Overview

This document explains our Privacy Policy as it relates to the Trac System software.  The Trac System software, go‑redrock.com website and services are owned and operated by Redrock Software Corporation.  Redrock Software Corporation ("Redrock", “We”, “Us” or “Our”) is deeply committed to maintaining the privacy and security of confidential and sensitive information we may collect, retain, process, or transfer or which is provided to us directly by our clients.

Introduction

At Redrock, we recognize the significance of personal data and the concerns associated with its misuse. We hope this statement and attached policy sheds light on our practices, or more precisely, our non-practices concerning the collection of personal data.

Our Commitment

Simply put, we do not collect any data whatsoever for the purposes of advertising or selling. Period. While this might seem like a plain statement, it's the heart of our data privacy approach. We have no hidden clauses, no convoluted terms of service that you need to decipher to understand our stance. In an age where data has become the new gold, we at Redrock believe that the best way to respect our users is by not treating their personal information as a commodity. By refraining from collecting personal data for advertising or sales, we ensure that our relationship with you remains pure, transparent, and built on trust. Furthermore, Redrock positions itself as a faithful custodian of your data. This means we never exploit the information you entrust with us for purposes like advertising, AI training, or any other secondary uses. Your data remains sacrosanct in our hands, utilized solely to enhance your user experience and nothing more. We hope the rest of this document aids in providing transparency and accountability.

Definitions

In this Policy, the following terms shall have the following meanings:

“CLIENT Data” shall mean all data of the Client provided to us by the Client or any service provider thereof (including its administrator immediately prior to the Commencement Date);

“Client Staff Data” shall mean all data of the Client’s employees provided to us by the Client or any service provider thereof (including its administrator immediately prior to the Commencement Date);

 “Student Data” shall mean personal identifiers; Protected Health Information (PHI) as that term is defined in the Health Insurance Portability and Accountability Act, 45 CFR Part 106.103; personally identifiable information contained in student education records as that term is defined in the Family Educational Rights and Privacy Act (FERPA), 20 USC 1232g; non-public personal information as that term is defined in the Gramm-Leach-Bliley Financial Modernization Act of 1999, 15 USC 6809.

“User Data” shall refer to all granular data points and metadata accrued directly from an individual's interaction with the web application. This encompasses session tokens, input and form data, timestamps, IP addresses, user-agent strings, browser-specific information, HTTP request headers, and any other technical data gleaned from client-server interactions during the user's engagement with the web application.

Personal Information and What We Do With It

Redrock Software Corporation respects privacy and takes protecting it seriously.  This Privacy Policy covers the use and disclosure of information we collect.  It also describes your choices available regarding our use of personal data.  Use of information collected through our services shall be limited to the purpose of providing service for which our clients request.  Student data and records are subject to the Family Educational Rights and Privacy Act ("FERPA"), 10 U.S.C. Section 1232g (collectively, the "FERPA Records").  As a result, Redrock holds this data in strict confidence.  Redrock protects the FERPA Records according to industry standard administrative, physical, and technical standards.

What we do with personal information provided to us

Student Data and Client Staff Data

The Trac System allows importing of course registration information.  It also allows importing of the student's/staff member’s name, email address, ID card number, birthday, photo, and other information as determined by our client.  This information is imported into the Trac System database.

The information as defined above is entered in the Trac System database by our clients.  Our client can remove or make changes to the data in the Trac System.

The client might share some of student data with us for the purpose of troubleshooting issues with the Trac System.  This data is held in strict confidence and we will only use it to deliver the requested services.

Other than described above, we do not sell, share or use any student contact information the client may share with Redrock Software.

Client Data

Our client account information is held in strict confidence.  We do not sell or share personal information with any outside parties.  We only collect information such as name, email address, mailing address, phone number, and billing information to enable us to provide the services described.

Data you load into the Trac System database is yours.  We do not have access to this data when it is hosted on your own network.  If you give us access to this data or share some of it with us for the purpose of getting technical support or for troubleshooting, we will hold the data you provide in strict confidence and will only use it to deliver the requested services.  If you need to send us student data for some reason, check with us first for instructions on how to securely transmit this data.

Other than described above, we do not sell, share or use any contact information you might share with us.

Individuals without direct relationship to Redrock

The Trac System is designed to provide flexibility to our clients, allowing for the input of staff member details such as name, email address, ID card number, birthday, photo, and any additional data points our clients deem necessary. All of this data resides securely within the Trac System's database architecture.

It's crucial to understand that we serve as a conduit for our clients. The details you find about yourself within the Trac System have been entered by our client entities, not us directly. If there are modifications you wish to effectuate regarding your stored data, please reach out to our client who entered your information. They have the autonomy to both update and delete your records from the Trac System.

User Data

The Trac System stores user data inside log files when necessary, the specifics of which can be found in the Trac System Log Information section further in this document.

