Privacy Policy
Effective Date: June 18, 2026
Please click here to view the previous version of our Privacy Policy.
Privacy Policy
California Notice at Collection/State Law Privacy Rights: See the State law privacy rights section below for important information about your rights under applicable state privacy laws.
Aeries Software, Inc. (“Aeries,” “we“, “us” or “our“) provides a student information system platform for school districts. This Privacy Policy describes how Aeries processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, mobile application, and social media pages) as well as our marketing activities, live events and other activities described in this Privacy Policy (collectively, the “Service“). Aeries may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.
The FERPA and Student Education Records section of this Privacy Policy governs Aeries’ processing of education records on behalf of Customers, and the commitments set forth therein are legally binding obligations of Aeries. In addition, certain personal information processed on behalf of our Customers may be subject to the Family Educational Rights and Privacy Act (“FERPA“), meaning we will only use personal information that is considered to be “personally identifiable information” maintained as part of “education records” (as both are defined under FERPA) for legitimate educational interests, which include providing the Aeries platform to our Customers. When processing education records on behalf of a Customer, Aeries acts as a “school official” performing institutional services and functions under the direct control of the Customer (LEA), as that term is used in FERPA (34 C.F.R. § 99.31(a)(1)). In this capacity, Aeries is subject to the same conditions governing the use and re-disclosure of education records that apply to other school officials. Our use of information that we process on behalf of our Customers may be governed by our agreements with such Customers, and our Customers may also have their own privacy policies that govern their users’ personal information that is collected in connection with their use of our platform — such privacy policies will govern how each Customer processes personal information and explain any rights their users may have to such personal information (including any rights under FERPA). If you have concerns regarding your personal information that we process on behalf of a Customer, please direct your concerns or requests to that Customer.
FERPA and Student Education Records
Aeries’ Role with Respect to Education Records
Aeries processes education records solely as a service provider acting on behalf of and under the direction of its Customer educational agencies. Aeries does not determine the purposes and means of processing education records; those determinations are made exclusively by the Customer. Aeries personnel and systems access education records only when doing so is necessary to perform a specific contracted service function (a “legitimate educational interest”).
A legitimate educational interest exists when access is: (a) needed to fulfill a responsibility that Aeries has been contracted to perform; (b) used in the context of the Aeries platform in a manner consistent with the Customer’s instructions; and (c) not used for any personal or other purpose unrelated to providing the contracted services. Access to education records is limited to personnel whose job responsibilities require such access. Accordingly, Aeries:
- Uses education records only to provide the contracted services to the Customer and for no other purpose;
- Does not sell, rent, or trade education records or student personally identifiable information (PII) to any third party;
- Does not use education records or student PII for advertising, marketing, or creating profiles of students for non-educational purposes;
- Does not use education records or student PII to amass a profile of a student for purposes other than providing the contracted services; and
- Processes only the minimum education record data necessary to provide the contracted services.
FERPA Rights of Parents and Eligible Students
Under FERPA, parents of students and eligible students (students who are 18 or older or attending postsecondary institutions) have the following rights with respect to education records maintained by a Customer:
- The right to inspect and review the student’s education records within 45 days after the day the Customer receives a request for access;
- The right to request amendment of the student’s education records that the parent or eligible student believes are inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA;
- The right to provide written consent before the Customer discloses personally identifiable information from the student’s education records, except to the extent that FERPA authorizes disclosure without consent;
- The right to file a complaint with the U.S. Department of Education’s Family Policy Compliance Office (FPCO) concerning alleged failures by the Customer to comply with FERPA requirements.
Because Aeries processes education records only on behalf of its Customers, all FERPA rights requests must be directed to the relevant Customer (the student’s school or district), not to Aeries. The Customer’s contact information is available through the student’s school or district website.
Permitted Disclosures of Education Records
Aeries will not disclose education records or student PII to third parties except as permitted under FERPA and only when directed by or on behalf of the Customer. Permitted disclosures may include, without limitation:
- Disclosures to school officials with a legitimate educational interest, including Aeries’ sub-processors who provide services necessary to operate the Aeries platform, subject to the restrictions described in the Sub-processors section below;
- Disclosures in connection with a health or safety emergency, to the extent permitted by 34 C.F.R. § 99.36;
- Disclosures pursuant to a lawfully issued subpoena or court order, with prior notice to the Customer as permitted by law;
- Disclosures to authorized representatives of federal or state educational authorities for audit or evaluation purposes; and
- Other disclosures authorized in writing by the Customer or permitted by FERPA.
