Privacy Policy
Last updated: April 19, 2024
Gradient Learning (“we, us, and our“) recognizes and values your privacy, and we are dedicated to sharing our methods and approach to protecting your personal information with you in this policy (“Privacy Policy”).
Our Privacy Policy – Gradient Website describes the personal information that we collect from you, or that you provide to us on this website (“Website“) and may be used or shared by Gradient Learning to provide you with information, experiences or services. Our Privacy Policy – Gradient Learning Products explains what personal information we collect from you or Participant Schools and how we use, share, and protect that information through our Gradient Learning Whole Student System (the “System”) and the Gradient Learning Platform, hosted through a custom Instructure Canvas environment, located at www.gradientlearning.instructure.com (the “Platform”; the System and Platform may be referred to collectively below as the “Services”).
The purpose of this Privacy Policy is to clearly state our policies and procedures regarding the collection of your personal information and how we use it. Please read the following with care, because by using or accessing our Website and Services, you agree to this Privacy Policy. We may modify this Privacy Policy or our User Agreement (the “User Agreement”) from time to time. If we make material changes to this Privacy Policy, including changes that impair your rights or change how your information will be used under this Privacy Policy, we will provide you at least 30 days prior notice. We will seek to provide you notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. We agree that changes cannot be retroactive. The notice will indicate which sections contain material modifications and what choices you may have. Your continued use of our Website and Services after we publish or send a notice about our changes to these terms means that you are consenting to the updated terms following their effective date. If you object to any changes, you must stop using or accessing the Website and Services. If we make any changes to this Privacy Policy or the User Agreement, you can request a copy of the prior versions by contacting us at privacy@gradientlearning.org. Gradient Learning is a remote-based organization and can be contacted by email at info@gradientlearning.org. If you have any questions about this Privacy Policy or our practices, please contact privacy@gradientlearning.org.
You can learn more about Gradient Learning on our website and about the Gradient Learning Whole Student System and Student Privacy Pledge in our FAQs.
Gradient Website
What personal information is collected through this website? We collect information through this Website about our users in three ways: (a) directly from the user, (b) from our Web server logs, and (c) through cookies.
User-supplied information If you fill out the contact form on this Website, we will ask you to provide some personal information (such as email address, name, phone number, and state). We only require that you provide an email address on the contact form. Further, if chat is available through this site, you may be asked to provide information if you participate in an online chat. Please do not submit any confidential, proprietary, or sensitive personally identifiable information (e.g., Social Security Number; date of birth; driver’s license number; or credit card, bank account or other financial information) . If you submit any confidential, proprietary, or sensitive information, you do so at your own risk, and we will not be liable to you or responsible for consequences of your submission.
Web server logs When you visit our Website, we may track information about your visit and store that information in web server logs, which are records of the activities on our sites. The servers automatically capture and save the information electronically. Examples of the information we may collect include:
your unique Internet protocol address;
the name of your unique Internet service provider;
the town/city, county/state and country from;
the kind of browser or computer you use;
the number of links you click within the site;
the date and time of your visit;
the web page from which you arrived to our site;
the pages you viewed on the site; and
certain searches/queries that you conducted via this Website.
Cookies At Gradient Learning, we believe in being clear and open about how we collect and use data related to you. Our Cookie Policy applies to any Gradient Learning product, website, emails, or services that links to that policy or incorporates it by reference; it supplements this Privacy Policy. We use cookies and similar technologies, such as pixels or click-through URLs, in order to provide our services. The Cookie Policy explains the technologies that we use, why they are used, and your right to control their use.
How is the information used? We use the information primarily to provide you with a personalized Internet experience that delivers the information, resources, and services that are most relevant and helpful to you. We don’t share any of the information you provide with others, unless we say so in this Privacy Policy, or when we believe in good faith that the law requires it. We use the information that we collect about you or that you provide to us through this Website to collect anonymous traffic data and geographic location, derived from your IP address. The information we collect in web server logs helps us administer this Website, analyze its usage, protect the website and its content from inappropriate use, and improve the user’s experience.
How is the information protected? Protecting student privacy is a top priority. We received the top score for education technology providers from Common Sense Media, and we were among the first signatories of the Future of Privacy Forum’s Pledge 2020. We have established robust physical, technical, and administrative safeguards designed to protect the information collected through this Website. These safeguards prevent unauthorized access, disclosure, or improper use of information. We are constantly evaluating our policies and practices to improve the security of our network and systems. For a full and detailed list of those protections, please see our Data Privacy Addendum.
Who has access to the information? We will not sell, rent, or lease mailing lists or other user data to others, and will not make your personal information available to any unaffiliated parties, except as follows:
To agents, website vendors and/or contractors who may use it on our behalf or in connection with their relationship to us;
As required by law, in a matter of public safety or policy, as needed in connection with the transfer of our business assets (for example, if we are acquired by another organization or if we are liquidated during bankruptcy proceedings), or if we believe in good faith that sharing the data is necessary to protect our rights or property.
How can I opt out of future communications? You may opt out of any future contacts from us at any time. You may also contact us here to:
see what data we have about you, if any;
change/correct any data we have about you; and/or
ask us to delete any data we have about you.
What about my California Privacy Rights? California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us via privacy@gradientlearning.org.
Gradient Learning Products
Gradient Learning Whole Student System
The Gradient Learning Whole Student System provides a whole student approach to learning that equips educators to prepare students with the skills, knowledge, and habits to lead fulfilled lives long after they graduate. Gradient Learning operates the System, including the Gradient Learning Platform, hosted through a custom Instructure Canvas environment, located at www.gradientlearning.instructure.com. Gradient Learning offers the System and Platform to schools that sign an agreement with Gradient Learning.
The System is designed to facilitate strong relationships between teachers and students through real-time data about progress toward goals, access to ongoing feedback, and access to a wide range of learning resources that enable students to build on what they learn from the teacher by self-directing some of their learning, too.
Gradient Learning does not place ads in its System or Platform, or use personal information that we collect for ad purposes, including for behaviorally-targeted advertising purposes. We do not, and will not, make or seek to make money from students or their schools, teachers, or caregivers. We do not, and will not, sell, rent, or lease the personal information of students, teachers, or anyone else.
As part of our commitment to protecting the privacy of students, educators, and institutions, we are a signatory to the Future of Privacy Forum’s and SIAA’s Student Privacy Pledge.
As with any technology used in the classroom, protections must be in place to safeguard student information. We have established this Privacy Policy – Gradient Learning Products to explain the personal information that we collect and how we protect, use, and share it. Use of the Services is also governed by the User Agreement.
This Privacy Policy - Gradient Learning Products applies to the System features accessed through the Services. This Privacy Policy – Gradient Learning Products applies to those who engage with the System (“Licensed Users”) and describes how we collect and use information from students attending Participant Schools (defined below) (each a “Student User” and Student Users together with Licensed Users are “Users”).
For clarity, this Privacy Policy does not apply to Along, another Gradient Learning product, which is offered under its own Privacy Policy and Website Privacy Notice.
Contract and Services. When you use our Services you agree to all the terms in this Privacy Policy and our User Agreement. You agree that by registering for, accessing or using our Services, you are entering into a legally binding contract with Gradient Learning (even if you are using our Services for your work at a school).