Newsletters

Most of our clients and their staff members can subscribe to our newsletter via our helpdesk found at helpdesk.go-redrock.com.  These newsletters offer the latest information on the Trac System and are usually sent monthly.  To cancel, simply follow the unsubscribe instructions contained in each of the communications you receive.

Service Related Emails

On occasion we may email you service or account related announcements when it is necessary to do so.  For example, we might send you an email concerning a new update or feature for the Trac System, or to notify of impending maintenance-related downtime. Service related emails are not promotional and there is no option to opt out of receiving them.

Promotional Emails

Alongside our service-related announcements, we periodically send emails about new features, promotions, special offers, and other marketing materials that may be of interest to you. These are considered promotional in nature. If you do not wish to receive such promotional emails, you have the option to opt out. You can unsubscribe from our promotional email list at any time by following the instructions included in every email we send, or by responding “unsubscribe”.

GDPR Protection Rights

For the purpose of this Privacy Policy, we are a Data Controller of your personal information.

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal information because:

• We need to perform a contract with you, such as when you create a Policy with us
• You have given us permission to do so
• The processing is in our legitimate interests and it's not overridden by your rights
• For payment processing purposes
• To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the personal information we have on you
• The right of rectification
• The right to object
• The right of restriction
• The right to data portability
• The right to withdraw consent

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We use third parties to bill you for services.  When you sign up for our services, we will share your personal information only as necessary for the third party to provide service.

Legal Disclaimer

We prioritize the protection and confidentiality of your personal information. While we remain committed to safeguarding your data, there are limited circumstances where we may be obligated to disclose information, such as when legally mandated or compelled by a judicial or regulatory process. In such rare instances, we would only release data if explicitly required, while always striving to uphold our commitment to your privacy and the principles that guide our platform.

Personal Information Access

If your (the Client) personal information changes, or if you no longer desire our service, you may update, delete or deactivate it by making the changes in our software or by contacting us.  We will respond to your request within normal support hours.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information only as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

The integrity and confidentiality of information are paramount at Redrock.

For instances requiring the transmission of sensitive data to Redrock, a secure file upload service is provided. This service ensures that all data transfers are safeguarded during transit using TLS (Transport Layer Security), a widely recognized security protocol that offers encryption and data integrity. It is imperative that no sensitive data be transmitted via unencrypted channels, as this poses significant security risks.

Consistent with Redrock's data retention policies, any sensitive data provided is retained solely for the duration necessary to fulfill its intended purpose. Once this purpose is achieved, the data is securely purged from our systems.

In terms of data storage, Redrock adheres to best-in-class security protocols. All sensitive data stored within our systems benefits from AES (Advanced Encryption Standard) 256-bit encryption — a leading industry standard for data protection. This ensures that any confidential information remains inaccessible to unauthorized entities and remains secure against potential breaches. Furthermore, Redrock is proactively preparing for the post-quantum world, staying abreast of emerging cryptographic research and developments to ensure our systems remain resilient against the evolving landscape of quantum threats.

Cookies and Other Tracking Technologies

Cookies are utilized to recall settings, such as language preferences, and for authentication purposes. The use of cookies can be managed and controlled at the individual browser level. Rejecting cookies allows for continued access and utilization of the software; however, this choice might limit the experience and the functionality of certain features or areas within the software. It's noteworthy that privacy is prioritized: the platform does not employ third-party tracking cookies, ensuring browsing habits and data remain confidential and are not shared or tracked by external entities.

Trac System Log Information

In alignment with standard practices of the majority of web platforms, our system automatically captures and archives specific data points in server log files. This data encompasses:

• Internet Protocol (IP) Addresses: Every device connected to the Internet is assigned a unique number known as an IP address. When users access our site, we log their IP address to monitor traffic sources and patterns.
• Date/Time Stamps: This refers to the exact date and time when a user accesses or interacts with our website. It's crucial for understanding user behavior and identifying peak usage times.
• Requested Page Information: When a user requests a page or a specific resource on our site, we log details about that request. This can help in understanding user navigation patterns and optimizing content accordingly.
• Result(s) of the Request: After a user sends a request, the server responds, usually by serving a webpage or returning an error message. We document the outcome of each request, which can be particularly useful for pinpointing issues or errors.

These server logs are primarily maintained to facilitate troubleshooting, optimize server performance, and ensure the seamless functionality of our platform. It's important to note that these logs are securely contained within their designated storage environments. No data is exported, transmitted, or shared beyond its primary storage location, thereby reinforcing our commitment to user privacy and data protection.Advertising and Third Parties

We do not sell, rent, loan, trade, donate, or give any data to third parties such as advertisers or data brokers.

Testimonials

We post customer testimonials on our website, which may contain personal information.  We always obtain our Clients’ consent to post their name along with their testimonial via email prior to posting the testimonial on our website.  However, anyone wanting to request the removal of their testimonial, please contact us and we will do so swiftly.

Social Media Features

The Trac System does not implement any social media features.

Notification of Privacy Policy Changes

We may update our privacy policy to reflect changes to our information practices.  If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our website prior to the change becoming effective.