PRIVACY POLICY

Last updated: 12.09.25

This privacy notice for Jotted LLC (“we,” “us,” or “our”) explains how and why we collect, store, use, and share (“process”) personal information when you use our Services, including when you:

  • Visit our website or any site that displays this privacy notice

  • Use the Jotted platform

  • Engage with us through sales, marketing, or events

Reading this notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please discontinue use of our Services. For questions or concerns, contact us at team@jottedonline.com.

SUMMARY OF KEY POINTS

This summary highlights important points from our privacy notice. For more detailed information on any topic, please refer to the Table of Contents below.

What personal information do we process?

When you visit, use, or navigate our Services, we may process personal information depending on how you interact with the platform, the choices you make, and the products and features you use. Additional details are provided in the full privacy notice.

Do we process any sensitive personal information?

We may process sensitive personal information when necessary, with your consent, or as permitted by applicable law. Additional details are provided later in this notice.

Do we receive any information from third parties?

We do not receive information from third parties unless you choose to connect your Google account—for example, to sign in with Google or to enable Google Calendar syncing. If you authorize this connection, we receive only the information needed to authenticate your account and provide the features you selected.

How do we process your information?

We process your information to provide, improve, and administer our Services; to communicate with you; to enhance security and prevent fraud; and to comply with legal requirements. We may also process your information for additional purposes with your consent. We process information only when we have a valid legal basis to do so. Additional details are provided later in this notice.

In what situations and with which parties do we share personal information?

We may share information in specific situations, such as with service providers who support our operations or when required to comply with legal obligations. Details about these situations and third parties are provided later in this notice.

How do we keep your information safe?

We use organizational and technical safeguards designed to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Additional information about our security practices is provided later in this notice.

What are your rights?

Depending on your location, applicable privacy laws may provide you with certain rights related to accessing, correcting, or deleting your personal information. Additional details about these rights are provided later in this notice.

How do you exercise your rights?

You may exercise your privacy rights by contacting us using the information provided at the end of this notice. We will review and respond to all requests in accordance with applicable data protection laws.

Want to learn more about how we use the information we collect? 

Please review the full privacy notice below.

Table of Contents

SUMMARY OF KEY POINTS

  • What personal information do we process?

  • Do we process any sensitive personal information?

  • Do we receive any information from third parties?

  • How do we process your information?

  • In what situations and with which parties do we share personal information?

  • How do we keep your information safe?

  • What are your rights?

  • How do you exercise your rights?

  • Want to learn more about how we use the information we collect?

Table of Contents

  1. WHAT INFORMATION DO WE COLLECT?

    • Personal Information You Disclose to Us

    • Personal Information Provided by You

    • Sensitive Information

    • Payment Data

    • Social Login Data

    • Google Account and Google Calendar Data (If You Choose to Connect Your Account)

  2. HOW DO WE PROCESS YOUR INFORMATION?

  3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

  4. HOW DO WE HANDLE THIRD-PARTY LOGINS?

  5. HOW LONG DO WE KEEP YOUR INFORMATION?

  6. HOW DO WE KEEP YOUR INFORMATION SAFE?

  7. DO WE COLLECT INFORMATION FROM MINORS?

  8. WHAT ARE YOUR PRIVACY RIGHTS?

  9. CONTROLS FOR DO-NOT-TRACK FEATURES

  10. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

    • What Categories of Personal Information Do We Collect?

    • Student Educational Records (FERPA-Protected)

    • Use and Retention of Personal Information

    • How Do We Use and Share Your Personal Information?

    • California Residents

    • Colorado Residents

    • Connecticut Residents

    • Utah Residents

    • Virginia Residents

  11. FERPA COMPLIANCE

    • Ownership and Control of Student Records

    • School Official Status and Authorized Access

    • Data Use Restrictions

    • Security Measures

    • Rights of Parents and Eligible Students

    • Request to Access, Correct, or Delete Records

    • Data Requests and Transfers

    • No Sale of Student Data

    • Compliance Oversight

    • Contact for FERPA Related Questions

  12. COPPA COMPLIANCE (Children’s Online Privacy Protection Act)

  13. DO WE MAKE UPDATES TO THIS NOTICE?

  14. HOW CAN YOU CONTACT US OR EXERCISE YOUR PRIVACY RIGHTS?

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us.

In Short: We collect personal information that you voluntarily provide to us.

We collect personal information that you provide when you register for an account, request information about our Services, participate in activities on the platform, or communicate with us in any way.

Personal Information Provided by You.