Users of the System We provide the System directly to schools and school districts that enter into a Main Services Agreement (including the Data Privacy Addendum and Participant School Terms of Service) (collectively, the “Services Agreement”) with us for their educational purposes (“Participant Schools”). To operate the System for Participant Schools, we collect certain information through the System and only use and share the information to provide the System in accordance with such Services Agreements (or other terms agreed upon with applicable schools), this Privacy Policy, and applicable laws. Each Services Agreement includes a Data Privacy Addendum that includes protections for Student User information, and limits our use and sharing of Student User personal information to the System. Parents and legal guardians (“Legal Guardians”) can get more information about the System on our Website.
Information We Collect We collect different information depending on whether the User is a teacher, school administrator, student, or Legal Guardian and how the User uses the Services. We get information, including personal information, about and from Users through the Services in two ways: (1) from information provided directly to us and (2) from information we collect through the System and Platform. Information provided directly to us can include information provided by Participant Schools and external parties. Regardless of how we get personal information about Users, including students, we only use the information to provide the System in accordance with our commitments to our Participant Schools and as otherwise provided in this Privacy Policy or our agreement with the User.
Information Provided Directly to Us Licensed Users or their Participant School may provide us with personal information, and Participant Schools may direct that personal information be provided to us by others for use with the System. Examples of such information include the following:
Account Sign-Up and Profile Information
Contact information such as full name and email address;
Username and password; and
Teacher information, including, but not limited to, name and years of experience.
Class and Student User Information. Participant Schools may choose to import the below information from outside third-party services into the Services:
Enrollment information including: student grade level, homeroom, guidance counselor, specific curriculum programs, year of graduation;
Student transcript;
Student name;
Student email address;
Student identification numbers such as a school identification number or school information system identification number, state ID number, or Gradient Learning ID number;
Student record information such as attendance, suspension, and expulsions;
Student demographic data, including date of birth, gender, socioeconomic status, ethnicity or race;
Student subgroups, such as English learners, students with disabilities, specialized education services (IEP or 504) or low income status;
Mentor observations;
Student outcome information such as grade level promotion and matriculation, AP and IB test information, college admission test scores, college eligibility and acceptance, and employment; and
Academic or extracurricular activities a student may belong to or participate in.
Course Information and Student User Scores
Course data including coursework in applicable media (e.g., video, audio, text and images) and course progress;
Student scheduled courses and teacher names;
Test scores, grades, standardized test results (such as NWEA MAP, SBAC, etc.), and teacher feedback on coursework; and
Teacher curricula and notes and feedback to or about students.
Legal Guardian Information
Names, address, mobile phone numbers, and email addresses of Legal Guardians (if provided to us by the Participant School or the Legal Guardian);
Legal Guardian ID number (created to link Legal Guardians to students)
Other
Student in-app performance and program membership;
Answers to surveys about the Services or curricula; and
Feedback, suggestions, questions, and ideas submitted to us.
For a more comprehensive list of information, see Exhibit A of the Data Privacy Addendum. A detailed explanation of how information is collected and used is provided in the FAQs.
Information We Collect Through Services Engagement Like most services provided over the Internet, we (and our Service Providers (defined in Section 5 below)) automatically collect and store information from Users’ and visitors’ computers and devices when they are used to engage with the Services. Examples of such information include:
Device and Network Information: We may collect information about networks (such as language, Internet protocol (IP) addresses, internet service provider, and connection speed) and other identifiers that are automatically assigned to a User’s or visitor’s computer or device (such as browser type and operating system). We also collect the date and time of your use of the Services, and information about the links clicked and pages viewed within the Services. We collect this information to better distinguish users of the Services, which helps us to better secure our Services, understand which of our content and features users find valuable and, for Licensed Users, to provide reliable and personalized Services.
Cookies, Pixel Tags, and Similar Technologies: We use technologies such as cookies, pixel tags, local storage, and similar technologies to automatically collect this information. By using the Services, you consent to our use of cookies and similar technologies to collect information as you engage with the Services. You have control over the collection of information through these technologies per our Cookie Policy. Most browsers allow you to block or delete cookies through settings they provide, but please know that some of our Services will not work properly. For explanations of what Cookies and Pixel Tags are, please see the Instructure Canvas Learning Management System Cookie Notice.
Our Service Providers (defined below) may use cookies to collect information on their sites and through their services. For example, Gradient uses the Canvas and Impact services from Instructure (a Service Provider) to deliver our Services. To understand Instructure's use of cookies in Canvas and Impact, please refer to Instructure's Canvas Learning Management System Cookie Notice.
Information Received from External Sources We may also obtain information, including personal information, from external sources, such as content partners, providers of tests and assessments, and User information systems, to update or supplement the information we have about Users. For example, this may include data schools choose to provide us via School Information System (SIS) integrations with providers such as Clever (see Section 3.1(a) for examples). You can see more information about such integrations in this Gradient Learning Help Center Article (“Setting up your Clever Account”). Local law may require that you authorize the external sources to share your information with us before we can acquire it. We treat personal information we receive from these external sources in accordance with this Privacy Policy, including if we directly combine that personal information with other personal information that we collect through the Services.
Information We Do Not Seek to Collect or Store We do not seek to collect sensitive information about students, such as precise location or biometric data. If we become aware that such information has been provided, we will get the appropriate Participant School or Legal Guardian consent to keep it if it is reasonably necessary for the Services or delete it within a reasonable time of such awareness.
We Limit the Use Of The Personal Information We Collect We use the personal information we collect from the Services for educational purposes as directed by Participant Schools, including to:
Provide curricula choice or recommendations;
Drive learning engagement and progress via content suggestions to Users;
Maintain the security and reliability of the Services, troubleshoot, and perform audits;
Administer surveys, studies, and interviews;
Operate, develop, analyze, evaluate, and improve Gradient Learning’s educational sites, services, or applications;
Manage the oversight and use of the Services, pursuant to Participant School’s policies;
Communicate with Users in connection with providing the Services;
Send Legal Guardians who are Users informational alerts or other communications via SMS or email messages (see Section 9 (“How We Communicate with You”) for information on how to manage or opt-out of communications);
Evaluate the efficacy of the Services and System;
Perform other activities requested by Participant Schools for educational purposes or with the consent of a Legal Guardian (or Student User of the age of majority);
Protect or defend the rights, safety, or property of Gradient Learning, Participant Schools or Users, or to comply with any law enforcement, legal, or regulatory process;
De-identify the information for other Gradient Learning purposes; or
Comply with applicable laws.
To be clear, we will not:
Seek to make money from students or their schools, teachers, or Legal Guardians through the Services;
Include advertising in the Services, including behaviorally-targeted advertising to Users;
Sell, rent or lease (or authorize Service Providers to sell, rent or lease) any personal information we collect from Student Users for any purpose – including for advertising and marketing purposes;
Use the personal information we collect from Student Users for marketing purposes;
Get paid to make recommendations to students or use (or authorize Service Providers to use) the personal information we collect from students for advertising purposes, including behaviorally-targeted advertising purposes. Our personalized learning may include recommendations for further learning resources, including some resources provided by others.;
Use (or authorize Service Providers to use) the personal information we collect from Users for the creation of commercial products or services; or
Use information collected from Student Users for any purposes other than educational purposes of our Participant School unless we have de-identified the user information such that it cannot reasonably be linked to an identifiable Student User.
