PickupFlow Logo PickupFlow

PickupFlow™ Privacy Policy

Effective Date: April 2026

PickupFlow ("we," "our," or "us") is a school dismissal management application operated by CM Santos Group LLC, doing business as Nexpath Infrastructure. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web application at app.pickupflow.app, and related services (collectively, the "Service").

By using PickupFlow, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, and password. For guardians, we also collect phone number and relationship to enrolled students.
  • Student Information: Schools provide student names, grade levels, homeroom assignments, and optional student IDs. Guardians are linked to students through school-issued enrollment codes. Staff may add notes about students visible only to school personnel (e.g., special dismissal instructions).
  • Vehicle Information: Guardians may register vehicle details (make, model, color, and license plate number) to facilitate identification during pickup.
  • Authorized Pickup Persons: Primary guardians may designate additional authorized individuals who can pick up their students, including their names, email addresses, phone numbers, and relationship to the student.
  • In-App Messages: Guardians and school staff may exchange messages through the Service. Messages include sender and recipient names, roles, associated student (if applicable), and message content. Messages are stored to provide conversation history.
  • Calendar Images (School Administrators only): School administrators may upload images of school calendars for AI-powered conversion to digital calendar events. These images are processed and immediately deleted; they are not stored permanently.
  • Staff Information: School administrators provide staff names, email addresses, and job titles (e.g., Teacher, Principal) when adding staff to the Service.

1.2 Information Collected Automatically

  • Location Data: With your permission, we collect precise GPS location data when you use the "On My Way" or "I'm Here" features. This data is used solely to calculate your proximity to the school for arrival notification and is not stored after your pickup session ends. Location data is processed locally on your device for distance calculations.
  • Camera Access: With your permission, we access your device's camera solely to scan QR codes during the student enrollment process. We do not capture, store, or transmit any images or video. The camera processes QR codes locally on your device, and only the decoded enrollment code text is transmitted to our servers.
  • Device Information: We collect device identifiers, operating system version, and app version for troubleshooting and service improvement.
  • Push Notification Tokens: We collect Firebase Cloud Messaging (FCM) tokens to send you notifications about pickup status, student dismissal, and school announcements. You can configure notification preferences including per-type toggles and quiet hours within the app.
  • Crash Logs and Diagnostics: We automatically collect crash logs, performance data, and diagnostic information to identify and fix technical issues. Crash reports include a pseudonymous user identifier for troubleshooting but do not include names, email addresses, school information, or student data. We actively redact sensitive information from error reports.

1.3 Biometric Authentication

PickupFlow offers optional biometric authentication (Face ID, Touch ID, or fingerprint) as a convenience feature for guardians and staff to unlock the app and re-authenticate during active pickup sessions.

  • On-device only: Biometric authentication is processed entirely on your device using your device's built-in biometric hardware and operating system APIs. We never receive, transmit, or store your biometric data (fingerprints, facial geometry, etc.) on our servers.
  • Credential storage: If you enable biometric login, your encrypted login credentials are stored in your device's secure enclave (iOS Keychain or Android Keystore). These credentials remain on your device and are protected by your device's hardware-level encryption.
  • Optional: Biometric authentication is entirely optional. You can enable or disable it at any time in Settings. Disabling it removes the stored credentials from your device.
  • Adults only: Biometric authentication is available only to adult users (guardians and staff). It is never used by or applied to children.

2. Photo Library Access

School administrators may grant PickupFlow access to their device's photo library to upload images of school calendars. This access is:

  • Only requested from school administrator accounts
  • Used solely for uploading calendar images for AI processing
  • Not used to access personal photos
  • Not used for any marketing or tracking purposes

Parents and guardians are never asked for photo library access.

3. AI-Powered Features

3.1 Calendar Processing

PickupFlow uses artificial intelligence to convert images of school calendars into digital calendar events.

How it works:

  • School administrators upload an image of a printed or digital school calendar
  • The image is securely transmitted to our AI processing service
  • AI extracts dates, event names, times, and descriptions from the image
  • Extracted events are added to the school's digital calendar

Data handling:

  • Calendar images are processed in real-time and automatically deleted immediately after processing
  • We do not retain copies of uploaded calendar images
  • Extracted calendar data is stored within your school's secure account
  • Images are never used for AI training or any other purpose

Third-party AI processing: Calendar images may be processed using third-party AI services (such as Google ML Kit for on-device text recognition). These services only receive the calendar image for processing, are bound by data processing agreements, and do not receive any user account information or student data.

Recommendations for Schools: When uploading calendar images, we recommend using calendars that do not contain student names or personal information, reviewing extracted events for accuracy before publishing, and only granting calendar upload access to authorized staff members.

