Privacy Policy

We are committed to protecting your privacy and ensuring the security of your educational data. This policy explains how we collect, use, and safeguard your information when you use Basmotash.

Last Updated: January 15, 2025

Table of Contents

1. Overview & Scope

Educational Data Protection

Basmotash is committed to protecting educational data in accordance with FERPA, GDPR, CCPA, and other applicable privacy laws. We understand the sensitive nature of student and educational information.

Who We Are

Basmotash Technologies Inc. ("Basmotash," "we," "us," or "our") is a leading provider of educational technology solutions, including Learning Management Systems (LMS), Student Information Systems (SIS), and virtual learning platforms.

Scope of This Policy

This Privacy Policy applies to:

  • Our website (www.basmotash.com)
  • Basmotash platform and applications
  • Mobile applications and services
  • Customer support and professional services
  • Marketing communications and events

Data Controller Information

Basmotash Technologies Inc. acts as the data controller for marketing and administrative data, and as a data processor for educational records handled on behalf of our institutional clients.

2. Information We Collect

Information You Provide Directly

Data Category Examples Purpose
Account Information Name, email, job title, institution Account creation and management
Educational Records Student enrollment, grades, attendance Platform functionality and reporting
Communication Data Messages, comments, discussion posts Learning collaboration and support
Content Uploads Assignments, documents, media files Educational content delivery
Payment Information Billing address, payment method Subscription and billing management

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on platform
  • Technical Data: IP address, browser type, device information
  • Performance Data: System performance, error logs, response times
  • Security Data: Login attempts, access patterns, security events

Information from Third Parties

We may receive information from:

  • Single Sign-On (SSO) providers
  • Integration partners (Google Workspace, Microsoft 365)
  • Analytics and security service providers
  • Marketing and advertising partners
Student Data Protection

We collect student data only as necessary to provide educational services. All student data is handled in compliance with FERPA and other applicable educational privacy laws.

3. How We Use Information

Platform Services

  • Providing learning management and educational services
  • Managing user accounts and authentication
  • Facilitating course delivery and student assessment
  • Generating academic reports and analytics
  • Enabling communication between students and instructors

Customer Support & Communication

  • Responding to inquiries and providing technical support
  • Sending important service notifications and updates
  • Providing training and onboarding assistance
  • Conducting customer satisfaction surveys

Security & Compliance

  • Protecting against fraud, abuse, and security threats
  • Monitoring for unauthorized access and usage
  • Maintaining audit logs for compliance purposes
  • Investigating and responding to security incidents

Service Improvement

  • Analyzing usage patterns to improve platform functionality
  • Developing new features and services
  • Conducting research and development activities
  • Optimizing system performance and reliability
Marketing Communications

We only send marketing communications to institutional contacts and prospects. Student data is never used for marketing purposes. You can opt out of marketing communications at any time.

4. Information Sharing & Disclosure

We Do NOT Sell Personal Data

Basmotash does not sell, rent, or trade personal information to third parties for their marketing purposes. We may share information only in the following limited circumstances:

Authorized Sharing

  • With Your Institution: Sharing data with your educational institution as authorized
  • Service Providers: Third-party vendors who help us operate our platform
  • Integration Partners: Authorized educational tools and services
  • Business Transfers: In case of merger, acquisition, or sale of assets

Legal Requirements

We may disclose information when required by law or to:

  • Respond to valid legal process (subpoenas, court orders)
  • Protect the rights, property, or safety of users
  • Investigate potential violations of our terms of service
  • Comply with applicable education laws and regulations

Service Providers

We work with carefully vetted service providers who are contractually required to:

  • Protect personal data with appropriate security measures
  • Use data only for specified purposes
  • Delete or return data when services are terminated
  • Comply with applicable privacy laws and regulations

5. Data Security & Protection

SOC 2 Type II Certified

Basmotash maintains SOC 2 Type II certification, demonstrating our commitment to the highest standards of security, availability, and confidentiality.