De-identified information. We de-identify personal information and use de-identified information for other purposes, including research and product improvement. We consider “de-identified” information to be information that has direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact an individual. Such identifiers include persistent unique identifiers, name, ID numbers, date of birth, and school ID.
We Limit How Personal Information Is Shared In order to provide our Services, we share your personal information in the limited ways outlined below:
Within a school. Participant Schools and their Users within a school share information with each other as authorized by the Participant School and for the Participant School’s educational purposes. The Services do not include features that make Student User personally identifiable data publicly available.
School officials. Because the Services is an educational tool, authorized school officials have legal rights to view, export, and request deletion of information in the Services.
Legal Guardians. With a Student User’s Legal Guardians as authorized by the Participant School or as required by applicable law.
Service Providers. We rely on service providers to help develop and support the operation of our Services, such as through document management, data hosting, and provisioning customer service tools related to the Services (“Service Providers”). We maintain a list of our Service Providers, which may be updated from time to time. As part of these partnerships, they are required to comply with strict privacy and security terms. We do not and will not permit our Service Providers to sell your personal information or to share it for targeted advertising. Our Service Providers may only use your personal information as reasonably necessary to provide services that assist us in providing the Services. For example, Gradient uses the Canvas and Impact services from Instructure (a Service Provider) to deliver our Services. To understand what information Instructure collects and how they process your personal information, please refer to Instructure’s Product Privacy Notice. Links for the privacy policies of our other Service Providers are available on that list of our Service Providers.
Research Service Providers. We rely on certain Service Providers to help us make modifications and improvements to our Services (“Research Service Providers”). Unless a Participant School opts-out, Research Service Providers may use personal information (but not Student User information) to contact Participant Schools and their educators to invite them to participate in research opportunities. Participant Schools may enter into agreements with Research Service Providers and may direct and authorize us to share additional personal information with Research Service Providers in connection with the research projects under those agreements (but not Student User information without prior consent by the school or legal guardian, as required under applicable law). We maintain a list of Research Service Providers, which may be updated from time to time, and include links for each Research Service Provider’s privacy policy.
Gradient Learning Affiliates. We may share User information to and among our affiliates (i.e., entities controlled by Gradient Learning), in which case we will require them to honor this Privacy Policy. Information is shared for the purposes of providing and improving Participant School support, product analytics and development, and other internal usage as permitted by law.
New owners. If the ownership or control of all or part of the Services changes, we may transfer information to that new owner. We, along with other signatories to the Student Privacy Pledge, have committed to protecting Student User personal information in the event of such a change of ownership so that we honor commitments made prior to the change.
In the event of such a change, we will provide notice to Users through the Services (or other contact information we have for a User) and this Privacy Policy will continue to apply and any new owner would be permitted to use and share personal information only pursuant to this Privacy Policy (unless Users agree otherwise). If a new owner does not agree to comply with this Privacy Policy, Users will be given a chance to opt out before any personal information is transferred to the new owner.
In the unlikely event that we file for bankruptcy or dissolution, we will protect your personal information by seeking to require that it be used only in accordance with this Privacy Policy, and we will not sell personal information to any third party.
Law enforcement requests. We may access, preserve, and share User information in response to any law enforcement, legal, or regulatory process (e.g., warrants, subpoenas, court orders), or other applicable laws and regulations, if we have a good-faith belief that the law requires us to do so. In such cases, to the extent permitted by law, we will attempt to provide the Participant School or Legal Guardian (as applicable depending on the circumstances) with notice of such legal request prior to complying with respect to requests for Student User personal information.
With other third parties as required. With entities that we are obligated to share information with, as required by law or our agreements with Participant Schools. We may share personal information with third parties if we believe in good faith that sharing information is necessary or appropriate (i) to protect or defend the rights, interests, safety, or security of us, our Participant Schools, Users, or Service Providers; (ii) to prevent violations of the terms of use that govern the Services; and (iii) as otherwise required by law.
With other third parties as permitted. We may share information with other third parties, if directed or authorized by the Participant School or with Legal Guardian consent, to the extent permitted by law and subject to our User Agreement.
De-identified information. In the event we wish to demonstrate how the System is used or its efficacy, or otherwise provide information or marketing materials related to the System, we will only share de-identified information. We may share aggregated and/or non-personally identifiable information publicly (such as statistics about visitors and traffic patterns).
We Support Legal Guardian Engagement We support and encourage the involvement of Legal Guardians in their Student Users’ education. Legal Guardians and Student Users may, at any time, make a request to access, review, correct, or delete personal information in the Services by contacting the appropriate official at the Student User’s Participant School. The Participant School may either make the change themselves or ask us to make such change. We will process such Participant School requests within forty-five (45) days of receiving a written request in a manner consistent with applicable law, and the terms of the Data Privacy Addendum.
Student User’s Personal Information Prior to a student accessing the Services, the Student User’s teacher or Participant School administrator must create the Student User’s account on the Platform. When the Participant School administrator or teacher registers its students, we rely on consent obtained from Participant Schools acting as an agent of the Student User’s Legal Guardians. COPPA governs the collection of certain information from children under the age of 13 (“child” or “children”); for more information about COPPA and generally protecting children’s online privacy, please visit the Federal Trade Commission COPPA FAQs and OnGuard Online. While COPPA does not directly apply to non-profit organizations such as Gradient Learning, we voluntarily comply with COPPA’s guidelines regarding information collected from or about all students regardless of their age. Accordingly, where this Privacy Policy references students or any information collected from or about students, our Privacy Policy applies to students under 13 years old as well as students 13 years old and above. For more information about how we protect student information, see Section 12. You can go here for a list of some of the types of Student personal information Gradient Learning may collect through the Gradient Learning Platform and examples of how it is used in the Gradient Learning Whole Student System. If we discover that we have collected personal information from a Student User in a manner inconsistent with this Privacy Policy, we will take appropriate steps to either promptly delete the information, or seek consent for that use for the Services. Gradient Learning limits who can access the student information within the Platform. We employ user-based access controls which means that different user groups have different levels of access to student information (e.g., individual, classroom, school) based on their role:
Students and their Legal Guardians;
Teachers and administrators;
Gradient Learning employees and contractors (“Staff”) who provide coaching and support to school leaders;
Gradient Learning and authorized Service Provider staff who work on the Platform.
Accordingly, the Services do not permit any Student User’s account or the content and grades thereon to be viewed or accessed by the general public.
Security and Accuracy of Personal Information The security of personal information from our Users is important to us, and we work hard to protect it from unauthorized access and use. In an effort to prevent unauthorized access, disclosure, or improper use of User information, and to maintain data accuracy, we have established physical, technical, and administrative safeguards designed to protect the personal information we collect.
We restrict access to personal information to authorized Gradient Learning employees, agents, Service Providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Staff are subject to discipline if they fail to meet these obligations.
We use strong authentication methods including multi-factor authentication for all Staff.
