School District Data Practices

Overview

Amitrace Computer Systems, Inc. (“Amitrace,” “we,” “us,” or “our”) sells, installs, and supports professional audiovisual and broadcast equipment for K–12 school districts. We are an integrator and reseller, not an education technology platform. As a general matter, student and staff record information remains under the control of the school district at all times.

This page describes the limited circumstances in which Amitrace personnel may encounter district data, the safeguards we apply when that happens, and the obligations we accept under our district contracts. It is intended to support district procurement, IT, and legal teams in evaluating Amitrace as a vendor.

Our Role and What We Do Not Do

Amitrace primarily provides equipment, installation services, system configuration, training, and ongoing technical support. In most engagements:

  • We deliver and install hardware (cameras, switchers, microphones, displays, control systems, etc.).
  • We configure equipment to operate on infrastructure the district owns and administers.
  • We provide training and post-installation support.
  • We do not host, store, or operate the district’s student information system, learning management system, or identity provider.

 

We do not:

  • Sell, rent, or share student or staff record information with any third party.
  • Use student or staff record information for advertising, marketing, or product development.
  • Build advertising profiles of students, staff, or families.
  • Conduct targeted advertising to students.

When Amitrace May Encounter District Data

There are limited circumstances during installation, configuration, training, and support where Amitrace personnel may have incidental access to information that could be considered Student or Staff Record Information. These typically include:

  • Account configuration: When district administrators ask us to configure user accounts on AV systems, we may briefly handle staff names, email addresses, or role assignments provided by the district.
  • Test recordings: During system commissioning, test footage or audio may be captured to verify that equipment is functioning. We do not retain this content; it is deleted at the conclusion of testing or transferred to district storage.
  • Remote support sessions: When a district requests troubleshooting assistance, our technicians may view screens or systems that contain district data in the course of resolving the issue.
  • File transfers: We may transfer broadcast or video files between district storage locations as part of installation or workflow setup.

In every case, the district remains the controller of the information. Amitrace acts only at the direction of authorized district personnel.

How We Protect District Information

Personnel

  • All Amitrace employees and subcontractors who may encounter district data are trained on confidentiality expectations and the sensitive nature of school environments.
  • Background checks are conducted on personnel assigned to school district installation and support work, in accordance with district requirements.
  • Access to district systems and credentials is limited to personnel with a direct need to perform the work at hand.

Technology

  • Company-issued devices are protected with full-disk encryption, screen-lock policies, and centralized management.
  • Remote access tools used for support sessions transmit data over encrypted (TLS) connections.
  • Credentials shared by districts for the purpose of configuration or support are stored in a secured password manager and removed when the engagement concludes.
  • Cloud services we use to support our internal operations (Microsoft 365, Supabase, ActiveCampaign) are configured with multi-factor authentication and least-privilege access controls.

Process

  • We follow district-supplied procedures for handling credentials, accessing networks, and decommissioning equipment.
  • Test recordings and configuration artifacts that contain identifiable information are deleted at project closeout unless the district requests otherwise.
  • We do not transfer district data outside the United States.

Incident and Breach Notification

Amitrace will report to the District any: (1) unauthorized access, use, disclosure, modification, or destruction of Student or Staff Record Information that becomes known to Amitrace; or (2) interference with Amitrace’s information systems operations of which Amitrace becomes aware.

Amitrace will notify the District of any use or disclosure of Student or Staff Record Information by Amitrace not permitted by its contract with the District, any security incident involving Student or Staff Record Information, and any breach or loss of Student or Staff Record Information, within seventy-two (72) hours of discovery.

Notifications will be made to the District contact identified in the applicable contract or, if no contact is identified, to the District’s superintendent and chief technology officer. Notifications will include, to the extent known at the time:

  • The nature of the incident and the categories of information involved.
  • The approximate number of records affected, if any.
  • Steps Amitrace has taken to contain the incident and prevent further unauthorized access.
  • Recommended steps the District may wish to take in response.
  • A point of contact at Amitrace for further communication.

Amitrace will cooperate with the District’s investigation and remediation efforts and will provide updates as additional information becomes available.

Compliance Posture

To the extent Amitrace is deemed a “school official” with a legitimate educational interest under the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g; 34 CFR Part 99), Amitrace agrees to:

  • Use Student Record Information only for the purposes authorized by the District.
  • Maintain the confidentiality of Student Record Information.
  • Not redisclose Student Record Information to any other party without authorization from the District or as required by law.

Amitrace also acknowledges and supports district obligations under applicable state student data privacy laws, including but not limited to the Georgia Student Data Privacy, Accessibility, and Transparency Act (O.C.G.A. § 20-2-660 et seq.) and comparable laws in other states where we conduct business. Where a district contract incorporates additional or more stringent obligations, the contract terms control.

Insurance

Amitrace maintains general liability and cyber liability insurance coverage appropriate for our business. Certificates of insurance are available on request.

Data Retention and Deletion

Amitrace retains district information only as long as necessary to perform our services or to satisfy legal, accounting, or audit obligations. Specifically:

  • Project documentation (proposals, drawings, configuration notes) is retained for the life of the installed system, plus a reasonable period to support warranty and ongoing service.
  • Test recordings and configuration artifacts containing identifiable information are deleted at project closeout.
  • Email correspondence with district staff is retained in accordance with our standard email retention policies.
  • Upon written request from the District, Amitrace will return or destroy district-supplied information at the conclusion of an engagement, except where retention is required by law.