Privacy Policy
We at NoRedInk know you care about how your personal information is used and shared, and we take your privacy very seriously. Please read on to learn more about how we collect and use your information.
Effective date: April 1, 2020
By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.
Remember that your use of NoRedInk’s Services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.
If you have any questions or concerns about our Privacy Policy, please send a detailed message to [email protected], and we will try to resolve your concerns.
Our Core Commitments
We think these are the most important commitments we can make to you about how we handle personal information, so we put these commitments before anything else in the Privacy Policy.
Marketing to Students or Families
We will not use, sell, share, or disclose personally identifiable information we receive from the Applications to (a) market or advertise to students or families/guardians; (b) inform, influence, or enable marketing or advertising to students or families/guardians; or (c) develop a profile of a student or family member/guardian, for any commercial purpose other than providing or improving the Services.
We will not sell, share or disclose personally identifiable information of teachers or administrators we receive from the Applications to third parties for marketing or advertising purposes.
Limits on Advertising and Data Collection within the Applications
Within the Applications, we do not: (a) display advertising, including any behavioral or contextual advertising; (b) permit the collection of data by third party advertising or tracking services for any purpose except to collect data for us to understand the use of the Applications in order to maintain and improve the Applications; or (c) collect data for use in targeting advertisements on third party services or websites.
Legal Compliance
As set forth in this section, we comply with the following laws concerning the protection of student personally identifiable information, including educational records: the Family Educational Rights and Privacy Act (“FERPA”) at 20 U.S.C. 1232g (34 CFR Part 99), Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. 6501-6506; Protection of Pupil Rights Amendment (“PPRA”) 20 U.S.C. 1232h, AB 1584 (codified at California Education Code § 49073.1), and the Student Online Personal Information Protection Act (codified at California Business and Professions Code § 22584 et seq.), and any specific state laws (as applicable to us) protecting student personally identifiable information which are listed in the table at the end of this Privacy Policy as of the date set forth in such table.
We shall be considered a School Official as that term is used in FERPA.
As to COPPA or any state law which requires consent or authorization from a parent or guardian for the collection or use of information concerning a student, the parent, guardian, teacher, school or school district, is responsible for fulfilling any applicable consent requirement.
In accordance with the California Consumer Privacy Act legislation, compliance information and any user actions are available here: Addendum A – Special Information Regarding California Consumer Privacy Act (CCPA).
Definitions
As used in this policy:
- “personally identifiable information” means information that can be directly associated with an individual and includes educational records, student-generated content, names, addresses, telephone numbers, email addresses, and other contact information.
- “personal information” means personally identifiable information, together with information indirectly associated with an individual, such as IP addresses, pseudonymous identifiers, etc. and other information associated with that individual that is indexed to any of the foregoing.
- “educational records” means official records, files and data directly related to a student and maintained by the school or local education agency, including but not limited to, student-generated content, records encompassing all the material kept in the student’s cumulative folder, such as general identifying data, records of attendance and of academic work completed, records of achievement, and results of evaluative tests, health data, disciplinary status, test protocols and individualized education programs.
- “student” is interchangeable with “pupil” and means any student accessing and using the Applications for educational purposes.
- “student-generated content” means materials or content created by a student in the Applications during and for the purpose of education including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content.
Other terms are defined elsewhere in this Privacy Policy or in the Terms of Service.
Persons Covered by this Privacy Policy
Generally
This Privacy Policy covers the personal information of anyone who visits our Website or uses our Applications. More specifically, it covers the personal information of:
- Visitors to our Website or people who correspond with us through our Website outside of our Applications
- Teachers or administrators who manage the use of our Applications by students
- Students who use our Applications
We gather different personal information from each of those groups of people, and may handle that personal information differently for each group, as we explain below.
Students / Children
If you are not of legal age to form a binding contract (in many jurisdictions, this age is 18), you may only use the Services and disclose information to us with your parent’s or legal guardian’s express consent. Review this Privacy Policy with your parent or legal guardian to make sure you understand it.
