Privacy Policy

Effective January 2026

Typhon Group, LLC (“Typhon Group,” “we,” “us,” or “our”) operates websites and services including typhongroup.com and typhongroup.net (together, the “Site” or “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal information when providing our Services. By using the Services, you agree to the terms described in this Privacy Policy.

1. Key Terms

• Client means a customer of Typhon Group, usually an educational institution, including its faculty, staff, and students.
• Client Data means Personal Data provided by a Client for use of the Service.
• Personal Data means information relating to an identifiable individual.
• Public Area means portions of the Services accessible without logging in.
• Restricted Area means portions of the Services accessible only after authentication.
• User means a person or entity using the Services.
• Visitor means an individual accessing only public portions of the Site.

2. Information We Collect

2.1 Client and User Provided Information
We collect information necessary to provide, maintain, and improve the Services, including:

• Demographic Information: Name, address, email, phone number, and related data provided when an account is created by a school or Client.
• FERPA Data: Educational information entered by institutions on behalf of students and faculty, governed by the Family Educational Rights and Privacy Act (FERPA).
• Usage Data: Technical data such as IP address, browser type, device type, and similar information collected automatically during use of the Services.
• Account Activity Information: Records of actions taken within the Services.
• Marketing Information: Information collected during marketing interactions such as trade shows and quote requests submitted through the public website.

2.2 Cookies and Similar Technologies
We use session cookies to support the functionality of the Services. Session cookies help uniquely identify you while logged in and enable essential features. Users who disable cookies may not be able to use all aspects of the Services.

Typhon Group uses Google Analytics on public, unauthenticated pages of the Site to understand aggregate visitor traffic and usage trends. Google Analytics is not used within authenticated areas of the Services and is not used to track individual user activity within the application.

2.3 Information Collected by Clients
Certain Personal Data may be provided or collected by Clients as part of their use of the Services. Typhon Group does not have a direct relationship with non-Clients who are recorded by Clients in the system (e.g., preceptors); Clients are responsible for providing appropriate notice to those persons.

3. Information We Do NOT Collect

Typhon Group’s Services do not collect specific sensitive data including:

• HIPAA PHI. HIPAA protected health information (PHI) of patients entered by users are not stored or processed by the Service. Users should not be instructed by their school to enter PHI in any manner. Certain records that may be stored at the direction of an educational institution, including immunization or compliance documentation, are considered educational records governed by FERPA and are not subject to HIPAA.
• PCI card data. Credit card numbers, CVV codes, and expiration dates are processed directly by our payment processor and are never stored by Typhon Group.

4. How We Use Collected Information

We use Personal Data to:

• Provide and support the Services requested by Clients.
• Improve the Services and monitor usage trends.
• Communicate with Clients or Users regarding support, notifications, or service offerings.
• Generate internal reports and analysis.
• Comply with legal obligations.

Typhon Group does not sell, rent, trade, or exchange Personal Data of Clients, Users, or Visitors.

Typhon Group does not use artificial intelligence, machine learning, or automated decision-making technologies to make determinations about students, faculty, or users.

5. Data Residency and Institutional Control

Typhon Group hosts and processes all customer data exclusively within the United States. Client Data is not stored, backed up, or processed outside the United States.

Typhon Group acts as a service provider to educational institutions. Institutions retain ownership and control of student, faculty, and staff data. Personal Data is processed solely to provide contracted services, and Typhon Group does not determine the purposes or means of processing independent of Client instructions.

6. Disclosure of Data

We may disclose Personal Data under the following circumstances:

• Public Data: Information intentionally shared in unrestricted areas may be visible to anyone with access to shared links.
• Business Transactions: If Typhon Group is involved in a merger, acquisition, or sale, Personal Data may be transferred under appropriate confidentiality protections.
• Legal Requirements: We may disclose Personal Data to comply with legal processes or to protect rights, property, or safety.

7. Retention of Data

We retain Personal Data only as long as necessary to provide the Services, fulfill legal obligations, resolve disputes, and enforce agreements. After the active service period ends, access to the Services is deactivated and Client Data is deleted in accordance with Typhon Group’s data retention policies.

Backup data is retained only for standard operational purposes and is deleted in accordance with established backup retention schedules.

In the event of a legal hold, data may be retained beyond termination of service only as required by applicable law.

8. Rights and Access

Typhon Group offers the following rights with respect to Personal Data held within the Services:

• Modify Data: Users may update their Personal Data through account settings where applicable, or through the institution’s administrative processes.
• Request Data Access or Deletion: Requests must be submitted through the institution’s designated administrator. Typhon Group does not act on individual requests without institutional authorization.
• Data Portability: Upon request by an institution, a copy of Personal Data in a commonly used electronic format may be provided, subject to technical feasibility.

9. Security of Data

We implement commercially reasonable technical and organizational safeguards to protect Personal Data. While no method of data transmission or storage is 100% secure, we strive to protect Personal Data in accordance with accepted industry practices.

In the event of a data security incident involving Client Data, Typhon Group will notify affected customers in accordance with applicable U.S. and Canadian laws and contractual obligations.

10. Children’s Privacy

Our Services are not directed to individuals under 13 years of age, and we do not knowingly collect Personal Data from children under 13. If we learn that such data has been collected without verified parental consent, we will take steps to remove it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on our Site with an updated effective date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or Typhon Group’s data protection practices, please contact us at:

Typhon Group, LLC
1750 Clearview Pkwy, Ste 201
Metairie, LA 70001
Phone: 504-828-4334