Graduation Management Services

Uncompromising privacy and data protections

Privacy Policy

Your privacy and data rights are extremely important to us. Our guiding policy is to respect your privacy regarding any information we collect from you through Tassel Turner services, and to fully comply with international laws and regulations

Contacting us

If you have any questions about how we handle user data and personal information, or any concerns about the practices of or your dealings with a tasselturner.com service, please contact our DPO at dpo@bellwethersystems.com.

What we collect

Our policy is to only collect and retain as much data as needed for specific services,

You do not need to allow cookies or provide personal information in to access the tasselturner.com website. The following basic information is indirectly collected in our system logs when using the Tassel Turner platform. We may use this information internally to improve the platform, or in rare cases for auditability purposes.

  • IP address
  • browser profile
  • page requests

For platform users such as students and staff, we only collect the necessary data to provide the requested platform services. The exact data collected on the platform will be configured by an authorized system administrator. This may include Personal Identifiable Information (PII) for students and other users.

  • biographical data
  • demographic data
  • academic records
  • contact information
  • user communications
  • authentication credentials

For accountability, customer support, and auditing purposes, detailed user activity is tracked. This includes author, time, and location data for general data interactions.

  • data creation actions
  • data viewing actions
  • data modification actions
  • data deletion actions

When we access your data

We avoid accessing your data as much as possible, but there are a few cases where we will need to do so.

  • For troubleshooting and customer support:
    We try to rely on system logs and root cause analysis, but some types of issues are data-driven and requiry us to access your data.
  • As an incident prevention or response action:
    We may access your data to remediate a time-sensitive security incident or other disaster that could impact system availability or data integrity.
  • When required by law:
    If compelled by legal process or in the event of an emergency request we may be forced to access your data on behalf of law enforcement services.

Whenever possible we seek your express consent before accessing any data you have created using the platform. Whenever our support agents access your data all activity is logged, and generally performed using a read-only technical support user controlled by your system administrator.

We may on occasion review aggregate system metrics, request logs, or network data in order to improve the platform or address service issues.

How to control your information

As a Tassel Turner user you can control how your private information is used in several ways.

  • Limit your session cookies
  • Opt out of emails, SMS, and other platform communications
  • View and export any personal data collected in the platform
  • Remove or decline to supply optional user information

As a Tassel Turner administrator you can configure precise roles and permissions, enable and disable functionality, and customize the platform to support your institution’s data collection needs and obligations.

Mobile and Desktop Privacy

Companion applications for Tassel Turner on mobile and desktop platforms do not harvest or otherwise collect user or system data. Mobile applications do not require any extra permissions, and desktop applications do not require any administrative privileges. For some optional features, the applications require access to the internet for non-personal service authentication with platform APIs.

Data Retention

We only retain your data in the platform for as long as necessary to serve the purpose for which it was collected or to comply with legal or regulatory requirements.

The Tassel Turner platform allows you to delete your data at any time, and create your own retention policy schedules for automatic deletion. When your Tassel Turner contract concludes, we will delete all your platform data, including backups and logs.

Data Sharing

We do not sell, trade, lease, or otherwise share your data with any third party, and have designed the platform for secure isolation and data ownership rights in mind.

Integrations

When using the Tassel Turner platform to integrate with other services, you may exchange Tassel Turner data with those external services. For example, by authenticating with a single-sign-on service or configuring social media web hooks. Please be aware that we cannot control the security and integrity of your data outside of our platform.

The tasselturner.com site and other platform sites may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies or action/inaction.

Laws and Regulations

Tassel Turner follows a shared responsibility model common to software as a service (SaaS) environments. While the infrastructure and workload responsibilities are sustained by us, our clients are necessarily responsible for other areas of the platform, specifically in regard to the ownership of data, user consent, and freedom of information laws.

We comply with GDPR, the CPA, the CCPA, and many other regulations, frameworks, and best practices.

Data Disclosure

Bellwether Inc. is incorporated in the state of Florida and subject to US law. To date Bellwether has never been served a subpoena, FISA order, or National Security Letter to access Tassel Turner user data.

Data Residency:

All platform data storage and processing can be strictly limited to your institution’s authorized legal territories. The platform infrastructure is designed around regional portability and can be hosted to comply with data residency laws.

Organizational Policies

When your institution does contracts with Tassel Turner we require the contact information of the relevant appointed agents which we may store in third party business systems, for example for invoicing, bug reports, or CRM.

At your request, we will designate an individual data protection officer as a contact point for all data privacy concerns and communications.

Voluntary Correspondence

When you contact us with questions, a support request, or for other correspondence, we keep a record of those communications (including your contact information) for future reference when replying to further correspondence.

Data Processing Addendum

We are happy to sign an applicable Data Processing Addendum (DPA) or similar agreement to help your institution comply with its data governance obligations.

Data Ownership Continuity

We do not intend to ever terminate, sell, or transfer ownership of the Tassel Turner platform and services. However, in the unlikely event this occurs we will notify all affected parties and provide a generous grace period to remove and/or migrate any data.

Policy Changes

We reserve the right to change this policy from time to time, in which case the changes will be noted below. In the case of a meaningful change we will aim to proactively notify any affected parties and include a prominent notice on this website.

  • 2022, July 23 - added policy details on data collection and use.
  • 2019, December 30 - policy became effective.
Secure Architecture Regulatory Compliance