Effective date: April 1, 2021
Our Core Commitments
Marketing to Students or Families
We will not use, sell, share, or disclose personally identifiable information we receive from the Applications to: (a) market or advertise to students or families/guardians; (b) inform, influence, or enable marketing or advertising to students or families/guardians; or (c) develop a profile of a student or family member/guardian, for any commercial purpose other than providing or improving the Services.
We will not sell, share or disclose personally identifiable information of teachers or administrators we receive from the Applications to third parties for marketing or advertising purposes.
Limits on Advertising and Data Collection within the Applications
Within the Applications, we do not: (a) display advertising, including any behavioral or contextual advertising; (b) permit the collection of data by third party advertising or tracking services for any purpose except to collect data for us to understand the use of the Applications in order to maintain and improve the Applications; or (c) collect data, including any behavioral data, for use in targeting advertisements on third party services or websites.
Limits on Data Collection as a General Matter
We do not, either within the Applications or the Website, collect information on free or reduced lunch status, precise geolocation data, health or biometric data, or sensitive personal information. See “Advertising Partners” below regarding the collection of behavioral data on the Website.
We shall be considered a School Official as that term is used in FERPA.
As to COPPA or any state law which requires consent or authorization from a parent or guardian for the collection or use of information concerning a student, the parent, guardian, teacher, school or school district, is responsible and liable for fulfilling any applicable consent requirement.
In accordance with the California Consumer Privacy Act legislation, compliance information and any user actions are available here: Addendum A – Special Information Regarding California Consumer Privacy Act (CCPA).
As used in this policy:
- “personally identifiable information” means information that can be directly associated with an individual and includes educational records, student-generated content, names, addresses, telephone numbers, email addresses, and other contact information. To the extent non-personally identifiable information is combined with personally identifiable information, we treat the combination as personally identifiable information. As described below, we do collect and process some personally identifiable information, including from students in 7th through 12th grade as needed to provide the Applications to those students.
- “personal information” means personally identifiable information, together with information indirectly associated with an individual, such as IP addresses, pseudonymous identifiers, etc. and other information associated with that individual that is indexed to any of the foregoing. As described below, we do collect personal information, including from students in 7th through 12th grade as needed to provide the Applications to those students.
- “educational records” means official records, files and data directly related to a student and maintained by the school or local education agency, including but not limited to, student-generated content, records encompassing all the material kept in the student’s cumulative folder, such as general identifying data, records of attendance and of academic work completed, records of achievement, and results of evaluative tests, health data, disciplinary status, test protocols and individualized education programs. As described below, we do collect and process some educational records, including from students in 7th through 12th grade as needed to provide the Applications to those students.
- “student” is interchangeable with “pupil” and means any student accessing and using the Applications for educational purposes.
- “student-generated content” means materials or content created by a student in the Applications during and for the purpose of education including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content. As described below, we do collect and process some student-generated content, including from students in 7th through 12th grade as needed to provide the Applications to those students.
- Visitors to our Website or people who correspond with us through our Website outside of our Applications
- Teachers or administrators who manage the use of our Applications by students
- Students who use our Applications
The Applications are intended to be used by students in 7th grade through 12th grade (so teens from 13 to 18, and occasionally children under 13 who are in 7th grade or are writing at a 7th grade level). The Applications are intended for students to use as part of classroom instruction with their teachers. Unless a parent or guardian is also acting as a teacher, the Applications are not intended for their use except to the extent the parent or guardian is registering their child to use the Applications and/or is acting as a teacher for the purposes of the Applications.
We gather different personally identifiable information and personal information from each of those groups of people, and may handle that personally identifiable information and personal information differently for each group, as we explain below.
Students / Children
As noted in the Terms of Service, we only collect personal information through the Applications from a child under 13 where that student's school, district, and/or teacher has agreed (via the terms described in the Terms of Service) to obtain legally-adequate consent for that child to use the Applications and disclose personal information to us.