We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information.
We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored.
We strive to maintain a data backup and recovery capability designed to help ensure a timely and accurate restoration of personal information. These backups are encrypted and stored in a different region.
We work hard to maintain a secure software development lifecycle with industry standard security practices designed to establish secure application, infrastructure, and network architectures.
We provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.
We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks, and work hard to timely remediate identified security vulnerabilities.
We’re constantly evolving our security procedures as technology changes, but our security procedures at a minimum include the following: And we require our Service Providers with which we share Student User personal information to employ similar and appropriate industry standard data protection and security protocols.
We regularly develop and implement features to help keep personal information safe. Should you discover any security bugs or vulnerabilities in our Services or have any questions regarding our data practices, please contact our team at security@gradientlearning.org.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practice can be 100% guaranteed. The security of personal information can be compromised by outages, attacks, human error, system failure, unauthorized use or other factors at any time. If we learn of a breach of your personal information, we will provide notice which will include information required by applicable law.
Data Retention and Deletion Gradient Learning will only retain personal information for a limited time. Participant Schools may request the review or deletion of their Student User information in the Services. We will delete or de-identify such information within sixty (60) days, or in compliance with applicable law, unless we otherwise have consent to retain such information or are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, or enforce the Main Services Agreement, or any posted guidelines, policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained. Such information will also be deleted if a Participant School leaves the System. For additional information relating to deletion and retention policies, please see our FAQs.
How We Communicate With You If you created an account on the Services (or provided an email address or phone number to us, or otherwise opted-in to receive communications from us), we may send you messages related to the Services, including messages regarding your account, privacy and security notices, and updates and information regarding the System, including the Services. These communications may be sent through SMS, push notifications, email, telephone calls, and postal mail. (Note: Standard carrier fees may apply to messages sent to your mobile devices.) If you have an account with us, we’ll also use your contact information for customer service purposes, or to contact you for legal matters or purposes. We may receive a confirmation when you open an email from us if your device supports it. For Legal Guardians. If, as a Legal Guardian of a Student User, you provided contact information to your school, your account will be set up by your Student User’s teacher or Participant School. At the direction of the Participant School, we may send an invitation to you to log in to your account via the contact information that your Student User’s teacher or Participant School provided to us to set up your account. The invitation may be sent via email or SMS text message. (Note: Your carrier may charge you fees for text messages.) We may also send you informational text messages, including, but not limited to, messages: (1) providing information related to your student’s use of the Services; (2) supplying information that you request; or (3) responding to your inquiries regarding your account or use of the Services. If, as a Legal Guardian of a Student User, you provide your telephone number to your Student User’s Participant School, you are consenting to Gradient Learning (on behalf of and at the direction of your student’s Participant School) sending informational text messages related to the Participant School’s mission. If, as a Legal Guardian, you would prefer not to receive our communications, you may opt-out using the instructions contained in these communications, you may text “STOP” at any time and/or contact us (see Section 11 below). After doing so, we will send you confirmation of this opt-out via text message.
Your Choices Regarding Your Personal Information We provide a variety of ways for you to control your personal information, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
11.1 Access, portability, correction, and deletion
Access personal information. You can ask us for a copy of your personal information, including in a machine- readable form (data portability).
Change or correct personal information. You can also ask us to change, update, or fix inaccurate personal information in certain cases, subject to our legal obligations and lawful exceptions.
Delete personal information. You can ask us to erase or delete all or some of your personal information subject to our legal obligations and lawful exceptions. To make such requests, contact privacy@gradientlearning.org. In the email, please provide us with your name, state in which you live, which of the above rights you would like to exercise, and sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. Please also let us know if you have questions or concerns related to exercising any rights you have under applicable law.
11.2 Object to, limit, or restrict use of personal information
Communications preferences. You can opt out from communications with Gradient Learning at any time via the unsubscribe link in emails from us.
Targeted advertising and data sale / sharing. We do not use third-party advertising cookies on our website. Profiling and automated decision making. Some privacy laws provide a right to opt-out of profiling or automated processing in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Gradient Learning does not engage in such profiling or automated processing.
11.3 Browser or platform controls
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain settings or features of our website. Please see our Cookie Policy for more information.
Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” (“GPC”) or similar controls that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.
Do Not Track. Some browsers include a “Do Not Track” (“DNT”) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
If you would like to appeal our decision with respect to a request to exercise any of your rights, please email us at privacy@gradientlearning.org and explain the basis for your appeal. Gradient Learning will not discriminate against you in any manner for exercising any of the above rights with respect to your personal information.
Additional Information for California Residents While the California Consumer Privacy Act ("CCPA”) does not apply to nonprofit organizations like Gradient Learning, we take privacy seriously and have chosen to inform our practices with the CCPA. Specifically:
12.1 Data Subject Rights In addition to the rights listed in section 11, California residents have the additional “right to know.” This right allows you to request the following information about the personal information that we’ve collected in the past twelve (12) months:
Information about Data Collection
The categories of personal information that have been collected.
The specific pieces of personal information that have been collected about you.
The categories of sources from which we have collected personal information.
The business purpose for which we have collected personal information.
Information about Data Disclosure
The categories of personal information that we have sold, shared, or disclosed for a business purpose.
The categories of third parties with whom personal information has been sold, shared, or disclosed for a business purpose.
Note that general details about data collection and disclosure are provided in this Privacy Policy. If you wish to exercise your rights or request more specific details about the above, please email privacy@gradientlearning.org and follow the instructions in Section 11.1 above. If you would like an authorized agent to make a request for you, please have that agent email privacy@gradientlearning.org with the above information along with additional information sufficient for us to verify that the authorized agent is acting on your behalf.
12.2 Additional Disclosures / “Notice at Collection” You have a right to receive notice of our personal information collection, use, retention, and disclosure practices at or before the collection of personal information. We have described in fuller detail in this Privacy Policy the personal information that we collect, how we use and disclose it, but provide the following additional disclosure:
Information we collect. We have collected the following categories of personal information within the past 12 months: (1) identifiers; (2) internet or other similar network activity; (3) education information; and (4) audio and visual information as part of the content and communications exchanged between students and teachers using the Services. See Section 3.1 of this Privacy Policy for more details.
Purposes of collection, use, and disclosure. As described in Sections 3.2 and 3.3 above, we do not “sell” or “share” personal information (as those terms are defined by the CCPA) of our users. In addition, we use or disclose the personal information we collect for one or more of the business purposes described in Sections 3.2 and 3.3 above.
Retention of information. We only keep personal information for as long as it’s necessary to provide the Services. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school. See Section 7 above for more details.
Along
We have done our best to write this Privacy Policy in simple and clear terms. We have also added summaries below each section that provide short explanations of the legal language in plain English.
Introduction Along is a free, web-based, digital teacher-student connection builder - helping teachers to better understand their students and increase student engagement in the classroom. The Services (defined below) enabled by Along have been developed to facilitate meaningful communication (in the form of multiple choice questions, asynchronous text, video and/or other supported methods of communication) between teachers and students through research-informed reflection questions and resources.
