Veracross Product Privacy Policy

Effective date: September 2025

Veracross LLC (“Veracross”) takes the privacy of its users, including students, teachers, and parents, seriously. Veracross is committed to protecting users’ privacy while providing a personalized and valuable learning experience through its education technology products and services (the “Product”).

In support of our operations in the United States, we maintain strong commitments regarding the responsible collection and use of student personal information. Specifically, we: 

• We only collect, store, process, or share student information that is needed for authorized education/school purposes, or as authorized by the parent/student.
• We do not sell student personal information.
• We do not use or disclose student information for behavioral targeting of advertisements to students.
• We do not retain student personal information beyond the time period required to support the authorized educational/school purposes.

The School Environment

Collectively, the classroom, teachers, parents, guardians, students, and school and district administration and employees/agents are referred to in this Privacy Policy as the “School Environment.”

As Veracross is designed to be used in the classroom, much of the information collected is intended to be shared within the School Environment; Product-related or class-related activities, information, or communications may therefore be visible to anyone present in the classroom. Furthermore, some information will be available to other students, teachers, parents, guardians, and school or district administrators and/or employees (see “Veracross User Access Privileges” below). The sharing of the above information is subject to this Privacy Policy and the privacy policies of the relevant educational institutions. If users have any questions about the sharing of this information under those policies, Veracross recommends that users contact the relevant educational institutions.

To assist with the use of its Product, Veracross gives school or district administrators and/or employees access to a Veracross Community website accessible at https://community.veracross.com/ (the “Community Site”).

Veracross has implemented security measures to ensure that any data collected by or through the Product, including in connection with the use of the Veracross Community Site will not be shared outside the School Environment, except as outlined in this Privacy Policy.

Collected Information

Personal Information

The specific information collected depends on the user type (i.e. teacher, district/school staff, parent, and student users). A list of the personal information collected for each user type of the Product or Community Site, including the type of information collected, how the information is collected and used within the School Environment, whether other users can view the information, and whether the information is shared outside of the School Environment, is available here.

Veracross DOES NOT collect the following data:

• • User’s contact lists or friends lists;
  • Social medial information;

Please note that our Community Site is not designed for Sensitive Information. We do not intend to collect or process Sensitive Information through the Community Site services. Please do not submit Sensitive Information in any part of the services accessible through the Community Site, including free-text fields, uploads, attachments, custom properties, tags, tickets, logs, screenshots, or screen recordings.

For this Policy, “Sensitive Information” means information that law treats as requiring extra protection, including:

• EU/UK Users: “special categories” under Art. 9 GDPR (e.g., racial or ethnic origin; political opinions; religious or philosophical beliefs; trade-union membership; genetic data; biometric data for identification; health; sex life/sexual orientation) and data about criminal convictions and offences under Art. 10/DPA 2018.
• U.S. Users: “Sensitive Information” under the CPRA and “Sensitive Data” under other state privacy laws (e.g., government IDs such as SSN, driver’s license/passport; financial account numbers with passwords/access codes; precise geolocation as defined by law; health information/genetic/biometric identifiers; race/ethnicity, religion, union membership; sexual orientation/sex life; citizenship/immigration status; contents of communications where we’re not the intended recipient; and children’s data).
• Australian Users: “sensitive information” under the Privacy Act 1988 (Cth)/APPs (e.g., racial/ethnic origin, political opinions/associations, religious/philosophical beliefs, trade-union membership, sexual orientation/practices, criminal record, health/genetic information, and certain biometrics).
• New Zealand Users: information regarded as sensitive under the Privacy Act 2020 and OPC guidance (sensitivity is recognized contextually, and is a key factor in notifiable privacy breach assessment). Biometric information is expressly treated by the OPC as particularly sensitive and under active regulatory focus.
• Canadian Users: information treated as sensitive under federal and provincial law—PIPEDA (sensitivity is context-dependent, with categories like Medical/income deemed typically sensitive) and Québec’s Law 25 (personal information is “sensitive” where, due to its nature — e.g., medical/biometric — or the context, it entails a high expectation of privacy). It also includes government identifiers such as SIN and provincial health numbers and comparable identifiers.
• All Users: this also includes government-issued identifiers; full financial account numbers with access credentials, and any other information that applicable law classifies as sensitive, or that a reasonable person would consider highly confidential.

Please avoid including Sensitive Information in emails to us, support tickets or chat. If you need help that might involve Sensitive Information, contact us at privacy@veracross.com so we can suggest alternatives.

