We take student privacy very seriously, continuously working with schools to make sure student data is kept safe and secure.
By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.
Remember that your use of SmartPass, Inc’s (hereinafter “SmartPass”) Services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service. The SmartPass Services and platform are sometimes referred to herein as the “Applications”.
If you have any questions or concerns about our Privacy Policy, please send a detailed message to [email protected], and we will try to resolve your concerns.
We think these are the most important commitments we can make to you about how we handle personal information, so we put these commitments before anything else in the Privacy Policy.
Completeness
This Privacy Policy covers all of the categories of data that we collect from individuals, and we do not exclude any categories of collected data from this Privacy Policy.
Marketing to Students or Families
SmartPass does not sell student data. Further, we will not use, sell, share, or disclose personally identifiable information we receive from the Applications to: (a) market or advertise to students or families/guardians; (b) inform, influence, or enable marketing or advertising to students or families/guardians; or (c) develop a profile of a student or family member/guardian, for any commercial purpose. Data collected is only used for providing or improving the Services.
We will not sell, share or disclose personally identifiable information of teachers or administrators we receive from the Applications to third parties for marketing or advertising purposes.
Limits on Advertising and Data Collection within the Applications
Within the Applications, we do not: (a) display advertising, including any behavioral or contextual advertising; (b) permit the collection of data by third party advertising or tracking services for any purpose except to collect data for us to understand the use of the Applications in order to maintain and improve the Applications; or (c) collect data, including any behavioral data, for use in targeting advertisements on third party services or websites.
Legal Compliance
As set forth in this section, we comply with the following laws concerning the protection of student personally identifiable information, including educational records: the Family Educational Rights and Privacy Act (“FERPA”) at 20 U.S.C. 1232g (34 CFR Part 99), Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. 6501-6506; Protection of Pupil Rights Amendment (“PPRA”) 20 U.S.C. 1232h, AB 1584 (codified at California Education Code § 49073.1), and the Student Online Personal Information Protection Act (codified at California Business and Professions Code § 22584 et seq.), and any specific state laws (as applicable to us) protecting student personally identifiable information which are listed in the table at the end of this Privacy Policy as of the date set forth in such table.
We shall be considered a School Official as that term is used in FERPA.
As to COPPA or any state law which requires consent or authorization from a parent or guardian for the collection or use of information concerning a student, the parent, guardian, teacher, school or school district, is responsible and liable for fulfilling any applicable consent requirement.
As used in this policy:
Other terms are defined elsewhere in this Privacy Policy or in the Terms of Service.
Generally
This Privacy Policy covers the personally identifiable information and the personal information of anyone who visits our Website or uses our Applications. More specifically, it covers the personal information of:
The Applications are intended to be used by students of all age levels. Unless a parent or guardian is also acting as a teacher, the Applications are not intended for their use except to the extent the parent or guardian is registering their child to use the Applications and/or is acting as a teacher for the purposes of the Applications.
We gather different personally identifiable information and personal information from each of those groups of people, and may handle that personally identifiable information and personal information differently for each group, as we explain below.
Students / Children
If you are not of legal age to form a binding contract (in many jurisdictions, this age is 18), you may only use the Services and disclose information to us with the express consent of your parent, guardian, school or school district. Please make sure that you have reviewed this Privacy Policy with your school, school district, parent or legal guardian to make sure you understand it.
As noted in the Terms of Service, we only collect personal information through the Applications from a child under 13 where that student's school, district, and/or teacher has agreed (via the terms described in the Terms of Service) to obtain legally-adequate consent for that child to use the Applications and disclose personal information to us.
No child under 13 may send us any personal information unless they have signed up through his or her school, district or teacher and such school, district or teacher has obtained legally-adequate consent for that child to use the Applications and disclose personal information to us. Without legally-adequate consent from a parent, guardian, school, district and/or teacher, we do not wish to receive, and do not knowingly collect or use personal information from any person under 13 for any purpose, including our internal operations. If you are a student under 13, please do not send any personal information to us if your school, district, and/or teacher has not obtained obtain legally-adequate consent for you to do so, and please do not send any personal information other than what we request from you in connection with the Applications.
As we explain below, we rely on third party service providers to help us with the provision of the Applications. We treat all student personal information uniformly, so any consent to our collection and use of student personal information necessarily includes consent to disclosure of personal information to those third-party service providers under the terms of this Privacy Policy.