A parent or guardian may of course directly sign up his or her child to use the Applications and provide personal information about that child to us. However, no child under 13 may send us any personal information unless they have signed up through his or her school, district or teacher and such school, district or teacher has obtained legally-adequate consent for that child to use the Applications and disclose personal information to us. Without legally-adequate consent from a parent, guardian, school, district and/or teacher, we do not wish to receive, and do not knowing collect or use personal information from any person under 13 for any purpose, including our internal operations. If you are a student under 13, please do not send any personal information to us if your school, district, and/or teacher has not obtained obtain legally-adequate consent for you to do so, and please do not send any personal information other than what we request from you in connection with the Applications.
If we learn we have collected personal information from a student under 13 without legally-adequate consent from their parent or guardian or their school, district, and/or teacher, or if we learn a student under 13 has provided us personal information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information in violation of this paragraph, please contact us at [email protected].
Users of our Premium Applications.
Students, teachers, and other users of our Premium Applications should be aware that: (1) the school or school district with which we have an agreement may, and likely will, provide personal information about you to us, and most schools or school districts require that most notifications which we would normally provide to you directly (for example, regarding legal or parental requests to access your personal information) will be provided to the school or school district.
Information You Knowingly Provide to Us
If you correspond with us outside of the use of the Applications through a web form, email or otherwise, we will collect and retain your correspondence like any other ordinary business correspondence, subject to the information retention policies and legal requirements applicable to us and standard in our business.
In order to provide the Applications to teachers (including home-schooling teachers) or administrators, we receive and store the personally identifiable information you knowingly provide to us.
As part of the registration and account setup process, we require your name, email address, school and school district affiliation, the classes and/or grades using the Applications. If your school or school district uses a third-party single sign-on (“SSO”) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”. We will also receive any feedback on student work that you may enter into the Applications.
In order to provide the Applications, we receive and store the personally identifiable information that you as a student (or your teacher, school or school district) knowingly provide to us.
As part of the registration and account setup process, we require your name, gender, email address, school and school district affiliation, the classes and/or grades using the Applications. You or your teacher or school may also provide us with information about your personal interests. We will also receive and store the work you do in our Applications, including the student-generated content like your essays, and your teacher’s feedback on that work. If your school or school district uses a third-party single sign-on (like Google, Clever, or Canvas) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”.
Some of this information will be provided to us by your teacher or school, so we may not ask you for it directly, but we will still have it.
Third Party SSO Information
If your school or district chooses to use third party single sign-on (e.g., using a Google, Clever or Canvas account) for access to the Applications, you may have to provide us with your username (or user ID) so that your identity can be authenticated through the third party account (the “SSO Account”). When the authentication is complete, we’ll be able to link your account with the SSO Account. That linking may allow us to access and collect certain personal information, such as your name and email address, your user ID for the SSO Account, data tokens used to implement single sign-on and connect with your SSO Account profile, and other personal information that your privacy settings on the SSO Account permit us to access, in connection with creating your Applications account. We may also share some information back to the SSO Account. For example, Canvas and Clever allow the exchange of information about the schools, classes and students with which a teacher is associated, information teacher and student assignments, all to make it easier to set up and manage an account for the Applications. We encourage you and all schools or districts to carefully choose privacy settings in SSO Accounts to limit the exchange of information to what you (or the school / district) want to share with us and want us to share. However, we don’t try to access any information in the SSO Account that we don’t have to access in order to allow you to use it to sign onto the Applications. And we never receive or store passwords for any of your SSO Accounts.
Other Third Party Information
Like many other companies, we may acquire from third parties lists of publicly available contact information for teachers or administrators who may be interested in our services. We do not correlate this contact information with information about users of the Applications.
