Privacy Policy

Trackara Education · edu.trackara.app · Effective January 1, 2025 · Last updated June 2026

This Privacy Policy describes how Trackara ("we", "us", or "our") collects, uses, and protects information through the Trackara Education platform at edu.trackara.app and its related services (the "Service").

1. Information We Collect

We collect information you provide directly, as well as information generated through your use of the Service:

• Account information — name, email address, role (instructor or student), and institution name, collected at registration or account creation.
• Course and assignment data — repair orders, submitted work, grades, checkpoint responses, and diagnostic session data created within the platform.
• Demo requests — name, title, school, phone number, program type, enrollment size, and any message you include when submitting a demo request.
• Usage data — pages visited, features used, device type, browser, and approximate location (country/region) collected automatically via our hosting infrastructure.

2. How We Use Your Information

• To create and manage your account and course access.
• To enable assignment submission, grading, and progress tracking.
• To respond to demo requests and sales inquiries.
• To send transactional communications (password resets, course notifications).
• To improve and maintain the Service.
• To comply with legal obligations.

We do not sell your personal information to third parties.

3. Data Storage and Infrastructure

The Service runs on Google Cloud Platform (Firebase) with static hosting on Hostinger. Data is stored in the United States. Data is encrypted in transit (TLS/HTTPS) and at rest. By using the Service you consent to your data being processed in the United States.

4. Sub-processors

We engage a limited set of service providers ("sub-processors") to deliver the Service. Each is bound by contractual confidentiality and data-protection obligations, and none is permitted to use student data for its own purposes:

• Google Cloud / Firebase — application hosting, database, authentication, and storage (United States).
• Hostinger — static web hosting for the portal.
• Google Gemini API — generates advisory grading suggestions when an instructor requests them (see Section 6).
• Your institution's LMS — only if your institution connects one (e.g., Canvas, Blackboard, Schoology), for roster and grade synchronization.
• Email delivery provider — transactional email (password resets, notifications).

A current sub-processor list and our Data Processing Agreement are available to institutions on request at sales@trackara.app.

5. Information Shared With Third Parties

We share information only in the following circumstances. We do not sell student data, use it for targeted advertising, or build personal profiles for non-educational purposes.

• Instructors and institutions — student assignment data, grades, and progress are visible to the instructors and administrators of the course or institution the student is enrolled in.
• LMS integrations — if your institution has connected an LMS, roster and grade data may be synced per your institution's configuration.
• Sub-processors — as described in Section 4, solely to provide the Service.
• Legal requirements — we may disclose information if required by law or in response to a valid legal request, and will notify the institution where permitted.

6. Artificial Intelligence & Automated Processing

The Service offers optional AI grading assistance. When an instructor explicitly requests it, a student's submitted work is sent to the Google Gemini API to generate suggested scores and feedback. These suggestions are advisory only — an instructor reviews and makes every final grading decision; no grade is ever assigned automatically by AI. Student work processed for these suggestions is not used to train third-party AI models and is not used for advertising or profiling.

7. Student Privacy (FERPA)

For U.S. educational institutions, Trackara operates as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g; 34 CFR Part 99). Specifically:

• We receive and process student education records only to perform the institutional services for which we were engaged.
• The institution retains direct control over the use and maintenance of those records.
• We use education records only for authorized educational purposes and do not re-disclose them except as directed by the institution or as required by law.
• We do not use education records for advertising, to train third-party AI models, or for any non-educational purpose.
• Directory information is never sold or used for marketing.

Parents and eligible students may inspect, review, and request correction of education records through their institution; we will support the institution in fulfilling such requests.

8. K-12 Programs, Minors & Parental Rights

Trackara Education is used in both secondary (high school) and post-secondary automotive programs. Where the Service is used with students under 18:

• The institution authorizes the collection of student information for educational purposes, consistent with FERPA's school-official exception and, where applicable, the school-consent provisions of the Children's Online Privacy Protection Act (COPPA).
• We collect only the information necessary for the educational purpose and apply the same protections described in this policy to all students regardless of age.
• Parental and guardian rights (notice, access, correction, deletion) are exercised through the student's institution, which acts as the point of contact. We assist the institution in honoring these requests.
• We comply with applicable state student-data-privacy laws, including SOPIPA-style restrictions on commercial use of student data.

9. Data Retention and Deletion

We retain account and course data while the associated account or institution license is active. Instructors and students may export their own data and request deletion at any time from Settings → Data & Privacy in the portal, or by emailing support@trackara.app. Upon a verified deletion request or expiration of an institution's license, we permanently delete the associated personal data within 90 days, except where the institution instructs us to retain academic records to meet its own legal retention obligations, or where retention is otherwise required by law.

10. Security & Breach Notification

We protect data with role-based access controls (least-privilege by user role — student, instructor, lab assistant, director, administrator), TLS/HTTPS in transit, and encryption at rest on Google Cloud. We take commercially reasonable measures to prevent unauthorized access, though no system is completely secure. In the event of a confirmed data breach affecting personal information, we will notify the affected institution(s) without undue delay and cooperate with the institution's notification obligations.

11. Your Rights

You may access, correct, export, or delete the personal information we hold about you. Instructors and students can do this directly from Settings → Data & Privacy, or by contacting support@trackara.app. Students enrolled through an institution should also contact their institution's administrator for record-related requests, as the institution controls those records.

12. Data Processing Agreement

Institutions may execute a Data Processing Agreement (DPA) / Student Data Privacy Agreement with us governing our handling of student data, including state-specific addenda (e.g., NDPA / SDPC frameworks). Contact sales@trackara.app to request one.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users and institutions of material changes via email or an in-product notice. Continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.

14. Contact

Questions about this Privacy Policy or our data practices can be directed to:

Trackara
support@trackara.app