Sub-processors Handling Education Records
To the extent Aeries engages sub-processors (sub-contractors or service providers) to assist in delivering the Aeries platform, and such sub-processors require access to education records to perform their services, Aeries:
- Requires all such sub-processors to enter into written agreements that prohibit the subprocessor from using or disclosing education records for any purpose other than performing services on behalf of Aeries;
- Requires all such sub-processors to comply with the re-disclosure restrictions of FERPA (34 C.F.R. § 99.33);
- Maintains a list of categories of sub-processors that may access education records, which Customers may request by contacting Aeries at Legal@aeries.com; provides advance written notice to Customers before adding any new sub-processor that will have access to education records or student PII, giving Customers at least thirty (30) days to object before such access is granted; and makes a current list of sub-processors available by written request sent to legal@aeries.com.
Data Return and Destruction
Upon expiration or termination of a Customer’s agreement with Aeries, or upon written request by the Customer:
- Aeries will, at the Customer’s election, return all education records and student PII to the Customer in a mutually agreed format, or securely destroy all education records and student PII in Aeries’ possession or control;
- Aeries will certify in writing to the Customer that such return or destruction has been completed within the timeframe specified in the Customer’s agreement; and
- To the extent Aeries is required by applicable law to retain certain records, Aeries will inform the Customer of such requirement and will restrict further processing of such records to the extent required by law.
Customer Audit Rights
Customers have the right to verify Aeries’ compliance with its obligations under FERPA and applicable Customer agreements with respect to education records. Upon written request, Aeries will: (a) provide the Customer with documentation of its data privacy and security practices, including its written information security program and relevant policies; (b) respond to reasonable written inquiries regarding Aeries’ FERPA compliance practices within thirty (30) days; and (c) notify Customers of any material changes to its data handling practices affecting education records at least thirty (30) days in advance. In addition, Aeries undergoes periodic third-party compliance assessments, summaries of which are available to Customers upon written request to Legal@aeries.com.
Personal information we collect
Information you provide to us
Personal information you may provide to us through the Service or otherwise may include, and is not limited to:
- Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, professional title, school name and district, and phone number.
- Demographic data, such as your city, state, country of residence, and postal code.
- Account data, such as the username and password that you may set to establish an online account on the Service.
- Communications data based on our exchanges with you, including when you contact us through the Service, provide feedback on your experience with the Service, and communicate with us via chat features, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- Payment data needed to complete transactions, including payment card information or bank account number.
- Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Third-party sources
We may combine personal information we receive from you with personal information falling within one of the categories identified above that we obtain from other sources, such as:
- Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
- Data providers, such as information services and data licensors.
- Partners, such as marketing partners and event co-sponsors.
- Education customers (solely for the purpose of providing and supporting the Aeries platform; any education records or student PII received from Customers are processed exclusively as described in the FERPA and Student Education Records section above, and are not used for Aeries’ own marketing, analytics, or product development purposes).
- Service providers that provide services on our behalf or help us operate the Service or our business.
- Business transaction partners. We may receive personal information in connection with an actual or prospective business transaction.
- Third-party services, such as partner integrations that you link to your Service account.
Automatic data collection
We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services. This automatic data collection applies only to Aeries’ own website and marketing activities described in this Privacy Policy. Clickstream, device, behavioral, and usage data collected from students or school personnel accessing the Aeries platform on behalf of a Customer may constitute education records under FERPA and is treated exclusively in accordance with the FERPA and Student Education Records section above. Such data is not used for advertising, profiling, or any purpose other than delivering and improving the contracted services as authorized by the Customer.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described at the time of collection. Importantly, none of the uses described below apply to education records or student PII processed on behalf of Customers — such processing is governed exclusively by our agreements with Customers and applicable law, including FERPA.
Service delivery and operations
We may use your personal information to provide the Service, enable security features, establish and maintain your user profile, communicate with you about the Service, and provide support.
Service personalization
We may use your personal information to understand your needs and interests, personalize your experience, and remember your selections and preferences.
Service improvement and analytics
We may use your personal information to analyze your usage of the Service and improve our products and services. This section does not apply to education records or student PII, which will not be used for product development, analytics, or service improvement except in deidentified or aggregated form as expressly permitted by the Customer’s agreement and applicable law. De-identification means that Aeries has removed all direct and indirect identifiers as required under FERPA (34 C.F.R. § 99.31(b)(1)) and has made no attempt to re-identify the data. Aeries will not re-identify de-identified data or permit any third party to do so.
