Privacy Policy

Updated March 1, 2020

Our comprehensive IEP software helps keep you in compliance with all the state and federal laws pertaining to Special Education.  It is one of the easiest special education software systems to use as well. Our special education software package integrates with all major student information systems (SIS). This means it will send the data you enter into SpedTrack to your current SIS system automatically. SpedTrack is also a top contender for states that are considering adopting a statewide IEP system in their state. With over 10 years of experience, we are a perfect candidate for such a task. Our flexible IEP platform makes it easy to customize our system to accommodate the specific needs of any states department of education. If you would like to learn more about that we actually have a page dedicated to you. You can find it by clicking on the home page in the navigation bar. The statewide page is located at the bottom of the home page. 

Easily write IEPs with our IEP writer. It makes sure you fill out all the necessary IEP forms. Tracking IEP goal progress is a breeze in SpedTrack. IEP templates make for even easier IEP creation. If your IEP has an error you will be notified of it. IEP compliance is of biggest importance. We also allow for easy transfer of IEPs. SpedTack allows school districts to excel in their compliance department because we check every IEP to ensure it will not flag any errors by the state. SpedTrack is a cloud based system that allows you to access all of our software from anywhere you have access to the internet. It is a data driven system which means it will dynamically build your forms based on what you fill out. If a section of the paperwork is not relevant to that IEP, SpedTrack will automatically skip that section – saving you time and paper. If you ever accidentally delete part of your document you can always recover it thanks to our time travel button. Our special education software is truly revolutionary because it allows you to track the IEP goal progress, evaluations, and other critical parts of the special education process all in the same place. This saves your teachers from having to dig to find the forms they need and saves them time they could be spending with the students.

In our role as a provider of education software to Local Education Agencies (“LEAs”), SpedTrack collects and is provided with a variety of different types of data. This document is intended to detail SpedTrack’s policies and procedures related to these records.

Information We Collect and How It Is Used

Marketing Information: We collect a variety of information about our target audience as part of our marketing efforts and during our communication with LEAs during the sales process (the “Marketing Information”). This information may include district names, district demographic information, information about district employees, communication, and information collected as explained in the Activity Data section below.

District Information: Once a LEA begins using SpedTrack’s software, the LEA will provide additional information to SpedTrack related to the district’s programs in order to configure the software or during normal usage of the software (“District Information”). We consider this District Information to be confidential in accordance with our license agreement. District Information may include, but is not limited to, the following:

• Staff information including name, mailing address, email address, and phone number

• Staff employment and role information with the LEA

• System usernames and encrypted passwords

• District provided or entered content, including libraries, attachments, notes

Student Data: LEAs provide SpedTrack with access to personally identifiable information about students (“Student Data”) while using our services. LEAs are authorized under the Family Educational Rights and Privacy Act (FERPA) to make disclosures of Student Data to SpedTrack as an outsourced provider of educational services because SpedTrack is under the direct control of the LEA with respect to the use and maintenance of the Student Data provided (ref 34 CFR §99.31(a)(1)(i)(B)). We consider Student Data to be confidential in accordance with our license agreement. SpedTrack has access to Student Data only as provided by the LEA and only for the purposes related to providing the LEA with access to the SpedTrack software. SpedTrack receives Student Data only from the LEA and never interacts with the student directly. Student Data supplied to SpedTrack by the LEA is considered an extension of the LEA’s normal data processes and the LEA is required to obtain all applicable consent required from parents/guardians and/or students prior to providing data to SpedTrack. Student Data may include, but is not limited to, the following:

• Student & guardian demographic information including name, mailing address, email address, date of birth, state identifiers

• IEP, Evaluation, Progress Reporting, 504, and other related data

• Health-related information required for Medicaid reimbursement

Confidential – SpedTrack Trade Secrets for Customer Internal Use Only

Deidentified Data: SpedTrack may use deidentified District Information, Student Data for product development, capacity planning, research or other internal purposes. Deidentified data will have all direct and indirect identifiers removed. This includes, but is not limited to, names, ID numbers, dates of birth, addresses and LEA specific information. SpedTrack also agrees not to make any attempt to re-identify de-identified data. SpedTrack may share deidentified data with third parties if the deidentified data is provided in an aggregated, anonymized format that cannot be used to identify either a district or individual included.

Activity Data: SpedTrack automatically collects a variety of usage information when visitors view our websites or utilize our software (the “Activity Data”). We use this information for a variety of purposes, including improving the ongoing operation and maintenance of our systems. SpedTrack utilizes Activity Data for a variety of internal uses including but not limited to marketing, product development, and capacity planning. SpedTrack may utilize third party services or software to gather Activity Data and we may also disclose this data to third parties. Activity Data may include, but is not limited to, the following:

• Storing and retrieving browser cookies on your computer to uniquely identify your computer or to manage your login session with our systems

• Logging information provided by your computer or browser, including your IP address, operating system, browser type and version, screen resolution, geographic location, etc.

