Data Privacy Policy

Last Updated 8/16/23

Policy Statement

Penji is committed to protecting the privacy and confidentiality of Personal Information about its employees, customers, business partners and other identifiable individuals. Penji’s policies, guidelines and actions support this commitment to protecting Personal Information.  Each employee bears a personal responsibility for complying with this Policy in the fulfillment of their responsibilities at Penji.


This Policy sets the minimum standard and shall guide all Penji employees and Agents even if local law is less restrictive. Supplemental policies and practices will be developed as needed to meet the local legal or departmental requirements. Supplemental policies and practices may provide for more strict or specific privacy and protection standards than are set forth in this Policy.

Policy Details

Penji respects the privacy of its employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees and candidates for employment and recognizes the need for appropriate protection and management of Personal Information. Penji is guided by the following principles in processing Personal Information:

  • Notice
  • Choice
  • Accountability for onward transfer
  • Security
  • Data integrity and purpose limitation
  • Access
  • Recourse, Enforcement and Liability


When collecting Personal Information directly from individuals, Penji strives to provide clear and appropriate notice about the:

  • Purposes for which it collects and uses their Personal Information,
  • Types of non-Agent third parties to which Penji may disclose that information, and
  • Choices and means, if any, Penji offers individuals for limiting the use and disclosure of their Personal Information.


Generally, Penji offers individuals a choice regarding how we process Personal Information, including the opportunity to choose to opt-out of further Processing or, in certain circumstances, to opt-in. However, explicit consent from individuals is not required when Processing Personal Information for:

  • Purposes consistent with the purpose for which it was originally collected or subsequently authorized by the individual
  • Purposes necessary to carry out a transaction relationship
  • Purposes necessary to comply with legal requirements

Accountability for Onward Transfer

In regard to the transfer of Personal Information to either an Agent or Controller, Penji strives to take reasonable and appropriate steps to:

  • Transfer such Personal Information only for specified purposes and limit the Agent or Controller’s use of that information for those specified purposes
  • Obligate the Agent or Controller to provide at least the same level of privacy protection as is required by this Policy
  • Help ensure that the Agent or Controller effectively Processes the Personal Information in a manner consistent with its obligations under this Policy
  • Require the Agent or Controller to notify Penji if the Agent or Controller determines it can no longer meet its obligation to provide the same level of protection as is required by this Policy
  • Upon notice from the Agent or Controller, take further steps to help stop and remediate any unauthorized Processing


Penji takes reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Information.

Reporting a Vulnerability

We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. To report a security issue, email and include the word "SECURITY" in the subject line. The Penji team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Data Integrity and Purpose Limitation

Penji will only Process Personal Information in a way that is compatible with the purpose for which it has been collected or subsequently authorized by the individual. Penji shall take steps to help ensure that Personal Information is accurate, reliable, current and relevant to its intended use.


Penji provides individuals with reasonable access to their Personal Information for purposes of correcting, amending or deleting that information where it is inaccurate or has been Processed in violation of the Penji data privacy principles.


The parties acknowledge that (a) Customer Data may include personally identifiable information from education records that are subject to FERPA ("FERPA Records"); and (b) to the extent that Customer Data includes FERPA Records, Penji will be considered a "School Official" (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.

Recourse, Enforcement and Liability

Violation of this Policy by an employee or contractor of Penji will result in appropriate discipline up to and including termination. Violation by an Agent, Controller or other third party of this Policy or Penji’s privacy requirements will result in the exercise of appropriate legal remedies available at law or in equity including termination for material breach of contract.

Purpose of Collecting and Use of Personal Information

Penji may from time to time Process certain Personal Information from or about employees and third parties such as customers, business partners, vendors, service providers, suppliers, former employees and candidates for employment, including information recorded on various media as well as electronic data.

Penji will use that Personal Information to provide customers, business partners, vendors, service partners and suppliers with information and services and to help Penji personnel better understand the needs and interests of these customers, business partners, vendors, service partners and suppliers. Specifically, Penji uses information to connect Users for purposes relating to teaching and learning, to facilitate communication, to coordinate scheduling decisions and tutoring appointments, to deliver relevant content to Users, to bill for purchased products/services, and to provide ongoing service and support. Occasionally Penji personnel may use Personal Information to contact customers, business partners, vendors, service partners and suppliers to complete surveys that are used for marketing and quality assurance purposes, but only after obtaining the written consent of the party concerned.

Penji may also share Personal Information with its business partners, vendors, service providers and suppliers to the extent needed to support the customers' business needs relating to the core services offered by Penji - support services for student Users and management of the Penji Platform for Administrators. Suppliers are required to keep confidential Personal Information received from Penji and shall not use it for any purpose other than as originally intended or subsequently authorized or permitted.

Data Deletion

Unless otherwise noted below, 90 days after your Account for one of the Services is cancelled or terminated; or 270 days after your trial has ended for the Service, a process will begin that permanently deletes your Service Data.

Penji assesses all data collected on our platform and sorts the data into “confidentiality levels”, identifying as either Sensitive Data or Standard Data. These two categories drive the policies that are followed in data deletion.

The following Data Sanitization policies are followed in regards to our two data categories:

  • Sensitive Data
    Sensitive Data will be rendered unusable by any party upon deletion. For data stored on physical mediums like an employee’s hard drive, all data will be deleted following the Purge protocol as identified by NIST SP 800-88, and will use DBAN from Blancco to perform this operation. Finally, data deletion is Verified using the same DBAN by Blancco software in which the drive or data store in question is checked for the ability to access the sanitized data.
  • Standard Data
    Standard Data will be deleted from physical devices but still may be retrievable in extreme cases. This data type will rely on the Clear method as identified by NIST SP 800-88, and will use standard overwrite methods found on the device in question, usually through the computers’ native operating system.

Data Deletion Timeline for Structured Service Data

Structured Service Data is data in your Account for a Service that is viewable within the Service. Most Structured Service Data falls into standard data, and includes items like a users’ name, major, profile picture, and other public-facing profile information. Session Data, however, falls under sensitive data.

The following table details the types of Structured Service Data in the Service, and the associated deletion details once the deletion process has commenced:

  1. User Data: 40 days
  2. Community Data: 40 days
  3. Session Data: 40 days

Data Deletion Timeline For Unstructured Service Data

Unstructured Service Data is Service Data that cannot be viewed by Subscriber in the Service and includes Service Data that, for example, is maintained in backups, logs and search indices. Unstructured Service Data is deleted according to the deletion timeline described below.

  1. Backups: 365 days
  2. Logs: 90 days

Schedule a demo

This won’t be sitting through a boring slideshow - we like to ask questions, learn about your workflows and pain points, and get creative with proposing meaningful solutions.