We take student privacy very seriously, continuously working with schools to make sure student data is kept safe and secure.
Marketing to Students or Families
SmartPass does not sell student data. Further, we will not use, sell, share, or disclose personally identifiable information we receive from the Applications to: (a) market or advertise to students or families/guardians; (b) inform, influence, or enable marketing or advertising to students or families/guardians; or (c) develop a profile of a student or family member/guardian, for any commercial purpose. Data collected is only used for providing or improving the Services.
We will not sell, share or disclose personally identifiable information of teachers or administrators we receive from the Applications to third parties for marketing or advertising purposes.
Limits on Advertising and Data Collection within the Applications
Within the Applications, we do not: (a) display advertising, including any behavioral or contextual advertising; (b) permit the collection of data by third party advertising or tracking services for any purpose except to collect data for us to understand the use of the Applications in order to maintain and improve the Applications; or (c) collect data, including any behavioral data, for use in targeting advertisements on third party services or websites.
We shall be considered a School Official as that term is used in FERPA.
As to COPPA or any state law which requires consent or authorization from a parent or guardian for the collection or use of information concerning a student, the parent, guardian, teacher, school or school district, is responsible and liable for fulfilling any applicable consent requirement.
As used in this policy:
The Applications are intended to be used by students of all age levels. Unless a parent or guardian is also acting as a teacher, the Applications are not intended for their use except to the extent the parent or guardian is registering their child to use the Applications and/or is acting as a teacher for the purposes of the Applications.
We gather different personally identifiable information and personal information from each of those groups of people, and may handle that personally identifiable information and personal information differently for each group, as we explain below.
Students / Children
As noted in the Terms of Service, we only collect personal information through the Applications from a child under 13 where that student's school, district, and/or teacher has agreed (via the terms described in the Terms of Service) to obtain legally-adequate consent for that child to use the Applications and disclose personal information to us.
No child under 13 may send us any personal information unless they have signed up through his or her school, district or teacher and such school, district or teacher has obtained legally-adequate consent for that child to use the Applications and disclose personal information to us. Without legally-adequate consent from a parent, guardian, school, district and/or teacher, we do not wish to receive, and do not knowing collect or use personal information from any person under 13 for any purpose, including our internal operations. If you are a student under 13, please do not send any personal information to us if your school, district, and/or teacher has not obtained obtain legally-adequate consent for you to do so, and please do not send any personal information other than what we request from you in connection with the Applications.
If we learn we have collected personal information from a student under 13 without legally-adequate consent from their parent or guardian or their school, district, and/or teacher, or if we learn a student under 13 has provided us personal information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information in violation of this paragraph, please contact us at email@example.com.
If you correspond with us outside of the use of the Applications through a web form, email or otherwise, we will collect and retain your correspondence like any other ordinary business correspondence, subject to the information retention policies and legal requirements applicable to us and standard in our business.
In order to provide the Applications to teachers or administrators, we receive and store the personally identifiable information you knowingly provide to us.
As part of the registration and account setup process, we require your name, email address, school and school district affiliation, the classes and/or grades using the Applications. If your school or school district uses a third-party single sign-on (“SSO”) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”. We will also receive any feedback on student work that you may enter into the Applications.
In order to provide the Applications, we receive and store the personally identifiable information that you as a student (or your teacher, school or school district) knowingly provide to us.
As part of the registration and account setup process, we require your name, gender, email address, school and school district affiliation, the classes and/or grades using the Applications. You or your teacher or school may also provide us with information about you. We will also receive and store the information regarding you for use within the Applications. If your school or school district uses a third-party single sign-on (like Google, Clever, or Canvas) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”.
Some of this information will be provided to us by your teacher or school, so we may not ask you for it directly, but we will still have it.
