We are dedicated to safeguarding the information within our systems by adhering to industry best practices and guidelines, including those set by the National Institute of Standards and Technology (NIST) and the Center for Internet Security. Our security measures encompass robust encryption protocols, continuous monitoring, and regular assessments (the latest of which was conducted by an independent agency in 2024) to ensure the integrity, confidentiality, and availability of our data. We are committed to maintaining the highest level of security to protect against emerging threats and ensure the safety of the institutions' and their students' information.

The MAP platform is hosted in a secure FERPA-compliant, Microsoft Azure cloud environment, and the following best practices for data governance are in place:

• Security protocols are utilized, and MAP SSL certificate and data encryption routines protect all student personal identifiable information (PII).
• The Server Firewall has been configured to secure both the QA Training and Production platforms; database and network security access have been configured.
• MAP Administrator and Ambassador accounts have been configured to give or restrict access to the platform.
• A security governance framework is in place to ensure that procedural, personnel, physical, and technical controls remain effective through the platform's lifetime and in response to changes in threat and technology developments.
• The MAP platform uses the Microsoft Azure Antimalware, which runs in real-time and provides protection that helps prevent, identify, and remove viruses, spyware, and other malicious software.
• MAP has embedded a security validation routine that alerts users when they are accessing copies of student documentation containing personal identifying information.

Mapping Articulated Pathways (MAP)

Last Updated: 02/28/2025

INTRODUCTION

This Privacy Notice explains how ITPI ("We","Us") collects, uses, shares, and protects personal data when you use our Azure-hosted application Mapping Articulated Pathways ("The Application"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

INFORMATION WE COLLECT

Information You Provide to Us

• Account information (name, email address, contact details).
• Profile and role information you choose to add to your account.
• Content and data you upload, provide, or create while using the Application.
• Communication data when you contact our support team.

Information We Collect Automatically

• Usage data (features accessed, buttons clicked, actions taken).
• Log data (IP address, browser type, device information).
• Performance data (crash reports, load times).
• Session variables and similar tracking technologies.

HOW WE USE YOUR INFORMATION

We use your personal data for the following purposes:

• Providing and maintaining the Application and its functionalities.
• Improving and optimizing the Application's performance and user experience.
• Detecting and preventing security incidents and protecting against malicious activities.
• Communicating with you about the Application, including updates and support.
• Complying with legal obligations and enforcing our terms.

DATA STORAGE AND RETENTION

Azure Data Centers:

Your data is stored in Microsoft Azure data centers located in "West US and East US".

Data Retention:

We retain your personal data for as long as necessary to fulfill the purposes described in this notice, unless a longer retention period is required by law. When data is no longer needed, it is securely deleted or anonymized.

DATA SHARING AND DISCLOSURE

We may share your information with:

• Microsoft as our cloud service provider (subject to appropriate safeguards).
• Third-party service providers who help us operate our Application (e.g., analytics, customer support).
• Law enforcement agencies or other public authorities when required by law.

We do not sell your personal data to third parties.

INTERNATIONAL DATA TRANSFERS

We do not transfer your personal data outside USA or the regions where our Azure data centers are located, we implement appropriate safeguards in accordance with applicable data protection laws, including:

• Standard Contractual Clauses approved by the state of California.
• Data Transfer Impact Assessments.
• Additional technical and organizational measures as necessary.

YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

• Access and obtain a copy of your data.
• Correct inaccurate data.
• Delete your personal data.
• Data portability (receive your data n a structured, commonly used format).
• Withdraw consent (where processing is based on consent).
• Exercise such other rights and choices as may be afforded to you under applicable US state privacy laws and regulations.

To exercise these rights, please contact us using the details provided in the Contact Us Section.

DATA SECURITY

The security, integrity, and confidentiality of your data are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods, including:

• Encryption of data in transit and at rest.
• Access controls and authentication mechanisms.
• Regular security assessments and audits.
• Microsoft Azure's comprehensive security controls.
• Withdraw consent (where processing is based on consent).
• Staff training on data protection and security.

CHILDREN'S PRIVACY

The Application is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes through the Application or via email.

AZURE-SPECIFIC PRIVACY INFORMATION

Microsoft as a Data Processor.

Microsoft acts as a data processor for any personal data processed through our Azure-hosted Application. For information about Microsoft's data processing activities and compliance commitments, please visit Microsoft's Trust Center(https://www.microsoft.com/en-us/trust-center).

Azure Monitoring and Diagnostics.

The Application uses Azure monitoring and diagnostic services to maintain performance and security. These services collect technical data about the Application's operation that may include limited personal data such as IP addresses>.

CONTACT US

If you have questions or concerns about this Privacy Notice or our privacy practices, please contact:

Data Protection Contact:

Alex Campos

ITPI - Chief Technology Officer.

Email: alex.campos@theinfotechpartners.com

Address: PO Box 292

Highland, CA 92346

MAP Project Manager:

Calvin Gloria

Veterans Resource Center

Email: Calvin.Gloria@norcocollege.edu

Address: 2001 Third Street

Norco, CA 92860