Privacy Policy

1. Introduction

KyDz-Passport ("we," "our," or "us") is committed to protecting the privacy and security of student and user data. This Privacy Policy explains how we collect, use, disclose, and safeguard information in compliance with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and the Individuals with Disabilities Education Act (IDEA).

2. FERPA Compliance

What is FERPA?

FERPA is a federal law that protects the privacy of student education records. We act as a "school official" when handling student data on behalf of educational institutions.

How We Protect Student Records:

• All student data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• Access is limited to authorized personnel only through role-based access control
• We do not disclose personally identifiable information without consent
• Parents and eligible students can access, review, and request corrections
• Audit logs track all access to student data for accountability

3. COPPA Compliance

Protection for Children Under 13

COPPA requires parental consent for collecting personal information from children under 13 years old.

Our COPPA Practices:

• Age verification required during registration
• Parental consent obtained before collecting data from users under 13
• Parents can review and delete their child's data at any time
• No behavioral advertising or tracking of children
• Minimal data collection - only what's necessary for educational services
• Clear privacy policy written in plain language

4. IDEA Compliance

Accessibility for Students with Disabilities

IDEA ensures that students with disabilities receive a Free Appropriate Public Education (FAPE) with necessary accommodations.

Our Accessibility Features:

• WCAG 2.1 AA compliant interface design
• Screen reader compatibility (ARIA labels and semantic HTML)
• Keyboard navigation support
• High contrast mode available
• Alternative text for all images and visual elements
• Compatible with assistive technology devices

5. Information We Collect

• Account Information: Email address, role, subscription plan
• Authentication Data: Encrypted passwords, MFA codes (temporary)
• Usage Data: Login attempts, session data, app access logs
• Optional Information: Date of birth (for age verification)

6. How We Use Your Information

• Provide authentication and authorization services
• Maintain security and prevent fraud
• Comply with legal obligations (FERPA, COPPA, IDEA)
• Improve our services and user experience
• Communicate important security or service updates

7. Data Security

Security Measures:

• Encryption: AES-256 for data at rest, TLS 1.3 for data in transit
• Authentication: Bcrypt password hashing, JWT tokens, optional MFA
• Access Control: Role-based permissions, least privilege principle
• Monitoring: 24/7 security monitoring, audit logging
• Account Protection: Automatic lockout after failed login attempts
• Session Management: 30-minute inactivity timeout

8. Data Retention and Deletion

We retain user data only as long as necessary for providing services or as required by law. Users or parents (for children under 13) can request data deletion at any time by contacting us.

• Active accounts: Data retained while account is active
• Inactive accounts: Data deleted after 2 years of inactivity
• Temporary data: MFA codes expire after 5 minutes, password reset tokens after 1 hour
• Audit logs: Retained for 1 year for security purposes

9. Third-Party Disclosure

We do not sell, trade, or rent personal information to third parties. We may share data only in these limited circumstances:

• With authorized school officials for educational purposes (FERPA exception)
• To comply with legal obligations or court orders
• To protect the safety of users or others in emergency situations
• With service providers who assist in operations (under strict confidentiality)

10. Your Rights

Parents/Guardians (for children under 13):

• Review personal information collected from your child
• Request deletion of your child's data
• Refuse further collection or use of information

Eligible Students (18+) and Adults:

• Access and review your personal information
• Request corrections to inaccurate data
• Request account deletion
• Export your data

11. Contact Us

For questions about this Privacy Policy, data access requests, or to exercise your rights, please contact:

KyDz-Passport Privacy Team
Email: privacy@kydz-hub.com
Subject: Privacy Policy Inquiry

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance of the updated policy.