Student Data Security Policy

Frogtummy Enterprises

Adopted: 15 September 2025

Summary

We know you care about how your personal information is used and shared, and we take your privacy and the privacy of students seriously. Frogtummy Enterprises, Inc. (“the Contractor”) acts in the role of “school official” and adheres to a strict policy of respecting and protecting the data and privacy of our users. We receive personally identifiable student data from users and from school administrative personnel strictly for the purpose of providing the contracted service of Parent Information Center. This privacy policy applies to all Frogtummy Enterprises, Inc. education entity products.

The Contractor will comply with all applicable federal, state, and local laws, rules, and regulations pertaining to student data privacy and security, all as may be amended from time to time. These include, but are not limited to, FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) and state-specific statutes such as the Utah Student Data Protection Act (Utah Code § 53E-9-301 et seq.). Because our products are not directed to children and students do not create accounts or provide information directly, COPPA (Children’s Online Privacy Protection Act) does not apply to our services.

Compliance With Laws

Frogtummy Enterprises complies with all applicable federal, state, and local laws related to the privacy and protection of student information, including but not limited to:

• FERPA (Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g; 34 CFR Part 99).
• State Student Data Privacy Laws, such as the Utah Student Data Protection Act (Utah Code § 53E-9-301 et seq.) and equivalent statutes in other states where our services are used.
• Other applicable federal or state laws or regulations that govern the confidentiality, security, and permitted uses of student data.

By contracting with schools and LEAs, Frogtummy Enterprises agrees to meet or exceed the requirements of these laws and any additional obligations set forth in district- or state-specific data privacy agreements.

State-Specific Rights

In addition to FERPA and other federal requirements, Frogtummy Enterprises complies with all applicable state student data privacy laws. These laws may provide parents, guardians, and students additional rights regarding their personal information.

Utah

• Frogtummy complies with the Utah Student Data Protection Act (Utah Code Title 53E, Chapter 9, Part 3).
• Under Utah law, parents and eligible students have the right to access their student’s data, request corrections to inaccurate information, and request that data no longer needed for educational purposes be deleted.
• Frogtummy provides these rights through the contracted school or LEA, which remains the custodian of record.

California

• Frogtummy complies with the California Student Online Personal Information Protection Act (SOPIPA, Cal. Bus. & Prof. Code §§ 22584–22585) and related California privacy statutes.
• This means Frogtummy will not use student information for targeted advertising, create student profiles for non-educational purposes, or sell student information.
• California parents and students may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal data is collected, the right to request deletion, and the right to opt out of sale of personal information. Because Frogtummy operates solely as a school official/service provider, any such requests must be made through the student’s school or LEA.

Other States

Where required by state-specific laws or data privacy agreements, Frogtummy will honor equivalent rights and protections.

What We Receive

From the Parents/Legal Guardians:

• Parents and guardians may provide information such as student name, address, email, date of birth, grade level, campus preferences, sibling information, and parent/guardian contact details when creating an account or completing school enrollment forms.
• If the school subscribes to services that integrate through OneRoster or a similar standard, Frogtummy Enterprises may also receive limited information directly from the school’s SIS. This may include parent/guardian contact information, school enrollment details, and course enrollment records.

All enrollment and contact information is processed solely for the purpose of supporting the school’s administrative functions and facilitating communication between the school and parents/guardians. Frogtummy Enterprises does not use this information for secondary purposes and does not share it with unauthorized third parties

Payment Information:

If the school subscribes to Frogtummy Enterprises’ payment system, parents and guardians may provide payment information for school-related fees. All payment transactions are processed by a secure, nationally recognized payment processor using strong industry-standard encryption. Frogtummy Enterprises does not store or have access to full credit card numbers.

For the purpose of providing the service, we retain only limited transaction details, such as the payment date, the amount paid, and the items paid for. This information is processed solely on behalf of the contracted school and is not used for any secondary purpose, nor shared with unauthorized third parties.

Direct Communications:

If the school subscribes to Frogtummy Enterprises’ messaging platform, parents and guardians may communicate directly with school personnel through the application by email or text message. We keep records of these communications solely for the purpose of enabling two-way communication between the school and parents/guardians, and for providing technical support when requested.

