(Effective March 6, 2019)
Teachers’ Curriculum Institute (“TCI”) is committed to the privacy and protection of your information. We want you to both understand and feel assured by the practices we use to safeguard the information you provide to TCI’s websites, including our Student and Teacher Subscription services and our corporate website.
In short, TCI:
- collects the minimum information needed to provide users access and support
- does not market or advertise to students
- deletes all student accounts and content on June 30 of each year
- does not sell or distribute the information of any user
- meets or exceeds the industry standard for securing user information
The following more detailed information addresses the privacy concerns of teachers, administrators, parents, and other users including:
- What student information is collected through the Student Subscription service and how that information is used
- What information is collected from teachers, administrators, and other adult users and how that information is used
- What non-personal information is collected from all users and how it is used
- Third-Party Vendors and Disclosure Exceptions
- How your information is protected and what steps TCI will take in the event of a security breach
- Links to other websites, contacting TCI about this policy, and changes to this policy
Student Information collected through the Student Subscription service and how that information is used
Student information collected: To create a Student Subscription account, TCI requires a first initial, last name, username, and password. Schools and districts may provide student emails as usernames. Parents, legal guardians, and students can view this information in a student’s account. The actual content of these fields is at the discretion of the teacher or administrator managing the account. Student passwords can only be reset within our subscription tool by a user authorized to manage that student account. Parents, legal guardians, and eligible students can contact the teacher or administrator managing the account to make any corrections. Within the Student Subscription, students may answer content-based questions, which include open-ended question prompts. Students are never asked for personally identifiable information and should be instructed to never include such information in an open-ended question.
COPPA: TCI complies with the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that website operators never knowingly collect personally identifiable information from anyone under the age of 13 without prior verifiable parental consent. TCI offers access to children under 13 to this Website based upon the presumption that you, or any other party facilitating access to this Website by students, have obtained authorization for the storage and use by TCI of all student information you provide to this Website, including, without limitation, parental consent to the collection of such information by TCI.
FERPA: TCI provides schools and districts full access to their student information through its Teacher Subscription service and Subscription Management tool. Teachers can view their students’ information and download it at any time to a CSV file. All student accounts and content, including any grading information, are permanently deleted on June 30 each year as part of TCI’s annual student and class reset. It is the responsibility of schools and districts to export any student information such as points assigned for individual assessments, notebooks, and other content prior to that date. TCI does not maintain any student records. Parents and legal guardians can request deletion of student data prior to the June 30 reset by emailing a signed request to firstname.lastname@example.org.
How Student Information is used: TCI does not use student information for any purpose other than to enable access to and usage of its Student Subscription service. Data is used for educational purposes only. We will not sell, rent, or transfer any student information to any third party. We will not grant access to student information to any third party vendor other than to support the internal operations of TCI’s Student Subscription service. TCI does not use student information for any marketing or advertising purpose. Content entered by a student remains the property of that student while it is stored in a TCI database and is shared only with the student’s teachers for grading purposes. TCI currently does not offer personal student accounts. In the interest of 100% transparency, we want you to know that TCI does maintain anonymized student usage metadata solely to support and improve the internal operations of our websites.
Information collected from teachers, administrators, and other adult users and how that information is used
Personal Information: When you sign up for a Teacher Subscription account, submit a support request, make a purchase, or otherwise contact TCI, you may provide TCI with “personally identifiable information” such as your full name and email address. TCI collects as little information as possible to facilitate your usage of TCI’s websites. You should be aware that any personal information that is voluntarily posted by you to a public area of this Website may be viewed and used by other users.
How it is used: The personal information that you provide to TCI may be stored, processed, and used by TCI as follows:
- to respond to your comments, requests for information, and inquiries
- to help administer and protect the security or integrity of TCI’s websites
- to process online purchases
- to permit access and use by users of our web-based subscription services
- for opt-in marketing and promotional purposes, including, without limitation, sending newsletters.
Users have the option at any time to remove their information from our database in order to stop receiving communications or our services. We do not share, sell, or lease personal information about you to any third parties for their marketing use. School or district information remains the exclusive property of the school or district while it stored in a TCI database. With respect to TCI’s subscription services, TCI will remove all teacher and administrator accounts and content upon district or school request, or after two years of inactivity, whichever comes first. In the interest of 100% transparency, we want you to know that after a teacher account is removed, TCI maintains anonymized teacher usage metadata solely to support and improve the internal operations of our websites.
Information collected from all users
Non-personal information: As part of the standard operation of TCI’s websites, we passively collect certain non-personal information from all users including, but not limited to, the browser type (e.g., Firefox or Chrome), operating system (e.g., Windows or OS X), Internet Service Provider (“ISP”), IP address, and the domain name from which a user accessed the Website. In addition, we may collect information about browsing behavior, such as the date and time a user visited our websites, the areas or pages of our websites that were visited, the amount of time spent viewing our websites, and the number of times a user returned to our websites. TCI uses non-personal information only to support the internal operations of its websites.
