Eagle Pass Privacy Policy


Last updated: June 27, 2025

1. Introduction & Scope

Eagle Pass (“we,” “us,” or “our”) provides a self-hosted student pass system for K–12 schools. Because the software runs on your own hardware, we never collect or process any student or staff data on our servers. This policy explains what data Eagle Pass stores locally, how it’s used, and what controls you have.

2. Definitions

  • Administrator: School staff with full access (add/remove students, manage users).

  • Teacher: Staff with limited access (create passes, view logs).

  • Student Record: Basic profile (name, grade, optional ID).

  • Pass Log: Timestamped entries marking when a student leaves (“Out”) and returns (“In”).

3. Data We Collect & Store

All data is kept in JSON files on your server—no cloud storage by default.

  1. User Accounts

    • Username & password (kept in memory only; not written to external services)

    • Role (administrator or teacher)

  2. Student Roster

    • Name

    • Grade level

    • Optional student ID

  3. Pass Logs

    • Student name/ID

    • Location (e.g., “Bathroom,” “Library”)

    • Classroom identifier

    • “Out” timestamp and “In” timestamp

  4. Classroom Settings

    • Classroom names and grade filters

4. How We Use Your Data

  • Attendance & Safety: Track who’s out and who’s back in real time.

  • Analytics & Reporting: Generate “Frequent Flyers” lists, daily summaries, and charts.

  • Access Control: Enforce teacher vs. admin permissions.

We do not use data for marketing or share it with third parties unless you export it manually.

5. Data Sharing & Export

  • Internal Sharing: Within your school network only.

  • Manual Export: You can download JSON or CSV files for your own reports.

  • No Automatic Sharing: Eagle Pass does not phone home—your data stays local.

6. Data Security & Storage

  • Local-Only Storage: JSON files live on your server or Raspberry Pi.

  • File Permissions: We recommend restricting read/write access to authorized staff accounts.

  • Backups: Users should create regular backups (e.g., nightly file copies or snapshots).

  • Transport Security: If you expose Eagle Pass over HTTPS (recommended), use a valid TLS certificate.

7. Data Retention

You control how long data is kept:

  • Pass Logs: Rotate or archive logs by date (e.g., weekly or monthly JSON archives).

  • Student Records: Delete or update via the roster manager or by editing students.json.

  • Automatic Cleanup: Not built in—manage retention via your own scripts or manual deletion.

8. Cookies & Tracking

  • No Third-Party Cookies: Eagle Pass doesn’t set cookies except a session token for authentication.

  • Session Cookies: Used only to keep teachers/admins logged in for up to 60 minutes.

9. Children’s Privacy

Because Eagle Pass is used in K–12 settings:

  • Parental Consent: Handled by your school’s policies.

  • No External Collection: We don’t collect personal data beyond what you input.

10. Your Rights & Controls

  • Access & Export: View or download all records at any time from your dashboard.

  • Correction & Deletion: Edit or remove any student or log entry via the roster manager or direct file edit.

  • Account Management: Admins can add/remove teacher accounts by editing users.json or through an admin UI.

11. Changes to This Policy

Because Eagle Pass is self-hosted, you decide when to upgrade. We may update this policy in new releases—please review the “Privacy” section of the GitHub README when you upgrade.

12. Contact & Support

For questions, custom privacy needs, or white-label licensing, email us at
support@eaglepass.school

Thank you for trusting Eagle Pass to keep your student data private and under your control.