Privacy Policy

Effective: May 17, 2026 · Last updated: May 17, 2026

We collect only the data needed to provide NOCTI Compass. We don't sell it, share it with advertisers, or use it for anything beyond running and improving the service. Assessment data belongs to the educators and institutions who upload it — we process it on their behalf and delete it when they ask.

1. Who We Are

This privacy policy applies to NOCTI Compass ("we," "us," or "our"), the assessment analytics platform available at phillycte.com and any associated subdomains. For questions about this policy, contact [email protected].

2. What Data We Collect

Data You Provide

Account information: Email address, name, school/district affiliation, and password (stored as a salted hash).
Assessment files: NOCTI score reports, rosters, and related files you upload.
Voluntary information: Feedback, support requests, and any content you choose to share with us.
Marketing opt-in: Free accounts include email updates about new products and features; you can opt out at any time.

Data Collected Automatically

Usage data: Pages visited, features used, timestamps, and browser type — to improve the service and fix bugs.
Session data: Authentication cookies and session tokens to keep you logged in securely.

What We Don't Collect

No third-party tracking or advertising pixels.
No precise geolocation data.
No browser or device fingerprinting.

3. How We Use Your Data

We use collected data only to:

Provide, operate, and maintain the NOCTI Compass service
Generate assessment dashboards, comparisons, and growth reports
Communicate with you about your account, support requests, or service updates
Improve service reliability, fix bugs, and develop new features
Comply with legal obligations
Send product updates and announcements (opt-out available anytime)

We do not sell your data, share it with advertisers, or use it for purposes unrelated to the service.

4. Assessment Data — How It's Handled

Processing on your behalf: Uploaded files are processed to generate dashboards and reports. We act as a data processor on behalf of the educator or institution.
Retention: Files are retained only as long as needed. You may request deletion at any time.
Student data in dashboards: Accessible only to the authenticated teacher or coordinator who uploaded it. Students access their own results via a time-limited PIN.
Aggregated and anonymized data: We may compile anonymized, aggregate statistics for benchmarking. These contain no personally identifiable information.

5. Data Disclosure

We do not sell, rent, or trade personal data. We disclose data only:

At your direction: If you explicitly share a dashboard or report with a colleague.
Service providers: Trusted third-party services for hosting, email, or payments — contractually obligated to handle data only as we direct.
Legal requirements: If required by law, regulation, or valid legal process.

6. Data Security

All data in transit is encrypted via TLS
Passwords are stored using salted cryptographic hashes
Access to production systems is restricted and logged
Uploaded files are stored with restricted permissions

7. Student Data and FERPA

Your institution is the FERPA-covered entity. The institution that uploads student data remains responsible for compliance.
We are a service provider. We process student data only for authorized purposes.
We do not disclose student education records to third parties, except as directed by the institution or required by law.
Data processing agreements are available upon request.

8. Cookies

Session cookie: Keeps you logged in. Deleted on logout.
Preference cookie: Remembers display settings.
Marketing preference cookie: Remembers your opt-in/out choice.

No third-party advertising or tracking cookies.

9. Your Rights

Access: Request a copy of your personal data.
Correction: Ask us to correct inaccurate data.
Deletion: Request deletion within 30 days of a verified request.
Data portability: Export dashboard data and reports in a standard format.
Opt out: Opt out of non-essential communications at any time.

10. Data Retention

Account data: Retained while active. Deleted within 90 days of closure.
Uploaded files: Retained while active or until deletion is requested.
Usage logs: Retained for 12 months, then anonymized or deleted.
Aggregated statistics: May be retained indefinitely (no PII).

11. Children's Privacy

NOCTI Compass is not directed at children under 13. Student data visible through the PIN interface is limited to the individual student's own results. If we learn we have inadvertently collected information from children under 13, we will delete it promptly.

12. International Users

NOCTI Compass is primarily designed for use within the United States. If you access the service from outside the U.S., your data may be transferred to and processed in the United States.

13. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes at least 14 days before they take effect.

Privacy inquiries & data requests: [email protected]

General support: [email protected]