SPERRO PRIVACY POLICY

Last Updated: October 2025

1. Introduction

Sperro (“we,” “our,” “us”) provides software services to schools and educational professionals to help manage student information and improve collaboration. This Privacy Policy explains how we collect, use, and protect data in connection with our platform and services.

We act as a data processor on behalf of schools and educational institutions (“Clients”). Sperro processes student and user data only under the direction of the Client and does not collect information directly from students.

2. Data We Collect

We may collect or process the following types of information:

● Account details (email, username, and credentials).

● School and professional contact information.

● Uploaded files and student-related records (documents, photos, notes).

● Usage data, technical logs, and device information.

We do not collect personal data directly from children. Any student-related data is provided by the

Client (school or educator).

3. Use of Data

We use information solely to provide and improve Sperro’s services, including:

● Account setup and authentication.

● Communication between users (schools, educators, parents).

● Platform maintenance, troubleshooting, and updates.

● Compliance with applicable laws and educational data regulations.

We do not sell, rent, or share personal information with third parties for marketing purposes.

4. Data Retention and Deletion

We retain customer and student data only as long as necessary to provide our services or as required by law. When an account is deleted, Sperro removes the user’s access and profile from the system.

However, certain associated records may remain in our database to support audit, legal, or operational requirements.Clients may request full deletion of all related data by contacting our support team at [support@sperro.com] with their name and account number. Upon verified request, Sperro will securely delete the requested data from its systems.

5. Legal Compliance

FERPA

When Sperro provides services to schools or districts, it acts as a “school official” under FERPA. Sperro processes student data only as directed by the educational institution.

COPPA

Sperro does not collect personal information directly from children under 13 years of age. Any student data processed through the platform is provided by authorized educational users.

CCPA/CPRA

For California users, Sperro complies with the California Consumer Privacy Act (CCPA) and the

California Privacy Rights Act (CPRA). Clients may request to access or delete their information by contacting [support@sperro.com].

6. Data Security

Sperro maintains administrative, technical, and physical safeguards to protect information.

This includes:

● Encryption at rest and in transit.

● Multi-factor authentication for admin accounts.

● Access controls based on the principle of least privilege.

● Routine monitoring, logging, and risk assessments.

7. Account Deletion Notice

When a user chooses to delete their account, they will see the following message: “Deleting your account will remove your access from the Sperro system but will not automatically delete all data stored in our database. If you would like to request complete data deletion, please contact us at [support@sperro.com] with your name and account number.”

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact: support@sperro.co