Absentry.
Privacy policy

Privacy policy.

A plain-English statement of what Absentry collects, why, and what choices you have. Where this policy uses words like "we" or "us," it refers to FORMA Group, a Texas-based company operating the Absentry service.

Last updated: May 21, 2026 · Version 1.0

Two kinds of data, two relationships

This policy describes two distinct ways Absentry handles data, because they are governed by different rules:

  1. Student data uploaded by your district. When a district uploads a PEIMS attendance roster, we hold that data on behalf of the district. The district is the "data controller" under privacy law; Absentry is the "data processor." Our handling of this data is governed primarily by FERPA, the district's Data Processing Agreement with us, and the security commitments at /security.
  2. Account and marketing data from individuals. When someone visits absentry.org, signs up for an account, or contacts us by email, we collect a small amount of data about them as an individual. That data is described below.

If you are evaluating Absentry on behalf of a school district, the security page is likely what you're looking for. If you are an individual visitor, the rest of this page is what applies to you.

Information we collect about individuals

We try to collect as little personal data as possible.

When you visit absentry.org

  • Standard web-server logs (your IP address, browser type, the page you requested, the time of the request). Retained for 30 days for operational purposes (debugging, abuse prevention).
  • No tracking cookies. We do not use Google Analytics, Facebook Pixel, or any other third-party tracker on the marketing site.
  • No advertising identifiers. We do not retarget visitors or run paid ads against your visit.

When you sign up for an account

  • Your name, work email, and chosen password (hashed — see /security).
  • The district name you provide.
  • Optionally, a job title you enter (counselor, attendance officer, etc.) — this is displayed only and does not affect what you can see.
  • The time you log in and the IP address of each login (kept in a session record).

When you email us

  • Your email address, name, and the contents of your message.
  • If we reply, our reply and any follow-up correspondence.

How we use your information

  • To run the service. Authenticate you, scope what you can see, log audit events, send transactional notifications related to your account.
  • To respond to you. Reply to your support emails, schedule demos, send invoices and renewals.
  • To improve the service. Aggregate, de-identified usage metrics (e.g., "this many districts signed up last month") to inform product decisions. We never use one customer's data to improve another customer's experience.
  • To comply with law. Respond to valid legal process, defend our rights, prevent abuse.

What we do not do:

  • We do not sell your personal information.
  • We do not share your personal information with third-party advertisers or data brokers.
  • We do not train artificial intelligence or machine learning models on one district's data for the benefit of another. Algorithm updates use research-derived weights and statewide public data, not customer data.

Cookies and similar technologies

The marketing site (absentry.org) sets no cookies. Web fonts are loaded from Google Fonts, which may set its own technical cookies — see Google's privacy policy.

The application (app.absentry.org) sets one cookie:

  • Session cookie. An httpOnly cookie containing a random session identifier. Expires after 30 days of inactivity. Used solely to keep you signed in. Set with the Secure and SameSite=Lax attributes.

We do not use third-party analytics, advertising, or behavioral tracking cookies anywhere in our service.

Service providers (sub-processors)

We use the following service providers to operate Absentry. Each is contractually bound to protect data it receives on our behalf. See the security page for the full table of what each provider does and what data they touch.

  • Railway.com — application and database hosting.
  • Netlify — marketing-site hosting (no customer data).
  • GitHub — source code (no customer data).
  • Google Fonts — web font delivery.

We will update the sub-processor list when it changes. Districts on annual paid plans will be notified by email before changes take effect.

Your rights

Regardless of where you live, you have the right to:

  • Know what we have. Email privacy@formagroup.net and we will tell you what personal data we hold about you.
  • Correct it. Tell us what's wrong and we will fix it.
  • Delete it. Ask us to remove your personal data and we will do so within 30 days, except where we are legally required to keep records (e.g., for invoicing or audit purposes).
  • Take it with you. Request an export of your data in a machine-readable format.
  • Stop hearing from us. Unsubscribe from any marketing email (we send very few; mostly transactional account messages).

Residents of California, Texas (effective 2024 under the Texas Data Privacy and Security Act), Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have additional rights under their state's law. Email us to exercise them and we will respond within the statutory window.

Student data is the district's data

If your district uses Absentry, student records that get uploaded are governed by FERPA, the district's Data Processing Agreement with FORMA Group, and the practices described on the security page. To summarize the rules that apply to that data:

  • We process student data only on the district's instructions.
  • We do not sell student data, ever.
  • We do not use student data for advertising or marketing.
  • We do not use student data from one district to benefit another district.
  • The district can ask us to export or delete its student data at any time.

If you are a parent or student and want to inquire about your record specifically, contact your district directly — they are the owner of the record. We can only act on the district's instructions.

Children's data

Absentry processes data about students, some of whom are under 13. We do so under the district's authority and under FERPA's "school official" exception, which permits the district to share student data with a vendor performing services on its behalf. We do not have a direct relationship with students or their parents.

We do not knowingly collect information directly from any child under 13. The Absentry application requires login, and login is restricted to district-invited staff users.

Security

How we protect data is described in detail on the security page. Briefly: data is encrypted in transit (TLS) and at rest (AES-256), multi-tenant isolation is enforced at every API request, and we maintain an incident-response process described at /security#incident-response.

No system can be guaranteed completely secure. If you believe your account has been compromised, email security@formagroup.net immediately.

Changes to this policy

If we materially change this policy, we will:

  • Update the "last updated" date at the top of this page.
  • Increment the version number.
  • Email all account holders at least 30 days before the change takes effect (for material changes).
  • Keep the previous version available on request.

How to reach us

FORMA Group · El Paso, Texas