As noted in the Terms of Service, we only collect personally identifiable information through the Applications from a child under 13 where that student’s school, district, and/or teacher has agreed (via the terms described in the Terms of Service) to obtain legally-adequate consent for that child to use the Applications and disclose personally identifiable information to us. A parent or guardian may of course directly sign up his or her child to use the Applications and provide personally identifiable information about that child to us. However, no child under 13 may send us any personally identifiable information unless he or she has signed up through his or her school, district or teacher and such school, district or teacher has obtained legally-adequate consent for that child to use the Applications and disclose personally identifiable information to us. If you are a student under 13, please do not send any personally identifiable information to us if your school, district, and/or teacher has not obtained obtain legally-adequate consent for you to do so, and please do not send any personally identifiable information other than what we request from you in connection with the Applications . If we learn we have collected personally identifiable information from a student under 13 without legally-adequate consent from their parent or guardian or their school, district, and/or teacher, or if we learn a student under 13 has provided us personally identifiable information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personally identifiable information in violation of this paragraph, please contact us at [email protected].
Users of our Premium Applications
If you are a student, teacher, or other user of our Premium Applications, then our obligations to you are controlled by a separate written agreement which may have terms which are different from this Privacy Policy. That agreement is between us and (usually) the school or school district through which you are accessing the Premium Applications, and any questions about the specific terms of that agreement should be directed to an appropriate person in authority in that school or school district.
Information You Knowingly Provide to Us
Correspondents
If you correspond with us outside of the use of the Applications through a web form, email or otherwise, we will collect and retain your correspondence like any other ordinary business correspondence, subject to the information retention policies and legal requirements applicable to us and standard in our business.
Teachers/Administrators
In order to provide the Applications to teachers (including home-schooling teachers) or administrators, we receive and store the personally identifiable information you knowingly provide to us.
As part of the registration and account setup process, we require your name, email address, school and school district affiliation, the classes and/or grades using the Applications. If your school or school district uses a third-party single sign-on (“SSO”) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”. We will also receive any feedback on student work that you may enter into the Applications.
Students
In order to provide the Applications, we receive and store the personally identifiable information that you as a student (or your teacher, school or school district) knowingly provide to us.
As part of the registration and account setup process, we require your name, gender, email address, school and school district affiliation, the classes and/or grades using the Applications. You or your teacher or school may also provide us with information about your personal interests. We will also receive and store the work you do in our Applications, including the student-generated content like your essays, and your teacher’s feedback on that work. If your school or school district uses a third-party single sign-on (like Google) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”.
Some of this information will be provided to us by your teacher or school, so we may not ask you for it directly, but we will still have it.
Third Party SSO Information
If your school or district chooses to use third party single sign-on (e.g., using a Google or Clever account) for access to the Applications, you may have to provide us with your username (or user ID) so that your identity can be authenticated through the third party account (the “SSO Account”). When the authentication is complete, we’ll be able to link your account with the SSO Account. That linking may allow us to access certain personal data, such as your name and email address, your user ID for the SSO Account, data tokens used to implement single sign-on and connect with your SSO Account profile, and other personal data that your privacy settings on the SSO Account permit us to access, in connection with creating your Applications account. We encourage you and all schools or districts to carefully choose privacy settings in SSO Accounts to limit our access to what is strictly necessary. However, we don’t try to access any information in the SSO Account that we don’t have to access in order to allow you to use it to sign onto the Applications. And we never receive or store passwords for any of your SSO Accounts.
Information Collected Automatically
Log Data
Whenever you interact with our Services, our servers automatically receive and record information from your browser or device (“Log Data”), which may include some personal information, but not personally identifiable information. Log Data includes information like your IP address, the type of browser and/or device you’re using to access our Services, the capabilities of that browser or device, and the page or feature you requested. Log Data, together with the information that we collect through the Tracking Mechanisms, comprise “Analytic Data”.
Tracking Technologies
We, and third parties with whom we interact, including our third-party service providers or business partners, may use cookies, web beacons, and similar technology in connection with your use of the Services (collectively referred to in this policy as “Tracking Mechanisms”). Cookies are small text files that may have unique identifiers, and reside, among other places, on your mobile device or your computer. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data.
If Tracking Mechanisms are used, they may be used to collect information about you and your use of our Services, such as your browser type, and the date and time of your use. Tracking Mechanisms may also be used in order to help us learn more about how users engage with the Services, enable Applications features and processes (like enabling you to return to password-protected areas of the Applications without having to re-enter your password), provide authentication and security for your use of the Applications, or store your preferences.
Specific Service Providers
Our third-party analytics service providers include Google Analytics. For Google’s privacy practices see www.google.com/analytics/learn/privacy.html. To opt out of data recording and analysis by Google Analytics, see https://tools.google.com/dlpage/gaoptout.
