Introduction

SOPPA Simplified is a compliance management platform operated by SMARTpath Education Services, LLC, a K-12 technology consulting company serving Illinois school districts. This platform specifically helps districts navigate Student Online Personal Protection Act (SOPPA) requirements by managing vendor agreements and tracking compliance status.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

What Information We Collect

From District Users

• Contact Information: Name, email address, phone number, job title, district name
• Account Information: Login credentials, district affiliation
• Compliance Data: Vendor agreement status, compliance tracking information, privacy officer details, policy documentation dates
• Communication Records: Email correspondence about vendor compliance, support questions, and system interactions

From Website Visitors

• Contact Form Submissions: Name, email, district name, phone number (optional), role, and any message you provide
• Technical Information: IP address, browser type, device information (via standard web server logs)

What We DON'T Collect

How We Use Your Information

• Provide Services: To operate the SOPPA Simplified platform, track vendor compliance status, manage agreement workflows, and respond to email inquiries
• Communicate: To send automated email responses about vendor status, respond to support questions, and provide service updates
• Improve Services: To understand how the platform is used and make improvements
• Fulfill Legal Obligations: To comply with applicable laws and regulations

Data Storage and Security

We store your data using Supabase (PostgreSQL database) with industry-standard security practices including:

• Encrypted connections (HTTPS/TLS)
• Access controls and authentication
• Regular security updates
• District data isolation (each district can only access their own data)

However, no system is 100% secure. We implement reasonable safeguards, but cannot guarantee absolute security.

Data Sharing and Disclosure

We do not sell your data. We may share information only in these limited circumstances:

• Service Providers: With trusted third-party services that help us operate the platform (database hosting, email services). These providers are contractually obligated to protect your data.
• Legal Requirements: If required by law, court order, or governmental regulation
• Business Transfer: In the event of a merger, acquisition, or sale of assets, your information may be transferred (you would be notified)

Your vendor agreements remain in SDPC. We do not host or store the actual DPA documents—we only track their status and provide links to where they're stored in SDPC.

How Long We Keep Your Data

• Active Accounts: We retain your data for as long as you maintain an active account with SOPPA Simplified
• After Cancellation: We retain your data for 30 days after account cancellation, then permanently delete it (unless legally required to retain longer)
• Contact Form Submissions: We retain these for up to 1 year for business records purposes
• Email Logs: Communication records are retained for 1 year to support service quality

Your Rights

You have the following rights regarding your data:

• Access: Request a copy of the data we have about you
• Correction: Request that we correct inaccurate information
• Deletion: Request that we delete your data (subject to legal retention requirements)
• Export: Request an export of your compliance tracking data before cancellation
• Opt-Out: Unsubscribe from non-essential communications

To exercise any of these rights, contact us at info@soppasimplified.com

Cookies and Tracking

We use minimal cookies and tracking:

• Essential Cookies: Required for authentication and basic site functionality
• No Advertising Cookies: We do not use cookies for advertising or tracking across other websites

Children's Privacy

SOPPA Simplified is designed for use by school district administrators, not students. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will promptly delete it.

Third-Party Links

Our platform may contain links to SDPC (Student Data Privacy Consortium) and other external websites. We are not responsible for the privacy practices of these sites. Please review their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email to registered users.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: