Terms of Service

Effective Date: March 30, 2026 · Last Updated: April 19, 2026

1. Acceptance of Terms

By creating an account or using NostaView (the "Service"), you agree to be bound by these Terms of Service. If you are accessing the Service on behalf of a school or organization, you represent that you have the authority to bind that entity to these Terms.

School Administrators These Terms apply to you and your school. You are responsible for ensuring all contributors and staff at your institution comply with these Terms and our Acceptable Use Policy. You are also responsible for obtaining appropriate consent from parents and guardians before enabling photo uploads for events involving students.

If you do not agree to these Terms, do not use NostaView. Continued use constitutes ongoing acceptance.

2. Subscription Tiers & Features

NostaView offers three subscription plans for QR-based photo crowdsourcing:

Free

$0

1 active event, up to 50 photos, community QR upload (no student login required). "Powered by NostaView" watermark on event pages and QR materials.

Basic

$29/mo

Unlimited events, unlimited photos, community QR upload, no watermark, contributor management, and photo moderation tools. Cancel anytime.

Pro

$250/yr

Everything in Basic plus AI Smart Sorting (auto-tags by category) and AI Quality Filter (flags blurry, dark, and duplicate photos). Billed annually — save 28% vs monthly.

Billing & Refunds

PlanBillingCancellation & Refund Policy
FreeNo chargeNo billing — cancel or downgrade anytime
BasicMonthlyCancel anytime; access continues through end of billing period; no refund for partial months
ProAnnual upfrontFull refund within 30 days of purchase; non-refundable after 30 days; access continues through year end

Data After Downgrade or Cancellation

When you downgrade or cancel, your existing events and photos are preserved in read-only mode. Events beyond the Free plan limit become read-only (no new uploads). Photos are never automatically deleted on downgrade. If you close your account entirely, your data is retained for 60 days and then permanently deleted, unless you request earlier deletion.

Free Tier Watermark

Free accounts display a "Powered by NostaView" credit on event pages and QR share materials. Upgrade to Basic or Pro to remove it.

3. FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) applies to schools that receive federal funding. NostaView operates as a school official acting under the direct control of the school with a legitimate educational interest in accessing education records.

  • School as Data Controller: Your school determines which events are created, what photos are collected, who may contribute, and how the collection is used.
  • NostaView as Data Processor: We process photos and event data solely per your instructions for the purpose of operating the photo collection platform. We do not use student photos for any other purpose.
  • Annual Notice: Schools must include NostaView in their annual FERPA notice to parents and students, disclosing that it is used to collect event photos.
  • No Re-disclosure: NostaView will not re-disclose student education records to any third party without your school's written consent, except as required by law.
  • Access Controls: Only school administrators can see all photos in an event. Contributors can view only their own uploads. You are responsible for ensuring only authorized personnel have admin access to your school's NostaView account.

4. COPPA Compliance

The Children's Online Privacy Protection Act (COPPA) restricts collection of personal information from children under 13 without verifiable parental consent.

  • Anonymous QR Upload: NostaView's core upload flow requires no account creation. Contributors scan a QR code and upload photos without providing a name, email, or any personal information. This design minimizes data collection from young contributors.
  • School Exception: Schools may consent on behalf of parents for educational purposes under COPPA's school exception. This requires the school to obtain proper parental consent before enabling uploads of photos involving students under 13.
  • No Direct Collection from Under-13: NostaView does not require account creation to upload photos. We do not knowingly collect personal information directly from children under 13. IP addresses are logged for security and fraud prevention only.
  • Admin Responsibility: School administrators are responsible for ensuring they have obtained appropriate parental consent before enabling event uploads involving students under 13.
  • Parental Rights: Parents of children under 13 may request access to, correction of, or deletion of any photos of their child. Contact supports@nostaview.com with subject "Parental COPPA Request."

5. Content Ownership & License

You Own Your Content

Schools retain full ownership of all event photos and content uploaded to NostaView. We do not claim any ownership over your content.

License Grant to NostaView

By uploading content to NostaView, you grant us a limited, non-exclusive license to host, store, process, and display your content solely for the purpose of providing the Service. This license:

  • Does not allow us to use your photos or content for advertising, marketing, or AI training without explicit written consent
  • Does not allow us to sell, license, or share your content with third parties except as necessary to provide the Service (e.g., cloud storage via Cloudflare R2)
  • Terminates when your account is deleted and your data retention period expires

Contributor License

Contributors who upload photos via QR grant the school administrator a license to review, moderate, and use those photos within the event collection. Contributors can view their own uploaded photos. Admins control whether photos are approved, rejected, or included in the final collection.