Information Collected Automatically
Our Services, automatically receive and record some information from your browser or device (“Log Data”), just like all web services have to in order to function. The Log Data our Services automatically collect may include some personal information, but does not include personally identifiable information. Log Data includes information like your IP address, the type of browser and/or device you're using to access our Services, the capabilities of that browser or device, and the page or feature you requested. Log Data, together with the information that we collect through the Tracking Mechanisms, comprise “Analytics Data”. As described below under “Use and Sharing of Personal Information: Analytics Data,” we do share the collected Analytics Data (but no personally identifiable information) in a de-identified and aggregated form with third parties for analytics and tracking purposes.
If Tracking Mechanisms are used, they may be used to collect information about you and your use of our Services, such as your browser type, and the date and time of your use. Tracking Mechanisms may also be used in order to help us learn more about how users engage with the Services, enable Applications features and processes (like enabling you to return to password-protected areas of the Applications without having to re-enter your password), provide authentication and security for your use of the Applications, or store your preferences.
Specific Service Providers
Our third-party analytics service providers include Google Analytics. For Google’s privacy practices see www.google.com/analytics/learn/privacy.html. To opt out of data recording and analysis by Google Analytics, see https://tools.google.com/dlpage/gaoptout.
We may place on our Website, but never within the Applications, cookies or other tracking mechanisms which allow us to target advertising on third party platforms to individuals who have visited our website. These cookies or other tracking mechanisms on the Website (but again, never within the Applications) may collect behavioral data directly from you. Advertising partners may include Facebook, LinkedIn and Twitter.
Facebook allows its users to control advertising on the Facebook platform. Instructions are here: https://www.facebook.com/help/568137493302217.
LinkedIn allows members to control their LinkedIn advertising and cookie preferences. Instructions are here: https://www.linkedin.com/help/linkedin/answer/62931. Nonmembers may control their LinkedIn advertising and cookie preferences here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Twitter allows its users to control advertising and cookie preferences on the Twitter service. Instructions are here: https://help.twitter.com/en/rules-and-policies/twitter-cookies.
Other information regarding opting out of targeted advertising can be found here: https://optout.aboutads.info.
Disabling Cookies or Web Beacons
It may be possible to disable cookies through your device settings. Most browsers allow disabling either third party cookies or all cookies. The method for disabling cookies may vary by device, but can usually be found in preferences or security settings. However, doing so may cause portions of the Services to not function, or to function improperly, or otherwise affect your ability to use the Services. You may also disable web beacons by disabling HTML images in your email program, which may also affect other images in emails you receive.
Do Not Track
Use and Sharing of Personal Information
This section explains how we use and share personal information, consistent with our statements above under “Our Core Commitments”.
To Provide, Maintain, and Improve the Services
We use the information we collect to provide, maintain and improve the Services. Uses of personally identifiable information for those purposes are:
- To deliver the Applications, including diagnosing and correcting any errors in the Applications.
- Enabling communications among the users of the Applications within the same organization as appropriate for their roles. For example, teachers and their students need to communicate, and teachers and their school’s administrators need to communicate.
- Only after we have removed any identifying information, we may use collected information for development, research, and/or improvement of the Applications or other educational services or materials we may offer. We may also share aggregated information based on such de-identified (or never-identifiable) information with third parties working with us for development, research, and/or improvement of the Applications or other educational services or materials we may offer. We don’t share any personally identifiable information or information other than in an aggregated format, with third parties for those purposes.
In order to provide the Applications, we have to allow the organizations we work with to have access to your personally identifiable information. So you should know that:
- If you are a student, your teacher and your school administrators can access your Applications account and the personally identifiable information in that Applications account.
- If you are a teacher, your school administrator can access your Applications account and the personally identifiable information in that Applications account.
- Upon request, we are required to provide a school or school district with a copy of all of the personal information in any Applications account for any student or teacher in that school or school district.
If you have questions about how your teacher, school, school district, or any of their personnel handle your personal information, you should direct your questions to the appropriate person in your school or school district.