If we learn we have collected personal information from a student under 13 without legally-adequate consent from their parent or guardian or their school, district, and/or teacher, or if we learn a student under 13 has provided us personal information beyond what we request from him or her, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information in violation of this paragraph, please contact us at [email protected].
Correspondence
If you correspond with us outside of the use of the Applications through a web form, email or otherwise, we will collect and retain your correspondence like any other ordinary business correspondence, subject to the information retention policies and legal requirements applicable to us and standard in our business.
Teachers/Administrators
In order to provide the Applications to teachers or administrators, we receive and store the personally identifiable information you knowingly provide to us.
As part of the registration and account setup process, we require your name, email address, school and school district affiliation, the classes and/or grades using the Applications. If your school or school district uses a third-party single sign-on (“SSO”) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”. We will also receive any feedback on student work that you may enter into the Applications.
Students
In order to provide the Applications, we receive and store the personally identifiable information that you as a student (or your teacher, school or school district) knowingly provide to us.
As part of the registration and account setup process, we require your name, email address, school and school district affiliation, the classes and/or grades using the Applications. You or your teacher or school may also provide us with information about you. We will also receive and store the information regarding you for use within the Applications. If your school or school district uses a third-party single sign-on (like Google, Clever, or Canvas) we will also have access to the personally identifiable information we describe below under “Third Party SSO Information”.
Some of this information will be provided to us by your teacher or school, so we may not ask you for it directly, but we will still have it.
Third-Party SSO Information
If your school or district chooses to use third party single sign-on (e.g., using a Google, Clever or Canvas account) for access to the Applications, you may have to provide us with your username (or user ID) so that your identity can be authenticated through the third party account (the “SSO Account”). When the authentication is complete, we’ll be able to link your account with the SSO Account. That linking may allow us to access and collect certain personal information, such as your name and email address, your user ID for the SSO Account, data tokens used to implement single sign-on and connect with your SSO Account profile, and other personal information that your privacy settings on the SSO Account permit us to access, in connection with creating your Applications account. We may also share some information back to the SSO Account. For example, Canvas and Clever allow the exchange of information about the schools, classes and students with which a teacher is associated, information teacher and student assignments, all to make it easier to set up and manage an account for the Applications. We encourage you and all schools or districts to carefully choose privacy settings in SSO Accounts to limit the exchange of information to what you (or the school / district) want to share with us and want us to share. However, we don’t try to access any information in the SSO Account that we don’t have to access in order to allow you to use it to sign onto the Applications. And we never receive or store passwords for any of your SSO Accounts.
Other Third-Party Information
Like many other companies, we may acquire from third parties lists of publicly available contact information for teachers or administrators who may be interested in our services. We do not correlate this contact information with information about users of the Applications.
Log Data
Our Services, automatically receive and record some information from your browser or device (“Log Data”), just like all web services have to in order to function. The Log Data our Services automatically collect may include some personal information, but does not include personally identifiable information. Log Data includes information like your IP address, the type of browser and/or device you're using to access our Services, the capabilities of that browser or device, and the page or feature you requested. Log Data, together with the information that we collect through the Tracking Mechanisms, comprise “Analytics Data”. As described below under “Use and Sharing of Personal Information: Analytics Data,” we do share the collected Analytics Data (but no personally identifiable information) in a de-identified and aggregated form with third parties for analytics and tracking purposes.
Tracking Technologies
We, and third parties with whom we interact, including our third-party service providers or business partners, may use cookies, web beacons, and similar technology in connection with your use of the Services (collectively referred to in this policy as “Tracking Mechanisms”). Cookies are small text files that may have unique identifiers, and reside, among other places, on your mobile device or your computer. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data.
If Tracking Mechanisms are used, they may be used to collect information about you and your use of our Services, such as your browser type, and the date and time of your use. Tracking Mechanisms may also be used in order to help us learn more about how users engage with the Services, enable Applications features and processes (like enabling you to return to password-protected areas of the Applications without having to re-enter your password), provide authentication and security for your use of the Applications, or store your preferences.
Specific Service Providers
Our third-party analytics service providers include Google Analytics. For Google’s privacy practices see www.google.com/analytics/learn/privacy.html. To opt out of data recording and analysis by Google Analytics, see https://tools.google.com/dlpage/gaoptout.
