How we handle information.
How Dismissal collects, uses, and protects information — including our commitments to students and families. Effective May 19, 2026; last updated May 19, 2026.
Who this applies to.
This Privacy Policy describes how Dismissal LLC ("Dismissal," "we," "us," or "our") collects, uses, and discloses information when you use our school dismissal and pickup management platform (the "Service").
Schools and districts
Our customers. Schools determine what student and family information is loaded into the Service. With respect to student records, Dismissal acts as a school official with legitimate educational interestunder FERPA, and as a service providerunder applicable state student privacy laws.
Guardians and authorized pickup users
Interact with the Service through accounts provisioned by their child's school. Their relationship with Dismissal is governed by the school's agreement with us.
Public website visitors
Visit dismissal.ai. For those interactions, Dismissal acts as a controller of any information you submit directly to us (for example, through a contact form).
What's in the system.
Only what's needed to run dismissal workflows. No biometric data, no facial images, no voice recordings, no precise GPS.
Provided by the school
- Student names, grade levels, classroom or homeroom assignments, and pickup designations
- Authorized guardian and pickup contact information (name, relationship, phone, email)
- Vehicle information used for pickup matching, including license plate strings
- Pickup permissions, custody notes, and emergency contact data the school chooses to record
Captured by Service operation
- License plate images and recognized text from school-deployed pickup-area cameras
- Pickup event logs (arrival time, queue position, release time)
- Administrator and guardian portal activity (logins, page views, actions taken)
- Device and connection metadata (IP address, browser type, approximate location from IP)
From single sign-on
- When an administrator or staff member signs in with Google or Microsoft, we receive their basic account profile from that provider — name, email address, and (if available) profile photo
- This is used only to authenticate the user and create or manage their Dismissal account; it is never sold or used for advertising, consistent with the Google API Services User Data Policy (including its Limited Use requirements)
On our marketing website
- On our public marketing website (these pages, not the Dismissal app), we use Google Analytics to measure aggregate visitor traffic and real-user page-performance metrics (Core Web Vitals)
- Advertising features and ad personalization (Google Signals) are turned off; this data is never used for advertising and never extends into the authenticated app
- Analytics uses cookies — you can block them with your browser settings or an opt-out extension without affecting how the site works
Provided by you directly
- Contact form submissions, demo requests, and email correspondence
- Support tickets and feedback
What we don't collect
- Biometric data or facial images
- Voice recordings
- Precise GPS location
Our license plate recognition system processes vehicles, not faces.
Only to deliver the Service.
We use information only to deliver and improve the Service that the school has contracted us for. Specifically:
Authenticate you via single sign-on
Your Google or Microsoft account profile (name, email, photo) is used only to sign you in and manage your account — consistent with the Google API Services User Data Policy, including its Limited Use requirements.
Match arriving vehicles to authorized pickups
And notify school staff in real time.
Provide real-time dismissal dashboards
To administrators in the pickup area and the front office.
Send transactional notifications
To guardians (pickup confirmations, account messages).
Maintain audit logs and reporting
So the school can review what happened and who acted.
Detect, investigate, and prevent fraud or abuse
Including security incidents.
Comply with legal obligations
And respond to lawful requests.
Improve product quality
In aggregated and de-identified form only.
We do not use student data for advertising, marketing, behavioral profiling, AI model training outside the school's authorized use, or any commercial purpose unrelated to the Service.
A short list of where data goes.
Only as needed to operate the Service, and only with parties bound by appropriate confidentiality and data protection obligations.
With the school
All student and family data is, by default, shared back with the school that contracted with us. The school controls access within its own organization.
With subprocessors
We use a limited set of third-party service providers (hosting, authentication, transactional email, error monitoring) to operate the Service. The current list is available to district customers under DPA. Each provider is contractually bound to protect data consistent with this policy.
For legal reasons
We may disclose information when required by law, valid legal process, or to protect the safety of users or the public. We will notify the relevant school of such requests where lawful to do so.
