Legal

Compliance

Last updated: April 13, 2026

Student Data Privacy Consortium (SDPC)

StanHattie LLC is a registered vendor with the Student Data Privacy Consortium, a collaborative of schools, districts, and vendors committed to protecting student data privacy.

• Registry: sdpc.a4l.org
• Status: Registered Vendor
• Applicable products: ScanRaise (scanraise.com) and any future education-facing products

We support the SDPC National Data Privacy Agreement (DPA) framework. Schools and districts interested in executing a DPA with StanHattie LLC should contact support@stanhattie.com.

COPPA Compliance

StanHattie LLC complies with the Children's Online Privacy Protection Act (COPPA). For products that may be used by or on behalf of children under 13:

• We do not knowingly collect personal information from children under 13 without verifiable parental or school consent
• Student data collected through school-authorized products is used solely to provide the contracted service
• We do not use student data for advertising, profiling, or any purpose unrelated to the educational service
• Parents and schools may review, request correction of, or request deletion of a child's personal information at any time

FERPA Awareness

When StanHattie products are used by schools or educational institutions, we act as a "school official" under FERPA with a legitimate educational interest. This means:

• We access only the student education records necessary to provide the contracted service
• We do not re-disclose student education records to third parties without consent, except as permitted by law
• We maintain reasonable security measures to protect education records
• We return or destroy student data upon contract termination or at the school's request

Insurance Coverage

StanHattie LLC maintains comprehensive insurance coverage through Next Insurance:

• General Liability (GL) — covers third-party bodily injury and property damage claims
• Errors & Omissions (E&O) — covers professional liability, including claims related to software products and services

Verify our insurance coverage

DMCA Registration

StanHattie LLC has a registered DMCA designated agent with the U.S. Copyright Office (Registration No. DMCA-1070999). For details, see our DMCA Copyright Policy.

Accessibility

All StanHattie products are built to conform to WCAG 2.1 Level AA accessibility standards. For details, see our Accessibility Statement.

CAN-SPAM Compliance

All marketing and notification emails sent by StanHattie LLC comply with the CAN-SPAM Act:

• Every email includes a working unsubscribe mechanism
• Unsubscribe requests are honored within 10 business days
• All emails include our physical mailing address
• We maintain a suppression list and never email unsubscribed recipients

Data Security

StanHattie LLC implements industry-standard security measures across all products:

• All data encrypted in transit via HTTPS/TLS
• Database encryption at rest with automatic daily backups
• Authentication via Keycloak SSO with WebAuthn (passkey) support
• Security headers enforced on all responses (CSP, HSTS, X-Frame-Options)
• Rate limiting on all public and authentication endpoints
• Regular dependency auditing for known vulnerabilities

Contact

For compliance inquiries, data privacy agreements, or to report a concern:

StanHattie LLC
731 SE Alices Rd PMB 1035
Waukee, IA 50263
support@stanhattie.com
(833) 278-5002