Privacy Policy
Effective date: June 11, 2026
Edventory ("Edventory," "we," "us") provides an IT asset management and help desk platform built for K-12 school districts (the "Service"). This policy explains what information the Service handles, how it is used, and the choices available to school districts and their users.
The short version: Edventory processes data on behalf of school districts to run their IT operations — nothing more. We do not sell personal information, we do not show ads, we do not build advertising profiles, and we use no analytics trackers. Student information that reaches the Service is used solely to provide the Service to the district that controls it.
1. Our role
Edventory acts as a service provider (or "processor") to the school districts that use the platform. Each district is the owner and controller of the data in its Edventory workspace. We process that data only on the district's instructions — to operate the features the district has enabled — and never for our own marketing, advertising, or profiling purposes.
Where the Service handles information from student education records, Edventory operates as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA, 34 CFR § 99.31(a)(1)), under the direct control of the district with respect to that information.
2. Information the Service collects
Account information (district staff)
- Staff accounts: name, work email address, role, school assignment, and permissions, created when a district administrator invites a user.
- Credentials: passwords are stored only as one-way scrypt hashes — we cannot read them. If a user enables two-factor authentication, the TOTP secret is stored encrypted.
- Sign-in records: last login time and an activity log of administrative actions (who changed what, and when), kept so districts can audit use of their own workspace.
Help desk and ticket information
- Tickets submitted by staff within the app: title, description, priority, location, and any custom fields the district configures.
- Tickets submitted through a district's public request form or by email: the submitter's name (optional) and email address, plus the content of the request. Districts may open these forms to staff, families, or other members of their community; the submitter's email is used to send confirmations and status updates about their request.
- Ticket comments and replies, including the author's name and email when a reply arrives by email.
Device, asset, and loan records
- Device inventory: serial numbers, asset tags, models, purchase and warranty dates, status, and location.
- Assigned-user labels: when a district connects an inventory source such as Google Workspace or a mobile device management (MDM) tool, or enters assignments manually, a device record may include the name or username of the staff member or student the device is assigned to.
- Loaner records: the borrower identified by the district (which may be a student or family member), checkout and due dates, and device condition notes.
Integration credentials
- If a district connects Google Workspace, an MDM provider, or single sign-on, the credentials the district supplies (service account keys, API tokens, OAuth client secrets) are stored encrypted with AES-256 and used only to perform the connected function.
Technical information
- Cookies: the Service uses a single, strictly necessary session cookie (HttpOnly, same-site) to keep users signed in, and a short-lived cookie during single sign-on. There are no analytics, advertising, or tracking cookies.
- IP addresses are evaluated in memory to rate-limit sign-in attempts and public form submissions (a security measure) and are not stored in our application database. Our hosting provider maintains standard, short-lived server logs.
3. Student information
Edventory is a tool for district IT staff — students do not create accounts. Student information can still reach the Service, for example when a synced Chromebook lists its assigned student, when a loaner device is checked out to a student, or when a staff member mentions a student in a ticket.
For all such information, we commit that we:
- use it solely to provide the Service to the district;
- never sell it, never use it for advertising or marketing, and never build student profiles for any purpose other than the district's own asset and support management;
- treat it as confidential and protect it with the safeguards described below;
- delete it at the district's direction or when the district's account is deleted.
The Service is not directed to children and does not knowingly collect personal information directly from children under 13. Where a district enables a public request form, it does so as the school, and any information submitted is collected on the district's behalf under its authority.
4. How information is used
- To operate the features districts use: inventory tracking, help desk ticketing, loaner management, license tracking, reporting, and integrations the district connects.
- To send transactional email the district's workflows trigger: account invitations, ticket confirmations and status updates, and scheduled report digests. We do not send marketing email to district users or ticket submitters.
- To secure the Service: authentication, rate limiting, and audit logging.
- To generate budget forecasts when a district uses the AI forecasting feature — see Section 6.
We do not use the data in district workspaces to train AI models, and we do not aggregate it for sale or cross-district advertising analytics.
5. When information is shared
We share information only with the subprocessors needed to run the Service, each bound to use it solely to provide their service to us:
| Provider | Purpose | What it handles |
|---|---|---|
| Render | Application hosting and database | All Service data, encrypted in transit (TLS) |
| Resend | Transactional email delivery | Recipient addresses and the content of notification emails (e.g., ticket updates, invitations) |
| Anthropic | AI budget forecasting (optional feature) | Aggregated fleet statistics only — device model counts, ages, costs, and ticket counts. No names, emails, or other personal information is sent. |
| Google / Microsoft / GitHub | Single sign-on (if the district's platform enables it) | At sign-in, the provider tells us the user's verified email address to match to an existing account |
When a district connects Google Workspace or an MDM provider, data flows from those systems into the district's Edventory workspace at the district's direction, using credentials the district controls.
Beyond subprocessors, we disclose information only: (a) at the district's direction; (b) to comply with law or valid legal process (where permitted, we will notify the district first so it may object); or (c) as part of a merger or acquisition, in which case this policy's protections continue to apply and districts will be notified.
We never sell personal information.
6. AI features
The optional budget forecasting feature sends aggregate, de-identified fleet statistics (counts of device models, age and end-of-life dates, cost settings, and ticket volume by status) to Anthropic's API to generate a budget narrative. Individual user, student, or submitter information is not included in these requests, and the data is not used to train Anthropic's models per our API terms.
7. Security
- All traffic is encrypted in transit with TLS/HTTPS.
- Passwords are hashed with scrypt; they are never stored or transmitted in plaintext.
- Stored secrets (two-factor keys, integration credentials) are encrypted with AES-256.
- Sessions use HttpOnly, same-site cookies that JavaScript cannot read; sessions expire after 24 hours.
- Two-factor authentication (TOTP) is available for all accounts.
- Role- and permission-based access control limits what each user can see; every district's data is isolated by tenant.
- Sign-in attempts and public forms are rate-limited; administrative actions are recorded in a per-district activity log.
If we become aware of a breach of security affecting personal information, we will notify affected districts without unreasonable delay and assist with their notification obligations.
8. Retention and deletion
Data is retained for as long as the district's account is active, so districts keep their asset history and audit trail. When a district is deleted, all of its data — users, devices, tickets, loans, logs, and integration credentials — is permanently deleted from the production database. Districts may also request deletion of specific records or a full export of their data at any time by contacting us.
9. Your rights and choices
Because districts control the data in their workspaces, requests to access, correct, or delete information are typically handled by the district. Staff users can view and edit their own profile in the app. Parents and eligible students should direct requests about education records to their district, and we will support the district in fulfilling them. You may also contact us directly and we will refer the request to the appropriate district and assist.
10. Where data is processed
The Service is hosted in the United States. If you use the Service from outside the U.S., your information will be processed in the U.S.
11. Changes to this policy
If we make material changes, we will update the effective date above and notify district administrators by email or an in-app notice before the change takes effect. We will not reduce the protections applied to student information without giving districts prior notice and choice.
12. Contact
Questions, privacy requests, or concerns: support@edventory.com.