Security Measures

End-to-End Encryption
Multi-Factor Authentication
Secure Data Centers
24/7 Monitoring
Access Controls
Threat Protection

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Control: Role-based permissions and principle of least privilege
  • Network Security: Firewalls, intrusion detection, and VPN access
  • Data Backup: Regular automated backups with encryption
  • Incident Response: 24/7 security operations center and incident response team

Administrative Safeguards

  • Regular security training for all employees
  • Background checks for personnel with data access
  • Data processing agreements with all vendors
  • Regular security audits and penetration testing
  • Incident response and breach notification procedures

6. Data Retention

Retention Periods

Data Type Retention Period Legal Basis
Student Educational Records As directed by institution (typically 3-7 years) FERPA compliance
User Account Data Duration of active account + 2 years Contractual obligations
Security Logs 2 years from creation Security and compliance
Marketing Data Until opt-out or 3 years of inactivity Legitimate interest
Financial Records 7 years from transaction Tax and legal requirements

Data Deletion

When data retention periods expire, we securely delete information using industry-standard methods including:

  • Cryptographic erasure for encrypted data
  • Multi-pass overwriting for magnetic storage
  • Physical destruction of decommissioned hardware
  • Certificate of destruction for physical media
Institutional Control

Educational institutions have primary control over student data retention periods. We follow institutional policies and legal requirements for educational record retention.

7. Your Rights & Choices

Right to Access

Request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data we maintain about you.

Right to Erasure

Request deletion of your personal data when it's no longer necessary or when you withdraw consent.

Right to Restrict

Request limitation of processing in certain circumstances, such as while accuracy is verified.

Right to Portability

Receive your personal data in a structured, machine-readable format for transfer to another service.

Right to Object

Object to processing based on legitimate interests, including marketing communications.

How to Exercise Your Rights

To exercise your privacy rights:

  • Contact your institution's administrator for student data requests
  • Email us at [email protected] for general privacy requests
  • Use our online privacy request form (available in your account settings)
  • Call our Privacy Hotline: +1 (555) 123-4567
Student Data Requests

For student educational records, please contact your institution directly. We may need to verify requests with your educational institution before processing them in accordance with FERPA requirements.

8. Cookies & Tracking

Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Authentication, security, basic functionality Session or up to 1 year
Performance Cookies Analytics, error tracking, system monitoring Up to 2 years
Functional Cookies User preferences, language settings Up to 1 year
Marketing Cookies Website analytics, advertising measurement Up to 2 years

Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie preference center (available on our website)
  • Opt-out links provided by third-party analytics services
  • Do Not Track browser signals (we honor these preferences)

Third-Party Analytics

We use Google Analytics and other analytics services to understand how our platform is used. These services may collect information about your visits across multiple websites.

9. International Transfers

Global Operations

Basmotash operates globally and may transfer personal data to countries other than where you are located. We ensure appropriate safeguards are in place for all international transfers.

Transfer Safeguards

  • Adequacy Decisions: Transfers to countries with adequate protection levels
  • Standard Contractual Clauses: EU-approved contractual protections
  • Binding Corporate Rules: Internal data protection standards
  • Certification Programs: Privacy Shield successor frameworks

Data Localization

Where required by local law, we maintain data within specific geographic regions. Educational institutions can specify data residency requirements in their service agreements.

10. Legal Compliance

Educational Privacy Laws

  • FERPA (Family Educational Rights and Privacy Act): US federal law protecting student educational records
  • COPPA (Children's Online Privacy Protection Act): Protection for children under 13
  • PIPEDA (Personal Information Protection and Electronic Documents Act): Canadian privacy law
  • Student Data Privacy Consortium: Voluntary commitments to student privacy

General Privacy Regulations

  • GDPR (General Data Protection Regulation): European Union data protection law
  • CCPA (California Consumer Privacy Act): California privacy rights
  • LGPD (Lei Geral de Proteção de Dados): Brazilian data protection law
  • Privacy Act 1988: Australian privacy legislation
Compliance Certifications

Basmotash maintains current certifications including SOC 2 Type II, ISO 27001, and participates in Privacy Shield successor frameworks.

11. Policy Updates

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

  • Email notification to registered users
  • Prominent notice on our website and platform
  • In-app notifications for significant changes
  • Direct communication to institutional administrators

Effective Date

Changes to this Privacy Policy become effective 30 days after posting, unless otherwise specified. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Version History

  • Version 3.0: January 15, 2025 - Updated for new privacy regulations
  • Version 2.1: September 2024 - Enhanced student data protections
  • Version 2.0: March 2024 - GDPR compliance updates
  • Version 1.0: January 2023 - Initial policy publication

Privacy Questions? We're Here to Help

Our privacy team is dedicated to protecting your data and answering your questions about how we handle your information.

Privacy Team
[email protected]

For general privacy questions and data requests

Data Protection Officer
[email protected]

For GDPR-related inquiries and concerns

Privacy Hotline
+1 (555) 123-4567

24/7 support for urgent privacy matters

Mailing Address

Basmotash Technologies Inc.
Privacy Department
123 Education Blvd, Suite 500
Tech City, TC 12345
United States

We respond to privacy requests within 30 days and urgent matters within 24 hours.