If we learn that Sensitive Information was submitted in violation of this section, we may take reasonable steps to delete, redact, or restrict that data and contact the submitter to help remediate. Where deletion is not technically feasible, we will minimize further processing and apply appropriate safeguards. These actions are without prejudice to any rights you may have under applicable law (e.g., access, deletion, or restriction requests).

• Legal bases note (EU/UK Users).

  We do not seek a legal basis to process special-category data through the Services. If such data is submitted contrary to this section, we will handle it as above and will not use it for additional purposes without a valid legal basis (for example, where required to establish, exercise, or defend legal claims).

Cookies

Cookies are small data files that are commonly stored on your device when you use websites and online services. They are widely used to make websites work, or to work more efficiently, as well as to provide reporting information and assist with services or personalization. There are also other technologies that are similar to cookies, which may store small amounts of data on your device (“local storage”).

Veracross uses the following types of cookies and local storage (collectively called “Cookies” herein):

• Performance and functionality Cookies: These Cookies are not essential, but they help us personalize and enhance your user experience. For example, they may help us to remember your preferences and prevent you from needing to re-enter information more than once, or to remember your id and password so that you do not have to enter them each time you use our services.

The Veracross Product does not use cookies for advertising purposes.

If you wish to disable the use of Cookies, you may do so from the browser preferences menu of your browser software by either turning off Cookies or by using your browser’s privacy mode when using our services.

Our Cookies Notice to users of Product and Community Site  is accessible at the time the user connects to access and use the Product or Community Site (as applicable)..

What Does Veracross Do with the Collected Information?

Veracross only collects and uses user information that is required to fulfill its duties and provide and improve its services. Specifically, collected information is used for the following purposes:

• To operate the Product;
• To monitor & secure the Product;
• To enable users to login to the Product;
• To allow teachers, parents, guardians, students, and school and district administration and employees/agents to manage and engage with the Product as directed by the school;
• To enable class related activities such as classroom content, assignments/tasks, and communications;
• To provide analytic data to teachers and school administrators;
• For software and customer support purposes;
• For sales, invoicing, and/or billing purposes;
• To enable student billing & tuition management; and
• To enable 3rd party integrations selected by and at the direction of the school;

Veracross does not advertise or market to students or their parents. No personally identifiable student information will be used for marketing purposes.

Veracross does not share personally identifiable information outside the School Environment, except for those purposes stated within this document, without first obtaining the express written consent of the individual.

Parents who login to the Product or Community Site are not granted access to personally identifiable information of any student other than their child.

Collected information in aggregate form, whereby individual users are not identifiable (i.e. “de-identified data”), is used for the following purposes:

• To improve the Product;
• For research and statistical purposes;
• For marketing purposes related to the Veracross Product; and

For customer support purposes.

De-identified data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, user ID, date of birth, and location information. Furthermore, Veracross will not attempt to re-identify de-identified data or transfer de-identified data to any party unless that party agrees not to attempt reidentification

Veracross User Data Access

All user access and/or interactions within the Veracross Product occur in the School Environment among district/school administrators, district/school employees or agents, teachers (including paraprofessionals, aides, behavior specialists, or other school employees), students, and parents (“trusted users”) in the School Environment.

Teachers (including teachers, paraprofessionals, aides, substitute teachers, behavior specialists, or other school employees working with students in the classroom) are granted access to student data for the students in their classes and to parent data for the students in their classes. School/district administration officials may access teacher and student data to monitor in-app activities and student behavior/attendance. Other school employees or agents within the School Environment have appropriate privileges based on their role and need-to-know. These privileges are configured and maintained by the school, not Veracross. Students are granted access to their personal data and all content posted by their teachers or other school officials necessary for them to fulfil their roles within the school. This access is configured and maintained by the school, not Veracross.  Note that some data may be displayed by the teacher in front of the whole class or other groups who may not normally have access to this data. This is at the discretion of school officials and not within the control of Veracross. Parents are granted access to data related to their child and their child’s teacher, and to aggregate data for their child’s class.

Detailed information on user data access can be viewed here.

Student Records

Student records are the property of and under the control of the school and/or school district. Students can access their student records by logging in to their student account. Parents and guardians of students under the age of 18 can access their child’s information via their parent account or by contacting the school. Corrections of any erroneous information should be brought to the attention of the school administration. In the event that the teacher or school are unable to make the correction, the school will contact Veracross via normal support channels. Veracross will work with the teacher or school to facilitate correction of any erroneous information.