The personal information we collect depends on how you interact with our Services, the choices you make, and the features you use. This information may include:

  • Names

  • Phone numbers

  • Email addresses

  • Job titles

  • Usernames and passwords

  • Contact or authentication information

  • Mailing or billing addresses

  • Payment information (processed by Stripe; we do not store full card numbers)

Sensitive Information.

When necessary and permitted by applicable law, we may process limited categories of sensitive information. This may include:

  • Gender or sex information for users or students (for example, when a user selects male or female during account setup or when entering student profile information)

  • Student educational data, including information protected under FERPA

We do not intentionally collect other categories of sensitive personal information unless you choose to provide them within the platform.

Payment Data.

If you make a purchase, we may collect information necessary to initiate or confirm the transaction. All payment processing is handled by Stripe, which stores and secures your payment information. We do not store full credit or debit card numbers or security codes on our systems. For information about Stripe’s privacy practices, please refer to their publicly available privacy notice.

Social Login Data.

We may provide you with the option to create or access your account using a third-party login, such as your Google account. If you choose to use a third-party login, we receive only the information necessary to authenticate your identity and connect your account. Additional details about how we handle third-party logins are provided later in this notice.

Google Account and Google Calendar Data (If You Choose to Connect Your Account).

If you choose to connect your Google account to Jotted, we receive limited profile information necessary to authenticate your identity and enable the features you authorize. This may include your name, email address, Google account ID, and authentication tokens.

If you enable Google Calendar syncing, we may also process information from your Google Calendar to support scheduling, reminders, and workflow management within Jotted. This may include:

Information we read from your calendar:

  • Event titles, dates, times, and descriptions

  • Attendee information

  • Availability and scheduling metadata

  • Calendar identifiers

Information we write to your calendar:

  • Jotted-related events such as sessions, appointments, or reminders

  • Event details matching what appears inside Jotted

We do not modify or delete events in your Google Calendar unless those events were created directly by Jotted.

We do not access Gmail, Google Drive, Google Photos, Contacts, or any other Google service.

Authentication tokens are encrypted and used solely to maintain your connection and provide syncing functionality. You may revoke Jotted’s access at any time in your Google Account permissions settings.

All personal information you provide must be true, complete, and accurate, and you are responsible for notifying us of any changes to that information.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services; to communicate with you; to enhance security and prevent fraud; and to comply with legal requirements. We may also process your information for additional purposes with your consent.

We process personal information for a variety of reasons depending on how you interact with our Services, including:

  • To facilitate account creation, authentication, and management. We process your information to allow you to create an account, log in securely, and maintain your account in good working order.

  • To deliver and facilitate delivery of our Services. We process your information to provide you with the features, functions, and services you request.

  • To respond to inquiries and provide user support. We process your information to respond to your questions, troubleshoot issues, and assist you with using our Services.

  • To send administrative information. We process your information to send important updates about our Services, including notices about features, account information, and changes to our terms, policies, or operational practices.

  • To enable user-to-user communications. We process your information when you use features that allow communication or collaboration with other users.

  • To request feedback. We process your information when needed to request feedback or to contact you about your experience using our Services.

  • To send marketing and promotional communications. We may process your personal information for marketing purposes, in accordance with your communication preferences. You may opt out of marketing emails at any time by using the unsubscribe option provided in the message or by contacting us directly. Additional information about your privacy rights is provided later in this notice.

  • To protect our Services. We process your information as part of our efforts to maintain the safety, security, and integrity of our Services, including monitoring for fraud, unauthorized access, and other harmful activity.

  • To evaluate and improve our Services, products, marketing, and user experience. We process your information to understand how our Services are used, identify usage trends, measure the effectiveness of our communications, and improve our features, performance, and overall user experience.

  • To identify usage trends. We process information about how you use our Services to understand usage patterns, support product development, and improve the functionality and performance of the platform.

  • To comply with legal obligations. We process your information as needed to comply with applicable laws, respond to lawful requests, and exercise, establish, or defend our legal rights.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share your information only in specific situations, such as with service providers who help us operate the platform or when required by law.

We may share personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of our business.

  • Business Partners. We may share your information with trusted business partners who assist in providing, supporting, or integrating our Services (such as student information systems or other education technology providers). We do not share student data or other sensitive information with business partners for their own marketing purposes. However, we may send you information about new integrations, features, or partner offerings that we believe may be helpful or relevant to your role. You may opt out of marketing communications at any time.

  • Other Users. Our Services do not include public forums or publicly accessible user profiles. Any user-to-user communication or collaboration features within Jotted occur in controlled, private environments and are limited to authorized team members or individuals designated by your school or organization. Student information is shared only with users who have been granted access by the school or district. No personal information or activity within Jotted is made publicly available.

