Herely Privacy Policy

Last updated: 12 May 2025

Herely (“we,” “our,” or “us”) provides a lightweight attendance-tracking platform that lets instructors launch a live sign-in sheet and lets participants record their presence with a quick signature. Protecting the privacy of instructors, students, and other participants is core to our product philosophy. This Policy explains what personal information we collect, how we use it, and the choices you have.

Key Definitions

“Personal Information” means any information that identifies or relates to an identifiable individual.
“Check-in Data” means a participant’s typed initials plus the timestamp and related metadata captured when they sign in.
“Content” means attendance records, rosters, notes, and any files you upload.
“Services” means herely.com, its sub-domains, dashboards, APIs, and related features.
“Sub-processor” means a third-party vendor that processes Personal Information on our behalf.

1. Scope of this Policy

• Applies to the Services described above.
• Does not cover third-party websites or services that link to or from us.

2. Quick Summary

3. Information We Collect

3.1 Information you or your organization provide

• Instructor profile – name, email, organization, hashed password.
• Course & roster details – course titles, section numbers, and (if imported) participant names, emails, or IDs.
• Attendance inputs – typed initials and any notes you add.

3.2 Information collected automatically

• Device & usage data – IP address, browser type, device identifiers, pages viewed, timestamps.

3.3 Payment information

Payments are processed by Stripe; Herely never sees your full card number. Stripe’s Privacy Policy governs that data.

4. How We Use Your Information

1. Deliver & maintain the Service (create meetings, render sign-in canvases, store results).
2. Analytics & product improvement (aggregate feature adoption).
3. Security & fraud prevention (detect duplicate sign-ins, audit admin actions).
4. Communications – transactional e-mails and, if you opt in, product updates (opt-out anytime via Account → Notifications or the unsubscribe link).
5. Legal obligations (bookkeeping, tax, court orders).

5. Legal Bases for Processing (EEA/UK)

• Contract – to provide the Service you request.
• Legitimate interests – fraud prevention, product analytics, limited B2B marketing.
• Consent – optional product updates; you may withdraw at any time.
• Legal obligation – tax & accounting compliance.

6. Cookies & Tracking Technologies

Herely uses a minimal set of first-party cookies:

1. Session – keeps you logged in (12 h inactivity expiry).
2. CSRF – prevents cross-site request forgery (expires with session).

No third-party ad networks or social-media pixels. We use a privacy-first analytics tool that does not use cookies or track individuals. No ads, no fingerprinting, and no personal data stored.

7. Security & Incident Response

We employ industry-standard encryption in transit and at rest, network isolation, and strict access controls. If we learn of a breach affecting Personal Information, we will notify impacted instructors and organizations without undue delay by email — and in any event within 72 hours where required by law — along with a description of steps we are taking.

8. Data Retention & Deletion

• Courses auto-expire six (6) months after creation; all related data is purged within 30 days.
• Instructors can delete a course or their account at any time via Settings → Account.

9. Disclosure of Information

We do not sell Personal Information. We share it only:

• With vetted Sub-processors.
• In a corporate transaction (merger, acquisition).
• To comply with law or protect the rights, safety, or property of Herely or others.

10. FERPA & Student Data

(content unchanged from your draft, but with auto-deletion now matching 6-month window)

11. International Transfers

We host data in the United States (AWS us-east-1).

12. California & Other US State Privacy Rights

If you are a California resident, you have rights to access, delete, or opt-out of the “sale/share” of Personal Information under the CCPA/CPRA. Herely does not “sell” Personal Information, but you may exercise any of these rights by e-mailing privacy@herely.com or calling +1-888-555-0123. We will verify your request and respond within the timelines required by law. Similar rights under other state laws (e.g., Colorado, Virginia) are honoured in the same way.

13. Your Rights & Choices

• Access: You can request a copy of your Personal Information that we hold.
• Correction: You may correct or update Personal Information from your Profile or by contacting us.
• Deletion: Instructors can delete courses or accounts at any time in the Profile panel.
• Portability: You may request an export of your attendance or roster data in a machine-readable format.
• Withdraw Consent: If we rely on consent (e.g., for optional emails), you can withdraw it at any time via your account or unsubscribe link.

To exercise any of these rights, please contact us at support@herely.com. We will verify your identity and respond within the timeframes required by applicable law.

You may also lodge a complaint with your local data-protection authority (e.g., FTC).

14. Children’s Privacy & COPPA

Herely is not directed to children under 13. Where instructors use the Service with K-12 students, they do so as the agent of the school under the “school official” exception of COPPA and FERPA. We rely on the institution to obtain any required parental consent.

15. How to Contact Us

EU representative: TBD Compliance Ltd., Dublin 2, Ireland.

16. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced via e-mail to account admins and an in-app banner at least 14 days before the new policy takes effect. The “Last updated” date above will always show the current revision.

Thank you for trusting Herely with your attendance data.