Parnassus Preparatory Academy Privacy Policy

Effective Date: March 14, 2026

1. Information We Collect
We collect personal information from parents/guardians and students as part of enrollment and payment processing, including:

  • Student name and grade

  • Parent/guardian name and contact information

  • Payment information (bank account/ACH details or credit card)

2. How We Use Your Information

  • To process tuition and participation fees

  • To manage withdrawals or unpaid balances

  • To communicate important information regarding enrollment and classes

3. How We Store Your Information

  • Payment information is securely stored by Stripe, a PCI-compliant payment processor.

  • PPA staff have limited access to administrative records and do not store full bank account numbers.

  • Data is retained only as long as necessary to process payments or comply with legal obligations.

4. Your Rights
Parents/guardians may request access to, correction of, or deletion of personal and payment information. Requests can be submitted to:

admin@parnassusprepacademy.org

5. Security Practices

  • Access to sensitive data is limited to authorized PPA staff

  • Stripe and Plaid securely encrypt all financial data in transit and at rest

  • Staff accounts are protected with multi-factor authentication (MFA)

6. Changes to This Privacy Policy
PPA may update this policy from time to time. The most current version will always be published at:

https://www.parnassusprepacademy.org/privacy-policy

7. Contact Us
For questions regarding this policy or your data, please contact:

Shawna Christensen, Founder/Executive Director
shawna@parnassusprepacademy.org

Data Retention and Deletion Policy

Purpose:
This policy outlines how [Your Company Name] collects, retains, and securely deletes personal and sensitive data to comply with applicable data privacy laws.

Scope:
Applies to all data collected, processed, and stored by [Your Company Name], including customer, employee, and vendor data.

Data Retention:

  • Personal data is retained only as long as necessary to fulfill the purpose it was collected for, comply with legal obligations, or enforce agreements.

  • Specific retention periods:

    • Customer payment information: 7 years (or as required by law)

    • Contact information (emails, phone numbers): 3 years after last interaction

    • Employee records: as required by employment law

    • Marketing data: 2 years from last engagement

Data Deletion:

  • Data no longer required is securely deleted or anonymized using industry-standard methods.

  • Only authorized personnel may perform deletion operations.

Policy Review:

  • This policy is reviewed at least annually or whenever legal/regulatory requirements change.

Compliance:

  • All staff are trained to follow this policy.

  • Violations may result in disciplinary action and reporting to appropriate authorities if required.