4. HOW DO WE HANDLE THIRD-PARTY LOGINS?

In Short: If you choose to sign in using your Google account, we receive only the information necessary to authenticate your identity and enable the features you authorize.

Our Services allow you to create or access your account using your Google account credentials. When you choose this option, we receive limited information from Google such as your name, email address, and Google account ID. We do not receive your contacts, friend lists, profile photos, or any other social or public information.

If you authorize additional features, such as Google Calendar syncing, we will only access the information required to provide those features, as described earlier in this notice.

We use the information received from Google only for authentication and the specific functions you enable. We do not control how Google collects, uses, or shares your information outside of our integrations, and we encourage you to review Google’s privacy policies to understand their practices and your options.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information only as long as necessary to fulfill the purposes described in this privacy notice, unless a longer retention period is required or permitted by law.

We retain personal information only for as long as necessary to fulfill the purposes described in this privacy notice, unless a longer retention period is required or permitted by applicable law (such as tax, accounting, or other legal requirements).

No purpose described in this notice requires us to retain your personal information for longer than the period in which you maintain an active account with us, unless required by law.

When we no longer have a legitimate business need to process your personal information, we will delete it or anonymize it. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

7. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18, or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at team@jottedonline.com.

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

Withdrawing your consent: If we rely on your consent to process your personal information, you may withdraw that consent at any time. The type of consent required may vary depending on applicable law and may be express or implied. You can withdraw your consent by contacting us using the details provided in the section titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”

Withdrawing consent does not affect the lawfulness of any processing that took place before your request. In addition, where applicable law permits, we may continue to process your personal information on legal grounds that do not require consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at team@jottedonline.com.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Some web browsers, mobile devices, and applications offer a Do-Not-Track (“DNT”) setting that allows you to signal your preference not to have certain online browsing activity monitored. At this time, no uniform standard has been established for recognizing or responding to DNT signals, and major industry groups have not agreed on a technical implementation.

Because of this lack of standardization, Jotted does not currently respond to DNT signals or similar automatic tracking mechanisms. If a widely accepted standard for DNT becomes available in the future and requires action on our part, we will update this privacy notice to reflect how we support it.

10. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Residents of certain U.S. states, including California, Colorado, Connecticut, Utah, and Virginia, may have specific rights regarding their personal information.

What categories of personal information do we collect?

In the past twelve (12) months, we have collected the categories of personal information necessary to operate our Services and support school-related workflows. The categories may include basic account information, billing details, technical data, and student educational information entered by authorized school personnel.

Category A: Identifiers

  • We collect basic account information such as your name, email address, username, and similar identifiers. We may also collect technical identifiers like device information or IP address for security, authentication, and operational purposes.

  • Collected: Yes

  • Why: To create and manage user accounts, authenticate access, and maintain platform security.

Category B: Personal Information Under the California Customer Records Statute

  • We collect limited contact information (such as name and email address) and billing details when applicable.

  • We do not collect government identification numbers, financial account numbers, or medical information.

  • Collected: Yes (contact + billing details only)

  • Why: To provide access to Jotted and process subscription payments when applicable.

Category C: Protected Classification Characteristics

  • We collect gender/sex information only when entered by users (e.g., during account setup or when entering student profiles).

  • We do not request or collect race, ethnicity, sexual orientation, veteran status, disability status, or other protected classifications.

  • Collected: Yes (gender/sex only)

  • Why: To support reporting fields used by school social workers and case documentation.

Category D: Commercial Information

  • We may collect records of purchases or subscription-related information if you upgrade to a paid plan.

  • We do not collect consumer buying histories, product preferences outside of Jotted, or unrelated commercial behavior.

  • Collected: Yes (subscription/payment records only)

  • Why: To maintain account billing and service continuity.

Category E: Biometric Information

  • We do not collect biometric identifiers or biometric data of any kind.

  • Collected: No

Category F: Internet or Network Activity Information

  • We collect limited usage information such as login activity, device type, and interactions with platform features.

  • We do not track your browsing across sites, nor do we profile behavior for advertising.

  • Collected: Yes (platform usage only)

  • Why: To maintain security, monitor system performance, and improve the user experience.

Category G: Geolocation Data

  • We do not collect precise geolocation data. Approximate location (e.g., city or region) may be inferred from IP address for security and analytics.

  • Collected: No precise geolocation; limited IP-based location possible.

  • Why: Security monitoring, fraud prevention, and service optimization.

Category H: Sensory Information

  • We do not collect audio, video, thermal, or other sensory recordings through the platform.

