GDPR Compliance & Data Protection

Safe4Sure is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws

Data Security

Enterprise-grade encryption and security measures protect all personal data

Transparency

Clear information on what data we collect and exactly how we use it safely.

Your Rights

Full control over your personal data with easy-to-use rights management

Introduction

At Safe4Sure, we value your privacy and are committed to protecting and processing your personal information responsibly. This GDPR compliance statement describes how Safe4Sure collects, uses, and shares personal information about students, parents, teachers, and administrators within educational institutions that use our Mobile Device Management (MDM) platform.

This statement applies to Safe4Sure Corporation and all its subsidiaries, except where a subsidiary presents its own statement. As a business-to-business provider serving educational institutions, we work closely with schools and districts to ensure compliance with all applicable data protection regulations, including GDPR, COPPA, and FERPA.

COPPA Compliance

Full compliance with Children's Online Privacy Protection Act

FERPA Alignment

Full General Data Protection Regulation compliance

Student Privacy Pledge

Signatory to the Student Privacy Pledge

Data Collection

This section describes the various types of information that we collect through our Mobile Device Management platform and how we use it in educational settings.

Student Information
  • Device usage patterns and app activity
  • Location data (when enabled by school)
  • Screen time and educational engagement metrics
  • Content filtering and safety alerts
  • Device compliance and security status

Legal Basis: Legitimate interest for educational safety and compliance

Account Information
  • Name and email address
  • School or district affiliation
  • Role (student, teacher, parent, administrator)
  • Device identifiers and technical information
  • Communication preferences

Legal Basis: Contract performance and legitimate interest

Website and Platform Usage
  • Website and Platform Usage
  • Login and authentication data
  • Platform navigation and feature usage
  • Support requests and communications
  • System performance and error logs
  • Security and fraud prevention data

Legal Basis: Legitimate interest for service improvement and security

Safety and Security Data
  • Content filtering and blocking events
  • Geofencing and location alerts
  • Suspicious activity detection
  • Policy violation reports
  • Emergency contact information

Legal Basis: Vital interests and legitimate interest for child safety

Your Rights

You have certain rights when it comes to the handling of your personal information. These rights may vary depending on your location and the applicable laws.

Right to Access

You have the right to request access to the personal information we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal information.

Right to Erasure

You can request deletion of your personal information under certain circumstances.

Right to Restrict Processing

You can request that we limit how we process your personal information

Right to Data Portability

You can request to receive your personal information in a portable format.

Right to Object

You can object to certain types of processing of your personal information.

Security

We implement comprehensive security measures to protect your personal information from unauthorized access, use, and disclosure.

Technical Safeguards
  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Automated threat detection and response
  • Secure cloud infrastructure (SOC 2 Type II)
Administrative Safeguards
  • Role-based access controls
  • Regular employee security training
  • Background checks for personnel
  • Incident response procedures
  • Data breach notification protocols
  • Third-party vendor assessments
Physical Safeguards
  • Secure data centers with 24/7 monitoring
  • Biometric access controls
  • Environmental controls and redundancy
  • Secure disposal of hardware
  • Video surveillance and access logs
  • Fire suppression and backup power
Compliance Certifications
  • ISO 27001 Information Security
  • SOC 2 Type II
  • GDPR compliance certification
  • Student Privacy Pledge signatory
  • COPPA Safe Harbor certification
  • Privacy Shield (where applicable)

Data Retention Policies

Student Data Retention:
  • Active student data: Retained while enrolled and using the service
  • Graduated/transferred students: Deleted within 90 days unless legally required
  • Safety incident data: Retained for 7 years for legal compliance
  • Aggregated/anonymized data: May be retained indefinitely for research
  • Active student data: Retained while enrolled and using the service
  • Graduated/transferred students: Deleted within 90 days unless legally required
  • Safety incident data: Retained for 7 years for legal compliance
  • Aggregated/anonymized data: May be retained indefinitely for research
Account and Administrative Data
  • Active accounts: Retained while account is active
  • Closed accounts: Deleted within 30 days
  • Billing and contract data: Retained for 7 years
  • Support communications: Retained for 3 years
Security and Log Data
  • Security logs: Retained for 2 years
  • Access logs: Retained for 1 year
  • Incident reports: Retained for 7 years
  • Audit trails: Retained for 5 years
Physical Safeguards
  • Secure data centers with 24/7 monitoring
  • Biometric access controls
  • Environmental controls and redundancy
  • Secure disposal of hardware
  • Video surveillance and access logs
  • Fire suppression and backup power
Compliance Certifications
  • ISO 27001 Information Security
  • SOC 2 Type II
  • GDPR compliance certification
  • Student Privacy Pledge signatory
  • COPPA Safe Harbor certification
  • Privacy Shield (where applicable)
Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify supervisory authorities within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and our response
  • Offer guidance on protective measures you can take

AI and Automated Processing

Safe4Sure uses artificial intelligence and automated systems to enhance our MDM platform's capabilities, including content filtering and threat detection.

AI Safeguards
  • Human oversight of automated decisions:
  • Regular algorithm auditing and testing
  • Bias detection and mitigation measures
  • Transparent decision-making processes
Your Rights Regarding AI
  • Right to explanation of automated decisions
  • Right to human review of AI decisions
  • Right to contest automated processing
  • Right to opt-out where legally permissible