Disabling Cookies or Web Beacons
It may be possible to disable cookies through your device settings. Most browsers allow disabling either third party cookies or all cookies. The method for disabling cookies may vary by device, but can usually be found in preferences or security settings. However, doing so may cause portions of the Services to not function, or to function improperly, or otherwise affect your ability to use the Services. You may also disable web beacons by disabling HTML images in your email program, which may also affect other images in emails you receive.
Do Not Track
The Services will respond to the Do Not Track setting in your browser, and will honor other standard opt-out mechanisms (e.g., browser cookie settings and advertising opt-out cookies). Further, we do not ourselves use cookies to collect personally identifiable information and track users’ online activities over time (except specifically in the Applications for the purposes we describe above) or across different web sites. However, certain of the third party analytics or advertising providers we use (e.g., Google Analytics) may be able to do so, though we do not have access to or control of that information. For information regarding Do Not Track mechanisms, see http://allaboutdnt.com.
This section explains how we use and share personal information, consistent with our statements above under “Our Core Commitments”.
To Provide, Maintain, and Improve the Services
We use the information we collect to provide, maintain and improve the Services. Uses of personally identifiable information for those purposes are:
In order to provide the Applications, we have to allow the organizations we work with to have access to your personally identifiable information. So you should know that:
If you have questions about how your teacher, school, school district, or any of their personnel handle your personal information, you should direct your questions to the appropriate person in your school or school district.
To Communicate with You
We may communicate with you if you've provided us the means and permission to do so. For example if you've given us your email address:
If you do not want to receive communications from us, please indicate your preference by emailing [email protected], using an opt-out link in the email or changing your preferences in your Applications account. We also send school or school district technical administrators administrative and operational notices which we believe are necessary for their effective use of the Applications; we do not presently allow opt-out from those notices.
Service Providers and Our Affiliates
We engage trusted third-party service providers to work for us in connection with the operation of our Services and our business, in the following roles: hosting of our Website and Applications, error and bug tracking, data storage and analysis, technical and user support, and email delivery. We may provide those service providers with, or authorize those service providers to access, your personal information, including personally identifiable information. In certain cases, third party service providers may collect information from you directly on our behalf (for example, web data analytics providers or support desk system providers).
All third-party service providers we engage will use the information only to provide services to us and will retain and use this information in a manner consistent with SmartPass’s own Privacy Policies. Our third-party service providers are not allowed to augment, extend, or combine personal information shared with them with information from third party sources. If we learn that any third-party service provider has misused personal information which we have provided to them or to which we have allowed them access in a manner inconsistent with SmartPass’s Privacy Policy, we will delete that personal information (and potentially all of the personal information) held for us by that third party service provider.
We do not presently share any personal information with any of our affiliates or subsidiaries.
Analytics Data
SmartPass uses the Analytics Data to enable us to figure out how often users use parts of the Services, so that we can customize and improve those Services. As part of our use of such information, we may provide such Analytics Data to our partners (only in a de-identified and aggregated format) about how our users use the Services. We may link Analytics Data to personal information that we collect through the Services, but we will only use the information in this form internally (for example, to customize your experience), and will not disclose it in linked format to third parties.
Business Transfers and Delegation
In the event of our acquisition, merger, the sale of our assets, or if we go out of business, enter bankruptcy, or go through some other change of control, we can and will transfer your personal information to the successor to business or assets, but we will not transfer your personal information unless the buyer or acquirer (1) intends to maintain and provide the Applications as a going concern and (2) agrees to honor the terms of this Privacy Policy, including providing notice and an opportunity for you to cease use of the Applications before any changes to the terms of this Privacy Policy take effect.
Protection of SmartPass and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of SmartPass, our employees, our users, or others. If we are required to disclose your personal information by a government or legal request, we will notify you of that request if we are permitted to do so by the law governing that request.