You have the ability to accept or decline cookies. If you prefer not to accept cookies, you can set your web browser to reject them or to alert you before one is placed.
Third-Party Vendors and Disclosure Exceptions
Third party vendors: Like many companies, TCI engages third-party vendors to provide various services relating to TCI’s websites, including hosting and data storage, analytics, and development services. To protect user privacy, we require our vendors to maintain the confidentiality of any information and do not authorize our vendors to retain, disclose, or share any information. TCI uses the following third party services:
- Amazon Web Services (“AWS”): TCI uses AWS for hosting and data storage. The AWS services TCI uses comply with multiple security standards including ISO 27018.
- Google Analytics (“GA”): TCI uses GA for understanding technical trends including browsers and page usage. GA has access to non-personal information and persistent identifiers as described above.
- Domo: TCI uses Domo for analytics and data storage. The Domo services TCI uses comply with multiple security standards including AICPA SOC2.
- Campaign Monitor (“CM”): TCI uses CM to send emails to users, including order confirmations, welcome emails, product update emails, and emails regarding timely content. TCI never sends automated emails to students, and student account information is never stored in CM. The CM services TCI uses comply with multiple security standards including the NIST Cybersecurity Framework and ISO 27000.
- Delighted: TCI uses Delighted to collect feedback from teachers. Delighted hosts and manages data using AWS, which complies with the security standards described above.
- Salesforce ServiceCloud (“SC”): TCI uses SC to facilitate responding to customer questions. The SC services TCI uses comply with multiple security standards including ISO 27000.
Contact us at email@example.com with any questions about TCI’s third party vendors.
Disclosure Exceptions: Notwithstanding the above policies, we reserve the right to disclose your personal information to appropriate third parties if we are required to do so by law or we believe that such action is necessary:
- To comply with legal process such as a search warrant, subpoena or court order;
- To protect TCI’s rights or defend against legal claims;
- To protect any other party’s rights, property and safety;
- To report to any law enforcement agency any activities that we, in good faith, believe to be unlawful;
- To investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving harassment, abusive messages or potential threats to the physical safety of any person
Security of Collected Information and Breach Notification
Security Measures: To protect the privacy of student and all other users’ information, TCI employs controls, including:
- Limiting data collected and saving only the minimum amount of information needed to perform tasks.
- Role-based access to data with the minimum amount of access needed to complete work being granted to both internal staff and customer users.
- Designating and training individuals responsible for the privacy and security of user data.
- Use of a Virtual Private Cloud on Amazon Web Services, an ISO-27018 compliant provider for storage of data.
- Periodic penetration tests to check for any system vulnerabilities.
- Deleting all student accounts and content on an annual basis.
- Automated monitoring and alerts for suspicious log-in attempts
- Encrypting all user data in transit and at rest.
Unfortunately, no electronic communication over the Internet can be guaranteed to be 100% secure. While we strive to take great care to protect your personal information, TCI cannot warrant the security of any information that you submit to us, and you do so at your own risk. Remember to sign out and close your browser window when you are finished using a TCI website to ensure that others cannot pose as you online.
Breach notification: While TCI makes every effort to protect user information, in the event of a security breach, TCI will notify users by email within 24 hours of discovering the breach. If the breach involves information from TCI’s Subscription Services, TCI will notify the Subscription Administrators whose accounts have been impacted. TCI will reach out by telephone if telephonic notification has been requested by the school or district. If an affected account does not have a Subscription Administrator, the Subscription Coordinator will be notified. If an affected account has neither a Subscription Administrator nor Coordinator, individual teachers will be notified.
Links to other websites, contacting TCI about this policy, and changes to this policy
Links to Other Websites: TCI’s Subscription Services may contain links to other third-party websites. While we try to link only to third-party websites that share our respect for privacy, our Policy and privacy practices do not extend to and may differ from third-party websites that can be accessed through links on TCI’s websites. We are not responsible for the content, security or privacy practices employed by other third-party websites. If you are concerned, please consider the privacy policies on the third-party website before registering with or navigating those sites.
Contacting Us: If you have any questions or concerns about this Policy or if you would like to review, update and delete any information that you have provided to us, please contact us at:
Teachers’ Curriculum Institute
Ellen Hardy, Chief Operating Officer
2440 W. El Camino Real, Suite 400, Mountain View, CA 94040
Phone: 650-390-6600 or 877-234-3214
To ask a question or file a complaint about our COPPA compliance, please email COPPAPrivacy@ikeepsafe.org
Changes to this Policy: TCI may modify this Policy from time to time. We encourage you to review the Policy regularly for any changes. However, TCI will not change how it uses your information or reduce your rights under this Policy without providing notice and requiring your consent to the changes.