  • Collected: No

Category I: Professional or Employment-Related Information

  • We collect limited professional information voluntarily provided by users, such as job title, role, or associated school/district.

  • We do not collect employment history or HR records.

  • Collected: Yes (user-provided role/school only)

  • Why: To support correct account assignment, access permissions, and school-based workflows.

Category J: Educational Information (Non-FERPA Context)

  • For users: We do not collect education records such as transcripts, student ID numbers, or standardized test results.

  • Collected: No (user education data)

Category K: Inferences Drawn from Personal Information

  • We do not create profiles or behavioral inferences for marketing, advertising, or independent decision-making.

  • Any insights generated (such as usage metrics) relate solely to feature performance and platform improvement.

  • Collected: No inferred profiles

  • Why: We do not engage in behavioral modeling or predictive advertising.

Student Educational Records (FERPA-Protected)

Separately from the above categories, authorized school personnel may enter student information into Jotted as part of their professional responsibilities.

This may include:

  • Student name

  • Gender/sex (binary selection as provided)

  • Age or grade

  • Case notes and documentation relevant to school social work

These records are owned and controlled by the school or district and are governed by FERPA, not general consumer privacy law.

Jotted does not use student educational records for:

  • Marketing

  • Profiling

  • Selling data

  • Advertising

  • Sharing with third parties outside the school’s direction

Collected: Yes (entered by the school)
Why: To enable the educational and case-management functions of the platform.

Use and Retention of Personal Information

We use the personal information we collect only as needed to operate, maintain, and improve the Services, and to provide support to users and schools. Personal information is retained only for as long as necessary to fulfill these purposes, unless a longer retention period is required by applicable law or by the school or district that controls student educational records.

In addition to the categories described above, we may collect other information you voluntarily provide when interacting with us, such as when you contact customer support, participate in surveys, request assistance, or engage with onboarding or training activities.

How do we use and share your personal information?

We use personal information only as necessary to operate, maintain, and improve the Services. This includes enabling account functionality, providing customer support, enhancing performance, and developing new features that benefit our users and schools.

We share personal information only with service providers who assist in operating or supporting the Services, and only under contracts that require them to protect the information and use it solely on our behalf. These service providers may include hosting partners, authentication providers, payment processors, and other vendors essential to the delivery and support of the Services.

We may use personal information for internal purposes that support the operation, security, and improvement of the Services. This type of processing is considered a business purpose under applicable law and is not regarded as “selling” personal information.

We have not sold or shared personal information with third parties for advertising, marketing, or other commercial purposes in the past twelve (12) months, and we do not sell or share personal information in the future. This includes all website visitors, users, and student information entered into the Services.

We do not disclose student information except as directed by the school or district or as required by law. Any analysis or operational review we perform is limited to improving the platform and does not involve creating behavioral profiles or inferences about individual users or students.

California Residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.

The California Code of Regulations defines a "residents" as:

  1. every individual who is in the State of California for other than a temporary or transitory purpose and

  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as "non-residents."

If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

Your rights with respect to your personal data

Right to request deletion of the data — Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know

Depending on the circumstances, you have a right to know:

  • whether we collect and use your personal information;

  • the categories of personal information that we collect;

  • the purposes for which the collected personal information is used;

  • whether we sell or share personal information to third parties;

  • the categories of personal information that we sold, shared, or disclosed for a business purpose;

  • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

  • the business or commercial purpose for collecting, selling, or sharing personal information; and

  • the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not process consumer's sensitive personal information.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

  • You may object to the processing of your personal information.

  • You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.

  • You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.

  • You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by visiting http://www.jottedonline.com, by email at team@jottedonline.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

Colorado Residents

This section applies only to Colorado residents. Under the Colorado Privacy Act (CPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above, please email team@jottedonline.com or visit http://www.jottedonline.com.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at team@jottedonline.com. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above, please email team@jottedonline.com or visit http://www.jottedonline.com.

If we decline to take action regarding your request and you wish to appeal our decision, please email us at team@jottedonline.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Utah Residents

This section applies only to Utah residents. Under the Utah Consumer Privacy Act (UCPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above, please email team@jottedonline.com or visit http://www.jottedonline.com.

Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.

Your rights with respect to your personal data

  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Exercise your rights provided under the Virginia VCDPA

You may contact us by email at team@jottedonline.com or visit http://www.jottedonline.com.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at team@jottedonline.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

11. FERPA COMPLIANCE

When Jotted is used by a school or district, we process student information as an educational service provider under the Family Educational Rights and Privacy Act (FERPA). We support each institution in meeting its FERPA obligations by protecting the privacy, confidentiality, and security of student educational records entered into the Services.

