This Privacy Policy explains how AttendanceAF LLC ("we," "us," or "our") collects, uses, and protects information when you use AttendanceAF ("the Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
From Professors
- Full name
- Institutional email address (.edu)
- Password (stored as a secure hash — we never store your actual password)
- Course information (course code, name, semester, room location)
From Students
- Full name
- Institutional email address (.edu)
- Student ID number
- Password (stored as a secure hash)
- Attendance records (date, time, and status for each class session)
- Course enrollment information
Automatically Collected
- Session timestamps (when class starts and ends)
- Check-in timestamps (when a student scans a QR code)
We do not collect location data, device identifiers, browsing history, or any information beyond what is necessary to provide the attendance tracking service.
2. How We Use Your Information
| Data | How We Use It |
|---|---|
| Name and email | Account creation, login, and identification |
| Student ID | Displayed on professor roster for identification |
| Attendance records | Displayed to professors and the individual student only |
| Course information | Organizing sessions and rosters |
| Passwords | Stored as bcrypt hash — never readable by anyone |
We do not use your data for advertising, marketing profiling, or to train artificial intelligence models.
3. Who Can See Your Data
- Professors can see the roster, attendance records, and student IDs for their own courses only
- Students can see only their own attendance history
- Other students cannot see each other's attendance data
- AttendanceAF staff may access data only when necessary to provide technical support or resolve disputes
- Third parties do not have access to your data
4. FERPA Compliance
AttendanceAF is designed to support compliance with the Family Educational Rights and Privacy Act (FERPA). We implement the following protections:
- Student names and IDs are hidden from the projector screen while the QR code is displayed
- Attendance records are accessible only to the professor of record for that course
- Students may only view their own attendance history
- All data is transmitted over encrypted HTTPS connections
- Passwords are stored using bcrypt hashing — we cannot read your password
Please note: AttendanceAF LLC acts as a service provider. Professors and institutions retain responsibility for their own FERPA compliance obligations when using the Service.
5. Data Security
- All data is transmitted over HTTPS with SSL/TLS encryption
- Passwords are hashed using bcrypt — they are never stored in plain text
- Authentication uses JWT (JSON Web Tokens) with expiration
- Our servers are hosted on AWS in the United States
- Access to production systems is restricted to authorized personnel only
6. Data Retention
We retain your data for as long as your account is active, plus a period of two (2) years after your last activity. After this period, data may be permanently deleted.
Professors may export their attendance data at any time using the CSV export feature. We encourage regular exports for your own records.
7. Your Rights
You have the right to:
- Access — request a copy of the data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated data
- Export — professors can export attendance data via CSV at any time
To exercise any of these rights, contact us at privacy@attendanceaf.com. We will respond within 30 days.
8. Children's Privacy
AttendanceAF requires all users to be at least 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@attendanceaf.com.
9. Third-Party Services
AttendanceAF uses the following third-party services:
- Amazon Web Services (AWS) — cloud hosting and infrastructure
- Stripe — payment processing (we never store your credit card information)
These services have their own privacy policies. We only share the minimum information necessary for them to provide their services.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. The effective date at the top of this page will always reflect the most recent update.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
- Privacy: privacy@attendanceaf.com
- General: support@attendanceaf.com
- Website: attendanceaf.com