Third parties are not granted access to personally identifiable information or educational records or other student records except as provided in this Privacy Policy, or after first obtaining the express written consent of the parent or student over 18 years of age.

Should there be any unauthorized disclosure of a student’s records, Veracross will notify the school within 3 days following discovery of the unauthorized disclosure.

No Marketing to Students and Parents

Veracross does not share user data with third parties for marketing purposes. Furthermore, Veracross does not use student data for marketing of any kind, including marketing to students or parents. For information on our privacy practices with respect to the operation of our corporate website, please see Veracross’s Website Privacy Policy here.

Deletion of Records

As our customers require access to records on a continuous basis, Veracross maintains records at the direction of our customers as long as we have an engagement with our customers. Upon termination of an engagement with our customers, records will be deleted within 30 days of the date of termination. Customers have complete control over records lifecycles, including the ability to delete records as they see fit or as directed by a student, parent, faculty, staff, or any other data subject at any time. If you have any concerns about records retention, please contact your school or email privacy@veracross.com.

Regional Compliance

1.  United States of America

FERPA

FERPA is an acronym for the Family Education Rights and Privacy Act, a US federal law to protect the privacy of student educational records. FERPA gives parents certain rights with respect to their non-adult children’s education records. These rights include the right to inspect and review the student’s education records maintained by the school, as well as the right to request that a school correct records which they believe to be inaccurate or misleading.

Furthermore, under FERPA, schools generally must have written permission from the parent in order to release any information from a student’s education record, which includes records, files, documents, and other materials that contain information directly related to a student and are maintained by an educational agency/institution, or the personally identifiable information contained within those records. However, FERPA allows schools to disclose those records, without consent, to various parties under specified conditions, including the following (see 34 CFR § 99.31):

• School officials with legitimate educational interest;
• Other schools to which a student is transferring;
• Specified officials for audit or evaluation purposes;
• Appropriate parties in connection with financial aid to a student;
• Organizations conducting certain studies for or on behalf of the school;
• Accrediting organizations;
• To comply with a judicial order or lawfully issued subpoena;
• Appropriate officials in cases of health and safety emergencies; and
• State and local authorities, within a juvenile justice system, pursuant to specific State law.

Schools may also disclose, without consent, “directory” information such as a student’s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents about directory information and allow parents a reasonable amount of time to request that the school not disclose directory information about them.

While this act is primarily directed towards educational institutions, Veracross recognizes its role as a “School Official” with a legitimate educational interest under FERPA, and our privacy policy is designed to secure student data in compliance with FERPA and to allow education institutions using Veracross to be compliant with FERPA. Veracross does not disclose student educational records or directory information outside of the School Environment.

COPPA

COPPA is an acronym for the Child Online Privacy Protection Act, a US federal law to protect the privacy of children under the age of 13. COPPA requires that online service providers such as Veracross, or teachers/schools acting as a parent’s agent, provide parental notification and obtain parental consent before knowingly collecting personal/individually identifiable information from children under the age of 13, except in limited situations (for exceptions to this consent requirement, please see 16 CFR § 312.5(c)).

Pursuant to the Terms of Use between Veracross and the users of the Veracross Product (available here) teachers, or a teacher’s school or district administration, will obtain verifiable parental consent, should it be required under COPPA. Veracross provides information for teachers, including COPPA Direct Notice (available here) and a sample parental permission document should they require one (available here).

If such personal information is collected without parental consent or collected beyond the scope needed for participation in the Veracross Product, Veracross will delete such information as soon as possible. If you believe that information from a student under the age of 13 has been provided in violation of these terms, please contact us at privacy@veracross.com.

Please review the foregoing sections for descriptions of the types of personal information we collect; how we collect that information; how that information is used; and our policies on protecting that information from third party access.

Veracross takes the rights of children and parents very seriously. To this end:

• Veracross won’t require a child to disclose more information than is reasonably necessary to participate using the Product within the School Environment;
• Parents can review their child’s personal information, direct Veracross to delete it, and refuse to allow any further collection or use of their child’s information; and
• Parents can agree to the collection and use of their child’s information, but still not allow disclosure to third parties unless it is part of the service.

Parents may contact Veracross following the procedures outlined in the “Changes and Access to Personal Information” section below.

2. European Union

Since May 25, 2018, the European Union General Data Protection Regulation (GDPR) has defined the rules regarding the collection, use, and retention of personal information for residents of the European Union (EU). Veracross complies with applicable GDPR principles.

