1. Introduction

ParentReach ("we", "us", or "our") is committed to protecting the privacy of teachers, school administrators, parents, and students who use our platform. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Account information: When teachers or schools register, we collect name, email address, and password (stored as a secure hash — never in plain text).

Appointment data: Student name, grade, parent name, parent email, parent phone (optional), preferred date/time, topic, and meeting type.

Student reports: Academic grades, conduct notes, and teacher citations entered by teachers.

Payment information: Billing is handled by Stripe. We do not store credit card numbers. We store only a Stripe customer ID and subscription ID to manage your plan.

Usage data: We may collect basic usage logs for security and debugging purposes.

3. How We Use Your Information

• To provide and operate the Service
• To send appointment confirmations, reminders, and reports via email
• To process subscription payments
• To authenticate users and maintain session security
• To prevent fraud and ensure platform security
• To respond to support requests

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Student Privacy and FERPA

We take student privacy seriously. Student data entered into ParentReach (names, grades, reports) is used exclusively to facilitate communication between teachers and parents within the platform. We comply with the Family Educational Rights and Privacy Act (FERPA) and do not disclose student records to unauthorized parties.

Schools and teachers are responsible for ensuring they have appropriate authorization before entering student information into the platform.

5. Third-Party Services

We use the following third-party services to operate ParentReach:

• Supabase / PostgreSQL — database hosting (us-east-1)
• Stripe — payment processing. Subject to Stripe's Privacy Policy
• Resend — transactional email delivery
• Vercel — application hosting and infrastructure

Each of these providers has their own privacy policies governing their use of data.

6. Data Security

We implement industry-standard security measures to protect your data:

• Passwords are hashed using PBKDF2 with 200,000 iterations
• Sessions are signed with HMAC-SHA256
• All connections are encrypted via HTTPS
• Magic links and reset tokens expire after a short period and can only be used once

Despite these measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your account information and appointment data for as long as your account is active. If you request deletion of your account, we will remove your personal data within 30 days, except where retention is required by law or legitimate business purposes.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data

To exercise any of these rights, please contact us through our contact page.

9. Cookies

ParentReach uses only essential session cookies necessary to operate the Service. These cookies are httpOnly, secure, and are not used for tracking or advertising purposes. No third-party tracking cookies are used.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by email. The date at the top of this page indicates when the policy was last revised.

11. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at our contact page.