Learning Without Tears’ Commitment to Your Privacy
Effective Date: May 17, 2017
1. How We Collect and Use Data
2. How We Comply With Student Data and Privacy Laws
3. Sharing Data
4. How We Store and Protect Data
5. Children’s Privacy
6. How to Contact Us
[Basically, we collect data to help us provide you with cool technologies. We want to be open with you about that, so read this section.]
In order to enhance our website and Services, we may collect the following types of information:
Information About Educational Organizations. We ask for certain information about you or your organization when you register with us to use our Services, including: school or organization name, teacher name, teacher information. Once you or your organization begins using our Services, we will keep records of activities related to the Service. We use this information to operate, maintain, and enhance the features and functionality of the Services, to analyze our Service offerings and functionality, and to communicate with you or your organization.
Student Data. Learning Without Tears may have access to personally identifiable information and other non-public information about students as well as student-generated content and metadata (“Student Data”) in the course of providing its services to you or your organization. You or your organizations own the Student Data. We collect the following information about End Users in order to properly allocate licenses for and grant access to our Services: [REGISTRATION INFO WE COLLECT ON END USERS]. We consider Student Data to be confidential and do not use such data for any purpose other than to provide the services to you or your organization. Learning Without Tears has access to Student Data only as requested by you or your organization and only for the purposes of performing Services for you or your organization.
Information Collected Through Technology. We automatically collect certain types of usage information when visitors view our website or use our service. We may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and helps to log you in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Service (e.g., the pages you view, the links you click and other actions you take on the Service), and allow us to track your usage of the Service over time. We may collect log file information from your browser or mobile device each time you access the Service. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, number of clicks and how you interact with links on the Service, pages viewed, and other such information. We may employ clear gifs (also known as web beacons) which are used to anonymously track the online usage patterns of our Users. In addition, we may also use clear gifs in HTML-based emails sent to our Schools to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Service. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service. We do not allow third party advertising networks to collect information about the users of our Site or Service. We use or may use the data collected through cookies, log files, device identifiers, and clear gifs information to: (a) remember information so that a user will not have to re-enter it during subsequent visits; (b) provide custom, personalized content and information; (c) to provide and monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Service; (e) diagnose or fix technology problems; and (f) help users efficiently access information after signing in.
Data De-Identification. We may de-identify and use de-identified Student Data for product development, research, or other purposes. De-identified data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name and ID numbers associated with an End User or Educational Organization. Furthermore, Learning Without Tears will not attempt to re-identify de-identified data or attempt to transfer de-identified data to any party unless that party agrees to not attempt re-identification.
To be clear, we only collect and use data as necessary to fulfill our duties with respect to the Services we provide you or your organization.
[Basically, we comply with all the education laws that regulate your use of our digital products and services.]
[Basically, PII is information that directly or indirectly identifies an End User.]
In the course of providing educational products and services to you or your organization, we may at times request and temporarily store certain types of personally identifying information about End Users in order to enable user login and license-based user access to selected applications in our suite of digital products and services. We adopt the definition of personally identifiable information set forth under the FERPA regulations, pursuant to 34 CFR § 99.3 (“Personally identifiable information”). We will not require a licensed user to disclose more personally identifiable information (“PII”) than is reasonably necessary to use our digital products or services. To enable user login and access to our digital products and services, we collect basic account information (name, grade level) about users. We may also collect basic account information (school, teacher name, teacher e-mail) of designated school officials to enable their management of the student licenses. In the scenario in which a student may enter personally identifying information, we ask parents and educators to help us protect the privacy of students by instructing them to never provide personally identifying information without getting parental/guardian or teacher permission first. Please note that we consider student data, metadata, and user content as personally identifying information.
[Basically, FERPA is a federal law that protects the privacy of student education records.]
Our data practices comply with the Family Education Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). FERPA Once we are granted lawful access to directory information (specifically, student names) from student education records by school officials with legitimate educational interest in public schools. We subsequently utilize students’ names for the specific purpose of delivering our suite of digital products and services to licensed students.
