Privacy Policy

SchoolJoy Privacy Policy

Effective Date: Jan 11, 2024

Our Commitment To Your Privacy

SchoolJoy, Inc. (“SchoolJoy,” “we,” “our,” or “us”) understands that security and privacy of personal information is very important to the schools, school districts, and related entities and organizations as well as their administrators (each a “School”) that we serve and their students, parents, teachers and staff as well as visitors to our websites (collectively, “you”). This Privacy Policy (“Privacy Policy”) describes how we collect, use, share and retain your information through a variety of digital means. We may collect your information through our website (“Website”), your use of our proprietary technology platform (“Platform”), or through the other services we provide (“Services”). We provide a proprietary technology platform and services that enable K-12 educational institutions to manage the documentation and verification of learner activities, achievements, and skills (Learner Profile), as well as the generation of learning, instructional and college & career resources based on the Learner Profile. Our Website allows us to gather information about current and potential customers as well as share information about our Platform and Services.  

SchoolJoy complies with both COPPA and FERPA regulations when it comes to parental consent required to utilize the Service in an educational context.

As a third party operator, SchoolJoy relies on School Consent for all underage children under COPPA.  SchoolJoy operates as a School Official under the FERPA regulations and complies with these regulations as it relates to children under the age of 13.  If you are  a teacher and you do not have the authority to act as the agent of the parent, please do not sign up for our service until the School has approved the use of SchoolJoy.  We do not encourage children to share their work publicly, and we continuously review and update our practices to ensure compliance with COPPA requirements.

Consent

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. BY DOWNLOADING, ACCESSING OR USING OUR WEBSITE OR THE PLATFORM ON ANY COMPUTER, MOBILE PHONE, TABLET OR OTHER DEVICE (COLLECTIVELY, A “DEVICE”) AND/OR BY REGISTERING AN ACCOUNT WITH US, YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY, AND YOU HEREBY CONSENT TO OUR COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. WE MAY MODIFY THIS PRIVACY POLICY AT ANY TIME AS STATED BELOW. YOUR CONTINUED USE OF OUR WEBSITE, PLATFORM AND SERVICES CONSTITUTES YOUR ACCEPTANCE OF THIS PRIVACY POLICY AND ANY UPDATES. THIS PRIVACY POLICY IS INCORPORATED INTO, AND IS SUBJECT TO, THE TERMS OF SERVICE FOR THE WEBSITE AND PLATFORM. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, YOU MAY NOT USE OUR WEBSITE OR PLATFORM.

If you are a teacher or school representative, or use the Service on behalf of a company or other organization, note that SchoolJoy provides its Service upon explicit consent given by you when signing up. Prior to signing up, we will direct you to our Terms of Service and this Privacy Policy. When signing up, you will be declaring to have read such policies and to consent to them. Remember, nonetheless, that you will be able to withdraw your consent at any time by deleting your account and the student’s accounts in accordance with this Policy's instructions.

Our Relationship To Different Users

We collect information about those who use our Platform as students, teachers and other employees on behalf of their Schools. Schools use our Platform to, among other things, gather information necessary to streamline core processes to be able to manage student experiences. To satisfy these goals, Schools request and collect certain information about student users such as their name, telephone number, e-mail address, schedule tracking and feedback. However, Schools may request and collect additional information from students which may include educational records. We give Schools choices about what data they will collect. We offer multiple options that a School can choose to determine what information is required from its student, teacher and staff. We enable the School to make these decisions, consistently adhering to the principle of data minimization to ensure that only the necessary information for educational purposes is gathered, in alignment with FERPA guidelines.

SchoolJoy is not responsible for and cannot control the types of information that Schools request and collect from students. We collect such information on behalf of these educational organizations and their collection and use of such information is governed by their respective privacy policies and procedures. If you are a student then please contact the School directly with any questions about how they collect or use information collected through our Platform. We may send any inquiries that we receive directly from you about our use of your information to your School.

What Information We Collect

We collect the following information to provide you with our innovative Platform and Services and to operate our business.