Third-Party SSO Information
If your school or district chooses to use third party single sign-on (e.g., using a Google, Clever or Canvas account) for access to the Applications, you may have to provide us with your username (or user ID) so that your identity can be authenticated through the third party account (the “SSO Account”). When the authentication is complete, we’ll be able to link your account with the SSO Account. That linking may allow us to access and collect certain personal information, such as your name and email address, your user ID for the SSO Account, data tokens used to implement single sign-on and connect with your SSO Account profile, and other personal information that your privacy settings on the SSO Account permit us to access, in connection with creating your Applications account. We may also share some information back to the SSO Account. For example, Canvas and Clever allow the exchange of information about the schools, classes and students with which a teacher is associated, information teacher and student assignments, all to make it easier to set up and manage an account for the Applications. We encourage you and all schools or districts to carefully choose privacy settings in SSO Accounts to limit the exchange of information to what you (or the school / district) want to share with us and want us to share. However, we don’t try to access any information in the SSO Account that we don’t have to access in order to allow you to use it to sign onto the Applications. And we never receive or store passwords for any of your SSO Accounts.
Other Third-Party Information
Like many other companies, we may acquire from third parties lists of publicly available contact information for teachers or administrators who may be interested in our services. We do not correlate this contact information with information about users of the Applications.
Our Services, automatically receive and record some information from your browser or device (“Log Data”), just like all web services have to in order to function. The Log Data our Services automatically collect may include some personal information, but does not include personally identifiable information. Log Data includes information like your IP address, the type of browser and/or device you're using to access our Services, the capabilities of that browser or device, and the page or feature you requested. Log Data, together with the information that we collect through the Tracking Mechanisms, comprise “Analytics Data”. As described below under “Use and Sharing of Personal Information: Analytics Data,” we do share the collected Analytics Data (but no personally identifiable information) in a de-identified and aggregated form with third parties for analytics and tracking purposes.
If Tracking Mechanisms are used, they may be used to collect information about you and your use of our Services, such as your browser type, and the date and time of your use. Tracking Mechanisms may also be used in order to help us learn more about how users engage with the Services, enable Applications features and processes (like enabling you to return to password-protected areas of the Applications without having to re-enter your password), provide authentication and security for your use of the Applications, or store your preferences.
Specific Service Providers
Our third-party analytics service providers include Google Analytics. For Google’s privacy practices see www.google.com/analytics/learn/privacy.html. To opt out of data recording and analysis by Google Analytics, see https://tools.google.com/dlpage/gaoptout.
Disabling Cookies or Web Beacons
It may be possible to disable cookies through your device settings. Most browsers allow disabling either third party cookies or all cookies. The method for disabling cookies may vary by device, but can usually be found in preferences or security settings. However, doing so may cause portions of the Services to not function, or to function improperly, or otherwise affect your ability to use the Services. You may also disable web beacons by disabling HTML images in your email program, which may also affect other images in emails you receive.
Do Not Track
This section explains how we use and share personal information, consistent with our statements above under “Our Core Commitments”.
To Provide, Maintain, and Improve the Services
We use the information we collect to provide, maintain and improve the Services. Uses of personally identifiable information for those purposes are:
In order to provide the Applications, we have to allow the organizations we work with to have access to your personally identifiable information. So you should know that:
If you have questions about how your teacher, school, school district, or any of their personnel handle your personal information, you should direct your questions to the appropriate person in your school or school district.
To Communicate with You
We may communicate with you if you've provided us the means and permission to do so. For example if you've given us your email address:
If you do not want to receive communications from us, please indicate your preference by emailing firstname.lastname@example.org, using an opt-out link in the email or changing your preferences in your Applications account. We also send school or school district technical administrators administrative and operational notices which we believe are necessary for their effective use of the Applications; we do not presently allow opt-out from those notices.
Service Providers and Our Affiliates
We engage trusted third-party service providers to work for us in connection with the operation of our Services and our business, in the following roles: hosting of our Website and Applications, error and bug tracking, data storage and analysis, technical and user support, and email delivery. We may provide those service providers with, or authorize those service providers to access, your personal information, including personally identifiable information. In certain cases, third party service providers may collect information from you directly on our behalf (for example, web data analytics providers or support desk system providers).
We do not presently share any personal information with any of our affiliates or subsidiaries.
SmartPass uses the Analytics Data to enable us to figure out how often users use parts of the Services, so that we can customize and improve those Services. As part of our use of such information, we may provide such Analytics Data to our partners (only in a de-identified and aggregated format) about how our users use the Services. We may link Analytics Data to personal information that we collect through the Services, but we will only use the information in this form internally (for example, to customize your experience), and will not disclose it in linked format to third parties.