Frogtummy Enterprises processes these communications only as a “school official” on behalf of the contracted school. Messages are not used for marketing or other secondary purposes, nor are they shared with unauthorized third parties

Attendance Information:

We receive attendance data from the school’s Student Information System (SIS) for the limited purpose of communicating attendance information to parents and guardians. Parents and guardians may respond to attendance notifications through email, text message, or within the application. These responses may include explanations or requests for excused absences, which are transmitted back to the school through the SIS in accordance with the school’s attendance policies.

Frogtummy Enterprises processes this information only as a “school official” to support the school’s administrative functions. Attendance information and parent responses are not used for any secondary purposes, nor are they shared with unauthorized third parties.

From the School:

The contracted school provides specific information to the Contractor to provide services as a “school official” to increase the efficiency of administrative duties performed by the school. The information provided to the Contractor depends on the services selected by the school, but may include student legal name, date of birth, grade level, entry/exit dates, list of enrolled courses, outstanding payment balances, etc.

From the Tech:

We use Google Analytics™ to track and store your settings and activity while using the Parent Information Center. Cookies and necessary technical information are used only for functionality, not advertising.

FERPA & State Privacy Laws

Our products are designed for use by schools and parents/guardians, not by students directly. The Contractor does not ask children for personal information, and the Parent Information Center is not intended for children under 16 years of age. All student data handled by Frogtummy Enterprises is subject to FERPA and applicable state student data privacy laws. If we learn we have collected or received personal information directly from a child without parental or school authorization, we will delete that information.

Advertising & Social Media

As our product is intended for school personnel and parents and guardians, the Contractor does not display any advertising to children on our websites or apps.

Policy Updates

We may make changes to this privacy policy from time to time and will notify you of changes by posting the revised privacy policy with an updated date of revision on our website. Your continued use of our services following the effective date of such update constitutes your acceptance of the revised policy.

Accessing & Updating Your Information

We use Personal Information and any other information collected through the website for the following reasons:

• to administer the Services;
• to improve the quality and types of services we deliver;
• to analyze usage of the services and the popularity and performance of our products;
• to allow schools to communicate with parents by responding to their requests, comments and questions;
• to diagnose technical problems;
• to email parents and other authorized users regarding service, technical, and other administrative matters. These communications may also include information regarding changes in services, new service offerings, and important service-related notices, such as security and fraud notices. Such communications will only be delivered to parents and LEAs;
• to send users alerts to notify them about pertinent activity on our Services.
• to conduct research and analytics to improve our Services and value to you, and to perform research for authorized persons;
• to protect the Contractor and our users, such as conducting audits or notifying LEAs of inappropriate or potentially harmful behavior;
• to assist users who request technical support;
• for other educational purposes requested and sanctioned by an authorized representative of the LEA;
• for billing, account management, and other administrative matters;
• to comply with a judicial order, subpoena or other legal request; or
• as required by applicable law or regulation.

Security

We strive to protect the confidentiality, security, and integrity of the Personal Information we collect. Protections include:

• Data encryption in transit (SSL/TLS) and at rest.
• Access restricted to a limited number of employees/contractors with a business need.
• Data Systems Monitoring: We employ several third-party services that continuously monitor and scan our Services for vulnerabilities. Employees dedicated to operating the Services monitor these reports and receive automated alerts when performance falls outside of prescribed norms.
• Continuous system monitoring and vulnerability scanning.
• Firewalls and anti-virus software.
• Security audits and code reviews.
• Employee training in data privacy and protection.

Data Retention & Destruction

All Personally Identifiable Information (PII) provided to Frogtummy Enterprises will be retained only for as long as necessary to fulfill the educational purpose for which it was collected or as required by law. Unless otherwise directed by the contracting school or LEA, all PII will be securely destroyed within **30 days of termination of services** or upon written request from the school/LEA

Secure destruction includes removal from active systems and deletion from system backups, temporary files, or other storage media according to industry-standard practices

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent information will not be shared with any third parties

Sharing of Your Personally Identifiable Information with Service Providers

Frogtummy Enterprises will not sell, rent, or trade your PII or your student’s PII to any third party. We may share your PII only with service providers bound by confidentiality agreements, and only for the purpose of carrying out contracted services.

Contact Information

Please contact the contracted school with any questions or comments.