Your Applications account is protected by a password for your privacy and security, and you select that password, so we encourage you to select a strong password. If you use an SSO Account to access your Applications account, you may have additional or different sign-on protections via that third party site or service. You should prevent unauthorized access to your Applications account and the personally identifiable information in that Applications Account by selecting and protecting your password and/or other sign-on mechanism appropriately, not sharing those sign-on credentials with anyone, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, and we use industry standard data security measures to protect your personal information. This includes: (1) only storing your personal information under our control, (2) using two-factor authentication for our personnel to access your personal information, (3) implementing physical access controls to those areas where personal information is stored, (4) limiting access to your personal information to only those of our personnel who need to have that access to do their jobs, and (5) encrypting all of your personal information both in transit and at rest. We also regularly conduct audits of our security practices to make sure that they are up to date. Unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.
In the event of an unauthorized disclosure of your personal information, we will provide notice as required by applicable law.
You should also be aware that:
This means that your Applications account security is only as good as the security precautions of the teachers and school administrators who can access your Applications account, and you should check with them about those precautions and their information handling policies.
We store Analytics Data and information collected through the Website separately from the information stored in the Applications. We have no meaningful ability to provide you with information concerning Analytics Data. For personally identifiable information collected through the Website (e.g., by signing up for a mailing list), please contact us at [email protected] if you would like us to delete that information, or if you would like to know which personal information of yours, we have or have shared with third parties.
We use technical efforts to ensure the integrity of the personal information we collect and store. However, because we receive all personal information either from you directly, or from the school or school district with which you are affiliated, we have no ability to determine the accuracy of that information, and rely on you or the relevant school or school district to either correct or inform us of any inaccuracies so that we can correct them.
Through your Applications account settings, you may access, and, in some cases, update or delete the personally identifiable information in your Applications account. Please note that in some cases, the information in your Applications account can only be changed by your teacher, school, or school district, and you cannot change it yourself. In that case, you will need to contact the relevant person in your school or school district.
Parents or guardians may request that we cease collection of personal information about their child. If you are a parent or guardian and would like to request that personally identifiable information regarding your child (or, if you are a teacher, a child that is in your class) be updated or personal information about your child no longer be collected (and/or that it be deleted) and you do not have the ability to do so yourself, please contact us at [email protected]. In most cases we will refer your request to the relevant school or school district, but if you or your child is not affiliated with a school or school district, we will respond to your request within ten (10) business days of our receipt of such request.
You may be able to add or update information as explained above. By emailing [email protected], you may request that we delete your Applications account, or provide you with a list of all personal information of yours we have or have shared with third parties. In most cases we will refer your request to the relevant school or school district, but if you or your child are not affiliated with a school or school district, we will respond to your request within ten (10) business days of our receipt of such request.
Generally speaking, unless a legal request has been made for a user’s personally identifiable information, we do not retain and will delete personally identifiable information in Applications accounts within a reasonable period after we are informed the Applications account will no longer be used, or if it becomes inactive and we are unable to contact the relevant user, their school or school district. We may use aggregated or de-identified information derived from your personally identifiable information after you update or delete it, but not in a manner that would identify you personally.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing, updating or deleting information we have on file about you, please contact us at [email protected].
As a matter of our practices and policies, we generally adhere to the principles set out the European Union General Privacy Directive, however our Services are operated from the United States, and the privacy laws of the United States may not be as protective as those in your jurisdiction. If you are located outside of the United States and choose to use the Services or provide your information to us, you agree that your information will be transferred, processed, and stored in the United States. Your use of the Services represents your agreement to this practice. For the purposes of the GDPR, we act as a data controller for the personal data which we collect directly from users who interact with us outside of an agreement we have with school or school district, but we act as a data processor for the personal data which we collect and process as part of our agreement with a school or school district. We have established an individual within our executive team as our data protection officer, who can be reached at [email protected].
We will alert you to material changes to this Privacy Policy, to the context in which we collect personal information, or to our personal information collection practices, at least 30 days before they take effect. We will also alert you if we become aware of an inconsistency between our data collection practices and our contract with you. We will provide such notices by placing a banner notice on SmartPass.app, or by sending you an email. The notice provided will clearly state that your continued use of our Services indicates your understanding of and consent to any Privacy Policy updates and changes. We do reserve the right to effect important changes more quickly as needed, as in the case of a requirement for legal compliance, a security threat or other emergency situation, or if we are granting you more rights than you had under the previous version of the Privacy Policy. Those important changes will be effective immediately and notice will still be provided via a banner notice on our site or by sending an email. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them.
If there are any questions regarding this Privacy Policy we may be contacted using the information below.
Effective Date: June 8, 2023