Privacy Policy

Effective: April 2026 · Boomerang Pass™

What we collect

Boomerang Pass collects only the information schools need to operate digital hallway passes: student rosters provided by the school, the teacher and student actions involved in issuing or returning a pass, and timestamps tied to those actions. We do not collect biometric data, location traces beyond the in/out pass event, or anything that is not part of a pass record.

Who owns the data

The school district is the data controller. Boomerang Pass acts as a service provider on the district's behalf. Data belongs to the district at all times. Boomerang Pass does not sell student data, does not share student data with advertisers, and does not use student data to train third-party AI models.

How we use the data

• To operate the pass system inside your school.
• To produce the reports and audit trails school staff request.
• To support the school when something goes wrong.

How long we keep it

Pass records are retained for the current school year by default. Districts can request shorter retention or full deletion at any time. On contract termination, all district data is deleted within 30 days unless legal retention requirements apply.

Security

Data is encrypted in transit and at rest. Access is role-based: teachers see their classes, leaders see their building, district admins see the district. Authentication uses district SSO where available.

Your rights

Parents, guardians, and eligible students have the right to inspect and request correction of pass records under FERPA. Requests should be directed to the district, who can produce a record export through Boomerang Pass.

Contact

Privacy questions: drew@boomerangclassroom.com. See also our FERPA Statement.

This policy is a plain-language summary. A full Data Processing Addendum (DPA) is available to districts during contracting and supersedes this page where any conflict exists.