Legal

These Terms of Service ("Terms") govern your access to and use of QuickSecure's products and services, including QuickSecure Panic, QuickSecure Nexus, RLS hardware, and all associated software modules (collectively, the "Platform"). By accessing or using the Platform, you agree to be bound by these Terms.

Eligibility and Accounts

The Platform is designed for use by K-12 educational institutions, their authorized staff, administrators, and designated personnel. Each user account is personal and non-transferable. Schools are responsible for managing user access and ensuring that only authorized individuals have Platform credentials. Role-based access controls are enforced across all products.

Acceptable Use

You agree to use the Platform solely for its intended purpose: school safety, emergency response, and campus operations. You may not use the Platform to transmit false emergency alerts, harass individuals, or circumvent access controls. Misuse of emergency dispatch features, including false activation of direct-to-dispatch via RapidSOS, may result in immediate account termination and may carry legal consequences.

Service Availability

QuickSecure strives to maintain high availability but does not guarantee uninterrupted access. Scheduled maintenance, system updates, and unforeseen outages may temporarily affect service. Emergency dispatch functionality is provided through third-party integration (RapidSOS) and is subject to their service terms and network availability.

Termination

Either party may terminate the agreement with 30 days written notice. QuickSecure reserves the right to suspend or terminate access immediately in cases of Terms violations, security threats, or non-payment. Upon termination, your data will be handled in accordance with our Data Use Policy.

QuickSecure is committed to protecting the privacy of students, staff, and school communities. This Privacy Policy explains how we collect, use, store, and share information through our Platform.

Information We Collect

We collect information provided directly by schools during onboarding: staff names, roles, contact information, and school configuration data. Through SIS integration (PowerSchool, FACTS, Veracross), we sync basic rostering, teacher information, and class assignments. During platform use, we collect emergency alert data, incident reports, drill records, ticketing activity, and operational logs.

Student Data

Student data accessed through SIS integrations is limited to what is necessary for safety operations, primarily roster information for emergency workflows such as fire evacuation checks. We do not sell, share, or use student data for advertising, profiling, or any purpose unrelated to school safety. Student data accessed through the Anonymous Tip Line is handled with additional privacy controls and is isolated from other platform data.

Data Sharing

We do not sell personal information. Data may be shared with: emergency dispatch services (RapidSOS) during active emergencies; integrated systems (cameras, access control) as configured by the school; and service providers necessary for platform operation (cloud hosting, notification delivery). All third-party providers are bound by data protection agreements.

This Data Use Policy describes how QuickSecure processes, stores, and protects data collected through the Platform, consistent with FERPA requirements and best practices for handling K-12 educational records.

Data Storage

All platform data is stored in PostgreSQL databases with encryption at rest and in transit. Data includes: alert trigger information (user, school, type, time/date, optional GPS), workflow details (severity, categories, descriptions, photos), discussion messages, user accounts, role information, and emergency action/log history.

Data Retention

API tokens expire after 30 days. Web sessions are cleaned hourly. Inactive push tokens are deleted after 30 days. Closed tickets are archived after 7+ days, with attachments moved to archive storage. Job queue records for completed or failed jobs are cleaned after 30 days. Dismissed alerts are archived, not hard deleted, to preserve audit trail integrity.

FERPA Alignment

QuickSecure operates as a "school official" under FERPA, accessing student education records only to provide safety services as directed by the educational institution. We maintain strict access controls, audit logging, and data minimization practices consistent with FERPA's requirements for protecting personally identifiable information from education records.

This Data Processing Agreement ("DPA") supplements the Terms of Service and governs QuickSecure's processing of personal data on behalf of educational institutions using the Platform.

Roles and Responsibilities

The educational institution acts as the data controller, determining the purposes and means of processing personal data. QuickSecure acts as the data processor, processing personal data only on documented instructions from the institution. QuickSecure will not process personal data for any purpose other than providing the Platform services as described in the Terms.

Sub-processors

QuickSecure uses sub-processors for infrastructure, notification delivery, and emergency dispatch. A current list of sub-processors is available upon request. QuickSecure will provide 30 days notice before adding new sub-processors. All sub-processors are bound by data protection terms no less protective than those in this DPA.

Data Deletion

Upon termination of services, QuickSecure will delete or return all personal data within 90 days, as directed by the institution. Schools may request data export at any time during the term of service. Backup copies will be purged according to our standard retention schedule.

QuickSecure implements technical and organizational security measures designed to protect the confidentiality, integrity, and availability of school data.

Access Controls

Role-based access is enforced across all products via authentication and account permissions. Roles include Admin, IT, Facilities, Teacher, Janitor, and custom designations (e.g., AED-certified staff). All access is logged for audit purposes. Biometric authentication is supported on mobile devices via Expo local auth.

Infrastructure Security

The Platform uses encrypted connections (TLS) for all data in transit. Data at rest is encrypted in PostgreSQL. Session management uses secure tokens with automatic expiration. Rate limiting is enforced via Redis to protect against abuse. Security headers are applied using Helmet. AWS infrastructure provides the foundation for storage, video streaming, and monitoring.

Incident Response

QuickSecure maintains an incident response process for security events. In the event of a data breach affecting student or staff information, QuickSecure will notify the affected institution within 72 hours and cooperate fully with investigation and remediation efforts. Audit logs are maintained for all platform actions to support forensic analysis.

Compliance

QuickSecure maintains FERPA-aligned data handling practices, role-based access enforcement, student privacy controls for tip line and SIS-linked data, and comprehensive audit logging. General liability insurance is in place. Terms of Service, Privacy Policy, and Data Processing Agreement are maintained and available for review.