Privacy with padlock

Data Protection

DirectorySpot takes the privacy of your data very seriously and will never share, sell or redistribute your data to 3rd parties. Directory data is shared and accessible only by authorized users of that same directory.

Information we store

DirectorySpot requests information such as your name and email when signing up for a new directory. As the member of a directory additional information such as phone and mailing address may be included. If you use one of our school directories, student name, grade and teacher may also be included in the directory information.

How it is used

If you set up a new directory, the name and email address you provided will be used during your login to gain access to the directory. Your name and email will also be stored in our Customer Relationship Management system and will be used by our customer service team to assist you in getting started with your new directory and sharing product updates with you.

Contact and other information stored in a directory (ie. name, mailing address, notes, student grades, and teachers) is accessible by any other authorized user of that directory. Data is managed by anyone with administrative privileges to the directory. Data for a single contact or family record can also be managed by a user that has been given explicit access to only manage that record’s content.

Information stored about members of a directory is the sole responsibility of the directory administrator(s) and/or the person with explicit access to manage a single contact or family record.


DirectorySpot employs many different layers of protection to make sure the data you store with us is safe from unauthorized access. We employ a strong password hashing mechanism, encryption of data in transit and at rest, and real-time access management. You can read more about our different security strategies here

Payment Account Protection

DirectorySpot uses the vendor Intuit to process payment information. Your account information never passes through DirectorySpot. It is sent directly to Intuit for processing, and is protected by Intuit’s systems which adhere to the government regulations for the payment card industry. DirectorySpot receives a unique token from Intuit to request information about a payment including the payment amount, status and the last four digits of the account number.

DirectorySpot Assurances Related to the Family Educational Rights Privacy Act (FERPA)

DirectorySpot understands that many of its institutional and school clients are subject to the Family Educational Rights Privacy Act (“FERPA”) and provides this statement of its data protection practices to provide assurance to those clients.To the extent DirectorySpot receives from its clients education records (as that term is defined by FERPA), DirectorySpot notes that the client chooses what information to provide to DirectorySpot and also configures who—e.g., parents, teachers, staff, and students—has access to that information via the DirectorySpot product/system. In addition, DirectorySpot offers the following assurances:

  • DirectorySpot provides reasonable security for the education records (and the personally identifiable information contained therein) and only those DirectorySpot employees and agents with a “need to know” have access to the education records.
  • DirectorySpot does not use education records for any purpose other than the purposes for which the information was provided to DirectorySpot or in attempting to enhance the usability or efficacy of our products, services and systems.
  • DirectorySpot does not disclose education records to third parties, other than its agents and service providers, except at the direction of the client who provided the education records to DirectorySpot.
  • DirectorySpot’s agents and service providers use the education records only to perform services on DirectorySpot’s behalf.
  • DirectorySpot will permanently delete education records upon the written request of the client who provided the education records.
    • There are various circumstances when DirectorySpot may deny the request, including (but not limited to) when DirectorySpot believes that applicable law or court order requires it to retain the education records, when DirectorySpot believes that retention of the education records is necessary to protect its rights, or when the request extends to backed-up, electronically stored education records, the destruction of which would be unreasonably burdensome.

If you have additional questions about DirectorySpot’s data protection practices as they relate to education records received from its clients, please contact Customer Support at

Close Menu