Sign in as

ParentTrack your child’s busSchool or districtManage routes & drivers
Request a demo

Trust center

Built around student privacy from day one.

A child’s location is the most sensitive data a school holds. Every architectural decision in NextStop — closed enrollment, relationship-derived access, US-only data residency — was made with FERPA, district policy, and student safety in mind.

SOC 2

SOC 2 Type II In progress

Annual independent audit covering security, availability, and confidentiality. Report under NDA.

FERPA

FERPA-aligned

Operates as a school official under the FERPA school official exception. Data scoped to the parent–student relationship.

COPPA

COPPA-compliant

No data collected directly from children. The product is a tool for the school and the parent — never marketed to students.

SDPC

SDPC National DPA

Signed out of the box. State-specific addenda for CA (SOPIPA), NY (Ed Law 2-d), IL (SOPPA), TX (HB 1530).

01 — Closed enrollment

Parents don’t sign themselves up.

Most school products start with an open signup form — anyone can register. That doesn’t work for student location data. NextStop only knows about a parent if their school told us about them.

When a school uploads its roster, every parent’s email is recorded alongside their child. The first time a parent opens the app, we match that email against the school’s file. No match means no account. There is no public registration page.

SchoolRoster uploadparent emails
+ child recordsNextStopVerified recordsclosed list,
not searchable
ParentOpens the appenters their
work emailMatch checkEmail on file?yes → access scoped
no → rejected

02 — Data practices

What we collect, how we store it, who can see it.

What we collect

  • Student name, grade, school, route assignment — from the school’s roster.
  • Parent name, email, optional phone — from the school’s roster.
  • Bus GPS coordinates during scheduled runs only — from the bus hardware or driver phone.
  • Driver shift start/end and stop confirmations — from the driver app.

What we don’t collect

  • Anything from a student’s device. Students don’t use the app.
  • Parent location.
  • Behavioral analytics for advertising. There’s no third-party ad SDK in the product.

How we store it

  • US-region cloud only (AWS us-east-1 + us-west-2). No cross-border replication.
  • AES-256 at rest. TLS 1.3 in transit. Field-level encryption for PII columns.
  • GPS history retained for 90 days — long enough to answer incident questions, short enough to limit exposure.
  • Roster data deleted on request, within 30 days, district-wide.

Who can see it

  • Parents: their own child’s route & ETA, and the driver’s name. Nothing else.
  • Drivers: their assigned route, today’s roster, broadcast tools. Not historical data.
  • School admins: their school’s data only.
  • NextStop staff: production access is audited, ephemeral, and gated by ticket.

03 — Subprocessors

The short list of vendors that touch your data.

A small list, by design. Each entry is reviewed annually and disclosed under your DPA. Material changes are announced at least 30 days in advance.

Vendor

Purpose

Data category

Region

Railway

Backend & database hosting

All application data

US (us-west-2)

Vercel

Web & dashboard hosting

None (static assets only)

US edge

Amazon Web Services

File storage (S3)

Uploaded documents

US (us-east-1)

Google Firebase (FCM)

Push notifications

Device token only

US

Twilio

SMS delivery

Parent phone (opt-in only)

US

Resend

Transactional email

Parent email + child name

US

Mapbox

Map tiles, geocoding

Stop coordinates only

US

Sentry

Error monitoring

Logs — PII scrubbed

US

04 — Incident response

If something goes wrong, schools hear from us first.

We’ll notify your designated security contact within 72 hours of a confirmed incident — faster for anything involving student data — with the scope, the timeline, and our plan.

  • 24/7 paging

    On-call rotation for security events, year-round.

  • 72-hour notification SLA

    Confirmed incidents notified to designated school contacts within 72 hours.

  • Quarterly tabletop

    We run an incident simulation every quarter. Findings drive product changes.

  • Annual pen test

    External penetration test, report available under NDA.

05 — Documents

Read the policies, or send them to procurement.

Security overview

8-page summary of controls, suitable for procurement review.

PDF · 1.2 MB

FERPA & privacy policy

How we operate under the FERPA school-official exception.

PDF · 720 KB

SDPC National DPA

Pre-signed Data Privacy Agreement, with state addenda available.

PDF · 480 KB

SOC 2 Type II report In progress

Available under mutual NDA. Request a copy from your account contact.

Under NDA

Security questions? Email security@getnextstop.app · we respond within one business day.