Privacy Statement

PBISario provides a browser-based lunchroom management tool used by K-12 schools and districts. This Privacy Statement explains what information we collect, how we use it, and the rights schools, parents, and students have regarding that information. PBISario is provided as a Software-as-a-Service product operated by PBISario ("we", "us").

Because PBISario is purchased and configured by schools or districts (not by individual students or parents), the school or district is the entity that determines what data is submitted to our service and who within the school may access it. We process that data on the school's behalf as its service provider.

Information We Collect

Staff Account Information
We collect limited information necessary to create and manage staff accounts, including name, work email address, role, school affiliation, login credentials, and optional two-factor authentication details.

Usage and Operational Data
We collect system-level data such as session activity (start, pause, end), device status, administrative actions, and error logs. This information is used to operate, maintain, and improve the service.

Payment Information
Payments are processed securely through Stripe. PBISario does not store full credit card numbers on its servers.

No Student Data Collection

PBISario does not require or collect student information. The platform is designed for group-based lunchroom management and does not include features for entering or storing student names, records, or personally identifiable information.

Schools and staff should not input student data into announcements, visuals, or any custom fields within the platform.

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records.

Because PBISario does not collect or store student education records or personally identifiable student information, FERPA obligations related to student data do not apply to the operation of this service.

COPPA Compliance

The Children’s Online Privacy Protection Act (COPPA) applies to the collection of personal information from children under 13.

PBISario is not directed to children and does not knowingly collect personal information from children. The platform is accessed only by school staff accounts.

Data Retention and Deletion

We retain staff account and operational data for the duration of a school’s subscription and for a reasonable period afterward for administrative and support purposes. Schools may request deletion of their data at any time, and we will process deletion requests within 30 days, subject to any legal obligations.

Aggregated, non-identifiable usage data may be retained to improve the service.

Subprocessors

We rely on a small set of vetted subprocessors to operate the service. Each is contractually obligated to handle school data in accordance with this statement and with FERPA / COPPA requirements.

• Amazon Web Services (AWS) / Amazon Lightsail — application hosting and storage (United States).
• Stripe — payment processing.
• Mailgun — transactional email (password reset, 2FA verification).
• Cloudflare — DNS and TLS termination at the network edge.

If we add a new subprocessor that processes school data, we will update this list.

Security

We protect school data with industry-standard safeguards including TLS encryption for data in transit, access controls gated by role-based authentication and two-factor authentication for school administrators, database backups, audit logging of administrative actions, and server-side input validation. No online service can guarantee absolute security; in the event of a data incident affecting a school's information, we will notify affected schools without undue delay.

User Rights

Because PBISario does not collect student data, privacy rights related to student records are managed entirely by the school or district.

Staff users may request access to, correction of, or deletion of their account information by contacting their school administrator or PBISario support.

Contact Us

Questions about this Privacy Statement or PBISario's privacy practices can be directed to [email protected]. Schools with contractual questions (including data processing agreements, state-specific addenda, or FERPA clarifications) should contact [email protected].