Gradient Learning (“Gradient Learning”, “we”, “us” and “our”), a California nonprofit public benefit organization and 501(c)(3) nonprofit organization, is dedicated to bringing communities, schools, and families together in pursuit of meeting the needs of every student. With support from the Chan Zuckerberg Initiative (“CZI”), Gradient Learning offers Along as a free service to teachers and students. For clarity, this Privacy Policy does not apply to any other product or service offered by Gradient Learning, such as Summit Learning, which is offered under its own Privacy Policy. Further, this notice does not apply to personal information relating to our employees, contractors, or other personnel.
Gradient Learning and CZI are signatories to the Future of Privacy Forum’s and SIAA’s Student Privacy Pledge. Along also participates in, and meets the standards of, the iKeepSafe Safe Harbor program.
Gradient Learning does not place ads in Along nor use personal information of users we have identified as Student Users for ad purposes, including for behaviorally-targeted advertising purposes. We do not, and will not, make or seek to make money from students or their schools, teachers, or parents. We do not, have not, and will not sell, rent, or lease the personal information of Student Users.
Summary Along is a free teacher-student connection builder, provided by Gradient Learning with support from the Chan Zuckerberg Initiative. Along is designed to help build trust between teachers and their students, and to help increase student engagement in the classroom.
Your privacy on Along is our priority. We don’t make money from students and teachers using Along, nor do we allow ads to be placed on Along. We do not and will never sell or rent personal information of users identified as Student Users.
As with any technology used in the classroom, protections must be in place to safeguard student information. We have established this Privacy Policy (the “Privacy Policy”) to explain the personal information that we collect and how we protect, use, and share it.
This Privacy Policy applies to Along’s features and related services (collectively, the “Services”). It also applies anywhere we gather personal information and refer to this Privacy Policy. This Privacy Policy applies to teachers who register for the Services (“Registered Teacher”) and students invited by a Registered Teacher who register for the services (“Student User”) (together, “Users” or “You”), administrators and school district officials from Schools (defined below) (“School Administrators”) whose teachers and students are Users, and parents and legal guardians of a Student User who is under the age of 18 (“Parents”).
For clarity, Along’s website [www.along.org] is subject to its own Website Privacy Notice.
Summary We take your privacy very seriously. This Privacy Policy covers the protection of personal information for students and teachers who use Along, school administrators of schools where those teachers work, and parents/legal guardians of students.
Contract When you use our Services, you agree to all the terms in this Privacy Policy and our User Agreement, including the Data Privacy Addendum (“User Agreement”). You agree that by registering for, accessing or using our Services, you are entering into a legally binding contract with Gradient Learning, as further described in the User Agreement. Summary
By using Along, you are entering into a contract with Gradient Learning and agreeing to the terms in this Privacy Policy and our User Agreement.
Website Visitors If you are a visitor to the Along website [www.along.org], we will collect certain information from you in order to provide our services. This includes information you give us directly, such as your first and last name, and information provided from your browser or device, like log data and cookies. Please see the Along Website Privacy Notice for more information.
Summary We collect and use information from Along website visitors so that we can send requested information. This collection and use is subject to its own Website Privacy Notice.
Users of the Services We provide the Services directly to Registered Teachers or School Administrators who agree to the User Agreement on behalf of, and as an authorized agent of, the school through which they conduct learning activities (“School”). In order to operate the Services, we collect certain information and only use and share the information to provide the Services in accordance with the User Agreement (or other terms agreed upon with Registered Teachers or School Administrators), this Privacy Policy, and applicable laws. If you do not provide certain personal information (i.e., name and e-mail address) or if you withdraw such information, then we may not be able to operate or provide the Services to you. See Section 3.1 below for details. The User Agreement includes a Data Privacy Addendum that includes protections for Student User information and limits our use and sharing of Student User personal information to the Services. Summary We provide Along to teachers and/or school admin users who agree to our User Agreement. To operate the Services, we need to collect and use certain personal information from users (in accordance with our User Agreement, this Privacy Policy, and applicable laws). Any personal information we collect comes with specific protections and sharing limitations.
3.1 Information We Collect We collect the following types of information, including personal information, from students and teachers when they sign up for and use the Services.
Account Sign-Up and Profile Information:
Teacher and student contact information such as full name, preferred name/nickname, email address and school name
Teacher and student profile information, such as a profile picture and descriptions of hobbies and favorite activities
Any log-in details a teacher or student chooses to provide (e.g., email address)
Use of the Services:
Content and online communications: Content (including teacher prompts, student responses, and teacher feedback to students), online communications (such as written or audio messages, photos, or videos that are exchanged between students and teachers within the Services), and type of communication
Communications metadata: Information such as file size, name of a file (e.g., photo, audio or video), or date or time the audio or video recording was taken
Usage: Information about how students and teachers use and interact with the Services, such as the prompts they search for and choose, number of photos, written messages, or audio/video recordings exchanged, whether they open emails or click the links contained in emails, and what types of features they engage with in the Services
Class and Student User Information. Teachers may choose to import the below information from outside third party services into the Services:
Class rosters, homeroom, and grade level
Student course schedules, teacher names
Student identification numbers such as school identification number or school information system identification number
Academic or extracurricular activities a student may belong to or participate in
User-submitted Reports, Surveys, and Feedback:
Information related to bug and content reports, such as descriptions of the issue and communications between users and product support staff
Survey answers and other product feedback you choose to provide us
Parent and School Administrator Information:
Names, phone numbers, and email addresses of parents and school administrators (as provided by teachers and students)
Device and Network Information:
We may collect information about devices (such as operating system, and browser type) and networks (such as language, IP address, internet service provider, and connection speed) to better distinguish users of the Services to deliver a customized, secure, and reliable experience for users
Cookies, Pixel Tags, and Similar Technologies:
Cookies. Cookies are small text files placed on your device consisting of a string of numbers and letters that uniquely identifies your device. This helps us do things such as save your preferences and identify Student Users in order to limit our collection and use of personal information accordingly.
Pixels. Pixels are a type of technology placed on a website or within the body of an email for the purpose of tracking certain activity, such as views of a website or when an email is opened. Pixels are often used in combination with cookies. For additional information, see our Cookie Policy.
Click-through URLs. If you “opt in” to receive newsletters, updates, or other information from us, our emails may use a “click-through URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails. If you prefer not to be tracked in this way, please do not click text or graphic links in emails you receive from us.
Summary When teachers and students sign up for Along, we collect certain types of information — including:
Account sign-up and profile information (such as your name, email address, and profile picture)
Your usage of Along (such as content you upload, like teacher prompts, student responses, and teacher feedback; written messages, photos or videos, and other communications; metadata; and usage data)
Class and student user information (such as student names, classes, grade levels, teacher names, school ID numbers, and academic or extracurricular activities)
User-submitted reports, surveys, and feedback (such as technical support data and communications, survey answers, and other product feedback)
Parent and School Administrator information (such as contact information for parents and school administrators and parent ID numbers)
Device and network information (such as operating systems, browser types, networks, and devices being used)
Cookies, pixel tags, and similar technologies (such as cookies that help us save your preferences and identify users)
3.2 Information We Do Not Seek to Collect or Store We do not seek to collect sensitive information about Student Users or Registered Teachers, such as precise location or biometric data. If we become aware that such information has been provided, we will delete it within thirty (30) days of such awareness or get the appropriate School, Parent, or User consent to keep it if it is reasonably necessary for the Services. Summary
We don’t intentionally collect sensitive information through Along, such as the exact location of students. If we become aware that sensitive information is on the Services, we will delete it or notify the appropriate party to get consent to keep it if necessary.
