re:sync

Privacy Policy

Last updated: December 2025

Overview

re:sync Technologies ("re:sync," "we," "us," or "our") is committed to protecting the privacy of schools, students, and families whose data is processed through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our data migration services.

Our platform is designed specifically for educational institutions migrating to Veracross and other Student Information Systems. We understand the sensitive nature of student data and have built our platform with privacy and security as foundational principles.

Information We Process

We process data on behalf of our school customers ("Data Controllers") to facilitate their SIS migrations. This data may include:

  • Student Information: Names, dates of birth, addresses, grade levels, enrollment history, and other demographic data
  • Parent/Guardian Information: Names, contact information, relationships to students, and emergency contact details
  • Staff/Faculty Information: Names, roles, contact information, and employment details
  • Academic Records: Enrollment history, previous schools, and related educational data
  • Student Documents: Report cards, transcripts, health records, and other student files (when OCR/document processing is requested)

We only process data that schools explicitly provide to us for migration purposes. We do not collect data directly from students or parents.

How We Use Information

We use the information provided by schools solely for the purpose of:

  • Ingesting and processing legacy SIS data exports
  • Cleaning, deduplicating, and normalizing data for migration
  • Performing OCR on student documents (when requested)
  • Generating Veracross-compatible CSV files and file manifests
  • Providing data validation and quality reports

We do not: Sell, rent, or share customer data with third parties for marketing purposes. We do not use student data to build profiles or for any purpose other than providing the contracted migration services.

FERPA Compliance

re:sync operates as a "school official" under the Family Educational Rights and Privacy Act (FERPA). We:

  • Perform services that the school would otherwise perform itself
  • Use education records only for the purposes for which they were disclosed
  • Do not re-disclose personally identifiable information without authorization
  • Maintain strict access controls limiting data access to authorized personnel only
  • Support schools in fulfilling their FERPA obligations

Data Storage & Security

All data is stored and processed in Microsoft Azure infrastructure located in the United States. We implement industry-standard security measures including:

  • Encryption in Transit: All data transmitted uses TLS 1.2 or higher
  • Encryption at Rest: All stored data is encrypted using Azure-managed encryption
  • Tenant Isolation: Each school's data is logically isolated using Row-Level Security
  • Access Controls: Role-based access control limits data access to authorized personnel
  • Audit Logging: All data access and processing activities are logged

For more details on our security practices, please see our Security page.

AI & Document Processing

When schools opt for our OCR/document processing services, we use Azure Document Intelligence (Azure AI) to extract text from student documents. Microsoft provides the following guarantees:

  • No Model Training: Customer data is NOT used to train, retrain, or improve Microsoft's AI models
  • Temporary Storage: Documents are temporarily stored only for processing and automatically deleted within 24 hours
  • Regional Processing: Data is processed in the same Azure region and does not leave it
  • Customer Control: Customers can request immediate deletion of processing results at any time

Data Retention & Deletion

We retain customer data only for as long as necessary to complete the migration services:

  • Active Migration: Data is retained during the migration project
  • Post-Migration: Data is retained for up to 90 days after migration completion to support any follow-up needs
  • Deletion: All customer data is permanently deleted within 90 days of project completion unless otherwise agreed in writing
  • Early Deletion: Schools may request early deletion at any time

Third-Party Services

We use the following third-party services to provide our platform:

  • Microsoft Azure: Cloud infrastructure, storage, and AI services
  • Azure Document Intelligence: OCR and document processing
  • Azure PostgreSQL: Database services

All third-party services are contractually bound to protect customer data and are compliant with applicable data protection regulations.

Data Subject Rights

Schools retain ownership of all data processed through our platform. Schools (and through them, their students and parents) may:

  • Access: Request access to data we hold about them
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of their data
  • Export: Request a copy of their data in a portable format

To exercise these rights, schools should contact us at the address below. Individual data subject requests should be directed to the school, who will coordinate with us as needed.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify customers of any material changes by email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

For privacy-related inquiries or to exercise data subject rights, please contact us at:

re:sync Technologies
Email: privacy@resync.tech