Privacy Policy

Monte (“we,” “us,” or “our”) provides a communication and school-management platform designed specifically for Montessori schools, their educators (“Guides”), and the families they serve. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use the Monte application and website (collectively, the “Service”).

We take the privacy of children seriously. Monte is designed so that children never interact directly with the Service. All child-related data is entered by authorized school staff or parents/guardians.

• School — a Montessori school, program, or childcare center that has an active Monte subscription.
• Guide — a teacher, administrator, or staff member authorized by a School to use the Service.
• Parent — a parent or legal guardian who accesses the Service through an invitation from a School.
• Child Data — personal information about a child enrolled at a School, including observations, photos, developmental records, and daily activity logs.
• Education Records — records directly related to a student and maintained by the School or by Monte on behalf of the School, as defined by FERPA.

3.1 Information provided by Schools & Guides

• School name, address, and licensing information
• Guide names, email addresses, and roles
• Classroom rosters and enrollment data
• Observations, lesson records, and curriculum progress
• Photos and videos of children’s work and activities
• Daily activity logs (meals, naps, etc. for younger children)
• Developmental and social-emotional notes

3.2 Information provided by Parents

• Parent/guardian name, email, and phone number
• Emergency contact information
• Child medical information and allergies (when entered by the parent)
• Messages and communications sent through the Service

3.3 Information collected automatically

• Device type, operating system, and browser
• IP address and approximate location (city/region level only)
• Usage data such as pages viewed, features used, and session duration
• Crash logs and performance data

We do not collect precise geolocation, biometric data, or behavioral advertising identifiers.

3.4 Marketing website signups

Visitors to our marketing website (montepals.com) may provide an email address to request early access. These addresses are stored in a Google Sheet (via the Google Sheets API) under our control and used only to contact that individual about Monte. They are never mixed with School or Child Data.

We use the information we collect solely to:

• Provide, maintain, and improve the Service
• Enable Schools to document observations and share updates with families
• Generate developmental portfolios and progress reports
• Facilitate parent-school communication
• Send transactional notifications (e.g., new observation shared, message received)
• Provide customer support
• Ensure security and prevent fraud
• Comply with legal obligations

We never use Child Data or Education Records for advertising, marketing, or building behavioral profiles. We do not sell personal information to anyone.

Monte complies with the Children’s Online Privacy Protection Act (COPPA). We do not collect personal information directly from children. All Child Data is entered by Guides or Parents — adults authorized by the School.

Under COPPA’s school-consent exception, the School may authorize Monte to collect Child Data for educational purposes on behalf of parents. Schools using Monte represent that they have provided appropriate notice to parents and obtained any required consents under COPPA and applicable state law.

We collect only the Child Data reasonably necessary to provide the Service. We retain Child Data only for as long as needed to fulfill the educational purpose for which it was collected, and we delete it when the School directs us to or when the School’s account is terminated.

Parents may review their child’s information within the app at any time, or request corrections or deletion by contacting their School or emailing us at privacy@montepals.com.

For Schools that are subject to the Family Educational Rights and Privacy Act (FERPA), Monte acts as a “school official” with a “legitimate educational interest” under 34 CFR § 99.31(a)(1). This means:

• Education Records are owned by the School, not by Monte.
• We use Education Records only to provide the Service as contracted by the School.
• We do not re-disclose Education Records except as directed by the School or required by law.
• We return or destroy Education Records at the end of the service relationship, per the School’s direction.

Parents’ rights under FERPA — including the right to inspect, review, and request amendment of their child’s Education Records — are exercised through the School. Monte supports Schools in fulfilling these obligations by providing data-access and export features.

We share personal information only in the following circumstances:

7.1 Subprocessors

We use a limited number of vendors (“subprocessors”) to deliver the Service. Each subprocessor has signed a data processing agreement with us, processes data solely on our behalf, and is subject to the same confidentiality and security obligations we commit to in this policy.

We will notify Schools by email at least 30 days before adding or materially changing a subprocessor that processes Child Data.