3.3 We Limit the Use of the Information We Collect We use the personal information we collect from the Services for educational purposes as directed by Registered Teachers or Schools, including to:
Allow students and teachers to communicate with each other in the Services;
Drive learning and mentoring engagement between students and teachers;
Customize the experience for students and teachers, such as by suggesting prompts for teachers to use with students;
Operate, develop, analyze, evaluate, and improve Gradient Learning’s educational sites, services, or applications;
Communicate with Users, Parents, and School Administrators in connection with providing the Services;
Communicate with teachers and school administrators for marketing purposes;
Manage the oversight and use of the Services, pursuant to School policies;
Maintain the security and reliability of the Services, troubleshoot, and fix bugs;
Perform other activities requested by Registered Teachers or Schools for educational purposes or with the consent of a Parent or Student User of the age of majority;
Protect or defend the rights, safety, or property of Gradient Learning, Schools or Users, or to comply with any law enforcement, legal, or reg$UnorderedListatory process;
De-identify the information for other Gradient Learning purposes; or
Comply with applicable laws.
Safety. We are committed to making Along a safe space for students and teachers. Your well-being is very important to us. We also use the personal information we collect to improve safety for our Users on and off the Services. This includes helping Registered Teachers and School Administrators investigate suspicious activity, reported content, violations of School’s policies or our policies; preventing spam and other bad experiences; combating harmful conduct; verifying accounts and activities; and maintaining the integrity of the Services. We may accomplish this through human review and automated systems. Advertising. Along does not include advertisements for third-party goods and services. However, we may use advertising to promote Along to teachers and school administrators, such as by using their email addresses or cookies to direct ads for Along to them on third-party sites, including third-party online services like LinkedIn. We do not use personal information of users identified as Student Users for ad purposes. As described in Along’s Website Privacy Notice, under California law, this practice is considered to be “sharing” of personal information and may also be deemed a “sale” of such information. You can opt-out of this practice by clicking the Do Not Sell or Share My Personal Information link or the link provided in the footer of the website in the Along Website Privacy Notice and turn off the toggle switch for Marketing and Social Media Cookies. You may also be able to opt-out by broadcasting the Global Privacy Control (“GPC”) signal from a supported browser (see Section 10.5 for more information). Teacher Library. The Along Teacher Library contains content provided by third party experts—specifically nonprofit organizations focused on education. Such content may include references and links to services provided by the nonprofit organizations whose privacy practices may differ from ours. Further, some of the content is provided or developed in collaboration with third-party experts and may be hosted on, or contain links to, third-party websites. If educators are interested, they may sign up for these additional third-party services or products, but this is not mandatory. If you choose to visit these sites or provide any additional personal information to these third parties, the information collected will be subject to their terms of use, data collection practices, and privacy policies. Summary We use the personal information collected from Along for educational purposes only, as directed by teachers and schools that use the Services. This personal information also helps us to improve safety for our users. We may use the personal information of teachers and school administrators to direct ads for Along on websites outside of Along. You may be able to have your browser block or delete cookies, but some parts of the services may not work properly as a result. Along also contains resources from nonprofit organizations; those resources may be hosted or contain links to third-party websites (and will be subject to their own terms of use, data collection practices, and privacy policies). To be clear, we will NOT:
Seek to make money from students or their schools, teachers, or parents/legal guardians through the Services;
Include advertising in the Services, including behaviorally-targeted advertising to Users;
Use communications content (e.g. audio or video recordings) for anything other than offering, improving, and securing the Services, which includes responding to and/or investigating user reports or other flags regarding such content;
Sell, rent or lease (or authorize Service Providers to sell, rent or lease) any personal information we collect from Student Users for any purpose – including for advertising and marketing purposes;
Disclose personal information to third parties except in a few limited cases such as to service providers who help us provide the Service, as required by law, or with your consent;
Use (or authorize Service Providers to use) the personal information we collect from Users for the creation of commercial products or services; or
Use information collected from Student Users for any purposes other than for educational purposes unless we have de-identified the information such that it cannot reasonably be linked to an identifiable Student User.
Summary We don’t sell or use personal information to make money from students and teachers using Along, and we require our own service providers to make the same commitment. We also don’t use personal information of users we have identified as Student Users for anything other than educational purposes. In certain cases, we may use de-identified information, (i.e., information that cannot be used to identify or contact an individual) to improve your experience on Along. De-identified information. We de-identify personal information and use de-identified information for other purposes, including research and product improvement of Gradient Learning’s educational sites, services, or applications. We consider “de-identified” information to be information that has direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact an individual. Such identifiers include persistent unique identifiers, name, ID numbers, and date of birth.
3.4 We Limit How Personal Information Is Shared In order to provide the Services, we share your personal information in the limited ways outlined below:
Between students and teachers. Student Users and Registered Teachers will share content and messages with each other in the Services. Further, Registered Teachers’ personal information (e.g., names and profile pictures) will be shared with other Registered Teachers who are working with the same student, to support teacher coordination about overall student usage. The Services do not include features that make Student or Registered Teacher personal information publicly available.
School Administrators. Because Along is an educational tool, authorized School Administrators from Schools may have legal rights to view, export, and request deletion of information in the Services. School Administrators may have access to information for a limited time period, even after a Student User or Registered Teacher has requested deletion of an account.
Parents. We may share information with a Student User’s Parent as authorized by the student’s Registered Teacher or School Administrator or as required by applicable law.
Service Providers. We use Service Providers to support the operation of the Services, such as through document management, data hosting, and provisioning customer service tools related to the Services. CZI is our long-term technology partner and works as a Service Provider to help us develop and support the Services. We do not and will not grant Service Providers the right to sell your personal information or to use it for any purpose other than what’s necessary to support the Services. We also require Service Providers to implement reasonable security practices. We maintain a list of our Service Providers (“Service Providers”), which may be updated from time to time.
New owners. If the ownership or control of all or part of the Services changes, we may transfer information to that new owner. We, along with other signatories to the Student Privacy Pledge, have committed to protecting personal information of users identified as Student Users in the event of such a change in ownership so that we honor commitments made prior to the change. In the event of such a change and if the new owner does not agree to comply with this Privacy Policy, we will provide you notice and a chance to opt out before any information is transferred.
Law enforcement requests. We may access, preserve, and share User information in response to a legal request (e.g., warrants, subpoenas, court orders), if we have a good-faith belief that the law requires us to do so. In such cases, to the extent permitted by law, we will attempt to provide the Student, School, Registered Teacher, School Administrator, or Parents (as applicable depending on circumstances) with notice of such legal request prior to complying with requests for User information.
To coordinate with law enforcement to advance safety on and off the Services. We may also share User information when we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of Along, violations of School’s or our policies, to protect ourselves (including our rights, property or products), you or others; or to prevent death or imminent bodily harm.
