Equity Maps app Privacy Policy

Equity Maps App Privacy Policy

Last Updated: September 2, 2025

At Equity Maps, we recognize that privacy is paramount—especially in educational contexts—and are committed to safeguarding your data.

This Privacy Policy explains:

  • The limited types of information Equity Maps (“we,” “us,” “our”) may access or process.
  • How you can control and export your data.
  • How we align with educational privacy standards like FERPA (U.S.) and PIPEDA (Canada).

Definitions:

  • “Personal Information / PII”: any information that identifies an individual (e.g., name, email, audio of a recognizable voice).
  • “Operator/Service Provider”: a third party that processes data to provide a function (e.g., Firebase for diagnostics; your email provider for exports).
  • “Child”: individuals under 13 years of age.
  • “App”: Equity Maps native app, Premium and Standard versions, provided through the Apple store.

By using the Equity Maps app (“Mobile Application” or “Service”), you agree to this Policy.

 

1. Local Data Storage and Export — User Empowered Data Control

  • Equity Maps is a native app designed to give users control over their data. Local-only storage: All participant data—names, audio recordings, session details, Checknotes, CSVs, and analytics—remain solely on your device. We have no access to this data unless you explicitly export it.
  • Equity Maps cannot access your local data; no student data is transmitted to our servers.
  • Secure exporting. Starting with Premium version 5.3, you may export reports, audio, analytics, or full sessions via your device’s email. We recommend ensuring that your email client is configured with encryption (e.g., TLS-enabled email) to safeguard data during transmission. If you choose a non-email export destination (e.g., AirDrop or a cloud drive app), that service acts as the third-party processor for transmission/storage under its own privacy terms.
  • Data retention on your device. Exported files and session artifacts remain stored on your device until you delete them. We encourage educators to routinely delete sensitive files—especially on shared devices—to minimize risk.
  • Children’s Online Privacy Protection Act (COPPA) Notice: Equity Maps is designed for use by educators and institutions; it does not create accounts for children and does not collect children’s personal information on its servers. Any participant information entered in the app remains on the educator’s device unless exported at the educator’s direction.

2. Security Safeguards (Device-Level Controls)

  • Equity Maps relies on the security features of your device and institution to protect local data, including device encryption and passcode/biometric lock. We recommend: enabling device passcodes/biometrics, restricting access to shared devices, using institutional MDM where available, and following district data-handling procedures. If your device uses OS-level backups (e.g., iCloud or iTunes), any local Equity Maps files included in those backups are under your control and subject to your backup provider’s security.

3. Export of Participant Data and Email Relay

  • When you export participant data in the Equity Maps mobile application (beginning with Premium version 5.3), the data you select—such as session reports, participant analytics, group analytics, or audio—is prepared locally on your device and handed off to a configured email client (e.g., Apple Mail, Outlook/Exchange, Gmail). The email client then uses its associated external email service provider as an email relay (delegated message handling) to transmit the data solely to the recipient you designate.
  • Equity Maps does not operate this relay and does not route the exported content through its own servers. A temporary working copy may exist locally on the device only to complete the hand-off. After a reasonable period necessary to process the request, Equity Maps does not retain a copy, beyond what remains in the email client or on your device under your control. Security and retention for exported emails are governed by your chosen email provider and your institution’s policies.

4. Minimal Analytics and Metadata Management

  • We use Google Analytics for Firebase and Firebase Crashlytics to collect solely anonymized and aggregated usage metrics (e.g., device type, OS version, app performance). No personally identifiable information (PII) or metadata (such as device IDs, location data, or timestamps linked to individuals) is collected or sent.
  • We configure Firebase to avoid collecting unique identifiers or user-entered content and review crash logs to confirm no participant information is included.
  • We conduct periodic internal audits to ensure Firebase settings remain compliant and that no inadvertent PII leakage occurs.
  • No third-party marketing or tracking. We do not use advertising networks or share analytics data with third parties beyond performance optimization.

5. Children’s Privacy Protections

  • No personal data is required from any user, including children under 13. Users may use partial names or aliases. All recordings and data remain local on the device unless purposefully exported.
  • Exports (e.g., participant analytics, group analytics, audio, CSV files, or sessions) happen only at your discretion—there is no automatic or remote access to student data.

6. FERPA and PIPEDA Alignment

  • FERPA (U.S.). We act as a data processor on behalf of schools and educators (“school official” under FERPA). We do not disclose or access student educational records. If a user chooses to export data, it is transmitted only via the device’s native email client (or another configured email service), which functions as a third-party processor responsible for transmitting the data to the recipient designated by the user.
  • We do not use, sell, rent, or monetize student data in any way and do not use exported content for any purpose other than enabling the educator’s chosen export. Responsibility for obtaining parental consent, where required, rests with the school or educator, consistent with FERPA obligations.
  • PIPEDA (Canada). Equity Maps is designed so that all participant data remains local to the user’s device and is controlled by the educator. We do not collect, store, or process student personal information on our servers. When an educator chooses to input participant information or export data, this occurs solely under their direction and consent. Equity Maps relies on educators and institutions to obtain any required consent from students or guardians before entering or exporting student data.
  • If an educator chooses to export session data, that action constitutes consent to transmit the data via the device’s email client to the designated recipient.
  • Equity Maps remains accountable for ensuring that the app’s design follows PIPEDA principles — specifically by limiting collection, ensuring transparency, and safeguarding data against unauthorized access through its local-only architecture.
  • The app provides tools that enable educators to access, correct, export, or delete data directly on their device. Equity Maps does not itself manage or alter this data. If an educator chooses to export session data, this action constitutes consent for the app to transmit the data via the device’s email client to the external email service provider and ultimately to the recipient designated by the educator.

7. GDPR Rights and Data Governance

  • When acting as a data controller (e.g., when you submit an email or support request), or as a data processor (when handling exports), we align with GDPR standards—providing rights to consent withdrawal, access, correction, erasure, and data portability.
  • If you are located in the European Economic Area, you have rights under GDPR, including access, correction, deletion, portability, and the ability to withdraw consent for personal data that Equity Maps processes directly (such as support inquiries). For participant data stored locally on your device, these rights can be exercised by you within the app.

8. App Store Privacy Labeling

  • We accurately reflect our data practices in Apple’s App Store privacy labels:
  • Data Not Collected: For PII or student data, none is collected outside of the local device.
  • Device/System Data Only (Not Linked to You): Analytics limited to technical performance info.
  • Labels are kept up-to-date with any changes in practices or app capabilities.
  • We do not profile users or track individuals for advertising, and diagnostics are not linked to a specific user.

9. Policy Review and Updates

  • We commit to annual reviews of this Privacy Policy. Any significant changes will be prominently communicated via the app and via the website.
  • An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Mobile Application and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different than what was stated at the time your Personal Information was collected.
  • The “Last Updated” date at the top of this Policy will reflect the most recent version.

10. Transparency and Contact

  • No data sale or sharing. We do not sell, rent, or share your data for advertising or any third-party use.
  • Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes.
  • Contact Equity Maps LLC: equitymap@gmail.com