Personal User Data”  refers to information that could potentially be used, either on its own or in conjunction with other details, to identify an individual using our Platform or Website. In line with our data minimization principles and commitment to privacy, we only collect the essential data required to deliver our services effectively. For user authentication and login purposes, the Personal User Data we collect includes:

Students:

  • First Name
  • Last Name
  • Grade Level
  • Email Address

Staff and Faculty:

  • First Name
  • Last Name
  • Email Address
  • Platform or Service Specific Data” includes any information provided by you as part of the functionality of the Platform or the provision of the Services. This may include personal information about you, specifically student activities, community service, professional experiences, skills, interests, career interests, and learning preferences.
  • Anonymous User Data” is information that is anonymous, aggregate, de-identified, or otherwise does not reveal your identity. Some examples include date and time spent on our Website or using the Platform, amount of time spent on particular pages, and what sections of the Website you visit.

Schools may provide us with information required to provide you with access to the Platform or perform the Services. This may include Platform or Service Specific Data, Personal User Data of students or staff as well as access to account credentials, Devices or systems that contain Personal User Data and/or Platform or Service Specific Data. This information is provided and solely controlled by your School, and is only used in providing you with access to the Platform or perform our Services in a manner consistent with this Privacy Policy.

By using the Website or Platform, you consent to our collection of your information.

How We Use Your Information

We use the information we collect in the following ways:

To create and administer your account and to make the Website and Platform easier for you to use by not requiring you to enter your information more than once;

To provide access to and use of the Platform;

To provide the student, parent, teacher, staff and the School with all information and data shared or exchanged through the Platform;

To send you requested product or service information;

To send you requested AI-generated content and information;

To respond to inquiries, customer service requests or communicate with you;

To notify you of product upgrades, special offers, updated information, and new services via email, phone, chat or other means;

To send you reminders and other communications regarding our products and services;

To improve our Website, Platform, professional services or to enhance our marketing;  

To comply with legal requirements and to prevent activities that may violate our policies.

By using the Website or Platform, you consent to our use of your information for these purposes.

How We Share Your Information

We do not and will not your Personal User Data with any third party service provider. We will share Platform and Service Specific Data as stated in this Privacy Policy or as otherwise indicated at the time of collection. We will only share your Personal User Data or Platform and Service Specific Data with third parties in certain limited instances, namely with your consent, or as is necessary to help us with our business activities such as customer service, hosting our Website or providing IT services.


Technical Service Providers

Name of Service Provider with Link to Privacy Policy or relevant privacy documentation

How SchoolJoy uses the Service Provider

What user information is shared or collected by this Service Provider and/or passed back to us from the Service Provider?

Akamai Connected Cloud

Container runtime for web services, APIs, workers, schedulers, and databases. Includes containers for staging and production environments

User IDs, first names, last names, and email addresses; students’ interests and activity history

Microsoft Azure Cloud

Container runtime for APIs and AI-related services and features

Students’ user IDs, first names, last names, interests, and activity history

New Relic

Server performance monitoring

None

Google Analytics

Platform website traffic monitoring

None

In addition, we may disclose your Personal User Data or Platform and Service Specific Data in the following ways:

