simpledu is committed to protecting student information and secure access, privacy, and interoperability in our products. We are a signer of the Student Privacy Pledge and the Project Unicorn EdTech Vendor Pledge. For more information, you can view our Student Privacy Pledge below our Privacy Policy.

simpledu ("simpledu," "we," or "us") understands that privacy is tremendously important to our online visitors to our website ("Website Visitors"), to schools who use our Services ("Schools"), and to students whose information we may access on behalf of a School ("Students").

simpledu provides a platform that enables Schools to simplify their technical integrations through the use of custom programs and/or services.

As we describe below, Schools decide which data is integrated with simpledu.

This privacy policy applies to our website www.simpledu.org and to the simpledu platforms (our "Services") and describes the steps we take to protect your data.

We strive to be transparent in our data collection and use practices.

We collect the following types of information:

Information about schools: We ask for certain information when a school or district commences a demo, trial, or otherwise consumes our Services including a name, school name, school district, school email address and/or account name and phone number, content of any messages submitted to us, and information relating to the schools information systems.

We may also retain information provided by a School if the School sends us a message, posts content to our website or through our Service, or responds to emails or surveys.

Once a School begins using simpledu Services, we will collect content and information provided by the School through the School's use of the Service and we will keep records of activities related to the Service.

We use this information to operate, maintain, and provide the features and functionality of the Service, to analyze and improve our Service offerings and functionality, and to communicate with our Schools and website visitors.

Student Data: Through the course of providing its Service to a School, simpledu may have access to personally identifiable information about students ("Student Data") that is provided by the School or by the Student.

Depending on the Service selected by the School, a School may authorize simpledu to receive Student Data from the learning application(s) used by the School.

simpledu has access to Student Data only as requested by the School and only for the purposes of performing Services on the School's behalf. The type of Student Data we collect will depend on how the School uses the Service and the type of Service the School purchases.

In many instances, simpledu receives Student Data only from the School and never interacts with the Student directly.

We consider Student Data to be confidential and do not use such data for any purpose other than to provide the services on the School's behalf, in accordance with contractual agreements with the School.

Our collection, use, and disclosure of Student Data is governed by our Terms of Use, our Additional Terms of Use for Schools, and/or any other agreement with the School, by the provision of the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable state laws which relate to the collection of Student Data. If you are a student or parent, please contact your School if you have questions about the School's use of technology service providers like simpledu. For review and correction of student personal information, please contact your/your child's school.

No simpledu products and services contain advertisements. Student and staff data will never be collected to be used for any form of targeted advertising, and no user will be subjected to the display of an advertisement in our products.

simpledu only shares personal information in a few limited circumstances, described below.

We do not sell, rent, or receive any compensation for any information collected by, or provided to, simpledu. Student data and student information collected, or provided to, simpledu will never be provided to a third party, except under the following limited circumstances:

• We may be required to share information with law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our Terms of Use, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our users.
• We may share information in an aggregated and/or anonymous form that does not reasonably identify an individual or School. For example, we may use and share aggregate or anonymized data to study and improve our Service, user functionality, and product offerings.
• We share information within the Service as needed to perform the Service and/or at the direction of the School. For example, information including Student Data, will be shared between and among authorized School users such as teachers and School administrators. This sharing will depend on the settings and functionality selected by the School.

In the events of a change of control: If we sell, divest or transfer our business, we will not transfer personal information of our customers unless the new owner intends to maintain and provide the Service as a going concern, and provided that the new owner has agreed to data privacy standards no less stringent than our own. In the event of this, we will provide you with notice and an opportunity to opt-out of the transfer of Student Data.

simpledu currently shares student information with the following third-party companies and organizations for the purposes of analytics, aggregated metrics, or other de-identified purposes:

(none)

simpledu currently shares student information with the following third-party companies and organizations for the purposes of providing our products or services:

Google Cloud Platform

All third-party companies and organizations are reviewed by simpledu to be consistent with our privacy policy and the spirit of our commitment to student data privacy. This list of third-party companies and organizations will be updated when any changes are required, and any changes will be communicated as dictated in this policy.

Storage and processing, security of your data: Any information collected through the Service is stored and processed in the United States. Specifically, all simpledu Services are hosted within Google Cloud Platform’s South Carolina region (us-east1) and makes all efforts to ensure the Services are only offered from this region. Google Cloud Platform may automatically relocate simpledu Services to another, United States based region, during any period of service interruption or maintenance as noted in the Google Cloud Data Processing and Security Terms.

