Privacy Policy

1. Introduction

Visualize Digital ("Company," "we," "us," or "our") operates Charter Lottery, a platform for managing charter school enrollment lotteries (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting the privacy of all users, including parents/guardians, students, and school administrators. We design our Service with privacy and security as core principles, and we comply with applicable privacy laws including the Family Educational Rights and Privacy Act (FERPA) and the California Consumer Privacy Act (CCPA).

By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy. Please also review our Terms of Service.

2. Information We Collect

2.1 Information You Provide

Account Information

• Name and email address
• Phone number (optional, for SMS notifications)
• Password (stored securely via AWS Cognito)
• Role and organization affiliation

Student Information

• Student's first and last name
• Date of birth
• Grade level
• Residential address (optional, for eligibility verification)

Application Information

• Schools and enrollment cycles applied to
• Priority category claims (sibling, resident, staff child, foster youth, etc.)
• Supporting documentation (proof of residency, birth certificates, IEP/504 plans, etc.)
• Application status and lottery results

Communication Preferences

• Email and SMS notification preferences
• Deadline reminder settings

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken within the Service
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times, referring URLs
• Cookies: Session management cookies for authentication

2.3 Information from Third Parties

• School Administrators: May provide information about schools and enrollment cycles
• Payment Processors: Stripe provides transaction confirmation (we do not store full payment card details)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Process enrollment applications
• Execute fair and random lottery selections
• Manage waitlists and seat acceptance
• Send notifications about application status, lottery results, and deadlines
• Generate reports for schools and regulatory compliance

3.2 Eligibility Verification

• Verify priority category claims (sibling, residency, etc.)
• Review uploaded documentation
• Confirm enrollment eligibility

3.3 Service Improvement

• Analyze usage patterns to improve the Service
• Debug and fix technical issues
• Develop new features

3.4 Legal and Compliance

• Maintain audit trails as required by state lottery regulations
• Respond to legal requests and prevent fraud
• Comply with FERPA and other applicable laws

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 With Charter Schools

When you apply to a charter school through the Service, we share your application information with that school and its authorized administrators. This includes student information, priority claims, supporting documents, and lottery results.

4.2 Service Providers

We use trusted third-party service providers to operate our Service:

• Amazon Web Services (AWS): Cloud hosting, database (RDS), authentication (Cognito), email (SES), file storage (S3)
• Stripe: Payment processing for subscription billing

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request. We may also disclose information to protect the rights, property, or safety of our users, our company, or the public.

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. FERPA Compliance (Education Records)

Charter Lottery processes education records as defined by the Family Educational Rights and Privacy Act (FERPA). We take this responsibility seriously and implement the following safeguards:

5.1 Our Role

For charter schools using our Service, we act as a "school official" with a "legitimate educational interest" under FERPA. We process education records solely to provide the enrollment lottery services contracted by the school.

5.2 Data Protection Measures

• Access Controls: Strict role-based access ensures only authorized personnel can view student records
• Audit Logging: Complete audit trail of all access to education records
• Encryption: Data encrypted at rest (AES-256) and in transit (TLS)
• Tenant Isolation: Each school's data is logically separated from other schools
• No PII in Logs: Personally identifiable information is never stored in system logs

5.3 Disclosure Restrictions

We do not disclose education records except as authorized by FERPA, including:

• With written consent of the parent/eligible student
• To the school that maintains the records
• To comply with a lawful subpoena (with notice when permitted)
• In connection with a health or safety emergency

5.4 Parent Rights

Parents have the right to inspect and review their child's education records, request corrections, and consent to disclosures. These rights transfer to the student when they reach age 18 or attend a postsecondary institution. To exercise these rights, contact the charter school directly or reach out to us at legal@charterlottery.com.

6. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal requirements:

After the retention period expires, data is securely deleted or anonymized. Some data may be retained longer if required by law or to resolve disputes.

7. Data Security

We implement robust security measures to protect your information:

7.1 Technical Safeguards

• Encryption: AES-256 encryption at rest; TLS 1.2+ in transit
• Authentication: AWS Cognito with strong password requirements and optional MFA
• Access Control: Role-based permissions with tenant isolation
• Infrastructure: AWS services with SOC 2 and FedRAMP compliance
• Monitoring: Real-time security monitoring and alerting

7.2 Operational Safeguards

• Regular security assessments and penetration testing
• Employee training on data protection
• Incident response procedures
• Secure software development practices

7.3 Lottery Integrity

• Cryptographically secure random number generation
• SHA-256 result hashing for integrity verification
• Complete audit trails of all lottery executions
• Configuration snapshots stored at run time

8. Your Privacy Rights

8.1 General Rights

Depending on your location and the nature of your relationship with us, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Portability: Request your data in a portable format
• Opt-out: Opt out of certain uses of your information (e.g., marketing communications)

8.2 California Residents (CCPA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know

You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you. This includes:

• Categories of personal information collected
• Specific pieces of personal information collected
• Categories of sources from which we collected information
• Business or commercial purpose for collecting information
• Categories of third parties with whom we share information

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (such as data needed to complete a transaction, comply with legal obligations, or exercise legal claims).

Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny services, charge different prices, or provide a different level of service because you exercised your privacy rights.

No Sale of Personal Information

We do not sell personal information as defined by the CCPA. We have not sold personal information in the preceding 12 months.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, phone number, account ID
• Personal Information (Cal. Civ. Code § 1798.80): Address, date of birth
• Protected Classifications: Only as voluntarily provided for priority claims (e.g., foster youth, military family)
• Internet Activity: Browsing history within our Service, usage data
• Geolocation: State/city derived from IP address
• Education Information: Student grades, applications, enrollment status

Exercising Your CCPA Rights

To exercise your CCPA rights, contact us at legal@charterlottery.com with the subject line "CCPA Request." We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.

We will respond to verifiable consumer requests within 45 days. If additional time is needed, we will notify you of the extension and the reason.

9. Children's Privacy

Our Service is designed for use by parents/guardians to apply to charter schools on behalf of their children. We do not knowingly collect personal information directly from children under 13 without parental consent.

Student information is provided by parents/guardians or school administrators, and access to this information is controlled through parental accounts and school administrator accounts.

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately at legal@charterlottery.com, and we will take steps to delete such information.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Essential Cookies: Maintain your login session and security
• Preference Cookies: Remember your settings and preferences

We do not use advertising or tracking cookies. Our cookies are strictly functional and necessary for the Service to operate.

Most browsers allow you to control cookies through settings. However, disabling essential cookies may prevent you from using certain features of the Service.

11. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

12. International Users

Charter Lottery is designed for charter schools in the United States. Our Service is hosted in the United States (AWS us-east-2 region). If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than your country of residence.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you by email or through the Service at least 30 days before changes take effect
• Provide a summary of what has changed

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your information is handled, please contact us:

For CCPA requests, please include "CCPA Request" in the subject line.

For FERPA-related inquiries about student education records, you may also contact the charter school directly.