In a business transfer
If Dismissal is involved in a merger, acquisition, or asset sale, customer data may transfer. Successors will be bound by commitments at least as protective as this policy. Schools will receive advance notice and a meaningful opportunity to object or export their data.
We never
Sell personal information. Share student data for advertising. Disclose student data to third parties for any purpose unrelated to the Service without the school's authorization.
FERPA, COPPA, and state student privacy laws.
FERPA — school official with legitimate educational interest
When a school uses Dismissal, we act as a "school official" with a legitimate educational interest, as defined under 34 CFR § 99.31(a)(1)(i)(B). The school maintains direct control over how student data is used and maintained within our platform. We use personally identifiable information from education records only to provide the service the school has authorized, and do not re-disclose it to any third party without the school's authorization, except as permitted by FERPA. Schools retain ownership of their student data and may request export or deletion at any time.
COPPA — school consent framework
Where our Service is used in a K-12 educational setting and processes information about children under 13, we rely on the school consent framework recognized by the FTC. The school provides consent on behalf of parents for the limited educational purpose authorized. We do not use children's information for advertising, behavioral profiling, sale, or any commercial profile unrelated to the Service, and retain it only as long as necessary to deliver the Service or as required by our agreement with the school.
State student privacy laws
Dismissal is designed to comply with state student privacy statutes and is prepared to execute state-specific addenda where required, including California (SOPIPA, AB 1584), New York (Education Law § 2-d), Illinois (SOPPA), Texas (TEC § 32.151), and Connecticut, Colorado, Utah, Washington, and other states with comparable frameworks. Email privacy@dismissal.ai to coordinate the appropriate documentation.
California (CCPA / CPRA)
For California residents who interact with our public website (not student records, which are governed separately under FERPA and SOPIPA), the CCPA as amended by the CPRA provides rights to know, delete, correct, opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising), and non-discrimination. Email privacy@dismissal.ai; we will verify your identity before responding.
How we protect, retain, and release data.
Security practices
- TLS 1.2+ in transit; encryption at rest
- Role-based access controls, least privilege
- MFA for administrative access
- Audit logging of administrative actions
- Regular dependency and infra updates
- Vulnerability disclosure program (security page)
No system can guarantee perfect security. We will notify the relevant school promptly in the event of a breach affecting personal information.
Default retention periods
- Raw license plate images: stripped from the long-term store at the next local day boundary — at most one local day from capture
- Recognized plate strings and pickup events: one year from capture, then automatically purged
- Account records (guardians, staff): active for the duration of the school's contract; deleted within 90 days of a school-initiated deletion request or written contract termination
- Audit logs: one year (365 days), then automatically purged
- Aggregated, de-identified analytics: indefinitely
Schools may request export or deletion at any time by emailing privacy@dismissal.ai. Exports are typically delivered within 30 days; deletions complete within 90 days. Specific terms may be modified in a school's signed DPA.
Your rights & choices
Because most personal information in Dismissal is held on behalf of a school, requests by parents, students, or guardians to access, correct, or delete information should be directed first to the school. The school will work with us to fulfill the request promptly.
If you have submitted information to us directly (for example, via the contact form on our website), email privacy@dismissal.ai.
Children under 13
Dismissal is not directed to children under 13 and we do not knowingly collect personal information from children under 13 except as part of a school-authorized educational use under the COPPA school consent framework described above. If we learn that we have inadvertently collected information from a child under 13 outside an authorized school relationship, we will delete it.
Where the Service runs and how this policy changes.
International visitors
Dismissal is operated from the United States and our infrastructure is hosted in the United States. The Service is not currently offered to schools or users outside the United States. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify schools through the administrator portal and update the "Last updated" date at the top of this page. We will not make changes that materially reduce the protections afforded to student data without notice to and the opportunity for action by the affected schools.
Questions, requests, or concerns.
Privacy and security mail goes to real humans, not a ticketing form. We respond inside the SLAs below.