With regard to the rights that FERPA confers to parents or eligible students to inspect, review, correct, or otherwise access student education records maintained by public schools and shared with us by school officials with legitimate educational interest, we will cooperate with schools officials to ensure that the rights of parents and eligible students under FERPA, and the security of student education records are protected. Specifically,
- Any sensitive online information is transmitted over secure, encrypted channels via Secure Socket Layer (SSL) as well as other layers of encryption.
- All student data is stored on secure servers utilizing encryption and firewall technology and are not publicly accessible.
- Any anonymized data is untraceable to individual students and cannot be re-identified with individual students.
- We do not use student data, including PII, to market or advertise to students or their parents.
[Basically, the primary goal of COPPA is to place parents in control over what information is collected from their young children online.]
In compliance with the Children’s Online Privacy Protection Act (COPPA) of 1998, Learning Without Tears collects a limited set of personally identifiable information from users at different points in the website for internal use, enabling log-in of licensees, and monitoring program participation. Upon request, we provide access to a parent or school to review the child’s personally identifiable information, ask to have it deleted and refuse to allow any further collection or use of the child’s information. As part of our commitment to data privacy and security, we recognize that our student users under the age of 13 need special safeguards and privacy protection. To prevent unauthorized access, and maintain data accuracy, and ensure the correct and appropriate use of information, we have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure the information we collect.
[Basically, CIPA protects children from accessing obscene or harmful content over the Internet.]
The Children’s Internet Protection Act (CIPA) is a federal law enacted by Congress in December 2000 to address concerns about access to offensive content over the Internet on school or library computers. CIPA imposes certain types of content-related requirements on any school or library that receives funding for Internet access or internal connections from the E-rate program – a program that makes certain technology more affordable for eligible schools. In 2001, the Federal Communications Commission (FCC) issued rules implementing CIPA. Our Services are in compliance with CIPA because our Services are self-contained and do not provide links to external resources or chat rooms. Moreover, our Services do not contain any offensive or inappropriate content or subject-matter. As a result, any school, library, or otherwise E-rate eligible educational facility that uses our Services will be fully compliant with CIPA.
[Basically, PPRA gives parents the right of prior consent or to inspect instructional materials if certain student activities are part of an ED-funded survey or evaluation.]
The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. 1232h; 34 CFR Part 98) was enacted in 1978, and applies to student surveys, instructional materials or evaluations funded by the federal government that deal with highly sensitive issues. The PPRA is inapplicable to our digital product and service offerings because we are not funded by the federal government.
[Basically, we don’t share any data unless required to by law or as a part of our internal business processes.]
Learning Without Tears does not share Student Data with third-parties nor do we rent or sell any data or information for marketing purposes or to any third-party advertising networks.
Learning Without Tears only shares Student Data in two limited circumstances. First, we may share Student Data with those who provide us technology services (e.g. web hosting and analytics services) but strictly for the purpose of carrying out their work for us to enable us to provide Services to you or your organization. Second, we may be required to share information with law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our Terms of Service, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our users.
[Basically, we store all of our data in the U.S. where we keep it safe and secure. We delete or transfer your data at your direction if you decide to no longer use our Services.]
Any information collected through our Services is stored and processed in the United States.
Learning Without Tears maintains strict administrative, technical, and physical procedures to protect stored in our servers, all of which are located in the U.S. Access to information is limited (through user/password protection and two factor authentication) to those employees who require it to perform their jobs. Also, we use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Our other security safeguards include but are not limited to: data encryption, firewalls, and physical access controls to buildings and files.
We will ensure that all data associated with your licensed accounts that is in our possession is destroyed or transferred to you or your organization under the direction of you or your organization when the data is no longer needed for its specified purpose, at your or your organization’s request.
[Basically, we don’t collect any data from students without consent.]
Learning Without Tears does not knowingly collect any information from children under the age of 13 unless you or your organization has obtained appropriate parental consent for that particular student or user to use the Services. Please contact us if you believe we have inadvertently collected personal information of a child under 13 without proper parental consent so that we may delete such data as soon as possible.