To Communicate with You
We may communicate with you if you've provided us the means and permission to do so. For example if you've given us your email address:
- For correspondents who have provided their contact information to us through the Website or otherwise outside the Applications, we may email you about the Applications including new features or options in which you may be interested, opportunities to learn about the Applications, whether other teachers or administrators in your school district are using the Applications or are interested in doing so, or to respond to your inquiries.
- For teachers and administrators, we may email you about updates to the Applications including new features or options in which you may be interested, opportunities to learn more about the using the Applications, whether other teachers or administrators in your school district are using the Applications or are interested in doing so, to respond to your inquiries, or to provide operational or legal notices. If you are a teacher or administrator, you may also be asked to if you want to participate in peer-to-peer email conversations about how you use the Applications.
- For teachers, administrators, and correspondents who provide their contact information to us outside of the Applications, we may offer you the opportunity to participate in sweepstakes, contests, surveys or similar promotions. Those opportunities will be offered under additional terms we will provide at the time.
- We do not email students except for limited and necessary operational communications like resetting the password to their Applications account.
If you do not want to receive communications from us, please indicate your preference by emailing [email protected], using an opt-out link in the email or changing your preferences in your Applications account. We also send school or school district technical administrators administrative and operational notices which we believe are necessary for their effective use of the Applications; we do not presently allow opt-out from those notices.
Service Providers and Our Affiliates
We engage trusted third party service providers to work for us in connection with the operation of our Services and our business, in the following roles: hosting of our Website and Applications, error and bug tracking, data storage and analysis, technical and user support, and email delivery. We may provide those service providers with, or authorize those service providers to access, your personal information, including personally identifiable information. In certain cases, third party service providers may collect information from you directly on our behalf (for example, web data analytics providers or support desk system providers).
All third party service providers we engage will use the information only to provide services to us and will keep the information confidential. Our third party service providers are not allowed to augment, extend, or combine personal information shared with them with information from third party sources. If we learn that any third party service provider has misused personal information which we have provided to them or to which we have allowed them access, we will delete that personal information (and potentially all of the personal information) held for us by that third party service provider.
We do not presently share any personal information with any of our affiliates or subsidiaries.
NoRedInk uses the Analytics Data to enable us to figure out how often users use parts of the Services, so that we can customize and improve those Services. As part of our use of such information, we may provide such Analytics Data to our partners (only in a de-identified and aggregated format) about how our users use the Services. We may link Analytics Data to personal information that we collect through the Services, but we will only use the information in this form internally (for example, to customize your experience), and will not disclose it in linked format to third parties.
Business Transfers and Delegation
Protection of NoRedInk and Others
Always subject to our obligations under “Legal Compliance” above, we reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of NoRedInk, our employees, our users, or others. If we are required to disclose your personal information by a government or legal request, we will notify you of that request if we are permitted to do so by the law governing that request.
Your Applications account is protected by a password for your privacy and security, and you select that password, so we encourage you to select a strong password. If you use an SSO Account to access your Applications account, you may have additional or different sign-on protections via that third party site or service. You should prevent unauthorized access to your Applications account and the personally identifiable information in that Applications Account by selecting and protecting your password and/or other sign-on mechanism appropriately, not sharing those sign-on credentials with anyone, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, and we use industry standard data security measures to protect your personal information. This includes: (1) only storing your personal information under our control, (2) using two-factor authentication for our [personnel] to access your personal information, (3) implementing physical access controls to those areas where personal information is stored, (4) limiting access to your personal information to only those of our personnel who need to have that access to do their jobs, and (5) encrypting all of your personal information both in transit and at rest. We also regularly conduct audits of our security practices to make sure that they are up to date. Unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.
In the event of an unauthorized disclosure of your personal information, we will provide notice as required by applicable law.
You should also be aware that:
- If you are a student, your teacher and your school administrators can access your Applications account and its personally identifiable information.
- If you are a teacher, your school administrator can access your Applications account and its personally identifiable information.
This means that your Applications account security is only as good as the security precautions of the teachers and school administrators who can access your Applications account, and you should check with them about those precautions and their information handling policies.