Photo Rights Responsibility

The school administrator is responsible for ensuring that appropriate consent has been obtained for photos of identifiable individuals, particularly students. Contributors warrant that they own or have rights to upload any photos they submit.

6. Prohibited Conduct

You may not use NostaView to:

  • Upload, post, or share content that is illegal, harmful, harassing, defamatory, or obscene
  • Upload photos of individuals who have not provided consent, or who are not associated with the event
  • Collect photos or data from students at other schools without authorization
  • Violate FERPA, COPPA, or any other applicable student privacy law
  • Attempt to gain unauthorized access to another school's events or data
  • Use automated tools, bots, or scrapers to access the Service or submit photos
  • Reverse-engineer, decompile, or otherwise attempt to extract the source code
  • Share admin login credentials with unauthorized parties
  • Abuse the anonymous QR upload flow to submit spam, illegal content, or content unrelated to the event
Violations may result in account suspension or termination without refund. See our Acceptable Use Policy for full details including photo guidelines and enforcement procedures.

7. Limitation of Liability

To the fullest extent permitted by applicable law:

  • NostaView is not liable for indirect, incidental, special, consequential, or punitive damages
  • Our total liability is capped at the fees you paid in the preceding 12 months
Important Exceptions The liability cap does not apply to: (a) breaches of data confidentiality; (b) FERPA or COPPA violations caused by NostaView; (c) NostaView's gross negligence or willful misconduct.

The Service is provided "as is" and "as available." We make no warranty that the Service will be uninterrupted, error-free, or that all data will be preserved in the event of a system failure. You are responsible for downloading and backing up your photo collections.

8. Termination

Either party may terminate this agreement:

  • By you: At any time by deleting your account. Monthly (Basic) subscriptions are non-refundable for partial billing periods. Annual (Pro) subscriptions are fully refundable within 30 days of purchase; non-refundable after 30 days.
  • By NostaView: For cause (material breach of these Terms) with 30 days' written notice and opportunity to cure, or immediately for violations of Section 6 (Prohibited Conduct) or Section 4 (COPPA).

Upon account deletion, your access to the Service ends. Your data is retained for 60 days and then permanently deleted, unless subject to a legal hold or you request earlier deletion.

9. Governing Law

JurisdictionGoverning Law
US SchoolsLaws of the state where NostaView is incorporated; US federal law for FERPA/COPPA
EU/EEA SchoolsGDPR and applicable member state law; EU judicial remedies are non-waivable
UK SchoolsUK GDPR and Data Protection Act 2018
NigeriaNDPR and applicable Nigerian law
CanadaPIPEDA and applicable provincial law
Other InternationalMost protective applicable standard; conflict-of-laws clause applies

10. Dispute Resolution

US Schools

Disputes shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) with a single arbitrator. Class action waiver applies. Small claims court is available for eligible disputes.

EU/UK Schools

Mandatory arbitration does not apply to EU or UK users. GDPR data subject rights claims may always be brought before your national supervisory authority. Courts of competent jurisdiction in your country are available.

11. CCPA / CPRA Compliance (California)

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants California residents specific data rights. NostaView applies these rights to all US users, regardless of state.

Rights Under CCPA/CPRA

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, business purposes, and third parties with whom it was shared.
  • Right to Delete: You may request deletion of personal information NostaView has collected about you, subject to legal retention obligations. School administrators can initiate deletion from the admin dashboard or by emailing supports@nostaview.com.
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Opt Out of Sale: NostaView does not sell personal information to third parties. This right is not applicable because we have no sale to opt out of.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the Service.
  • Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights — no denial of service, different pricing, or reduced quality.

Data Categories We Collect

For CCPA purposes, we collect: identifiers (admin email, school name), photos and other content submitted by contributors, internet or electronic activity (login timestamps, usage), and commercial information (subscription tier, billing metadata). We do not collect biometric information, precise geolocation, or sensitive personal information from contributors.

How to Submit a CCPA Request

Email supports@nostaview.com with subject "CCPA Rights Request." We will verify your identity and respond within 45 days. Requests may be extended 45 additional days with notice.

12. SOPIPA Compliance (California)

California's Student Online Personal Information Protection Act (SOPIPA) prohibits operators of online services directed to K-12 students from using student data for non-educational purposes. NostaView complies with SOPIPA as follows:

  • Educational Purpose Only: NostaView uses student-related data solely to operate the photo collection Service for the school's legitimate educational purposes. We do not use student data for targeted advertising, marketing, or any non-educational purpose.
  • No Targeted Advertising: NostaView does not serve targeted advertising based on student data. We do not use student personal information to build an advertising profile.
  • No Student Profiling for Non-Educational Purposes: We do not aggregate student data to build profiles outside of providing the Service to the school.
  • No Sale of Student Information: We do not sell information about K-12 students to third parties for any purpose.
  • Data Security & Deletion: We maintain reasonable security procedures and will delete student data upon school request as described in Section 3 (FERPA Compliance) and Section 7 (Data Retention) of our Privacy Policy.
  • Sub-processor Controls: We require sub-processors who handle student data to comply with SOPIPA's restrictions.

