Security & Privacy First

We take the protection of your student and staff data seriously. Built with industry-standard security practices.

Data Encryption

All data is encrypted at rest and in transit using AES-256 encryption standards. Your information remains private and secure.

Access Control

Role-based access controls ensure that only authorized personnel can view or modify sensitive information.

Secure Infrastructure

Hosted on secure, US-based cloud infrastructure with regular backups and redundancy.

Privacy Compliance

We adhere to strict privacy policies and do not sell or share student data with third parties.

For Schools & Districts

Student Privacy Quick Guide

FERPA + COPPA compliance information for SignUpGo and School Conference Go school and district customers.

What These Tools Do

SignUpGo

Helps schools coordinate sign-ups for volunteers, events, and schedules.

School Conference Go

Helps schools run parent-teacher conference scheduling and reminders.

Data We May Process (Typical Examples)

  • Account data: Name, email address, role (staff, parent/guardian, admin).
  • Optional contact data: Phone number if SMS reminders are enabled.
  • Scheduling data: Time-slot selections, availability, and attendance status.
  • Conference context: Teacher names and meeting slot info; student name may be entered only when a school chooses to use it.
  • Operational logs: Audit and security logs to prevent abuse and support troubleshooting.

FERPA: How We Support School Compliance

When a school or district uses our products, we act as a service provider performing an institutional function for the school. Our goal is to help schools meet the requirements commonly used for outsourcing under FERPA.

✓ Purpose-Limited Use
We use student data only to provide the service requested by the school or district.

✓ No Sale or Advertising
We do not sell student data and we do not use it for targeted advertising.

✓ Contractual Limits
We contractually limit access to authorized personnel and approved subprocessors that help deliver the service.

✓ School Control
Data access is role-based and administrators can export or delete data subject to applicable retention needs.

COPPA: Children Under 13

Our products are intended for school-administered use and are not designed as child-directed services. If a school enables use involving children under 13, we follow COPPA expectations for education technology use in schools.

  • We provide schools notice about what data is collected and how it is used.
  • Where a school acts as the parent's agent for consent in an educational context, we rely on the school's authorization and limit use to the school purpose.
  • As a best practice, we make privacy information available to parents and provide a path to review or request deletion of a child's information.

Security, Retention & Deletion

Security

Encryption in transit; least-privilege access; monitoring and logging; secure vendor management.

Retention

Customer data is retained only as needed to provide the service and meet contractual or legal requirements.

Deletion

Upon request and subject to school approval, we support deletion of records; after contract end, we delete or de-identify data per the agreement.

What Schools & Districts Should Do

  • Configure roles and permissions so staff and parents see only what they need.
  • Share appropriate notices with families and follow district policy for vendor use.
  • Request a Data Privacy Agreement (DPA) or addendum if required by your district.

Need a DPA or have questions? Contact us at support@signupgo.com