  • Student Data. Student Personal User Data is not shared or disclosed except as authorized and directed by your School. A School may instruct and authorize us to share student Personal User Data with third-party tools or applications it has approved for use by students and/or staff and for which it has obtained parental consent. This may include third-party tools or applications that allow schools to (i) monitor the online activities of students and staff, (ii) interact with parents, students and teachers, or (iii) enhance the education of their students. We may resell or support some of these third-party tools or applications subject to the request and authorization of a School, such as Gaggle.Net, Inc. The practices of the third-party tools or applications will be governed by their privacy policy and terms of use, which we will ensure are in alignment with SchoolJoy’s policies, data security standards, and data governance practices. We strongly encourage you to review such policies prior to sharing any Personal User Data.
  • Platform and Services. In order to enable us to provide access to the Platform and perform the Services we may provide Personal User Data or Anonymous User Data to certain third-party business partners whose products are complementary to the Platform and our Services. This may include information related to the School and its IT liaison.  
  • Advertising. We do not share your Personal User Data with any third-party for advertising purposes.
  • Service Providers. We may share Personal User Data or Platform and Service Specific Data with service providers who provide us with technology services such as web hosting, payment processing and analytics services. Personal User Data and Platform and Service Specific Data is provided to service providers strictly for the purpose of carrying out their work for us. When student Personal User Data is required, we require service providers to implement the same commitments to safeguarding student Personal User Data that we do.
  • As Required by Law or to Protect Rights. We may be required, subject to applicable law, to disclose your Personal User Data or Platform and Service Specific Data if: (i) it is reasonably necessary to comply with legal process (such as a court order, subpoena, search warrant, etc.) or other legal requirements of any governmental authority or as otherwise required by law; (ii) such a disclosure would potentially mitigate our liability in an actual or potential lawsuit; (iii) it is necessary to protect our legal rights or property; (iv) it is necessary to protect the legal rights or property or physical security of others; or (v) for the prevention or detection of crime and such disclosure is lawful.
  • Business Transfers. If we ever merge with another company, or should we decide to sell, divest or transfer some part or all of our business, we expect that the Personal User Data, Platform and Service Specific Data and Anonymous User Data we have collected will be transferred along with our other business assets. We will not transfer your Personal User Data or Platform and Service Specific Data unless the purchaser or successor entity is subject to the commitments contained in this Privacy Policy for previously collected Personal User Data and Platform and Service Specific Data. In such case we will provide you with 30 day advance notice and an opportunity to opt-out of the transfer of Personal User Data and Platform and Service Specific Data.

How We Protect Your Information

SchoolJoy is committed to protecting the security and privacy of your Personal User Data and Platform and Service Specific Data including the Personal User Data of the students in the educational institutions we serve. We comply with applicable laws and regulations, which govern or apply to our Platform and the provision of our Services.

  • Information Security. We maintain strict administrative, technical, and physical procedures to protect any Personal User Data and Platform and Service Specific Data that is stored on our servers against unauthorized access, theft and loss. Access to Personal User Data and Platform and Service Specific Data is limited to those employees or contractors who require it to perform their job functions and are bound by strict contractual confidentiality obligations. We use industry-standard Secure Socket Layer (SSL) encryption technology, user/password credentials and two factor authentication to safeguard access to Personal User Data and Platform and Service Specific Data. Any data transmitted between a local Device and our cloud servers is sent in https encrypted form through a secure website, secure file transfer. Other security safeguards include but are not limited to data encryption, firewalls, physical access controls to building and files, and other industry-standard best practices.

We make good faith efforts to provide the security measures necessary to keep the integrity and confidentiality of your information safe. However, no system can be completely secure and we do not guarantee that our security measures are impenetrable or that unauthorized access, hacking, data loss, or other breaches will not occur.

Responding to a data breach involves the following stages:

  1. Verification
  2. Assessment
  3. Containment and mitigation
  4. Post-breach response

The data breach response is not purely linear, as these stages and the activities associated with these stages frequently overlap. SchoolJoy must keep a record of any actions the organization takes in responding to the incident and preserve any evidence that may be relevant to any potential regulatory investigation or litigation including through use of an incident log, corrective action plan or other applicable documentation.

(1) Verification

The Security Response Team (SRT) will work with SchoolJoy employees and contractors to identify the affected systems or hardware (such as a lost laptop or USB drive) and determine the nature of the data maintained in those systems or on the hardware.

The SRT will determine the threshold at which events are declared a security incident and officially initiate the incident response process.

(2) Assessment

Following verification of an Information Security Incident, the SRT will determine the level of response required based on the incident's characteristics, including affected systems and data, and potential risks and impact to SchoolJoy and its customers, employees, or others.

The incident assessment must include what employees or contractors were affected, what customers were affected, and what data was potentially exfiltrated, modified, deleted or compromised.

The SRT will work together to assess a priority with respect to the incident based on factors such as whether:

the incident exposed or is reasonably likely to have exposed data; or

personally identifiable information was affected and the data elements possibly at risk, such as name or date of birth.