Schools using NostaView in California may request written SOPIPA compliance certification. Contact supports@nostaview.com with subject "SOPIPA Compliance Request."

13. PPRA Compliance (Protection of Pupil Rights Amendment)

The Protection of Pupil Rights Amendment (PPRA) requires parental consent before students are required to participate in surveys that collect certain categories of sensitive information (including political affiliations, mental health, sex behavior, religion, income, and certain family data).

  • No Surveys Collecting Protected Information: NostaView does not conduct surveys or evaluations that collect any of the eight categories of information protected under PPRA (20 U.S.C. § 1232h).
  • Photo Submission is Voluntary: Contributing photos to a NostaView event is entirely voluntary. No student is required to participate. There is no account creation, no mandatory registration, and no consequence for non-participation.
  • No Data Mining for Marketing: NostaView does not collect personal information from students for marketing purposes, consistent with PPRA's restrictions on third-party marketing surveys.
  • Parental Inspection Rights: Schools using NostaView may make available to parents any survey questions or platform materials upon request. Contact us at supports@nostaview.com if you need documentation for PPRA compliance review.

14. ADA & Section 508 Accessibility

NostaView is committed to making its platform accessible to all users, including those with disabilities, in accordance with applicable law.

Accessibility Standards

  • WCAG 2.1 AA: We design and maintain the platform to conform to Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards, which underpin both ADA Title III digital accessibility requirements and Section 508 of the Rehabilitation Act.
  • Keyboard Navigation: Core workflows (event landing, photo upload, admin dashboard) are navigable by keyboard without a mouse.
  • Screen Reader Compatibility: Interactive elements include ARIA labels, roles, and semantic HTML to support screen readers (NVDA, JAWS, VoiceOver).
  • Color Contrast: Text and interface elements meet minimum contrast ratios per WCAG 2.1 Success Criterion 1.4.3.
  • Alternative Text: Images used for navigation or informational purposes include descriptive alt attributes.

Feedback & Remediation

If you encounter an accessibility barrier, please contact us at supports@nostaview.com. We will acknowledge accessibility complaints within 5 business days and strive to remediate conformance issues within 30 days. We review platform accessibility at least annually and on significant UI updates.

15. State Student Privacy Laws

Student data privacy is governed by a patchwork of state laws in addition to federal FERPA and COPPA. NostaView is committed to compliance with applicable state requirements. Key state laws include:

State / LawKey RequirementNostaView Status
California — SOPIPA & AB 1584No use of student data for non-educational purposes; no targeted advertising; no sale of student data✅ Compliant (see Section 12)
New York — Education Law § 2-dData security obligations; no sale of PII; breach notification; DPA required for vendors✅ Compliant; DPA available on request
Texas — SCOPE Act (SB 820)Prohibition on sale/disclosure of student PII; data use restrictions; security requirements✅ Compliant
Illinois — SOPPANo behavioral advertising to students; no building student profiles; data deletion on request✅ Compliant
Connecticut — PA 16-189Prohibition on targeted advertising; data security; transparency✅ Compliant
Colorado — SB 16-068Data governance; prohibition on selling student data; security requirements✅ Compliant
Florida — FIPA & SDPAStudent PII protection; breach notification; no unauthorized disclosure✅ Compliant
State-Specific DPAs Many states require school districts to execute vendor-specific Data Processing Agreements before deploying student-facing technology. NostaView will execute state-specific DPAs upon request. Contact supports@nostaview.com with your district name, state, and any required DPA template. We respond within 5 business days.

This list is not exhaustive. NostaView monitors state legislative developments and updates its practices as new requirements take effect. For questions about compliance with a specific state law, contact supports@nostaview.com.

16. Changes to These Terms

We may update these Terms from time to time. For material changes:

  • We will provide 30 days' notice by email to your registered address
  • Continued use after the notice period constitutes acceptance of the updated Terms
  • If you disagree with material changes, you may terminate your subscription before they take effect

Minor, non-material changes (e.g., clarifications, typo corrections) take effect upon posting.

17. Contact Us

For questions about these Terms of Service:

  • Email: supports@nostaview.com
  • Privacy questions: supports@nostaview.com
  • Abuse reports: supports@nostaview.com
  • DMCA takedowns: supports@nostaview.com

We aim to respond within 10 business days.