All simpledu Services utilize industry-standard encryption and data protection practices where all data is encrypted, at rest and during transit, while communicating with our Services and never shared outside of the simpledu Service platform.

All simpledu Services utilize customer-provided encryption keys ensuring your data will never reside on Google Cloud’s platform after the termination of your Service agreement with simpledu.

Unauthorized disclosure: If there is any disclosure or access to any personally identifiable Student Data by an unauthorized party, we will promptly notify the affected School(s) and will use reasonable efforts to cooperate with their investigation of the incident.

simpledu takes data security very seriously and utilizes a variety of administrative, technical, and physical safeguards to ensure security of sensitive data shared with us.

All of our services and products feature an isolated design where each organization has their own independent and isolated storage mechanism. No data is "co-mingled" or shared, ensuring organizations have complete privacy on our platform(s).

All data is encrypted at rest, using Google Cloud's security mechanisms mentioned elsewhere in this policy, and will not be retained on Google Cloud Platform's service when not in use.

All simpledu services feature SSL/HTTPS encryption in transit, and also feature HSTS (HTTP Strict Transport Security) to ensure all traffic to simpledu services is encrypted.

Typically, simpledu services utilize single sign-on capability and do not store passwords for user authentication. In the event a password is required to be stored, simpledu utilizes password encryption techniques (bcrypt) to protect passwords.

All simpledu staff members who have direct access to protected data undergo yearly compliance training, and operate on a least privilege model, ensuring protected data is only accessed when needed, and is not available to all staff members.

All simpledu staff activity is logged, in an auditable way, to ensure any access is monitored.

All simpledu staff are required to maintain two-factor authentication, and authenticate to resources through federated SSO, ensuring all activity is monitored and reasonably protected through our identity provider.

All simpledu resources are hosted within simpledu's chosen cloud hosting platform (currently Google Cloud Platform) and are supported by its physical safeguards. No simpledu resources are hosted in a physical location not maintained by simpledu's chosen cloud hosting platform.

More information is available upon request, but not provided publicly, to ensure security of internal procedures.

We do not collect any information from students. simpledu does not knowingly collect any information from children. Because simpledu collects and uses Student Data at the direction of and under the control of a School, simpledu relies on each School to provide appropriate notice to parents of the School's use of third party service providers such as simpledu, and for the Schools to provide consent, if necessary, and authorization for simpledu to collect Student Data, as permitted by the Children's Online Privacy Protection Act (COPPA).

Please contact us at info@simpledu.org if you believe we have inadvertently collected personal information of a child without proper consent so that we may delete such data as soon as possible.

simpledu will notify all existing customers of policy changes made to this Privacy Policy. A policy change is defined as a change to an existing policy item, the addition of a new policy item that has an effect on other policy items, or in the best interest of our customers as deemed by simpledu.

Upon the release of a policy change to the Privacy Policy, all existing customers will receive a notification sent to the customer's primary contact via e-mail explaining the nature of the change, and when the new Privacy Policy will take effect. Additionally, all web based applications produced and operated by simpledu will display a notice of a Privacy Policy change for a minimum of one (1) month in all web based applications. By continuing to use simpledu services and products, and upon a subscription renewal, existing customers will accept any and all Privacy Policy changes. Existing customers may contact simpledu directly for any concerns related to Privacy Policy changes and/or discontinue services.

---

simpledu is honored to be entrusted by schools to support their educational needs and school operations. As such, we take responsibility to both support the effective use of student information and safeguard student privacy and information security. We pledge to carry out responsible stewardship and appropriate use of student personal information according to the commitments below and in adherence to all laws applicable to simpledu.

As such, we commit to:

1. Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
2. Not sell student personal information.
3. Not use or disclose student information collected through simpledu for behavioral targeting of advertisements to students.
4. Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
5. Not make material changes to simpledu’s online privacy policies without first providing prominent notice to the account holder(s) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
6. Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes (data is deleted from simpledu’s systems on contract expiration unless otherwise noted.)
7. Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
8. Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
9. Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
10. Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
11. Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
12. Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
13. Incorporate privacy and security when developing or improving our educational products, tools, and services and comply with applicable laws.

If you have any questions regarding our privacy practices, or if you wish to amend, update or confirm any information in our records or notify us to delete any information from our records, please contact us at: info@simpledu.org