Frequently Asked Questions About the Operation of the NoRedInk Service

Does NoRedInk use two-factor authentication to protect the security of User Accounts?

NoRedInk uses two-factor authentication internally for all of its personnel who may access the personal information it collects and stores. However, because it provides an educational product to students and teachers, and collects personal information that is only really interesting to those students and their teachers, we have not implemented two-factor authentication for students and teachers to access their accounts. We don’t think that would work well in a classroom setting.

Does the NoRedInk Service allow any social interactions? Is User Content or User personal information displayed to others? Who can see User Content?

NoRedInk provides a teacher-mediated writing curriculum. We require that all interactions be for legitimate educational purposes only, and do not provide a forum for social interactions.

The NoRedInk Service does not display User Content outside of the NoRedInk Service, and within the NoRedInk Service, we limit access to User Content to specific trusted users based on their role in the NoRedInk Service. So, each student can only see their own content, each teacher can only see and comment on their students’ content, and school or district administrators can, when necessary, only see (but not comment on) the content for students and teachers in their school or district.

Do Users have to share or reveal any personal information to participate in social interactions? Do Users control how their personal information is displayed to others?

NoRedInk provides a teacher-mediated writing curriculum. It does not provide a forum for social interactions. There is very little room or need for User control over how their personal information is displayed for the educational purposes of the NoRedInk Service, and ultimately, teachers, schools and districts decide what amount of personal information is required to be displayed within the NoRedInk Service.

Does NoRedInk review, screen, monitor or moderate User Content or User interactions? Does NoRedInk log social interactions for review or audit? Does NoRedInk modify User Content (e.g., to remove personal information)?

NoRedInk provides a teacher-mediated writing curriculum. It does not provide a forum for social interactions. In that context, NoRedInk believes it would be inappropriate to review, screen, monitor or modify User Content, and does not. NoRedInk records teacher comments or feedback on student User Content, but there are no other interactions to log.

Can educator, parents or schools filter or block inappropriate content or social interactions?

NoRedInk provides a teacher-mediated writing curriculum. It does not provide a forum for social interactions, and all content that appears in the NoRedInk service is curated to be age-appropriate and is part of the writing curriculum. Consequently, there are no separate mechanisms for filtering or blocking content or social interactions.

Can a User report inappropriate behavior, such as cyberbullying? Does NoRedInk provide tools and processes that support safe and appropriate social interactions in the NoRedInk Service.

NoRedInk provides a teacher-mediated writing curriculum. It does not provide a forum for social interactions. The only User interactions are between teachers and their students for educational purposes. There are no peer social interactions, nor any social interactions with unknown or untrusted users. We rely on the schools and school districts to provide appropriate guidelines for those interactions.

Does NoRedink filter inappropriate advertisements (e.g., alcohol, gambling, violence or sexual content).

There are no advertisements of any kind in the NoRedInk Service. So, yes.

Does NoRedInk restrict in-app purchases for children under 13 years of age?

There are no in-app purchases of any kind in the NoRedInk Service. So, yes.

Does NoRedInk disclose student information as “Directory Information” under a FERPA exception?

No.

Does NoRedInk disclose personal information without verifiable parental consent under a FERPA exception?

NoRedInk may disclose personal information to its subcontractors as indicated in its privacy policy, for which we require parental, school, or school district agreement to use the NoRedInk Service. We believe this constitutes appropriate consent.

Because NoRedInk provides an educational product primarily to schools and school districts, those schools or school districts typically determine when student personal information may be disclosed. However, in certain cases where there is no school or school district to contact (for example, if a teacher is using our free service), then pursuant to a FERPA exception, we may disclose student personal information to third parties who have required such disclosure and have the legal authority to require us to make such a disclosure, as stated in more detail in our Privacy Policy.

We do not otherwise disclose student personal information.

Does NoRedInk participate in any FTC-approved COPPA safe harbor program?

Not presently. We provide an educational product primarily to schools and school districts, intended for use by students in grades 7 and above, and we primarily rely on the school’s authority to provide consent for collection and use of student personal information, including for those few students who may be under 13.

Has NoRedInk signed any privacy pledges or received any other privacy certifications?

We have not.

Can a User assign an authorized account manager or legacy contact to access and download their data?

We don’t provide this as a formal part of our service. However, because most of our users are part of a school or school district, the school or school district has the right to manage its users’ data (both teachers and students) so this is not a significant practical concern.

What are NoRedInk’s data anonymization / deidentification practices?

For our own internal use (which we describe in the privacy policy), NoRedInk either creates a separate report which excludes all personally identifiable information from the relevant data, or (for longer-term use) securely deletes all personally identifiable information from the relevant data. When NoRedInk shares information with third parties other than service providers working for us, NoRedInk only shares aggregated statistics based on large amounts of data, which aggregated statistics neither contain any personal information, nor allow any personal information to be re-identified directly or indirectly.

Are third parties with access to a user's information contractually required to provide the same level of security protections as NoRedInk?

NoRedInk uses best-in-class third party service providers, whose security policies we have reviewed and have determined are at least as restrictive as ours. We also encrypt information in our service providers’ systems to the extent possible and consistent with the use of their services. However, because we use best-in-class service providers, we are not able to force them to agree to specific security terms. We believe this strikes an appropriate balance.

Does NoRedInk impose contractual limits that prohibit third parties from reidentifying or combining data with other data sources that the vendor shares or sells to them?

Our third party service providers are only allowed to use information we provide to them to provide services so us. That means that they are prohibited from any other activities, including reidentification or combination with other data sources. When NoRedInk shares information with third parties other than service providers working for us, NoRedInk only shares aggregated statistics based on large amounts of data, which aggregated statistics neither contain any personal information, nor allow any personal information to be re-identified directly or indirectly. This makes contractual limits on re-identification or data combination unnecessary, so we do not impose them.