• Logging web pages you visit, the load times for pages, the amount of time spent on a page, the links clicked

• Logging emails we send, including statistics about deliverability, when you open an email, links that are clicked within an email

• Information provided by third-party analytics tools that we utilize as part of our systems

Disclosure to third Parties

We do not disclose the information described in this policy to any third party except as provided for in this document and additionally as follows:
• To provide software and services to our customers as outlined in our license agreement
• Our use of third-party vendors to provide our software and services to customers (e.g. hosting providers, consultants, legal counsel) who are contractually required to comply with substantially similar confidentiality requirements as us
• To comply with a court order or other legal process served on us by government agencies
• To investigate or prevent suspected illegal activities or protect the security and integrity of SpedTrack
• To take reasonable precautions against liability and to investigate or defend against any third-party claims or allegations
• To comply with or enforce this policy, our license agreement, or other similar agreements
In summary, SpedTrack will use commercially reasonable efforts to ensure that only individuals in its employ or the employ of a contracted vendor with legitimate interests (consistent with the agreed upon software and services provided by SpedTrack to the LEA) are provided access to District Information or Student Data.
We do not sell any of the information we collect to third parties.

How we protect your information

Data Protection: SpedTrack maintains strict administrative, technical and physical procedures to protect information stored in our servers. Access to information is limited (through unique account credentials) to those employees who require it to perform their job functions. We require industry-standard Transport Layer Security (TLS) encryption technology for all data transmitted to SpedTrack servers. We store and process data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure data from unauthorized access, disclosure, and use. We conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner.
• SpedTrack uses commercially reasonable efforts to secure the SpedTrack application, including monitoring of the application, implementation of security systems, and hosting of our solutions in secured data centers.
• The SpedTrack application is hosted in enterprise data centers, located in the United States. These data centers are managed by a SpedTrack contractor and undergo annual security audits (SOC 2 Type II).
• All SpedTrack data (production and backups) is stored in the United States and encrypted at rest.
• Backups are performed regularly throughout the day, both within our production data centers and to an independent off-site storage facility. Our business continuity plan provides for multiple recovery options, including restoring from backups located in our primary data center, spinning up our applications in our warm site using backups synchronized to that facility or restoring our systems from our off-site backups.
Incident Response: In the event of a data breach or unauthorized disclosure of PII, SpedTrack will immediately take actions to limit/mitigate the event. A SpedTrack representative will notify the affected LEA as soon as practicable, subject to any limits on disclosure created by law enforcement. SpedTrack and the LEA would work together to determine an action plan, including any required notification of affected parties.

Data ownership and retention

Review or Deletion of Records Maintained by SpedTrack: If a LEA has fulfilled the terms of their license agreement, the LEA may request that SpedTrack remove the LEA provided District Information and Student Data from the SpedTrack production databases. SpedTrack will comply with this request and provide certification to the LEA that this data was removed from the production databases. Please note that even when records are deleted from SpedTrack’s active databases, copies may remain in data backups for a period of one year to comply with business continuity and disaster recovery requirements. SpedTrack will not access these archival backups for the specific purpose of accessing any data removed by customer request, unless specifically authorized by LEA that owns the removed data.

Ownership of Data: SpedTrack does not claim ownership of the LEA provided District Information or Student Data loaded into our products. This data is owned by and under the control of the LEA. The collection, input, use, retention, disposal, and disclosure of this data is controlled by the LEA in accordance with the terms of our mutually agreed License Agreement and our policies detailed herein. By providing data to SpedTrack, a LEA agrees that SpedTrack has a limited, non-exclusive license to use the data as detailed in our License Agreement and this document.

End User Responsibility

All end user access to SpedTrack requires a valid username and password. LEAs are fully responsible for the access of their end users to the SpedTrack applications. This includes requiring end users to use commercially reasonable security procedures, including but not limited to using complex passwords, not sharing account information with others, logging out of the system, accessing the system from uncompromised devices, etc.

LEAs are also responsible for managing the end user population that is provided access to the SpedTrack applications, including the creation and termination of user accounts. LEAs are responsible for configuring the roles/level of access each user has within the SpedTrack applications to ensure that end users only have access to the appropriate data.

All communication with the SpedTrack systems from external sources is required to be encrypted. End user browser connections require Transport Layer Security (TLS) and any connections providing data transfer to third party systems must be encrypted.

Policy Changes

We reserve the right to update or modify this Privacy Policy to reflect changes in the way SpedTrack maintains, uses, shares, or secures your information.

How to contact us

If you have questions about this Privacy Policy, please contact us by email or telephone:
Email: [email protected]
Phone: 1-888-441-8449