In order to operate its services, and in accordance with this Privacy Policy, Veracross may collect, use, and retain personal information from users of the Veracross Product and/or Community Site who are based in the EU.

Furthermore, in order to operate its services, and in accordance with this Privacy Policy, Veracross also conducts business with third-party data processors in the United States, where personal information for users of the Veracross Product is stored. Accordingly, when Veracross transfers personal information outside of the European Economic Area to the United States, such transfers will be governed by data processing agreements and international data transfer mechanisms that comply with European Union data protection requirements.

3. United Kingdom

Following Brexit, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419) amended the GDPR, the UK Data Protection Act 2018 (which had implemented the GDPR into UK law) and other data protection legislation including the Privacy and Electronic (EC Directive) Communications Regulations 2003 (SI 2003/2426) (as amended) with the aim of ensuring that the UK data protection legal framework functioned correctly after exit day. Veracross complies with applicable UK data protection principles.

In order to operate its services, and in accordance with this Privacy Policy, Veracross may collect, use, and retain personal information from users of the Veracross Product and/or Community Site who are based in the UK.

Furthermore, in order to operate its services, and in accordance with this Privacy Policy, Veracross also conducts business with third-party data processors in the United States, where personal information for users of the Veracross Product and/or Community Site is stored. Accordingly, when Veracross transfers personal information outside of the United Kingdom to the United States, such transfers will be governed by data processing agreements and international data transfer mechanisms that comply with UK data protection requirements.

EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework

Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Veracross LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, have certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, are responsible for the processing of personal data they receive under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, and subsequently transfers such personal data to a third party acting as an agent on its behalf.  Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, comply with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, the UK, and Switzerland, respectively, including the onward transfer liability provisions.

The Federal Trade Commission has jurisdiction over Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Veracross, LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, at privacy@veracross.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Veracross LLC and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

4. Canada

Rights of users located in Canada are governed by  the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, the Personal Information Protection Act, R.S.A. 2003, c. P-6.5, the Personal Information Protection Act, R.S.B.C. 2003, c. 63 and an Act respecting the protection of personal information in the private sector, CQLR, c. P-39.1, as amended by Law 25, An Act to modernize legislative provisions as regards the protection of personal information (as applicable based on the location of the user in Canada).

Since the adoption of Law 25, Quebec residents have enhanced rights with respect to their personal information, including:

• Access Rights: the right to receive confirmation of the processing of their personal information, of the nature of the information being processed, and to receive a copy of it.
• Data Portability Right: the right, subject to certain exceptions, to ask that the processing organization communicate to them computerized personal information in a written, intelligible transcript, and any collected personal information in a structured, commonly used, technological format.
• Rectification Right: subject to certain requirements and exceptions, the right to ask to correct the information in the processing organization’s possession t is inaccurate, incomplete, or ambiguous, or if collecting, communicating, or keeping it is not authorized by law.
• De-indexation Right or “Right to be Forgotten”: the right to ask organizations to stop disseminating their personal information or to de-index any hyperlink attached to their name giving access to information if this dissemination causes them harm or contravenes the law or a court order.
• Automated Decision Making: the right to be informed when they are the subject of a decision based exclusively on automated processing of their personal information. Organizations must also, on request, inform them about the personal information used to make the decision, the reasons and main factors leading to the decision, and the right to request correction of the personal information used to make the decision. They must also be given the opportunity to present their observations to a member of their staff for review of this decision.

Canadian users can access and modify their personal information in Veracross’s possession using your user login and password, or by following the instructions in the section of this document titled “Changes to and Access to Personal Information.”

To exercise their other access rights under Canadian law, residents of Canada shall contact the School on whose behalf Veracross process their personal information.

Please note that because Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, and their respective service providers are located in the United States and other countries outside Canada, we may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.

We may process, store, and transfer your personal information in and to foreign countries, with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.

Security Policy

Veracross uses industry standard methods to protect the confidentiality, security, and integrity of its customer’s data, including personal information collected from children, against unauthorized use or access, disclosure, alteration, unlawful or accidental destruction, or loss. We ensure that all such protected data is encrypted both at rest and in transit, and is only retained or deleted in accordance with this Privacy Policy or any overriding agreements with educational agencies.

Veracross does not share the data covered by this policy informally among its employees. Only those employees who require the protected data to carry out their duties are granted access. In such cases, access is granted based on the principle of least privilege, which means that each program and employee are granted the fewest privileges necessary to complete their tasks. Employees with access to protected data are given training to apprise them of their responsibilities when handling data and the various laws and agreements covering data security. Such employees are also given a unique user ID for purposes of accountability.