In addition, the SRT will consider whether the disclosure was:

  • internal or external;
  • caused by a company insider or outside actor; and/or
  • the result of a malicious attack or an accident.

Lastly, if an information security breach has occurred, federal/country-wide law enforcement and local law enforcement should be contacted and informed of the breach. Law enforcement should be contacted in alignment with applicable breach notification laws. Internal and/or external general counsel should lead law enforcement communication efforts (in collaboration with SRT). If general counsel is not available, SRT should lead law enforcement communication efforts.

(3) Containment and Mitigation

As soon as SchoolJoy has verified and assessed the breach, the SRT must take all necessary steps to contain the incident and return the SchoolJoy systems back to their original state and limit further data loss or intrusion.

Such steps may include:

  • Acting to stop the source or entity responsible, for example by:
  • taking affected machines offline;
  • segregating affected systems; or
  • immediately securing the area if the breach involves a physical security breach.
  • Determining whether other systems are under threat of immediate or future danger.
  • Determining whether to implement additional technical measures to contain the data breach, such as changing locks, passwords, administrative rights, access codes, or passwords.

(4) Post-Breach Response

Any post-breach response including external and internal communications, notifications, and further inquiries will depend on the assessment and priority of the data breach.

As part of the final response based on the results of the breach, SchoolJoy will review applicable access controls, policies and procedures and determine whether to take any actions to strengthen the organization’s information security program.

  • Your Responsibility. You also have a significant role in protecting your information. As an example, you should not share your password with anyone. If you believe that your password has been compromised, you should immediately change your password or contact us immediately. In addition, our Platform may contain features that, if used incorrectly, can result in the inappropriate sharing of sensitive information including Personal User Data. It is solely your responsibility to share sensitive information appropriately when using our Platform.

Cookies And Other Tracking Technologies

A cookie is placed on your machine (if you accept cookies) or is read if you have visited our Website or Platform previously. All of this is done in accordance with applicable laws.

Web beacons, also known as clear gif technology, or action tags, assist in delivering the cookie. This technology tells us how many visitors clicked on key elements (such as links or graphics) while using the Website or Platform, remembers users’ settings (e.g. language preference) and is used for authentication. We do not use this technology to access your personal information on the Website or Platform; it is a tool we use to compile aggregated statistics about Website or Platform usage. We may share aggregated statistics with our business partners, but do not allow other companies to place clear gifs on the Website or Platform.

To ensure we are creating and publishing relevant content, we may use information collected from cookies and other mechanisms. We may use this information in aggregated form and use site-visitation statistics to improve our Website. If you choose to not have your browser accept cookies from our Website or Platform, you will be able to view the text on the screens, however, you will not experience a personalized visit and your ability to use some features or areas of our Website or Platform may be limited.

Managing Your Privacy Settings And Access To  Information

  • Access to Student Personal User Data.Access to Student Personal User Data. Student Personal User Data is provided and controlled by your School, which acts as the data controller. Schools and parents, or legal guardians, can request reasonable access to Personal User Data that we have about students for the purpose of reviewing, modifying, or if necessary, requesting deletion. Upon such requests from the school or the student's parent or legal guardian, we will use commercially reasonable efforts to facilitate this process promptly. While we strive to accommodate these requests, it should be noted that it may not be technically feasible to completely remove or alter information from our databases in certain cases.
  • For parents or legal guardians, particularly those with children under the age of 13, you have the right to request the removal of your child’s records from any online service provider’s storage. To initiate this process, please contact the designated official at your child’s School. They will collaborate with our team to address your request in compliance with relevant regulations.
  • Similarly, Schools that wish to review, modify, or request the deletion of student data in our possession can contact us directly to make such requests. Our team is prepared to assist in navigating these requests in accordance with our Privacy Policy and applicable laws.
  • For any inquiries or assistance regarding the management or requests pertaining to your child’s records, please engage with the appropriate School official who will facilitate the process in conjunction with our team.
  • Deleting or Disabling Cookies. You may be able to disallow cookies to be set on your browser. Please look for instructions on how to delete or disable cookies and other tracking/recording tools on your browser’s technical settings. You may not be able to delete or disable cookies on certain mobile devices and/or certain browsers. For more information about managing your cookie settings, please visit www.allaboutcookies.org. Please note that if you disable and do not accept cookies, some features and services may not be available to you.

