Privacy Policy

This Policy applies to all natural persons and legal entities that interact with the Services, including, without limitation: (a) enrolled students of a School; (b) the parents, guardians, or other authorized representatives of such students; (c) educators, advisors, club officers, and other employees or contractors of a School; (d) School administrators with privileged access; (e) prospective customers, pilot inquirers, and other visitors to Wendel's public marketing site at trywendel.com; and (f) any applicant for employment with Wendel.

To the extent that any provision of this Policy conflicts with a data-processing agreement, master subscription agreement, or other written instrument duly executed between Wendel and a School (each, a "DPA"), the DPA shall control with respect to that School's data.

1. "Aggregated Data" means information that has been combined with other data and stripped of identifiers such that it cannot reasonably be linked, directly or indirectly, to any specific natural person.
2. "De-identified Data" means information from which all direct and indirect identifiers have been removed in accordance with NIST IR 8053 or a comparable industry-recognized standard.
3. "Education Record" has the meaning ascribed to it under the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations at 34 C.F.R. Part 99.
4. "End User" means any natural person who interacts with the Services under credentials issued or authorized by a School.
5. "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household.
6. "Processing" means any operation or set of operations performed on Personal Information, including collection, recording, storage, organization, structuring, use, disclosure, transmission, and destruction.
7. "School Data" means any Personal Information or Education Record transmitted to or generated within the Services by a School, an End User acting under such School's authorization, or Wendel acting at the direction of such School.
8. "Sensitive Personal Information" means Personal Information that reveals (i) racial or ethnic origin; (ii) religious or philosophical beliefs; (iii) membership in a political organization; (iv) sexual orientation or gender identity; (v) mental or physical health status; (vi) immigration or citizenship status; or (vii) any category designated as sensitive under applicable law.
9. "Subprocessor" means any third party engaged by Wendel to Process School Data on Wendel's behalf.

With respect to School Data, the School acts as the data controller (or equivalent role under applicable law), and Wendel acts as the data processor (or equivalent role) performing the Processing operations contemplated by the DPA and this Policy. The School retains ownership of and exclusive rights to School Data.

With respect to Personal Information collected directly by Wendel from visitors to the public marketing site or from pilot inquirers, Wendel acts as the data controller and Processes such information solely for the purposes set forth in Section 7.

1. Identification Data. Legal name, preferred name, grade level, School-issued email address, and (where the School elects to provide it) the School's internal student identifier.
2. Authentication Data. Password hashes, OAuth tokens issued by identity providers approved by the School, multi-factor-authentication state, session identifiers, and timestamps of authentication events.
3. Activity Data. Club memberships and roles, event registrations, check-in timestamps and modalities (e.g., near-field communication tap, QR-code scan, manual entry, kiosk entry), announcement read state, and file uploads attributed to a user.
4. Communications Data. Support inquiries, pilot-program applications, and other voluntary communications submitted to Wendel by an End User or a School representative.
5. Device and Connection Data. Internet protocol address, user-agent string, operating system, browser version, screen size, and preferred language, collected through industry-standard server logging.

Wendel Processes Personal Information solely for the following purposes, and on the legal bases set forth opposite each purpose:

1. To provide, maintain, and improve the Services - legitimate interest, performance of contract, and (where applicable) consent.
2. To authenticate End Users and prevent unauthorized access - legitimate interest and compliance with legal obligation.
3. To respond to support inquiries and pilot-program applications - performance of pre-contractual measures at the request of the data subject.
4. To comply with applicable law, regulation, court order, or other legal process - compliance with legal obligation.
5. To exercise or defend legal claims and protect the rights, property, or safety of Wendel, its Schools, or any End User - legitimate interest.

Wendel does not Process Personal Information for advertising, targeted marketing, sale, or the training of machine-learning models, regardless of legal basis or claimed consent.

1. California Student Online Personal Information Protection Act, Cal. Bus. & Prof. Code §§ 22584–22585 ("SOPIPA");
2. California Consumer Privacy Act, as amended by the California Privacy Rights Act, Cal. Civ. Code §§ 1798.100 et seq. ("CCPA/CPRA");
3. Illinois Student Online Personal Protection Act, 105 ILCS 85 ("SOPPA");
4. Colorado Student Data Transparency and Security Act, Colo. Rev. Stat. §§ 22-16-101 et seq.;
5. Colorado Privacy Act, Colo. Rev. Stat. §§ 6-1-1301 et seq.;
6. New York Education Law § 2-d and 8 NYCRR Part 121;
7. Connecticut Public Act 16-189 and the Connecticut Data Privacy Act, Conn. Gen. Stat. §§ 42-515 et seq.;
8. Maryland Student Data Privacy Act of 2015, Md. Code, Educ. §§ 4-131 et seq.;
9. Virginia Consumer Data Protection Act, Va. Code §§ 59.1-575 et seq.; and
10. any successor or analogous statute of the State in which a School operates.

Where the foregoing statutes impose obligations more stringent than those set forth in this Policy, Wendel will comply with such more-stringent obligations with respect to End Users to whom such statutes apply.

Parents and legal guardians of End Users under the age of eighteen (18), and End Users who have attained the age of eighteen (18) ("Eligible Students") under FERPA, have the right to (a) inspect and review the End User's Education Records maintained by the School in the Services; (b) request correction of information believed to be inaccurate, misleading, or otherwise in violation of the End User's privacy rights; (c) consent to disclosures of Education Records, with the exceptions enumerated in FERPA; and (d) file a complaint with the U.S. Department of Education concerning alleged failures by the School to comply with FERPA.