Advertising Partners
We may place on our Website, but never within the Applications, cookies or other tracking mechanisms which allow us to target advertising on third party platforms to individuals who have visited our website. Advertising partners may include Facebook, LinkedIn and Twitter.
Facebook allows its users to control advertising on the Facebook platform. Instructions are here: https://www.facebook.com/help/568137493302217.
LinkedIn allows members to control their LinkedIn advertising and cookie preferences. Instructions are here: https://www.linkedin.com/help/linkedin/answer/62931. Nonmembers may control their LinkedIn advertising and cookie preferences here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter allows its users to control advertising and cookie preferences on the Twitter service. Instructions are here: https://help.twitter.com/en/rules-and-policies/twitter-cookies.
Other information regarding opting out of targeted advertising can be found here: https://optout.aboutads.info.
Disabling Cookies or Web Beacons
It may be possible to disable cookies through your device settings. Most browsers allow disabling either third party cookies or all cookies. The method for disabling cookies may vary by device, but can usually be found in preferences or security settings. However, doing so may cause portions of the Services to not function, or to function improperly, or otherwise affect your ability to use the Services. You may also disable web beacons by disabling HTML images in your email program, which may also affect other images in emails you receive.
Do Not Track
The Services do not respond to the Do Not Track setting in your browser. We do not ourselves use cookies to collect personally identifiable information and track users’ online activities over time (except specifically in the Applications for the purposes we describe above) or across different web sites. However, certain of the third party analytics or advertising providers we use (e.g., Google) may be able to do so, though we do not have access to or control of that information. For information regarding Do Not Track mechanisms, see http://allaboutdnt.com.
Use and Sharing of Personal Information
This section explains how we use and share personal information, consistent with our statements above under “Our Core Commitments”.
To Provide, Maintain, and Improve the Services
We use the information we collect to provide, maintain and improve the Services. Uses of personally identifiable information for those purposes are:
- To deliver the Applications, including diagnosing and correcting any errors in the Applications.
- Enabling communications among the users of the Applications within the same organization as appropriate for their roles. For example, teachers and their students need to communicate, and teachers and their school’s administrators need to communicate.
- Only after we have removed any identifying information, we may use previously personally identifiable information for development, research, and/or improvement of the Applications or other educational services or materials we may offer.
In order to provide the Services, we may disclose your personal information including personally identifiable information to trusted third party vendors working for us in connection with the operation of our Services and our business. Those vendors will use the information only to provide services to us and will keep the information confidential.
In order to provide the Applications, we have to allow the organizations we work with to have access to your personally identifiable information. So you should know that:
- If you are a student, your teacher and your school administrators can access your Applications account and the personally identifiable information in that Applications account.
- If you are a teacher, your school administrator can access your Applications account and the personally identifiable information in that Applications account.
- Upon request, we are required to provide a school or school district with a copy of all of the personal information in any Applications account for any student or teacher in that school or school district.
If you have questions about how your teacher, school, school district, or any of their personnel handle your personal information, you should direct your questions to the appropriate person in your school or school district.
To Communicate with You
We may communicate with you if you’ve provided us the means and permission to do so. For example if you’ve given us your email address:
- For correspondents who have provided their contact information to us through the Website or otherwise outside the Applications, we may email you about the Applications including new features or options in which you may be interested, opportunities to learn about the Applications, whether other teachers or administrators in your school district are using the Applications or are interested in doing so, or to respond to your inquiries.
- For teachers and administrators, we may email you about updates to the Applications including new features or options in which you may be interested, opportunities to learn more about the using the Applications, whether other teachers or administrators in your school district are using the Applications or are interested in doing so, to respond to your inquiries, or to provide operational or legal notices. If you are a teacher or administrator, you may also be asked to if you want to participate in peer-to-peer communications about how you use the Applications.
- We do not email students except for limited and necessary operational communications like resetting the password to their Applications account.
If you do not want to receive communications from us, please indicate your preference by emailing [email protected], using an opt-out link in the email or changing your preferences in your Applications account. We also send school or school district technical administrators administrative and operational notices which we believe are necessary for their effective use of the Applications; we do not presently allow opt-out from those notices.
Analytics Data
NoRedInk uses the Analytics Data to enable us to figure out how often users use parts of the Services, so that we can customize and improve those Services. As part of our use of such information, we may provide such Analytics Data to our partners (only in a de-identified and aggregated format) about how our users use the Services. We may link Analytics Data to personal information that we collect through the Services, but we will only use the information in this form internally (for example, to customize your experience), and will not disclose it in linked format to third parties.
