This Privacy Policy ("Policy") describes how SumHubs collects, uses, discloses, and protects personal information in connection with the Service. It applies to Enterprise Users (e.g., schools, districts, organizations, service providers, and businesses using SumHubs under enterprise accounts) and End Users (e.g., students, parents, educators, and consumer mobile app users). By using the Service, you consent to this Policy and acknowledge that it forms part of the Terms of Service.
Table of Contents
1. Introduction
This Privacy Policy describes how SumHubs collects, uses, discloses, and protects personal information in connection with the Service. It applies to both Enterprise Users and End Users. By using the Service, you consent to this Policy and acknowledge that it forms part of the Terms of Service.
2. Information We Collect
2.1 Personal Information
Name, email, phone number, organization/school affiliation, payment details, billing information, and other identifiers provided by users.
2.2 Account and Usage Data
Login credentials, device identifiers, IP address, browser type, session activity, and interaction logs.
2.3 Educational Records
If used in schools, student data (e.g., names, grades, assignments, class information) provided by schools, subject to FERPA and equivalent laws.
2.4 Cookies and Tracking Technologies
Authentication tokens, preferences, analytics cookies, and similar technologies. Use of cookies is further described in our Cookie Policy.
2.5 Sensitive Data
We do not intentionally collect sensitive categories of data (e.g., race, political beliefs, health data) unless required by law or explicitly authorized.
3. How We Use Information
We process information to:
- Provide, secure, and improve the Service
- Manage accounts for students, educators, and enterprise clients
- Authenticate logins and detect fraud
- Support compliance with Applicable Laws (FERPA, COPPA, ADA, GDPR, CCPA, etc.)
- Process payments and enforce account rules
- Communicate updates, notices, and support responses
4. Legal Bases for Processing
Where required under GDPR and equivalent laws, processing is based on:
- Performance of a contract (providing the Service)
- Compliance with legal obligations
- Legitimate interests (security, fraud prevention, product improvement)
- Consent, where expressly required
5. Dual Compliance Framework
Educational Use
When used by schools, SumHubs acts as a "school official" under FERPA and requires verifiable parental/school consent under COPPA for children under 13. ADA/Section 508 accessibility applies.
Business Use
When used outside education, SumHubs processes data under GDPR, CCPA, and equivalent laws. FERPA and COPPA do not apply in such contexts.
6. Children's Privacy
6.1 COPPA
Children under 13 may use the Service only with verified parental or school consent.
6.2 GDPR
In the European Union, parental consent is required for children under the age of consent set by national law (between 13–16).
6.3 Deletion
If parental consent is not obtained, accounts will be deleted. SumHubs does not knowingly sell or share children's data.
7. User Rights
7.1 Parents/Students (FERPA/COPPA)
Rights to review, correct, or delete educational records, exercised through the school.
7.2 EU/UK Users (GDPR)
Rights of access, rectification, erasure, restriction, data portability, and withdrawal of consent.
7.3 California Users (CCPA/CPRA)
Rights to know categories of data collected, request deletion, opt-out of "sale" or "sharing" of personal information, and request correction.
7.4 Brazil (LGPD) / Canada (PIPEDA)
Equivalent GDPR-style rights apply.
Requests can be made to support@sumhubs.com.
8. Data Security
We implement industry-standard safeguards, including:
- Encryption in transit and at rest
- Role-based access controls
- Administrative audit logging
- Incident response procedures (with notification within 72 hours under GDPR, where applicable)
- SOC 2 readiness for secure hosting
9. Retention and Deletion
Educational Data
Retained only as long as authorized by schools or required by law; deleted upon school request.
Enterprise/Business Data
Retained as long as necessary for service provision, billing, or legal compliance.
Deletion Requests
Users may request deletion at any time via support@sumhubs.com or in-app tools.
11. Marketplace Safeguards
Enterprise Users offering services through SumHubs must comply with marketplace rules. SumHubs may suspend or remove Enterprise accounts for fraud, scams, or unlawful conduct. Enterprise Users are responsible for refunds and chargebacks.
12. CSAE and Prohibited Content
SumHubs strictly prohibits child sexual abuse material (CSAM) or any form of exploitation ("CSAE"). Violations result in immediate termination and referral to the National Center for Missing and Exploited Children (NCMEC) and law enforcement.
13. International Data Transfers
For transfers outside the European Economic Area, United Kingdom, or Switzerland, SumHubs relies on:
- Standard Contractual Clauses (SCCs)
- UK Addendum / International Data Transfer Agreement (IDTA)
- EU-U.S. Data Privacy Framework (where applicable)
- Other legally recognized safeguards
14. Mobile Applications
14.1 In-App Purchases
Payments made via Apple App Store or Google Play Store are processed by those platforms; refunds are governed by their policies.
14.2 Permissions
The app may request access to device features (camera, microphone, location) solely for service functionality.
14.3 Data Deletion
End Users may request deletion of their data through in-app settings or by contacting support@sumhubs.com.
15. Data Processing Addendum (DPA)
When acting as a data processor on behalf of an Enterprise User, SumHubs processes personal data in accordance with a Data Processing Addendum (DPA), which forms part of these Terms and is available upon request. The DPA specifies roles, responsibilities, sub-processor disclosures, and transfer mechanisms.
16. Third-Party Services
The Service may integrate with third-party services (e.g., AWS, Google APIs, Stripe). SumHubs is not responsible for failures, security vulnerabilities, or damages caused by such third-party services.
17. Accessibility
SumHubs is committed to accessibility and complies with WCAG 2.1 AA, ADA, and Section 508 standards.
19. Changes to this Policy
SumHubs may update this Policy from time to time. Notice will be provided via email, in-app alerts, or posting on our website. Continued use of the Service after updates constitutes acceptance.
20. Governing Language
This Policy is drafted in English. Any translations are provided solely for convenience. In the event of conflict, the English version controls.