1. Overview
Valence Systems, Inc. ("Valence," "we," "us") provides ConcordiumOS, an institutional operations platform for K–12 schools. This Privacy Policy explains what information we collect through our marketing website and the ConcordiumOS application (together, the "Services"), how we use it, and the choices available to you.
Schools and districts that license ConcordiumOS are our customers. When we handle student, family, and staff records inside the application, we do so on behalf of and under the instructions of the school. For that data the school is the controlling party; our handling of it is also governed by our Data Processing Addendum and our FERPA commitments.
2. Information We Collect
Information you provide
- Account & contact details — name, work email, role/title, school name, and phone number (for example, when you request a demo or create an account).
- Communications — messages you send us and support requests.
- Billing information — for paying customers, billing contact and invoicing details (payment card data is handled by our payment processor, not stored by us).
Information processed on behalf of schools
When a school uses ConcordiumOS, we process records the school supplies or generates, which may include student and family names, contact information, enrollment and attendance records, schedules, academic and athletics data, tuition and billing status, and communications sent through Beacon. This information is entered and controlled by the school; we act as its service provider.
Information collected automatically
- Usage & device data — pages viewed, features used, browser type, and IP address, used to operate and secure the Services.
- Cookies & similar technologies — used for authentication, preferences, and privacy-respecting analytics. See "Cookies" below.
3. How We Use Information
- Provide, maintain, secure, and improve the Services;
- Authenticate users and manage roles and permissions;
- Respond to inquiries, provide support, and send service-related notices;
- Process billing for paying customers;
- Detect, prevent, and respond to fraud, abuse, and security incidents;
- Comply with legal obligations and enforce our agreements.
We do not sell personal information or student data, and we do not use student data to build advertising profiles or for targeted advertising.
4. Student Data & FERPA
For education records, ConcordiumOS operates as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA). Schools retain ownership and control of their education records at all times. We use student data only to provide the Services to the school and never for our own commercial purposes. Learn more on our FERPA Compliance page.
5. Children's Privacy
ConcordiumOS is licensed to and administered by schools. Where the Services are used with students under 13, we rely on the school to provide any consent required under the Children's Online Privacy Protection Act (COPPA) on behalf of parents, consistent with FERPA. We collect student information only at the direction of the school and only to deliver the Services.
6. How We Share Information
We share information only as described here:
- Service providers (subprocessors) — vendors that host and support the Services (for example, cloud hosting and infrastructure), bound by contract to protect data and use it only to provide services to us. A current list appears in our Data Processing Addendum.
- At your school's direction — third-party integrations (such as Google Classroom or calendar services) that your school chooses to connect.
- Legal & safety — when required by law, to respond to lawful requests, or to protect the rights, safety, and security of users and the public.
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy and applicable law.
7. Cookies & Analytics
We use strictly necessary cookies for authentication and core functionality, and limited, privacy-respecting analytics to understand aggregate usage of our marketing site. We do not use cookies to serve third-party advertising. Most browsers let you control cookies through their settings.
8. Data Retention
We retain account and marketing information for as long as needed to provide the Services and for legitimate business or legal purposes. Data processed on behalf of a school is retained according to the school's instructions and our agreement; upon termination, we return or delete it as described in the Data Processing Addendum.
9. Security
We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, role-based access controls, least-privilege access, logging, and regular review. No method of transmission or storage is perfectly secure, but we work continuously to protect the data entrusted to us.
10. Your Rights & Choices
Depending on your role and location, you may have rights to access, correct, or delete personal information. For student and family records held in ConcordiumOS, please contact your school, which controls that data; we will support the school in responding to such requests. For information we hold as a business (for example, marketing contacts), contact us using the details below.
11. International Data Transfers
ConcordiumOS is operated in the United States, and information is processed there. If you access the Services from outside the U.S., you understand that your information will be processed in the U.S., where data protection laws may differ from those in your jurisdiction.
12. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.
13. Contact Us
Questions about this Policy or our privacy practices can be sent to privacy [at] concordiumos.com.