Marketing
We may send you direct marketing communications. Education records and student PII will never be used for marketing or advertising purposes.
Compliance and protection
We may use your personal information to comply with applicable laws, protect rights, audit internal processes, enforce terms of service, and prevent fraudulent activity.
Retention
We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. With respect to education records and student PII processed on behalf of Customers, retention is governed by the applicable Customer agreement and applicable law, including FERPA. Aeries will not retain education records or student PII beyond the period specified in the Customer agreement, except as required by law. See the Data Return and Destruction section above for additional details.
How we share your personal information
We may share your personal information with the following parties. The sharing practices described in this section apply to personal information collected through Aeries’ own website and marketing activities. Education records and student PII processed on behalf of Customers are shared only as described in the FERPA and Student Education Records section above and as permitted by the applicable Customer agreement and FERPA.
Affiliates
Our corporate parent, subsidiaries, and affiliates. Education records and student PII are not shared with Aeries affiliates except where the affiliate is acting as a sub-processor subject to the restrictions in the Sub-processors section above.
Service providers
Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and website analytics). Service providers that access education records or student PII on behalf of Customers are subject to the sub-processor requirements described above.
Payment processors
Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors, such as PayPal and Stripe.
Third parties designated by you
We may share your personal information with third parties where you have instructed us or provided your consent to do so.
Partners
Third parties with whom we partner, including parties with whom we co-sponsor events or jointly offer products or services. Education records and student PII are not shared with partners for marketing, co-sponsorship, or joint-offering purposes.
Professional advisors
Professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of professional services rendered to us.
Authorities and others
Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for legal compliance and protection purposes. Any disclosure of education records in response to a subpoena, court order, or government request will be handled in accordance with FERPA (34 C.F.R. § 99.31(a)(9)), including providing prior notice to the Customer to the extent required by law.
Business transferees
We may disclose personal information in the context of actual or prospective business transactions. In the event of a merger, acquisition, or sale of assets involving Aeries, education records and student PII will only be transferred to a successor entity that agrees in writing to be bound by the same FERPA obligations applicable to Aeries. Customers will be notified of any such transfer to the extent required by applicable law and the Customer’s agreement.
Security
We employ technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
With respect to education records and student PII processed on behalf of Customers, Aeries maintains a written information security program that includes administrative, technical, and physical safeguards appropriate to the nature and sensitivity of the data. In the event of a security breach that results in unauthorized access to or disclosure of education records or student PII, Aeries will notify the affected Customer within the timeframe specified in the Customer’s agreement (and in no event later than thirty (30) calendar days after Aeries becomes aware of the breach, or as otherwise required by applicable state breach notification law, whichever is sooner), so that the Customer can fulfill its obligations to notify parents and eligible students as may be required by FERPA and applicable state law.
Children
The Service (i.e., Aeries’ public-facing website and marketing activities) is not intended for use by anyone under 13 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us.
For students under 13 accessing the Aeries platform through a Customer, the Customer is responsible for obtaining any parental consent required by COPPA (Children’s Online Privacy Protection Act) and FERPA prior to collecting personal information from such students through the platform. Aeries acts only at the direction of the Customer for such processing. Parents should contact the Customer (the student’s school or district) to exercise rights under FERPA and COPPA with respect to student records.
If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
Your choices
In this section, we describe the rights and choices available to all users. Users located in certain U.S. states can find additional information about their rights below.
Access or update your information
If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.
Opt-out of communications
You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us.
FERPA Rights
Parents and eligible students who wish to exercise FERPA rights (inspect records, request amendment, or control disclosure) with respect to education records held by a Customer should contact the Customer directly. Aeries is not able to fulfill FERPA access or amendment requests on behalf of Customers; such requests must be submitted to the school or district that maintains the records. Contact information for the relevant school or district is available on the district’s website.
Cookies and other technologies
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Please note that if you set your browser to disable cookies, the Service may not work properly.
Other sites and services
The Service may contain links to websites, mobile applications, and other online services operated by third parties. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country. Education records and student PII will only be transferred to or processed in jurisdictions that provide an adequate level of data protection, consistent with the requirements of FERPA and the applicable Customer agreement.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. If any changes to this Privacy Policy would materially affect the processing of education records or student PII, Aeries will provide advance notice to affected Customers, consistent with the requirements of applicable Customer agreements and FERPA.
How to contact us
- Email: Legal@aeries.com
- Mail: 770 The City Drive South, Suite 6500, Orange, CA 92868
- Phone: 888-487-7555