Data Retention

We may retain Personal User Data for the period of time required to provide you with access to the Platform, to perform the Services or to otherwise fulfill the purposes outlined in this Privacy Policy. We may continue to retain Personal User Data for a commercially reasonable time following termination of the Services (i) for backup, archival, or audit purposes, (ii) to enforce our Terms of Use, or (iii) to comply with our legal obligations. Access credentials associated with a School will be promptly deleted upon termination. We may retain and use Anonymous User Data indefinitely.  

For Services that involve provisioning of student accounts, student Personal User Data may be retained for the period of time required for the student to have access to our Platform or for us to perform the Services. We do not sell student Personal User Data. Student Personal User Data will be deleted as instructed by your child’s School.

Treatment Of Educational Records And Children’s Privacy

  • Platform and Services. Platform and Services. In the provision of Services or use of our Platform, Schools may supply student Personal User Data, which can encompass “educational records” as defined by the Family Educational Rights and Privacy Act (“FERPA”). At all times, this data remains the property and under the control of the School. It is the School that determines what Personal User Data to provide, as well as the manner in which this data is utilized, preserved, and managed in relation to the use of our Platform. SchoolJoy’s role is to offer a technological platform for users.
  • For the purposes of COPPA consent, SchoolJoy uses school consent. By allowing students to utilize SchoolJoy, School personnel affirm if appropriate they have all necessary consents required to comply with the federal regulations of COPPA and FERPA.
  • SchoolJoy is committed to upholding the privacy protections ascribed by COPPA, which includes not collecting personal information from children under 13 without parental consent. We operate in strict observance of FERPA, COPPA, and our Privacy Policy, ensuring that any Personal User Data (including educational records) transmitted via our Platform is processed solely on behalf of the School and used only for authorized educational purposes or as explicitly allowed under applicable laws.

Links To Third-Party Websites, Applications And Services

Our Website and Platform may contain links to or from third-party websites, applications or services. Please note that this Privacy Policy does not apply to the practices of companies we do not own or control or to people we do not employ or manage. As such, have no control over the privacy practices of third parties and are not responsible for the privacy policies of any third-party websites, applications or services. We recommend that you review the privacy policies and terms of use of any third-party prior to visiting its website, downloading its applications or authorizing the third-party to access Personal User Data through our Platform.

Transfer Of Your Information Across Borders And Your Rights Under GDPR

Our company is located in the United States. Your information may be transferred to, stored and processed in the United States or any other country in which SchoolJoy or its vendors maintain facilities. By using our Website or Platform, you consent to any transfer, storage, or processing of information outside of your country. Several countries, including those in the European Economic Area and Switzerland, have established data protection laws and regulations that place restrictions on the transfer of personal information across country borders. We are committed to complying with all of those laws and regulations; however, when you use our Website or Platform and provide such personal information, you should do so in compliance with the applicable data protection laws and regulations in your country.

Changes To Our Privacy Policy

We may modify this Privacy Policy from time to time to reflect changes to our information practices. We encourage you to review this Privacy Policy each time you use our Website or Platform.  If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on the Website prior to the change becoming effective with at least 30 days advance notice. If you do not wish to be bound by the modified Privacy Policy, you should no longer use our Platform or Services and the primary administrative contact for your School can request that we delete the School’s data from our systems.

How To Contact Us

If you have any questions or would like to learn more about this Privacy Policy, please contact us at:

SchoolJoy, Inc.

2734 Bayview Drive

Fremont, California 94538 USA

support@schooljoy.com

(510) 768-9166

SchoolJoy participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org

SchoolJoy ExperienceBLOGCONTACTTerms of UsePrivacy Policy
© 2025 SchoolJoy, Inc.