Business Transfers and Delegation
Protection of SmartPass and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of SmartPass, our employees, our users, or others. If we are required to disclose your personal information by a government or legal request, we will notify you of that request if we are permitted to do so by the law governing that request.
Your Applications account is protected by a password for your privacy and security, and you select that password, so we encourage you to select a strong password. If you use an SSO Account to access your Applications account, you may have additional or different sign-on protections via that third party site or service. You should prevent unauthorized access to your Applications account and the personally identifiable information in that Applications Account by selecting and protecting your password and/or other sign-on mechanism appropriately, not sharing those sign-on credentials with anyone, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, and we use industry standard data security measures to protect your personal information. This includes: (1) only storing your personal information under our control, (2) using two-factor authentication for our personnel to access your personal information, (3) implementing physical access controls to those areas where personal information is stored, (4) limiting access to your personal information to only those of our personnel who need to have that access to do their jobs, and (5) encrypting all of your personal information both in transit and at rest. We also regularly conduct audits of our security practices to make sure that they are up to date. Unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.
In the event of an unauthorized disclosure of your personal information, we will provide notice as required by applicable law.
You should also be aware that:
This means that your Applications account security is only as good as the security precautions of the teachers and school administrators who can access your Applications account, and you should check with them about those precautions and their information handling policies.
We store Analytics Data and information collected through the Website separately from the information stored in the Applications. We have no meaningful ability to provide you with information concerning Analytics Data. For personally identifiable information collected through the Website (e.g., by signing up for a mailing list), please contact us at email@example.com if you would like us to delete that information, or if you would like to know which personal information of yours, we have or have shared with third parties.
We use technical efforts to ensure the integrity of the personal information we collect and store. However, because we receive all personal information either from you directly, or from the school or school district with which you are affiliated, we have no ability to determine the accuracy of that information, and rely on you or the relevant school or school district to either correct or inform us of any inaccuracies so that we can correct them.
Through your Applications account settings, you may access, and, in some cases, update or delete the personally identifiable information in your Applications account. Please note that in some cases, the information in your Applications account can only be changed by your teacher, school, or school district, and you cannot change it yourself. In that case, you will need to contact the relevant person in your school or school district.
Parents or guardians may request that we cease collection of personal information about their child. If you are a parent or guardian and would like to request that personally identifiable information regarding your child (or, if you are a teacher, a child that is in your class) be updated or personal information about your child no longer be collected (and/or that it be deleted) and you do not have the ability to do so yourself, please contact us at firstname.lastname@example.org. In most cases we will refer your request to the relevant school or school district, but if you or your child is not affiliated with a school or school district, we will respond to your request within ten (10) business days of our receipt of such request.
You may be able to add or update information as explained above. By emailing email@example.com, you may request that we delete your Applications account, or provide you with a list of all personal information of yours we have or have shared with third parties. In most cases we will refer your request to the relevant school or school district, but if you or your child are not affiliated with a school or school district, we will respond to your request within ten (10) business days of our receipt of such request.
Generally speaking, unless a legal request has been made for a user’s personally identifiable information, we do not retain and will delete personally identifiable information in Applications accounts within a reasonable period after we are informed the Applications account will no longer be used, or if it becomes inactive and we are unable to contact the relevant user, their school or school district. We may use aggregated or de-identified information derived from your personally identifiable information after you update or delete it, but not in a manner that would identify you personally.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing, updating or deleting information we have on file about you, please contact us at firstname.lastname@example.org.
As a matter of our practices and policies, we generally adhere to the principles set out the European Union General Privacy Directive, however our Services are operated from the United States, and the privacy laws of the United States may not be as protective as those in your jurisdiction. If you are located outside of the United States and choose to use the Services or provide your information to us, you agree that your information will be transferred, processed, and stored in the United States. Your use of the Services represents your agreement to this practice. For the purposes of the GDPR, we act as a data controller for the personal data which we collect directly from users who interact with us outside of an agreement we have with school or school district, but we act as a data processor for the personal data which we collect and process as part of our agreement with a school or school district. We have established an individual within our executive team as our data protection officer, who can be reached at email@example.com.
Effective Date: June 8, 2023