training on FERPA and data privacy requirements;
• Comprehensive audit logging of all data access.

For detailed information about our security practices, please see our Security Documentation or contact our security team.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be posted on our website with the effective date. If we make material changes, we will notify you through the platform or via email.