TranscriptBridge

    Privacy Notice

    Last updated: May 13, 2026

    This Privacy Notice describes how Visionation, Inc. ("Visionation," "we," "us," or "our") collects, uses, and shares personal data in connection with the TranscriptBridge service (the "Service"). Visionation is the data controller for the personal data described here.

    0. Our commitment to student data (FERPA posture)

    TranscriptBridge is designed so that student personal information never touches our servers. When a student uses a branded portal to request a transcript:

    • Student-entered fields (name, date of birth, student ID, dates of attendance, signature, recipient details) are collected, validated, and assembled entirely in the student's browser.
    • Cover sheets and request PDFs are generated client-side using in-browser PDF tooling. The resulting file is downloaded directly by the student or attached to a mail-client (mailto) message — it is not uploaded to, stored on, or transmitted through our infrastructure.
    • When a tenant has enabled request notifications, we send the tenant a metadata-only alert containing only the sending institution name, the chosen delivery method, and a timestamp. No student name, contact details, identifiers, or signature is included in the notification or written to our database.
    • We do not act as a "school official" under FERPA and we do not maintain education records on behalf of any institution. Tenants remain solely responsible for the handling of any student records they receive through their own intake channels.

    1. Personal data we collect

    We collect the following categories of personal data:

    • Account data — name, email address, password (hashed), organization, and role. Collected when you create an account or are invited to one.
    • Customer Content — content you submit to the Service, such as branding assets, registrar configurations, and tenant settings.
    • Lookup and search data — search queries, selected universities, referrer URL, and a session identifier from end-users of branded portals. Used to provide the Service and produce attribution analytics.
    • Support data — messages, attachments, and feedback you submit to us.
    • Usage and device data — IP address, browser and device identifiers, operating system, pages visited, and timestamps. Collected automatically through cookies and similar technologies.
    • Billing identifiers — Paddle customer and subscription IDs, plan, status, and renewal date. Note: payment card details are collected and processed by Paddle directly; we do not receive or store them.

    2. How we use personal data

    • to create and operate accounts and provide the Service (legal basis: performance of a contract);
    • to provide branded portals and route transcript requests (performance of a contract);
    • to communicate with you about the Service, including service announcements (performance of a contract / legitimate interests);
    • to provide customer support (performance of a contract);
    • to monitor, secure, and improve the Service and prevent fraud or abuse (legitimate interests);
    • to comply with legal obligations, such as tax and accounting requirements (legal obligation);
    • to send marketing communications, where you have given consent or where permitted by law (consent / legitimate interests). You can opt out at any time.

    3. How we share personal data

    We share personal data with:

    • Service providers / sub-processors we use to run the Service, including cloud hosting and database providers, error-monitoring tools, analytics providers, customer-support tooling, and email delivery providers. They process personal data on our behalf and under contract.
    • Merchant of Record (Paddle) — Paddle.com Market Limited acts as the Merchant of Record for sales of the Service. Paddle processes personal data to take payment, manage subscriptions, calculate and remit taxes, issue invoices, and handle refunds and chargebacks. See Paddle's Privacy Notice.
    • Tenants and their administrators — if you use a branded portal, the tenant operating that portal may receive limited data about your interactions (university lookups, request submissions, feedback) for their own use.
    • Professional advisers — accountants, auditors, and lawyers, where reasonably necessary.
    • Authorities and other parties, where required by law, in connection with legal process, or to protect the rights, property, or safety of Visionation, our users, or the public.
    • Successors — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality obligations.

    We do not sell personal data.

    4. International transfers

    We are based in the United States and our service providers may be located in other countries. Where personal data is transferred from the UK or EEA to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum.

    5. Data retention

    We retain personal data for as long as needed to provide the Service and for the legitimate business or legal purposes described above. Account data is retained for the duration of your account and for a reasonable period afterward. Lookup and search data is retained for up to twenty-four (24) months for analytics and abuse prevention, then deleted or aggregated. Billing records are retained for the period required by tax and accounting law (typically seven years).

    6. Your rights

    Depending on where you live, you may have the right to: access the personal data we hold about you; correct inaccurate data; request deletion; restrict or object to certain processing; receive your data in a portable format; and withdraw consent for any processing based on consent. You may also lodge a complaint with a supervisory authority in your country.

    California residents have additional rights under the CCPA/CPRA, including the right to know what personal data we collect and disclose, the right to correct or delete personal data, and the right to non-discrimination for exercising these rights. We do not "sell" or "share" personal data as those terms are defined under California law.

    To exercise your rights, contact us at privacy@transcriptbridge.com. We will respond within the period required by applicable law (typically one month).

    7. Security

    We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, isolated tenant environments, and logging. No system is completely secure, and we cannot guarantee the absolute security of personal data.

    8. Cookies and similar technologies

    We use strictly necessary cookies to operate the Service (for example, to keep you signed in). We may also use analytics cookies to understand how the Service is used and to improve it. Where required by law, we ask for your consent before setting non-essential cookies, and you can change your preferences at any time using your browser settings.

    9. Children

    The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us.

    10. Changes to this notice

    We may update this Privacy Notice from time to time. If we make material changes, we will notify you through the Service or by email.

    11. Contact us

    Visionation, Inc.
    7512 Dr. Phillips Blvd, Suite 50-937
    Orlando, FL 32819, USA
    Email: privacy@transcriptbridge.com