1.0 OVERVIEW

LabScale provides private cloud infrastructure services to educational institutions. We are committed to protecting student privacy and complying with applicable regulations including FERPA (Family Educational Rights and Privacy Act).

2.0 WHAT DATA WE COLLECT

2.1 INSTITUTIONAL DATA

When partnering with colleges, we collect the following:

• Institution name, contact information, and billing details
• Faculty names and email addresses (for platform access)
• Course information (course codes, enrollment numbers)

2.2 STUDENT TECHNICAL DATA

When students use LabScale infrastructure, we may collect the following:

• Login credentials (username, hashed passwords)
• Session logs (login times, duration, IP addresses)
• Usage metrics (which VMs accessed and at what time)
• System logs (network traffic, resource utilization)

2.3 NO STUDENT EDUCATIONAL RECORDS

LabScale does NOT collect or store in our internal systems:
✗ Student names or personally identifiable information (PII)
✗ Course content or assignments
✗ Grades or assessment scores
✗ Student ID numbers or social security numbers
✗ Any FERPA-protected educational records

Students are identified to LabScale by institution-assigned usernames only. Partner institution faculty may use student names to group student learning tools within their private cloud installation. Students must connect to their college’s LabScale private cloud via SSO.

2.4 WEBSITE & MARKETING DATA

On labscale.io, we collect:

• Basic analytics (page views, browser type, location)
• Contact form submissions (name, email, message)
• Email newsletter subscriptions

3.0 HOW WE USE DATA

3.1 TECHNICAL DATA

We may use student technical data to:

• Provide platform access and authentication.
• Monitor infrastructure performance and uptime.
• Troubleshoot technical issues.
• Generate anonymized usage reports for institutions.
• Improve platform reliability and capacity planning.

3.2 INSTITUTIONAL DATA

We use institutional data to:

• Manage partnerships and billing.
• Communicate with faculty about platform usage.
• Provide technical support and training.

3.3 WEBSITE DATA

We use website analytics to:

• Understand how visitors use our site.
• Improve user experience.
• Respond to inquiries and support requests.

4.0 DATA SHARING & DISCLOSURE

4.1 WITH PARTNER INSTITUTIONS

We share with your institution:

✓ Aggregated usage statistics (number of logins)
✓ System uptime and performance reports.
✓ Technical support logs when troubleshooting issues.
We do NOT share:
✗ Individual student activity logs without institution request.
✗ Any data with other institutions.
✗ Any data with third-party vendors (except essential service providers).

4.2 SERVICE PROVIDERS

We may share data with:

• Cloud hosting providers (for infrastructure hosting)
• Payment processors (for billing, if applicable)
• Email service providers (for communications)

All service providers are contractually bound to protect data and use it only for specified purposes.

4.3 LEGAL REQUIREMENTS

We may disclose data if required by law, court order, or to:

• Comply with legal processes.
• Protect LabScale’s rights and property.
• Prevent fraud or security threats.
• Protect student or public safety.

5.0 DATA SECURITY

5.1 TECHNICAL SAFEGUARDS

• All data encrypted in transit (TLS/SSL).
• Student environments isolated via VRF multi-tenancy.
• Access controls and authentication required for all systems.
• Regular security audits and monitoring.
• Intrusion detection systems.
• Secure backup and disaster recovery procedures.

5.2 ADMINISTRATIVE SAFEGUARDS

• Limited employee access to student data (need-to-know basis).
• Background checks for personnel with data access.
• Regular security training.
• Incident response procedures.

5.3 PHYSICAL SAFEGUARDS

• Infrastructure hosted in secure datacenter facilities.
• Physical access controls and monitoring.
• Environmental protections (fire suppression, redundant power).

6.0 DATA RETENTION

6.1 ACTIVE STUDENT DATA

• Retained for duration of institutional partnership.
• Lab environments and session data retained per institutional agreement.
• Typically: current semester plus 1-2 semesters for continuity.

6.2 AFTER PARTNERSHIP ENDS

• Student technical data deleted within 90 days of contract termination.
• Institutions may request expedited deletion.
• Anonymized aggregated data may be retained for research/improvement

6.3 WEBSITE DATA

Contact form data:

• Retained until purpose fulfilled or 2 years.
• Analytics data: Aggregated and anonymized, retained indefinitely.
• Email subscribers: Retained until unsubscribe

7.0 STUDENT RIGHTS

Students have the right to:

• Access their technical usage data.
• Request correction of inaccurate data.
• Request deletion of data.
• Opt-out of non-essential data collection.

Contact your institution’s IT team, registrar’s office, or another appropriate party to exercise these rights. LabScale will cooperate with institutional requests.

8.0 FERPA COMPLIANCE

LabScale operates as a “school official” under FERPA when providing services to educational institutions.

LabScale (we):

✓ Use student data only for legitimate educational purposes
✓ Do not disclose data without institutional authorization
✓ Maintain appropriate security safeguards
✓ Destroy data when no longer needed
✓ Comply with institutional data policies

9.0 COOKIES & TRACKING

9.1 ESSENTIAL COOKIES

We use essential cookies for:

User authentication and session management.
Platform functionality and performance.

9.2 ANALYTICS COOKIES

We use analytics cookies to understand site usage. You can disable these in your browser settings without affecting platform functionality.

9.3 NO ADVERTISING COOKIES

We do not use advertising or third-party tracking cookies.

10.0 CHILDREN / MINOR PRIVACY

LabScale’s services are provided to educational institutions. We do not knowingly collect PII from children under 13. If you believe we have inadvertently collected such data, contact us immediately at privacy@labscale.io.

11.0 POLICY UPDATES

We may update this policy periodically. Material changes will be communicated to partner institutions. Continued use of LabScale services after changes constitutes acceptance. Version history will be available at: labscale.io/privacy/history once updates begin to be made.

12.0 CONTACT US

Data Privacy Questions:

• Email: privacy@labscale.io
• Mail: TBA
• General Inquiries: Email: connor.jay@labscale.io

SUMMARY

✓ We collect only necessary technical data
✓ No student PII or educational records stored
✓ Data encrypted and isolated per institution
✓ FERPA-compliant operations
✓ Transparent data practices
✓ Secure deletion when partnership ends.

Your privacy is our priority. Questions? Contact privacy@labscale.io.