With other third parties. We may share User information with other third parties, if directed or authorized by the Registered Teacher or School, or with parental consent, to the extent permitted by law and subject to our User Agreement, including the Data Privacy Addendum.
Summary
We may share your information in limited ways with the following parties:
Those who need it to use Along (for example, sharing information between teachers and students communicating with one another through Along).
School administrators or parents.
Third-party service providers that help us operate Along (Note: We never sell personal information of users identified as Student Users and require our third-party service providers to make the same commitment).
Law enforcement, in response to a legal request or if we believe it’s necessary to ensure the safety of teachers and students on Along.
Other third parties if directed or authorized by a teacher or school (with parental consent, and in accordance with the law and our User Agreement).
Any new owners of Along’s services (Note: if this happens, you’ll be able to opt out if the new owner does not follow this Privacy Policy).
De-identified information. We will only share de-identified information should we wish to demonstrate how the Services are used, its efficacy, or otherwise provide information or marketing materials related to the Services. We may share aggregated and/or non-personally identifiable information publicly (such as statistics about visitors and website traffic patterns).
Summary
To demonstrate the efficacy of Along or how it’s being used in classrooms and schools, we may publicly share information that has been de-identified (i.e., information that cannot be reasonably used to identify or contact an individual).
We Support Parent/Legal Guardian Engagement We support and encourage the involvement of Parents in their Student Users’ education. Parents and Student Users may, at any time, make a request to access, review, correct, or delete personal information in the Services by contacting the Student User’s Registered Teacher or School. If the Registered Teacher or School determines that the request should be implemented, the Registered Teacher or School may direct us to make such a change. We will process such School requests within thirty (30) days of receiving a written request in a manner consistent with applicable law and the terms of the User Agreement (including the Data Privacy Addendum).
Summary We support and encourage parent/legal guardian involvement with Along. Students and parents/legal guardians may request to access, review, correct or delete personal information. Such requests must be made through the student’s teacher or school.
Student User’s Personal Information All students who use the Services will be invited by a Registered Teacher who has agreed to the User Agreement. Pursuant to the User Agreement (including the Data Privacy Addendum), each Registered Teacher, on behalf of their School, has consented to our practices regarding the collection, use, and disclosure of personal information from Student Users as permitted by law.
When the Registered Teacher invites their students to Along, we rely on consent obtained from the Registered Teacher or the School acting as an agent of the Student User’s parent or legal guardian in order to process the Student User’s personal information.
Registered Teachers are also required to provide notice to School Administrators and are encouraged to notify Parents that they are using the Services to increase student engagement.
Summary To provide students with educational services, teachers and schools using Along have the authority to provide us access to their students’ personal information. Schools act as an agent of a student’s parent/legal guardian when they consent to our use of student personal information. When signing up for Along, teachers act on behalf of schools to review and agree to our User Agreement and this Privacy Policy, which details our practices of collecting, using, and disclosing students’ personal information. Teachers must also notify school administrators and parents/legal guardians that they are using Along with students.
COPPA governs the collection of certain information from children under the age of 13 (“child” or “children”). For more information about COPPA and generally protecting children’s online privacy, please visit the Federal Trade Commission COPPA FAQs and OnGuard Online. While COPPA does not directly apply to non-profit organizations such as Gradient Learning, we voluntarily comply with COPPA’s guidelines regarding students under the age of 13 as part of our commitment to transparency with parents regarding the collection and use of their child’s data.
The commitments we make regarding information collected from or about students apply equally to all students regardless of their age. Accordingly, where this Privacy Policy references students or any information collected from or about students, our Privacy Policy applies to students under 13 years old as well as students 13 years old and above.
Summary
We are committed to trying to protect the personal information for students of all ages on Along. As part of this commitment, we voluntarily comply with the core principles of COPPA.
Security and Accuracy of Personal Information The security of personal information from our Users is important to us, and we work hard to protect it from unauthorized access and use. In an effort to prevent unauthorized access, disclosure, or improper use of User information, and to maintain data accuracy, we have established physical, technical, and administrative safeguards designed to protect the personal information we collect. For additional technical details regarding Gradient Learning’s security programs and measures, please see our Security Whitepaper.
We’re constantly evolving our security procedures as technology changes, but our security procedures at a minimum include the following:
We restrict access to personal information to authorized Gradient Learning employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Employees and contractors (“Staff”) are subject to discipline if they fail to meet these obligations.
We require our Service Providers with which we share Student User personal information to employ industry standard data protection and security protocols.
We use strong authentication methods including multi-factor authentication for all Staff.
We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information.
We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored.
We strive to maintain a data backup and recovery capability designed to help ensure a timely and accurate restoration of personal information.
We work hard to maintain industry standard software development lifecycle with industry standard security practices designed to establish secure application, infrastructure, and network architectures.
We endeavor to maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of the Services.
We provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.
We employ trained security professionals with experience in security incident response and event monitoring.
We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks, and work hard to timely remediate identified security vulnerabilities.
We implement oversight and governance procedures for security risks, including a vulnerability disclosure program and reviews of incidents affecting the Services.
Summary We are constantly working on ways to prevent unauthorized access and misuse of personal information through administrative, physical, and technical safeguards. These include:
using strong authentication methods,
limiting who has access to student data,
destroying or deleting personal information as needed,
using strong encryption technology,
using secured data backup and recovery capability,
maintaining industry standard software development lifecycle,
providing security training to employees and staff, and
requiring Service Providers to follow similar terms.
If there is a data breach, we will provide notice to the school as required by law.
Data Retention We will only retain personal information, including personal information from Users, for the time period required to support the authorized educational purposes. If a Student, Registered Teacher or School requests removal of any personal information or closure of their account, we will promptly direct our Staff to delete, dispose of, or de-identify the personal information.
Following a Student User’s account deletion, we will notify their Registered Teacher and School Administrator, and the Student User account will be removed from Along after verifying the Student User’s request. Following a Registered Teacher’s account deletion request, we will notify their School that the Registered Teacher’s account, along with associated Student User accounts, will be removed from Along after verifying the Registered Teacher’s request.
We will retain a Student User’s and Registered Teacher’s information for a 30-day record retention period in order to support the management by a School or Registered Teacher of information considered part of an education record. At the end of that record retention period, we will delete, dispose of, or de-identify the personal information within 30 days unless, consistent with applicable law, there is a legitimate reason to retain such personal information for a longer period.
We may retain personal information for a longer time period if we have consent to retain such information or if we are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, protect the safety and security of our Users or our Services, or enforce the User Agreement (including the Data Privacy Addendum), other agreements, or any posted guidelines, policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
We will also delete Student User or Registered Teacher accounts after a period of inactivity.
Summary We only keep personal information for as long as it’s necessary to provide Along. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school.
If you are a Parent and wish to have your student’s personal information removed from the Services, please contact your student’s Registered Teacher or School and review the information in Section 8 (“Schools Can Delete Information”).