7.2 At the School’s direction

Schools may instruct us to share certain data with authorized third parties (e.g., a district office or an accreditation body). We act on these instructions only when they come from an authorized School administrator.

7.3 Legal requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Monte, our users, or the public.

7.4 Business transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity, subject to the same privacy commitments described in this policy.

We never sell, rent, or trade personal information. We never use Child Data for targeted advertising.

We protect your information using industry-standard measures, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls limiting data access to authorized personnel
• Audit logging of access to Child Data
• Secure cloud infrastructure hosted in the United States

No method of transmission or storage is 100% secure. If we become aware of a security breach affecting personal information, we will:

• Notify affected Schools by email within 72 hours of confirmation.
• Provide the information Schools need to meet their own state notification deadlines — for example, Illinois SOPPA (30 days to affected schools), New York Education Law § 2-d (prompt notification of parents), Connecticut PA 16-189 (notice to school and commissioner), and California SB 1177 (parent notice).
• Preserve relevant logs and evidence, coordinate with law enforcement where appropriate, and follow our internal breach response plan.

Consistent with the 2025 amendments to COPPA, we retain personal information only as long as reasonably necessary to provide the Service. The table below sets out our default retention periods. Schools may instruct us in writing to retain or delete data on a shorter or longer schedule to meet their own regulatory obligations.

• Upon School account termination, Schools may request a complete data export and we will deliver it within 30 business days. Once the export has been delivered (or 30 days have elapsed without a request), we delete all School data — including Child Data — within 30 days. Backup copies are purged within an additional 30 days (60 days total).
• Parents may request deletion of their own account and personal information at any time by contacting their School or emailing us at privacy@montepals.com.
• You can request deletion at any time at https://montepals.com/delete-account or by emailing privacy@montepals.com.
• We may retain anonymized, aggregated data that cannot identify any individual for product-improvement purposes.

Parents

• View your child’s observations, photos, and developmental records in the app at any time.
• Request correction of inaccurate information.
• Request deletion of your child’s data (processed through your School or directly via email).
• Opt out of non-essential push notifications in your device settings.

Schools

• Export all School data at any time via self-service tools.
• Delete individual child records or entire classroom data.
• Manage Guide and Parent access permissions.
• Request a copy of your Data Processing Agreement.

California residents

Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to know what personal information we collect, request its deletion, and opt out of its sale (we do not sell personal information). Education Records covered by FERPA are exempt from CCPA. To exercise your rights, email privacy@montepals.com.

European residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, Monte acts as a data processor on behalf of your School (the data controller). You have the right to access, rectify, erase, restrict processing of, and port your personal data. To exercise these rights, contact your School in the first instance, or reach us at privacy@montepals.com. We process data under Standard Contractual Clauses where international transfers are involved.

The Monte app uses only essential cookies required for authentication and session management. We do not use advertising cookies or cross-site tracking within the app.

Our marketing website (montepals.com) may use analytics cookies (e.g., to understand how visitors find us). You can manage cookie preferences through your browser settings. We honor Do Not Track signals.

In addition to California (section 10), we comply with applicable state student-privacy laws, including but not limited to:

• New York Education Law § 2-d — We provide a Parents’ Bill of Rights, enter into required data privacy agreements with New York schools, and comply with breach-notification requirements.
• Illinois SOPPA — We publish required data governance procedures and notify schools of any data breaches within 30 days.
• Colorado Student Data Transparency & Security Act — We maintain transparency about data collection and prohibit non-educational use of student data.
• Connecticut PA 16-189 — We do not use student data for targeted advertising and implement appropriate security measures.

If your state imposes additional requirements, please contact us and we will work with your school to ensure compliance.

We may update this Privacy Policy from time to time. If we make material changes, we will notify Schools via email and post a prominent notice in the app at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us:

• Email: privacy@montepals.com
• Mail:
  Monte, Attn: Privacy, 14322 High Point Rd, Hughesville, MO 65334

We aim to respond to all privacy inquiries within 30 days.