Business Transfers
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, we may transfer your personal information to the new owners of our business or assets, but we will not transfer your personal information unless the buyer or acquirer (1) intends to maintain and provide the Applications as a going concern and (2) agrees to honor the terms of this Privacy Policy, including providing notice and an opportunity for you to cease use of the Applications before any changes to the terms of this Privacy Policy take effect.
Protection of NoRedInk and Others
Always subject to our obligations under “Legal Compliance” above, we reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of NoRedInk, our employees, our users, or others.
Security
Your Applications account is protected by a password for your privacy and security, and you select that password, so we encourage you to select a strong password. If you use an SSO Account to access your Applications account, you may have additional or different sign-on protections via that third party site or service. You should prevent unauthorized access to your Applications account and the personally identifiable information in that Applications Account by selecting and protecting your password and/or other sign-on mechanism appropriately, not sharing those sign-on credentials with anyone, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, and we use industry standard data security measures to protect your personal information. Unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.
You should also be aware that:
- If you are a student, your teacher and your school administrators can access your Applications account and its personally identifiable information.
- If you are a teacher, your school administrator can access your Applications account and its personally identifiable information.
This means that your Applications account security is only as good as the security precautions of the people who can access your Applications account, and you should check with them about those precautions and their information handling policies.
Retrieving, Changing and Deleting Information
We store Analytics Data and information collected through the Website separately from the information stored in the Applications. We have no meaningful ability to provide you with information concerning Analytics Data. For personally identifiable information collected through the Website (e.g., by signing up for a mailing list), please contact us at [email protected] if you would like us to delete that information.
Through your Applications account settings, you may access, and, in some cases, update or delete the personally identifiable information in your Applications account. Please note that in some cases, the information in your Applications account can only be changed by your teacher, school, or school district, and you cannot change it yourself. In that case, you will need to contact the relevant person in your school or school district.
If you would like to request that personally identifiable information regarding your child (or, if you are a teacher, a child that is in your class) be updated and you do not have the ability to do so yourself, please contact us at [email protected]. In most cases we will refer your request to the relevant school or school district, but if you or your child is are not affiliated with a school or school district, we will respond to your request within 10 calendar days of our receipt of such request.
You may be able to add or update information as explained above. You may request deletion of your Applications account by filling out this form. In most cases we will refer your request to the relevant school or school district, but if you or your child are not affiliated with a school or school district, we will respond to your request within 10 calendar days of our receipt of such request. Generally speaking, we also delete personally identifiable information in Applications accounts within a reasonable period after we are informed the Applications account will no longer be used, or if it becomes inactive and we are unable to contact the relevant user, their school or school district. We may use aggregated or de-identified information derived from your personally identifiable information after you update or delete it, but not in a manner that would identify you personally.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing, updating or deleting information we have on file about you, please contact us at [email protected].
United States Operation
As a matter of our practices and policies, we adhere to the principles set out the European Union General Privacy Directive, however our Services are operated from the United States, and the privacy laws of the United States may not be as protective as those in your jurisdiction. If you are located outside of the United States and choose to use the Services or provide your information to us, you agree that your information will be transferred, processed, and stored in the United States. Your use of the Services represents your agreement to this practice.
Changes to this Privacy Policy
We will alert you to material changes to this Privacy Policy at least 30 days before they take effect by placing a notice on noredink.com, by sending you an email, and/or by some other means. We reserve the right, however, to effect important changes more quickly as needed, as in the case of a requirement for legal compliance, a security threat or other emergency situation, or if we are granting you more rights than you had under the previous version of the Privacy Policy. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been made effective, that means you agree to all of the changes.
Contacting Us
If there are any questions regarding this Privacy Policy we may be contacted using the information below.
Specific State Student Data Protection Laws
| Statute | As of Date |
|---|---|
| Connecticut General Statutes 10-234aa – 10-234dd | 2/21/2020 |
| Illinois Student Online Personal Protection Act, 105 ILCS 85/1; Illinois School Student Records Act (ISSRA), 105 ILCS 10/1 et seq. & 23 IAC 375 | 2/21/2020 |
| Montana Pupil Online Personal Information Protection Act (Montana House Bill 745) | 2/21/2020 |
| New York State Education Law Section 2-D | 2/21/2020 |
| Texas Education Code Chapter 32, Subchapter D | 2/21/2020 |
| Code of Virginia § 22.1-287.02 | 2/21/2020 |