Schools Can Delete Information
Registered Teachers or School Administrators may request the review or deletion of their Student User information, or the closure of accounts associated with their School in the Services. At the end of the 30-day record retention period, we will delete or de-identify such information within 30 days, unless we otherwise have consent to retain such information or are required to retain such information to comply with a valid access or transfer request for education records, our legal obligations or law enforcement requests, resolve disputes, or enforce the User Agreement (including the Data Privacy Addendum), Code of Conduct, or other policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
Summary Teachers and schools can request that we delete and update student personal information.
Your Choices Regarding Your Personal Information We provide a variety of ways for you to control your personal information, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law. 9.1 Access, portability, correction, and deletion
Access personal information. You can ask us for a copy of your personal information, including in a machine-readable form (data portability).
Change or correct personal information. You can also ask us to change, update, or fix inaccurate personal information in certain cases, subject to our legal obligations and lawful exceptions.
Delete personal information. You can ask us to erase or delete all or some of your personal information subject to our legal obligations and lawful exceptions.
To make such requests, contact privacy@along.org. In the email, please provide us with your name, state in which you live, which of the above rights you would like to exercise, and sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. Please also let us know if you have questions or concerns related to exercising any rights you have under applicable law. 9.2 Object to, limit, or restrict use of personal information
Communications preferences. You can opt out from communications with Gradient Learning at any time via the unsubscribe link in emails from us.
Targeted advertising and data sale / sharing. As described in Section 3.3 of this Privacy Policy, for visitors other than those identified as Student Users, we may use third-party advertising cookies on our Website in order to help us deliver advertising about Along on third-party sites. Some privacy laws define data “sales” broadly to include such practices (and under California law, this practice is considered to be “sharing” of personal information). You may opt out by using the controls described in Section 3.3 above or by using a browser Global Privacy Control as described below.
Profiling and automated decisionmaking. Some privacy laws provide a right to opt-out of profiling or automated processing in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Gradient Learning does not engage in such profiling or automated processing.
9.3 Browser or platform controls
Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain settings or features of our website. Please see our Cookie Policy for more information.
Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” or similar controls that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.
Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
If you would like to appeal a Gradient Learning decision with respect to a request to exercise any of your rights, please email us at privacy@along.org and explain the basis for your appeal.
Gradient Learning will not discriminate against you in any manner for exercising any of the above rights with respect to your personal information.
Additional Information for California Residents
While the CCPA does not apply to nonprofit organizations like Gradient Learning, we take privacy seriously and have chosen to inform our practices with the CCPA. Specifically, this means the below.
10.1 Data Subject Rights In addition to the rights listed in Section 9, California residents have the additional “right to know.” This right allows you to request the following information about the personal information that we’ve collected about you in the past 12 months:
Information about Data Collection
The categories of personal information that have been collected.
The specific pieces of personal information that have been collected about you.
The categories of sources from which we have collected personal information.
The business purpose for which we have collected personal information.
Information about Data Disclosure
The categories of personal information that we have sold, shared, or disclosed for a business purpose.
The categories of third parties with whom personal information has been sold, shared, or disclosed for a business purpose.
Note that general details about data collection and disclosure are provided in this Privacy Policy. If you wish to exercise your rights or request more specific details about the above, email privacy@along.org. and follow the instructions in Section 9.1 above. If you would like an authorized agent to make a request for you, have that agent email privacy@along.org with the above information along with additional information sufficient for us to verify that the authorized agent is acting on your behalf.
10.2 Additional Disclosures / “Notice at Collection”
You have a right to receive notice of our personal information collection, use, retention, and disclosure practices at or before the collection of personal information. We have described in fuller detail in this Privacy Policy the personal information that we collect, how we use and disclose it, and how long we retain it but provide the following overview here:
Information we collect. We have collected the following categories of personal information within the past 12 months: (1) identifiers; (2) internet or other similar network activity; (3) education information; (4) inferences drawn from internet or other electronic network activity; and (5) audio and visual information as part of the content and communications exchanged between students and teachers using the Services. See Section 3.1 of this Privacy Policy above for more details.
Purposes of collection, use, and disclosure. As described in Sections 3.3. and 3.4 above, we do not “sell” or “share” personal information (as those terms are defined by the CCPA) of the users we have identified as Student Users. We may use teacher data for advertising purposes in ways that could be considered “sharing” or “selling” under the CCPA. In addition, we use or disclose the personal information we collect for one or more of the business purposes described in Sections 3.3 and 3.4 above.
Retention of information. We only keep personal information for as long as it’s necessary to provide Along. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school. See Section 7 above for more details.
Summary Consumers have the right to request information about the personal information we collect. Requests should be sent to privacy@along.org.
In addition to the details outlined in this Privacy Policy, below you’ll find additional disclosure and summary around the personal information we collect:
Over the past 12 months, we’ve collected certain personal information from student and teacher users, to provide educational services.
We collect this personal information both from direct and indirect sources.
We may disclose personal information for select business purposes, such as to protect against fraudulent activity or to debug our website.
How We Communicate With You If you created an account on the Services (or otherwise provided an email address or phone number to us, or otherwise opted-in to receive communications from us), we may send you messages related to the Services, including messages regarding your account, privacy and security notices, and updates and information regarding the Services. These communications may be sent through SMS, push notifications, email, telephone calls, and postal mail. [Note: Standard carrier fees may apply to messages sent to your mobile devices.] If you have an account with us, we’ll also use your contact information for customer service purposes, or to contact you for legal matters or purposes. We may receive a confirmation when you open an email from us if your device supports it. Summary We may contact you with messages and notifications about Along, including information about your account, privacy and security notices, and service updates. For School Administrators. We require Registered Teachers signing up for the Services to tell their School Administrator about it. This means a Registered Teacher may provide us with your email address so we can send you an email from the Registered Teacher telling you about their use of the Services. We may also contact you with questions related to your School’s use of the Services via your Registered Teachers and Student Users.
For Parents and Legal Guardians. We encourage Registered Teachers signing up for the Services to tell you about their use of the Services in their classroom with your child. This means Registered Teachers may provide us your email address and/or phone number so we can send you content from the Registered Teacher telling you about their use of the Services. We may also contact you with questions related to your child’s use of the Services.
Summary Teachers may give us contact information about school administrators and parents. We may contact school administrators and parents to provide requested information, respond to inquiries, or provide information as directed by the school.
We Are Transparent About Changes We may modify this Privacy Policy or our User Agreement from time to time. If we make material changes to this Privacy Policy, including changes that impair your rights or change how your data will be used under this Privacy Policy, we will provide you at least 30 days prior notice pursuant to this Section 12. We will seek to provide you notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. We agree that changes cannot be retroactive. The notice will indicate which sections contain material modifications and what choices you may have. Your continued use of our Services after we publish or send a notice about our changes to these terms means that you are consenting to the updated terms following their “effective date.” If you object to any changes, you must stop using or accessing the Services. If we make any changes to this Privacy Policy or the User Agreement, you can request a copy of the prior versions by contacting us at privacy@along.org.
Summary When we make material changes to this policy, we will notify you before the changes go into effect.
We Want To Hear From You If you have any questions about this Privacy Policy or our practices, please contact privacy@along.org. If you have any other questions, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org.
You can learn more about Gradient Learning on our website, http://gradientlearning.org/.
Summary If you have questions about the Privacy Policy, you can email us at privacy@along.org.