All such requests shall be directed in the first instance to the School. Wendel will support the School in fulfilling verified requests within commercially reasonable timeframes and will not directly respond to End-User requests with respect to School Data absent the School's written authorization.

Wendel does not disclose Personal Information to any third party except:

1. to Subprocessors engaged under written contract on terms no less protective than those imposed on Wendel by the applicable DPA;
2. at the express written direction of the School;
3. to comply with applicable law, valid legal process, or a lawful request from a governmental authority, provided that Wendel will give the affected School prior written notice and an opportunity to seek a protective order, except where such notice is prohibited by law or where the request relates to a credible threat to life or safety;
4. in connection with the exercise or defense of legal claims, in which event disclosure shall be limited to that information strictly necessary; and
5. in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or substantially all of Wendel's assets, subject to the successor entity assuming Wendel's obligations under each DPA and this Policy on terms no less protective than those in effect immediately prior to such transaction.

Wendel does not, and shall not, sell, lease, rent, or otherwise transfer Personal Information to any third party for monetary or other valuable consideration except as expressly enumerated above.

As of the Effective Date, Wendel engages the following Subprocessors:

Wendel will provide each School with at least thirty (30) days' advance written notice prior to engaging any new Subprocessor or materially changing the scope of an existing Subprocessor's engagement. A School may object to a proposed Subprocessor for a reasonable security, legal, or compliance reason, in which event the parties will negotiate in good faith to reach a mutually acceptable resolution. Wendel remains liable for the acts and omissions of each Subprocessor to the same extent that Wendel would be liable if performing the Subprocessor's functions directly.

Wendel retains School Data for the duration of the School's subscription to the Services and for a tail period of twelve (12) months thereafter (the "Tail Period"), during which the School may extract or request return of School Data in an industry-standard machine-readable format. Following the Tail Period, Wendel will irrevocably destroy or de-identify all remaining School Data in accordance with NIST Special Publication 800-88 Rev. 1 (or successor guidance), provided that Wendel may retain Aggregated Data and De-identified Data indefinitely.

The School may at any time during the term of the subscription request that Wendel delete or return School Data pertaining to specific End Users or specific categories. Wendel will complete such deletion or return within thirty (30) days of the verified request, except where a longer period is required by law.

Notwithstanding the foregoing, Wendel may retain Personal Information required to comply with legal, accounting, or auditing obligations (such as records of payment, tax filings, and security-incident logs) for the period required by such obligations.

1. encryption of Personal Information in transit using Transport Layer Security version 1.2 or later, and at rest using AES-256;
2. logical isolation of each School's tenant such that no query may return data belonging to a different School;
3. role-based access controls, principle of least privilege, and multi-factor authentication on all administrative and engineering access;
4. immutable, append-only audit logs of all access to Personal Information and all administrative actions;
5. annual third-party penetration testing of production infrastructure and remediation of identified findings on a risk-prioritized basis;
6. background checks on all personnel with access to Personal Information and mandatory annual security training; and
7. a documented business-continuity and disaster-recovery plan with a recovery-time objective of four (4) hours and a recovery-point objective of fifteen (15) minutes for production data stores.

Wendel maintains a documented incident-response plan and a 24×7 on-call rotation for security events. Upon Wendel's confirmation of a Security Incident affecting Personal Information of an identifiable School's End Users, Wendel will:

1. notify the affected School without undue delay and in any event no later than seventy-two (72) hours after confirmation;
2. provide the School with all information reasonably required to fulfill the School's notification obligations under applicable law, including (i) a description of the nature of the incident, (ii) the categories and approximate number of End Users affected, (iii) the categories and approximate volume of Personal Information records affected, (iv) the likely consequences, and (v) the measures taken or proposed to address the incident and mitigate its possible adverse effects;
3. cooperate with the School in any required notification to data subjects, regulators, or law-enforcement authorities, and bear the reasonable costs of forensic investigation, remediation, and credit monitoring (where appropriate) for incidents caused by Wendel's breach of this Policy or the applicable DPA; and
4. conduct a post-incident review and provide the School with a written root-cause analysis and corrective-action plan within thirty (30) days of incident closure.

For purposes of this Policy, "Security Incident" means a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, Personal Information Processed by Wendel.

To the extent any individual is granted rights under applicable law with respect to Personal Information that Wendel Processes (such rights including, where applicable, the rights of access, rectification, erasure, restriction of Processing, data portability, and objection), Wendel will support the relevant data controller (typically the School) in responding to verified requests. With respect to Personal Information for which Wendel acts as data controller (such as Personal Information of pilot inquirers), data subjects may submit requests directly to privacy@trywendel.com, and Wendel will respond within the timeframes required by applicable law.

Wendel may decline a request, in whole or in part, where the request is manifestly unfounded, excessive, prohibited by law, or where granting the request would prejudice the rights of another natural person, in which event Wendel will provide the requester a written explanation of the basis for declining.

The Services use only first-party session cookies strictly necessary to authenticate End Users and maintain session state. The Services do not use third-party tracking cookies, advertising pixels, fingerprinting scripts, or any other technology designed to monitor End-User behavior across websites or applications.

The public marketing site at trywendel.com uses first-party cookies to remember pilot-form drafts and to measure aggregate site traffic. No third-party analytics provider receives identifying information about visitors to the marketing site.