Retrieving, Changing and Deleting Information
We store Analytics Data and information collected through the Website separately from the information stored in the Applications. We have no meaningful ability to provide you with information concerning Analytics Data. For personally identifiable information collected through the Website (e.g., by signing up for a mailing list), please contact us at [email protected] or use this web form if you would like us to delete that information, or if you would like to know which personal information of yours we have or have shared with third parties.
We use technical efforts to ensure the integrity of the personal information we collect and store. However, because we receive all personal information either from you directly, or from the school or school district with which you are affiliated, we have no ability to determine the accuracy of that information, and rely on you or the relevant school or school district to either correct or inform us of any inaccuracies so that we can correct them.
Through your Applications account settings, you may access, and, in some cases, update or delete the personally identifiable information in your Applications account. Please note that in some cases, the information in your Applications account can only be changed by your teacher, school, or school district, and you cannot change it yourself. In that case, you will need to contact the relevant person in your school or school district.
Parents or guardians may request that we cease collection of personal information about their child. If you are a parent or guardian and would like to request that personally identifiable information regarding your child (or, if you are a teacher, a child that is in your class) be updated or personal information about your child no longer be collected (and/or that it be deleted) and you do not have the ability to do so yourself, please contact us at [email protected]. In most cases we will refer your request to the relevant school or school district, but if you or your child is are not affiliated with a school or school district, we will respond to your request within 10 calendar days of our receipt of such request.
You may be able to add or update information as explained above. By filling out this form, you may request that we delete your Applications account, or provide you with a list of all personal information of yours we have or have shared with third parties. In most cases we will refer your request to the relevant school or school district, but if you or your child are not affiliated with a school or school district, we will respond to your request within 10 calendar days of our receipt of such request.
Generally speaking, unless a legal request has been made for a user’s personally identifiable information, we do not retain and will delete personally identifiable information in Applications accounts within a reasonable period after we are informed the Applications account will no longer be used, or if it becomes inactive and we are unable to contact the relevant user, their school or school district. We may use aggregated or de-identified information derived from your personally identifiable information after you update or delete it, but not in a manner that would identify you personally.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing, updating or deleting information we have on file about you, please contact us at [email protected].
United States Operation
As a matter of our practices and policies, we adhere to the principles set out the European Union General Privacy Directive, however our Services are operated from the United States, and the privacy laws of the United States may not be as protective as those in your jurisdiction. If you are located outside of the United States and choose to use the Services or provide your information to us, you agree that your information will be transferred, processed, and stored in the United States. Your use of the Services represents your agreement to this practice. For the purposes of the GDPR, we act as a data controller for the personal data which we collect directly from users who interact with us outside of an agreement we have with school or school district, but we act as a data processor for the personal data which we collect and process as part of our agreement with a school or school district. We have established an individual within our executive team as our data protection officer, who can be reached at [email protected].
Questions; Contacting Us
548 Market St, PMB 66984, San Francisco, California 94104
Specific State Student Data Protection Laws
|Statute||As of Date|
|Connecticut General Statutes 10-234aa – 10-234dd||2/21/2020|
|Illinois Student Online Personal Protection Act, 105 ILCS 85/1; Illinois School Student Records Act (ISSRA), 105 ILCS 10/1 et seq. & 23 IAC 375||2/21/2020|
|Montana Pupil Online Personal Information Protection Act (Montana House Bill 745)||2/21/2020|
|New York State Education Law Section 2-D||2/21/2020|
|Texas Education Code Chapter 32, Subchapter D||2/21/2020|
|Code of Virginia § 22.1-287.02||2/21/2020|
|Effective since||Effective until||Policy|
|September 1, 2022||Link|
|March 7, 2022||September 1, 2022||Link|
|April 1, 2021||March 7, 2022||Link|
|April 1, 2020||April 1, 2021||Link|
|April 29, 2015||April 1, 2020||Link|