What we collect, and how we protect it.

Flock is used by schools, districts, and youth-travel organizations. The school or organization is the owner of its data and decides who may access it. Flock acts as a service provider that processes this information on the organization's behalf and under its direction.

This policy applies to the Flock web dashboard, the Flock mobile app, and the public medical-confirmation page we provide for parents and guardians.

We collect only what the trip-safety job requires:

• —Account information. Name, email address, role (trip leader, nurse, chaperone, org admin), and a device push-notification token if you enable alerts.
• —Roster information. Student first and last name, date of birth, dietary restrictions, and an optional photo, as provided by the school.
• —Medical information. Allergies, medical conditions, medications, care plans, emergency instructions, over-the-counter consent, and related notes — entered by school staff or confirmed by a parent or guardian.
• —Emergency contacts. Names, relationships, and phone numbers for the people a student lists.
• —Location information. Precise device location is collected only while a trip is active (between its start and end dates) and only for members who share it, so staff can see the group on a map and respond to an SOS. We do not track location outside the trip window.
• —Communications. Messages and announcements sent within a trip's chat.
• —SOS records. When someone triggers an SOS, we record the alert, the location at that moment, and the steps staff take to resolve it.
• —Verification and audit data. To confirm a parent or guardian on the public medical page, we send a one-time code by SMS or voice call to a contact number on file. We keep an access log of medical views and confirmations, storing a one-way hash of the IP address and browser — never the raw values, and never the verification code or full phone number in plain logs.
• —Billing information. Organization billing is handled by our payments processor. Flock stores invoice and subscription status, not full card numbers.

We use this information to operate the service: to show staff who is on a trip and where the group is, to surface medical context to the right people during an emergency, to deliver SOS alerts and messages, to confirm medical records with parents, and to bill organizations for their plan.

We do not sell personal information. We do not use student data for advertising, and we do not build advertising profiles. Student information is used only to provide the service to the school.

Access is scoped by role and by trip. A staff member can only see students on trips they are part of. Full medical records are limited to nurses and trip leaders; chaperones see critical alerts only. Each organization's data is isolated from every other organization. Medical access is recorded in an audit log.

We share data with a small set of vetted processors strictly to run the service. Each handles only what its function requires:

We may also disclose information if required by law, or to protect the safety of a student or other person.

For school customers, student information may constitute education records under FERPA. Flock acts as a "school official" with a legitimate educational interest, processing this data only to provide the service and only under the school's direction. We do not re-disclose student records except as the school instructs or the law requires.

Flock is provided to schools and organizations for use with the students in their care; it is not directed to children for independent sign-up. Schools are responsible for providing any notices and obtaining any consents their policies and applicable law require. We collect children's information only as needed to deliver the service to the school.

We retain information for as long as the organization's account is active and as needed to provide the service. Live location points are short-lived and tied to the active trip window. When an organization ends its relationship with Flock, we delete or return its data on request, subject to any retention the law requires.

Data is encrypted in transit. Access is enforced at the database level by row-level security, so the rules above are applied on every request, not just in the interface. The public medical page requires one-time-code verification before any record is shown, rate-limits attempts, and logs every access. Privileged keys are kept server-side and never exposed to browsers or apps.

Depending on where you live, you may have the right to access, correct, or delete your personal information, or to ask how it is used. Medical and roster records are owned by the school, so we will route those requests to the relevant organization. You can delete your own account and associated personal data from within the app, or by contacting us.

To make a request, email support@getflock.co.

We may update this policy as the service evolves. When we make a material change, we will update the date above and, where appropriate, notify organizations directly.

Questions about privacy, or a request about your data? Email support@getflock.co and a real person will respond.