Ownership and Control of Student Records

Schools and districts retain full ownership and control of all educational records stored, accessed, or processed through Jotted. We do not own these records and do not use them for any purpose other than delivering the Services. Jotted will not access, modify, disclose, or use student records except when necessary to provide the Services and only as permitted by the educational institution and applicable law. Schools may retrieve, modify, export, or delete their educational records at any time. We do not disclose student information to third parties unless directed by the educational institution or required by law.

School Official Status and Authorized Access

When acting on behalf of a school or district, Jotted serves as a school official under FERPA. This designation allows access to student educational records only for tasks the institution would otherwise use its own employees to perform. Examples include technical support, troubleshooting, onboarding assistance, data configuration, and maintenance of the Services.

Access by Jotted personnel is strictly limited to what is necessary to fulfill the request or operational need. We do not use student information for marketing, analytics unrelated to the Services, or any other independent purpose.

Data Use Restrictions

We do not sell, share, or use student information for advertising, commercial activity, or any purpose not directed by the school or district. All processing of student data is limited to legitimate educational or operational purposes that support the institution.

Security Measures

Jotted uses industry standard administrative, technical, and physical safeguards to protect the confidentiality and integrity of educational records and other personal information. These safeguards include secure transmission, encrypted storage, and role based access controls designed to prevent unauthorized access, alteration, disclosure, or destruction of data. In providing the Services, we comply with all applicable federal and state student data privacy laws, including the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA), when applicable.

Jotted maintains the confidentiality of all educational records processed through the Services. Access to student information is limited to personnel and contractors who need it to support the school or district and who are required to follow the same confidentiality and security standards described in this policy.

Rights of Parents and Eligible Students

Schools and districts retain responsibility for granting parents or eligible students age 18 or older the right to review, correct, or request deletion of education records. Jotted supports institutions by providing the mechanisms needed to fulfill these rights.

Requests to Access, Correct, or Delete Records

Requests related to student educational records must come through the school or district. Jotted will assist in processing access, correction, export, or deletion requests as instructed and permitted under FERPA.

Data Retention and Transfers

Jotted retains student educational records only for as long as necessary to provide the Services to the school or district, unless a longer retention period is required or permitted by law. Student data remains under the institution’s control at all times, and we will export or delete these records at the direction of the school or district.

When data is no longer needed for the purposes of providing the Services, we will delete it or anonymize it. If immediate deletion is not possible due to secure backup systems, the data will be isolated from further processing and retained only until deletion becomes possible.

No Sale of Student Data

Jotted does not sell student information and does not share student data with third parties for advertising, marketing, or commercial gain.

Compliance Oversight

Jotted’s privacy and data protection practices are guided by professional expertise in school based services. We maintain a strong commitment to student data privacy and regularly review our policies and procedures to stay aligned with FERPA requirements. These ongoing reviews help us strengthen our safeguards and support the compliance needs of schools and districts.

Contact for FERPA Related Questions

Questions regarding our FERPA compliance practices can be directed to: team@jottedonline.com

12. COPPA Compliance (Children’s Online Privacy Protection Act)

Jotted does not provide services directly to children, and does not permit children to create accounts or submit personal information through the Services. However, authorized school or district personnel may enter information about students, including children under 13, as part of their professional responsibilities.

In these cases, the school or district is considered the parent’s agent for purposes of providing consent under the Children’s Online Privacy Protection Act (COPPA). Jotted relies on the school or district to obtain any required parental consent before entering or uploading student information.

Jotted uses student information only to provide and support the Services, and does not use or disclose such information for any purpose unrelated to the school’s authorized educational use.

13. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes. We may update this notice as our practices, services, or legal requirements evolve.

We may revise this privacy notice from time to time. When we do, we will update the “Revised” date at the top of the notice. Changes become effective as soon as the updated version is posted. If we make material changes that affect how your personal information is handled, we may provide additional notice, such as posting a message within the Services or sending a communication directly to account holders.

We encourage users to review this notice periodically to stay informed about how we protect and handle personal information.

14. HOW CAN YOU CONTACT US OR EXERCISE YOUR PRIVACY RIGHTS?

If you have questions or comments about this notice, or if you would like to request access to the personal information we hold about you, or request that we update or delete that information, you may contact us at:

Email: team@jottedonline.com

Website: http://www.jottedonline.com

Mail:
Jotted LLC
PO Box 537
Lexington, MI 48450
United States

Requests related to student educational records must be submitted by the school or district that controls those records, in accordance with FERPA.