Effective Date: Jan 11, 2024
Our Commitment To Your Privacy
SchoolJoy complies with both COPPA and FERPA regulations when it comes to parental consent required to utilize the Service in an educational context.
As a third party operator, SchoolJoy relies on School Consent for all underage children under COPPA. SchoolJoy operates as a School Official under the FERPA regulations and complies with these regulations as it relates to children under the age of 13. If you are a teacher and you do not have the authority to act as the agent of the parent, please do not sign up for our service until the School has approved the use of SchoolJoy. We do not encourage children to share their work publicly, and we continuously review and update our practices to ensure compliance with COPPA requirements.
Our Relationship To Different Users
We collect information about those who use our Platform as students, teachers and other employees on behalf of their Schools. Schools use our Platform to, among other things, gather information necessary to streamline core processes to be able to manage student experiences. To satisfy these goals, Schools request and collect certain information about student users such as their name, telephone number, e-mail address, schedule tracking and feedback. However, Schools may request and collect additional information from students which may include educational records. We give Schools choices about what data they will collect. We offer multiple options that a School can choose to determine what information is required from its student, teacher and staff. We enable the School to make these decisions, consistently adhering to the principle of data minimization to ensure that only the necessary information for educational purposes is gathered, in alignment with FERPA guidelines.
SchoolJoy is not responsible for and cannot control the types of information that Schools request and collect from students. We collect such information on behalf of these educational organizations and their collection and use of such information is governed by their respective privacy policies and procedures. If you are a student then please contact the School directly with any questions about how they collect or use information collected through our Platform. We may send any inquiries that we receive directly from you about our use of your information to your School.
What Information We Collect
We collect the following information to provide you with our innovative Platform and Services and to operate our business.
“Personal User Data” refers to information that could potentially be used, either on its own or in conjunction with other details, to identify an individual using our Platform or Website. In line with our data minimization principles and commitment to privacy, we only collect the essential data required to deliver our services effectively. For user authentication and login purposes, the Personal User Data we collect includes:
Staff and Faculty:
By using the Website or Platform, you consent to our collection of your information.
How We Use Your Information
We use the information we collect in the following ways:
To create and administer your account and to make the Website and Platform easier for you to use by not requiring you to enter your information more than once;
To provide access to and use of the Platform;
To provide the student, parent, teacher, staff and the School with all information and data shared or exchanged through the Platform;
To send you requested product or service information;
To send you requested AI-generated content and information;
To respond to inquiries, customer service requests or communicate with you;
To notify you of product upgrades, special offers, updated information, and new services via email, phone, chat or other means;
To send you reminders and other communications regarding our products and services;
To improve our Website, Platform, professional services or to enhance our marketing;
To comply with legal requirements and to prevent activities that may violate our policies.
By using the Website or Platform, you consent to our use of your information for these purposes.
How We Share Your Information
Technical Service Providers
How SchoolJoy uses the Service Provider
What user information is shared or collected by this Service Provider and/or passed back to us from the Service Provider?
Container runtime for web services, APIs, workers, schedulers, and databases. Includes containers for staging and production environments
User IDs, first names, last names, and email addresses; students’ interests and activity history
Container runtime for APIs and AI-related services and features
Students’ user IDs, first names, last names, interests, and activity history
Server performance monitoring
Platform website traffic monitoring
In addition, we may disclose your Personal User Data or Platform and Service Specific Data in the following ways:
How We Protect Your Information
SchoolJoy is committed to protecting the security and privacy of your Personal User Data and Platform and Service Specific Data including the Personal User Data of the students in the educational institutions we serve. We comply with applicable laws and regulations, which govern or apply to our Platform and the provision of our Services.
We make good faith efforts to provide the security measures necessary to keep the integrity and confidentiality of your information safe. However, no system can be completely secure and we do not guarantee that our security measures are impenetrable or that unauthorized access, hacking, data loss, or other breaches will not occur.
