MyClassRoll

Privacy Policy

Last updated: March 31, 2026

1. Introduction

MyClassRoll ("we," "us," or "our") is a product of Bay Crew Tech. This Privacy Policy describes how we collect, use, store, and protect information when you use our student attendance tracking service (the "Service") available at myclassroll.baycrewtech.com.

We are committed to protecting the privacy of students, teachers, and administrators who use our Service. We comply with applicable federal and state privacy laws, including the Family Educational Rights and Privacy Act (FERPA).

2. Information We Collect

Account Information (Teachers & Administrators): When an administrator creates an account for a teacher or themselves, we collect: name, email address, and a hashed password. We do not store plaintext passwords.

Student Information: Administrators and teachers enter student data into the system, which may include: first name, last name, and optionally an email address. Students do not create accounts.

Attendance Records: The Service records attendance data including: attendance status (present, absent, late, excused), timestamps of attendance marks, self-check-in timestamps via QR code, and the identity of the person who recorded the mark.

Technical Information: We collect server-side logs including IP addresses, request timestamps, and user agent strings for security and operational purposes. We do not use frontend analytics, tracking pixels, or third-party cookies.

3. How We Use Information

We use the information we collect solely to:

  • Provide and operate the attendance tracking Service
  • Generate attendance reports and compliance documentation
  • Authenticate users and maintain account security
  • Send transactional emails (account invitations, password resets)
  • Respond to support requests and contact form submissions

We do not sell, rent, or share personal information with third parties for marketing purposes. We do not use student data for advertising or profiling.

4. FERPA Compliance

When used by an educational institution, attendance records may constitute "education records" under FERPA. In this context, we act as a "school official" with a legitimate educational interest, performing a service that the institution would otherwise perform itself.

We maintain direct control over the use and maintenance of education records. We do not disclose education records to third parties except as directed by the institution or as required by law. Institutions may enter into a Data Processing Agreement (DPA) with us to formalize FERPA obligations.

5. Data Storage and Security

All data is stored on secure servers. We implement the following safeguards:

  • Data is encrypted in transit using TLS (HTTPS)
  • Data is encrypted at rest using disk-level encryption
  • Passwords are hashed using bcrypt with a cost factor of 12
  • Each institution's data is stored in an isolated database, preventing cross-tenant data access
  • Attendance records are stored using an append-only event log, ensuring immutability
  • Database backups are performed regularly

6. Data Retention

Attendance records are retained for up to 10 years to support institutional compliance needs, including SEVIS requirements. When a student is removed from a class, their attendance history is preserved — records are never deleted, only marked as inactive. This ensures availability for audits, investigations, and compliance reviews.

Account data for teachers and administrators is retained for the duration of the institution's subscription and for a reasonable period thereafter. Institutions may request deletion of all their data by contacting us.

7. Data Subject Rights

Students (or their parents/guardians, if under 18) have the right to inspect attendance records maintained by their institution. Such requests should be directed to the institution, which controls the data. We will assist institutions in fulfilling these requests.

Teachers and administrators may request access to, correction of, or deletion of their account information by contacting us at the email below.

8. Breach Notification

In the event of a data breach that compromises personal information, we will notify affected institutions promptly and no later than 72 hours after becoming aware of the breach, consistent with the NY SHIELD Act and applicable federal requirements.

9. Children's Privacy

The Service is designed for use by educational institutions and their adult staff. Student data is entered by authorized institutional personnel, not by students themselves. We do not knowingly collect personal information directly from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify institutional administrators of material changes via email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Bay Crew Tech
Email: cagdas@baycrewtech.com
Web: baycrewtech.com