3.2 AI Support Assistant

PickupFlow offers an AI-powered support assistant within the app to help answer questions about using the Service.

  • Support conversations are stored in your school's secure environment to provide conversation history and improve support quality
  • Conversations are processed using AI to generate helpful responses
  • AI support conversations are rate-limited by role to prevent abuse
  • Support conversations are retained for 6 months, then automatically deleted
  • Anonymized usage metrics (not conversation content) may be retained for up to 12 months to improve the support experience

4. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Facilitate communication between guardians and school staff during dismissal
  • Verify guardian identity and authorization for student pickup
  • Send push notifications about pickup status and school announcements
  • Enable in-app messaging between guardians and school staff
  • Process calendar images and create calendar events (school administrators only)
  • Provide AI-powered support assistance
  • Generate pickup analytics and reports for school administrators
  • Improve and optimize our Service
  • Comply with legal obligations
  • Protect the safety of students, guardians, and school personnel

5. Information Sharing and Disclosure

  • With Schools: We share guardian and student information with the schools where students are enrolled. Schools can view guardian arrival status, vehicle information, and pickup history. Authorized school personnel may export student rosters, guardian contact information, and pickup history for school record-keeping purposes.
  • With Other Guardians: Primary guardians can see authorized pickup persons they have designated. Authorized pickup persons can see the students they are authorized to pick up. Guardians participating in carpool arrangements can see limited information about other participating guardians as necessary to coordinate pickup.
  • Service Providers: We use the following third-party services to operate the Service:
    • Google Firebase: Authentication, database, cloud functions, push notifications, crash reporting, and app integrity verification
    • Google Cloud Platform: Hosting and infrastructure
    • SendGrid (Twilio): Transactional emails including email verification, password reset, enrollment letters, and school invitations
    • Google Sign-In: Optional single sign-on (SSO) authentication for schools using Google Workspace. During SSO, Google processes the authentication request and returns basic profile information (name and email)
    • Google Places API (optional): If enabled by a school, address autocomplete for school location configuration. Search queries are sent to Google and are subject to Google's privacy policy

    These providers are bound by contractual obligations and data processing agreements to protect your data.

  • AI Processing Services: Calendar images uploaded by school administrators are processed using AI services to extract event information. Support conversations may be processed using AI services to generate responses. These services do not receive student data or personally identifiable information beyond the content being processed.
  • Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit using TLS/SSL
  • Secure authentication through Firebase Authentication with email verification
  • Role-based access controls limiting data access to authorized personnel
  • Firebase App Check for app integrity verification
  • Rate limiting on sensitive operations to prevent abuse
  • Biometric credentials stored in hardware-encrypted secure storage (iOS Keychain / Android Keystore), never on our servers
  • Active redaction of sensitive data from crash reports and error logs
  • Regular security assessments and monitoring
  • Secure cloud infrastructure hosted on Google Cloud Platform
  • Immediate deletion of calendar images after AI processing

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service.

  • Account data is retained while your account is active. Upon account deletion, personal information is removed from our active systems within 30 days (see Section 10 for details).
  • Pickup history is retained in our active database for 13 months, then automatically moved to secure archival storage for school record-keeping purposes. Archived pickup records may retain references to participants for audit trail integrity.
  • In-app messages are retained while the associated accounts are active.
  • Notifications are automatically deleted after 30 days.
  • Support conversations are retained for 6 months, then automatically deleted.
  • AI support analytics (anonymized usage metrics only) are retained for 12 months, then automatically deleted.
  • Location data from pickup sessions is used for real-time distance calculations on your device and is not stored on our servers.
  • Calendar images are deleted immediately after AI processing is complete; they are not stored.
  • Extracted calendar events are retained as part of the school's calendar data.
  • Biometric data is never stored on our servers. On-device credentials are removed when you disable biometric login or delete your account.

Schools may retain pickup history records in accordance with their record-keeping policies and applicable law. Upon account deletion, your personal information is removed from our active systems within 30 days. Archived records (such as pickup history) may retain de-identified references for school audit trail purposes.

8. Children's Privacy and COPPA Compliance

PickupFlow is designed for use by adults — guardians and school staff. The Service complies with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506) and its implementing regulations (16 CFR Part 312).

8.1 How We Handle Children's Information

  • No direct collection from children: We do not collect personal information directly from children under 13. Children do not create accounts, log in, or interact with the Service. Student information is provided solely by schools and parents/guardians.
  • Limited student data: The only student information we process is: first name, last name, grade level, homeroom assignment, school-assigned student ID, guardian linkage, transportation mode preferences, and optional staff notes (e.g., dismissal instructions). We do not collect student photographs — the photo field in our system is always empty.
  • No behavioral tracking: We do not track, profile, or create behavioral profiles of students. No analytics identifiers, cookies, or tracking pixels are associated with student records.
  • No biometric data from children: Biometric authentication is available only to adult users. No biometric data is collected from or about children.