Responding to a data breach involves the following stages:
The data breach response is not purely linear, as these stages and the activities associated with these stages frequently overlap. SchoolJoy must keep a record of any actions the organization takes in responding to the incident and preserve any evidence that may be relevant to any potential regulatory investigation or litigation including through use of an incident log, corrective action plan or other applicable documentation.
The Security Response Team (SRT) will work with SchoolJoy employees and contractors to identify the affected systems or hardware (such as a lost laptop or USB drive) and determine the nature of the data maintained in those systems or on the hardware.
The SRT will determine the threshold at which events are declared a security incident and officially initiate the incident response process.
Following verification of an Information Security Incident, the SRT will determine the level of response required based on the incident's characteristics, including affected systems and data, and potential risks and impact to SchoolJoy and its customers, employees, or others.
The incident assessment must include what employees or contractors were affected, what customers were affected, and what data was potentially exfiltrated, modified, deleted or compromised.
The SRT will work together to assess a priority with respect to the incident based on factors such as whether:
the incident exposed or is reasonably likely to have exposed data; or
personally identifiable information was affected and the data elements possibly at risk, such as name or date of birth.
In addition, the SRT will consider whether the disclosure was:
Lastly, if an information security breach has occurred, federal/country-wide law enforcement and local law enforcement should be contacted and informed of the breach. Law enforcement should be contacted in alignment with applicable breach notification laws. Internal and/or external general counsel should lead law enforcement communication efforts (in collaboration with SRT). If general counsel is not available, SRT should lead law enforcement communication efforts.
(3) Containment and Mitigation
As soon as SchoolJoy has verified and assessed the breach, the SRT must take all necessary steps to contain the incident and return the SchoolJoy systems back to their original state and limit further data loss or intrusion.
Such steps may include:
(4) Post-Breach Response
Any post-breach response including external and internal communications, notifications, and further inquiries will depend on the assessment and priority of the data breach.
As part of the final response based on the results of the breach, SchoolJoy will review applicable access controls, policies and procedures and determine whether to take any actions to strengthen the organization’s information security program.
Cookies And Other Tracking Technologies
A cookie is placed on your machine (if you accept cookies) or is read if you have visited our Website or Platform previously. All of this is done in accordance with applicable laws.
Web beacons, also known as clear gif technology, or action tags, assist in delivering the cookie. This technology tells us how many visitors clicked on key elements (such as links or graphics) while using the Website or Platform, remembers users’ settings (e.g. language preference) and is used for authentication. We do not use this technology to access your personal information on the Website or Platform; it is a tool we use to compile aggregated statistics about Website or Platform usage. We may share aggregated statistics with our business partners, but do not allow other companies to place clear gifs on the Website or Platform.
To ensure we are creating and publishing relevant content, we may use information collected from cookies and other mechanisms. We may use this information in aggregated form and use site-visitation statistics to improve our Website. If you choose to not have your browser accept cookies from our Website or Platform, you will be able to view the text on the screens, however, you will not experience a personalized visit and your ability to use some features or areas of our Website or Platform may be limited.
Managing Your Privacy Settings And Access To Information
For Services that involve provisioning of student accounts, student Personal User Data may be retained for the period of time required for the student to have access to our Platform or for us to perform the Services. We do not sell student Personal User Data. Student Personal User Data will be deleted as instructed by your child’s School.
Treatment Of Educational Records And Children’s Privacy
Links To Third-Party Websites, Applications And Services
Transfer Of Your Information Across Borders And Your Rights Under GDPR
Our company is located in the United States. Your information may be transferred to, stored and processed in the United States or any other country in which SchoolJoy or its vendors maintain facilities. By using our Website or Platform, you consent to any transfer, storage, or processing of information outside of your country. Several countries, including those in the European Economic Area and Switzerland, have established data protection laws and regulations that place restrictions on the transfer of personal information across country borders. We are committed to complying with all of those laws and regulations; however, when you use our Website or Platform and provide such personal information, you should do so in compliance with the applicable data protection laws and regulations in your country.
How To Contact Us
2734 Bayview Drive
Fremont, California 94538 USA