Veracross performs periodic risk/vulnerability assessments and data privacy and security compliance audits. Veracross will remediate any identified security vulnerabilities in a timely manner. We also have a written incident response plan, which includes prompt notification to the school/district in the event of a security or privacy incident, as well as best practices for responding to a breach of personally identifiable information. We will share this incident response plan upon request.

While Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, are committed to implementing best practices with regard to information and data security, we cannot make a 100% security guarantee due to constant advances in virus and hacking technology, as well as unforeseeable hardware or software failures and other risk factors. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, can therefore not be held responsible for data loss or alteration. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, will notify any affected customer of a personal data breach in accordance with applicable law.

For additional information about our security measures, please visit our Trust Center.

Third Parties

Third Party Links

Any member of the school community may make postings that contain links to third party services in various sections of Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC. Common examples of this would be links to videos hosted by YouTube or Vimeo, links to Wikipedia or other reference material, and so on. It is the responsibility of the customer to ensure that this content is appropriate and free from links to sites which may compromise the privacy of their students.  Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, do not actively monitor content and has no responsibility for this content.

Third Party Integrations

Third Party software may be integrated with Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, have no responsibility for the content, policies, or actions of these websites and they are entirely separate from Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, and are not covered by this Privacy Policy.

Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, also provide users with the option of registering/logging into the Product with single sign-on authentication through Third-Party software. If you choose to access our Product through single sign-on authentication, Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may exchange personal information such as the user’s email address with the authentication service, depending on your privacy settings with that service. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, will only collect and store such information in accordance with this policy. We recommend familiarizing yourself with any authentication service’s terms of use and privacy settings and policies before using such services to connect to Veracross.

A list of these Third-Party Integrations, including the services they provide to Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, the information we share with them or that they share with us, their privacy policies, and their contact information, can be obtained by contacting us at privacy@veracross.com

Third Party Service Providers

Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may use trusted Third-Party Service Providers to support our Product by assisting us with providing, maintaining, and improving our services. To this end, Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may share information with these providers, but only to the extent necessary to provide our services, and only in accordance with our needs, this Privacy Policy, and all other applicable privacy agreements, laws, and/or requirements.

A list of these Providers, including the services they provide to Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, the information we share with them or that they share with us, their privacy policies, and their contact information, can be found here.

Changes to and Access to Personal Information

Users have access to their personal information via their Veracross user account, or by contacting the teacher or school administration. Users may also request a copy of their personal information, make modifications to any incorrect information, or exercise any other rights available to them under applicable law by sending a written request to the school.

Users can also correct and update their personal information by contacting the school.

Change of Control

In the event that all or a portion of Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, or their assets are acquired by or merged with a third party, personal information that we have collected from users would be one of the assets transferred to or acquired by that third party. This Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage, or by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, you may request its deletion from the company.

Disclosure of Information to Satisfy Legal Obligations

Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may disclose personal information if we have a good faith belief that doing so is necessary to comply with the law, such as complying with a subpoena or other legal process. We may need to disclose personal information where, in good faith, we think it is necessary to protect the rights, property, or safety of Veracross, our employees, our community, or others, or to prevent violations of our Terms of Use or Terms of Service or other agreements. This includes, without limitation, exchanging information with other companies and organizations for fraud protection or responding to government requests.

Changes and Updates to the Privacy Policy

This Privacy Policy is effective as of September 2025. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, may, at its sole discretion, update, revise, modify, and/or supplement from time to time this Privacy Policy. Should we make modifications to this policy or the related Terms of Service, we’ll send an email directly to the school at least 30 days prior to the change. Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, updated Privacy Policy and Terms of Service will also be posted on Veracross’s corporate website. Veracross asks users to review the updated Privacy Policy and/or Terms of Service before continuing to use our services. The user’s continued use of the services provided by Veracross after the updated Privacy Policy takes effect will constitute the user’s acceptance of the updated Privacy Policy.

Consent to the Gathering and Processing of Information

By accepting the Terms of Service, users are expressly giving Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, a special declaration that users have agreed to the terms of this Privacy Policy governing the collection and processing of their personal information for purposes of services provided by Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC. Users are further declaring that users are aware of the purpose for Veracross collecting, processing, and using such information, how the processing will be conducted, and how users’ privacy will be protected.

Contact

Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC, services to its users and users’ trust is of utmost importance to Veracross and its US subsidiaries, Magnus Health, LLC, and Digistorm LLC. If users have any questions about this Privacy Policy, users should contact Veracross at: privacy@veracross.com.