8.2 School Official Exception

Under COPPA's "school official" exception (16 CFR § 312.5(c)(2)), schools may consent to the collection of student information on behalf of parents solely for school-authorized educational purposes. When a school subscribes to PickupFlow:

  • The school acts as the agent of the parent for purposes of consenting to the collection of student information
  • The school is responsible for providing notice to parents about the Service's data practices
  • Student information is used solely for the school-authorized purpose of managing student dismissal
  • We do not use student information for any commercial purpose unrelated to the school's authorized educational purpose

8.3 Parental Rights Under COPPA

Parents and guardians have the right to:

  • Review: Request a review of the personal information we have collected about their child by contacting us or their school
  • Delete: Request deletion of their child's personal information from our systems. Schools may also delete student records directly through the Service
  • Refuse further collection: Direct us to stop collecting their child's personal information by contacting us or their school, understanding that this may require the school to remove the student from the Service

To exercise these rights, parents may contact their school directly or contact us at privacy@pickupflow.app. We will respond to verified requests within 30 days.

8.4 Data Minimization for Children

We practice data minimization for all student information. Our crash reporting service receives only a pseudonymous user identifier — it does not receive student names, school identifiers, or any student-associated data. We redact student-related keywords from error reports before they leave the device.

If we learn that we have inadvertently collected personal information from a child under 13 without proper consent, we will promptly delete that information and notify the relevant school. If you believe we have collected such information, please contact us immediately.

9. Student Education Records (FERPA)

PickupFlow may process student education records as defined by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g). With respect to FERPA:

  • We operate as a "school official" under the school's direct control as defined by 34 CFR § 99.31(a)(1), providing a service for which the school would otherwise use its own employees
  • We use education records only for the purposes for which the school authorized access — specifically, managing student dismissal and pickup coordination
  • We do not re-disclose education records to third parties except as described in this Privacy Policy and as permitted by the school's FERPA policies
  • Schools control access to their student education records and may request deletion at any time
  • We maintain the confidentiality of education records in accordance with FERPA requirements

Schools subscribing to PickupFlow execute a Data Processing Addendum that governs the processing of student education records and ensures compliance with FERPA, COPPA, and applicable state student privacy laws.

10. Your Rights and Choices

10.1 General Rights

  • Access and Correction: You may access and update your account information through the app settings at any time.
  • Location Permissions: You can enable or disable location services through your device settings. Disabling location services will prevent the use of arrival notification features.
  • Camera Permissions: You can enable or disable camera access through your device settings. If disabled, you can still complete enrollment by manually entering the enrollment code.
  • Photo Library Permissions: School administrators can enable or disable photo library access through device settings. Disabling this will prevent the use of the AI calendar conversion feature.
  • Biometric Authentication: You can enable or disable biometric login at any time in Settings. Disabling it removes stored credentials from your device.
  • Push Notifications: You can manage notification preferences within the app, including per-type toggles (pickup, calendar, announcements) and quiet hours. You can also disable notifications entirely through your device settings.
  • Account Deletion: You can request deletion of your account at any time directly within the PickupFlow app. Go to Settings → Account Settings → Delete Account and confirm the deletion. Your account will be deactivated immediately and personal data will be removed from our active systems within 30 days. Archived records (such as pickup history) may retain de-identified references for school audit trail purposes. You will receive an email confirmation when your deletion request is initiated. For detailed instructions, visit our account deletion help page.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, completing a transaction).
  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale: We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (such as precise geolocation) only for purposes authorized by you and as necessary to provide the Service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Categories of personal information we collect: Identifiers (name, email, phone); geolocation data (with permission, during pickup only); professional or employment-related information (job title for staff); education information (student records provided by schools).

To exercise your rights, contact us at privacy@pickupflow.app. We will verify your identity and respond within 45 days.

10.3 Other State Privacy Laws

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Texas (TDPSA), you may have additional rights including the right to access, correct, delete, and obtain a copy of your personal data, and the right to opt out of targeted advertising. We do not engage in targeted advertising, sell personal data, or profile users for automated decision-making.

To exercise your rights under any applicable state law, contact us at privacy@pickupflow.app. If we decline your request, you may appeal by contacting us with "Privacy Appeal" in the subject line.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and within the app, and updating the "Effective Date" above. For significant changes affecting the collection or use of children's information, we will provide direct notice to schools. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:

PickupFlow

Operated by CM Santos Group LLC dba Nexpath Infrastructure

90 Fort Wade Road, Suite 100

Ponte Vedra, FL 32081

Email: privacy@pickupflow.app