This Privacy Policy describes how School Management and Record Tracking, Inc. (“SMART,” “we,” “us,” or “our”) collects, uses, and processes information through the public Website at onlinesmart.net and any other public‑facing website operated by SMART (“Website”), and through the SMART System, which is accessible only to individuals to whom the Customer has granted access. SMART acts as a service provider or processor for all Customer Data, including student information, and does not control or determine how Customer Data is collected, used, or shared.

1. Scope This Privacy Policy covers information collected from individuals who visit the public Website and information processed through the SMART System on behalf of Customers. This Privacy Policy does not override the Master Application Service Provider Agreement (“MASPA”), the General Terms & Conditions (“GT&C”), the Acceptable Use Policy (“AUP”), or any Customer‑specific agreements. If you have been granted access by the Customer to use any password‑protected SMART application or service, the Customer controls your data and is responsible for all notices, consents, and rights under applicable law.
2. SMART Acts As Processor / Service Provider. SMART acts as a processor or service provider for all Customer Data. All student data is Customer Data and is processed solely under the Customer’s instructions. SMART does not control or determine how Customer Data is collected, used, or shared.
Controller. SMART acts as a controller only for limited information from individuals who visit the Website, such as cookies, analytics, and contact form submissions.
3. Information We Process Information Provided by Customers (Processor Role). SMART processes Customer‑provided information including student records (such as grades, demographic information, contact information, and other educational records), attendance and scheduling data, time clock data, biometric templates (if enabled), staff and user account information, messages and communications, and documents uploaded by the Customer. SMART does not collect this information directly from students or minors.
Technical and Log Information. When accessing any SMART application, service, or the public Website, SMART automatically collects technical information such as IP address, device and browser type, operating system, usage logs, authentication events, and security logs. Website Information (Controller Role). SMART processes limited information from individuals who visit the Website, including contact form submissions, analytics data, and cookie data.
4. How We Use Information To Provide the SMART System (Processor Role). SMART uses information to authenticate users, maintain accounts, process student records (including grades, attendance, scheduling, and time clock data), process biometric templates (if enabled), generate Customer‑requested reports such as transcripts and academic summaries, deliver Customer‑directed communications, provide support to the Customer, and maintain the security and integrity of the SMART System.
To Operate the Website (Controller Role). SMART uses information from individuals who visit the Website to respond to inquiries, analyze Website usage, and improve Website performance. SMART does not sell or share personal information for advertising.
5. Biometric Information (If Enabled by the Customer) If a Customer chooses to use biometric feature in the SMART System, SMART may process limited biometric data solely on behalf of the Customer for identity‑verification purposes. The biometric data SMART receives depends on the Customer’s configuration and does not include fingerprint images and cannot be used to recreate a fingerprint. SMART does not determine whether biometric data is collected, how it is used, or how long it is retained. SMART does not sell, share, or profit from biometric data and deletes biometric data only upon Customer instruction. All notices, consents, and rights regarding biometric data must be provided by the Customer.
6. Cookies and Tracking Technologies SMART uses essential cookies for authentication and security, and analytics cookies such as Google Analytics. Individuals who visit the Website may adjust browser settings to manage cookies.
7. Disclosure of Information SMART may disclose information to the Customer (as the data controller), to subprocessors that support the SMART System, to comply with law, regulation, or legal process, to protect the security or integrity of the SMART System, or to prevent fraud or misuse. SMART does not disclose Customer Data to third parties except as instructed by the Customer.
8. Subprocessors SMART may use subprocessors to support hosting, infrastructure, analytics, and support operations. SMART contracts with subprocessors under confidentiality and security obligations consistent with this Policy and the GT&C. SMART does not guarantee the performance of any subprocessor.
9. Data Retention and Deletion SMART retains Customer Data for as long as necessary to provide the Services and as directed by the Customer under the GT&C. Customers may manage and delete their own data within the SMART System. When a Customer contract ends, SMART follows its standard data detachment, retention, and deletion processes as described in the GT&C. If a Customer enables biometric features, any biometric data processed by SMART is retained and deleted only in accordance with Customer instructions and Applicable Laws. Information from individuals who visit the Website is retained for standard analytics and security periods.
10. Security SMART uses administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption, access controls, authentication, network and infrastructure security, and monitoring and logging. No system is 100% secure, but SMART follows industry‑standard practices.
11. Children’s Privacy SMART does not provide services directly to children. Any student information processed through the SMART System is provided and controlled by the Customer. SMART does not collect student data directly and does not monitor Customer Data. The Customer is responsible for all notices, consents, and compliance obligations related to student information under FERPA, COPPA, and applicable state laws.
12. Data Subject Rights SMART does not respond directly to data subject requests (such as access, deletion, or correction) for Customer Data. All such requests must be directed to the Customer. SMART will assist the Customer in fulfilling rights requests as required by contract or law.
13. Changes to This Privacy Policy SMART may update this Privacy Policy periodically. The “Last Updated” date will reflect the most recent revision.
14. Contact Information Questions about this Privacy Policy may be directed to:
SMART Attn: Privacy 10645 N. Tatum Blvd., Suite C200 531, Phoenix, AZ 85028     Email: [email protected]