"Student Data" means any data directly related to a student that is generated by or maintained in the RouteIQ Pro platform, including but not limited to student bus stop locations, route assignments, and transportation schedule information.
"Operational Data" means data related to transportation operations, including route maps, GPS tracking data, driver assignments, incident logs, and schedule information that does not directly identify individual students.
"Service Provider" means RouteIQ Pro and its authorized personnel who operate and maintain the platform.
"LEA" means the Local Educational Agency, school district, or transportation authority entering into this Agreement.
"Authorized User" means any employee, contractor, or agent of the LEA who is authorized by the LEA to access the Service.
"FERPA" means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations at 34 C.F.R. Part 99.
"De-identified Data" means data from which all personally identifiable information has been removed such that the data cannot reasonably be used to identify a specific student or individual.
The Service Provider is authorized to access, process, and maintain Student Data and Operational Data solely for the purpose of providing school bus route management, driver dispatch, GPS tracking, scheduling, and related transportation services as described in the RouteIQ Pro platform.
The Service Provider shall not use Student Data or Operational Data for any purpose other than the Authorized Purpose described in Section 2.1, including but not limited to:
To the extent that Student Data includes "education records" as defined by FERPA, the LEA designates the Service Provider as a "school official" with a legitimate educational interest, consistent with 34 C.F.R. § 99.31(a)(1). The Service Provider agrees to be subject to the requirements applicable to school officials under FERPA.
| Data Category | Examples | Sensitivity Level |
|---|---|---|
| Student stop locations | Bus stop street addresses, GPS coordinates | High — FERPA-adjacent |
| Route assignments | Which route serves which stop | Medium |
| Driver information | Driver name, bus number, PIN | Medium — Driver PII |
| GPS tracking data | Real-time bus coordinates, route history | Medium |
| Incident reports | Date, location, type of incident | Medium-High |
| Account credentials | Admin email, bcrypt password hash | High |
| Operational schedules | AM/PM routes, trip calendars | Low-Medium |
The Service Provider shall implement appropriate safeguards for each data category commensurate with its sensitivity level as described in Article 4.
The Service Provider shall maintain the following security measures throughout the term of this Agreement:
The Service Provider shall remediate critical security vulnerabilities within seven (7) calendar days of discovery. High-severity vulnerabilities shall be remediated within thirty (30) days.
In the event of a confirmed or reasonably suspected breach involving Student Data or Operational Data, the Service Provider shall:
Breach notifications to the LEA shall include: (a) the date and time of discovery; (b) a description of the data involved; (c) estimated number of affected records; (d) steps taken to contain the breach; and (e) contact information for questions.
The Service Provider shall cooperate fully with the LEA, law enforcement, and regulatory agencies in investigating any breach. The Service Provider shall provide all reasonably requested documentation and access to audit logs.
Following a breach, the Service Provider shall: rotate all affected credentials, force-expire all active sessions, patch the root cause vulnerability, and provide the LEA with a written post-incident report within thirty (30) days.
The Service Provider shall not sell, exchange, rent, or otherwise disclose Student Data or Operational Data to any third party for commercial purposes.
The Service Provider may engage the following categories of subcontractors, each of whom is bound by data protection obligations no less stringent than this Agreement:
If the Service Provider is legally compelled to disclose Student Data, it shall: (a) provide the LEA with prompt written notice before disclosure (unless legally prohibited); (b) cooperate with the LEA in seeking a protective order; and (c) disclose only that portion of the data legally required.
All Student Data remains the exclusive property of the LEA. This Agreement grants the Service Provider only a limited license to process Student Data for the Authorized Purpose.
The LEA shall: (a) ensure only Authorized Users access the Service; (b) maintain the security of login credentials; (c) promptly notify the Service Provider of any suspected unauthorized access; (d) obtain any required parental consent before entering student stop location data.
The LEA may access, review, and correct Student Data maintained in the Service at any time through the platform's administrative interface. The Service Provider shall provide reasonable assistance upon request.
The LEA may export a full copy of its data at any time via the platform's data download feature or by requesting a backup from the Service Provider.
Data is retained for the duration of the active subscription and is regularly backed up as described in Article 4.
Upon termination of the subscription, the Service Provider shall:
Encrypted backup copies shall be purged within sixty (60) days of the deletion date.
This Agreement is effective upon the LEA's execution (electronic or written) and continues for the duration of the active subscription. Either party may terminate this Agreement with thirty (30) days written notice. Termination for material breach may be immediate upon written notice describing the breach. Articles 2.2, 4, 5, 6.1, 7.1, 8, and 10 survive termination.
This Agreement, together with the RouteIQ Pro Terms of Service, constitutes the entire agreement between the parties regarding data privacy and supersedes all prior negotiations and understandings.
The Service Provider may update this Agreement with thirty (30) days notice. Continued use of the Service after the effective date constitutes acceptance of the updated Agreement.
This Agreement shall be governed by applicable federal law (including FERPA) and the laws of the state in which the LEA is located, without regard to conflict of law provisions.
If any provision of this Agreement is found unenforceable, the remaining provisions shall remain in full force and effect.
Privacy inquiries and data requests should be directed to: support@routeiqpro.cc
By electronically signing during account registration, the authorized representative of the LEA acknowledges they have read, understood, and agree to this Data Privacy Agreement on behalf of their organization. The electronic signature, timestamp, and IP address are recorded and retained as evidence of acceptance.