At School App Express (referred to as “Company,” “us”, “our” or “we”), your privacy is important to us. This Policy discloses the privacy practices for our websites, the mobile apps we publish in the Apple App Store or on Google Play, as well as related products and services we may offer to you, collectively referred to as our “Services”. This Policy also covers how personal information that we receive or collect about you outside of our Services is treated.
We participate in the iKeepSafe Safe Harbor program and have been granted the iKeepSafe COPPA Safe Harbor seal signifying our Services have been reviewed and approved for having policies and practices surrounding the collection, use, maintenance and disclosure of personal information from children consistent with the iKeepSafe COPPA Safe Harbor program guidelines.
We hold the iKeepSafe FERPA Certification and the California Student Privacy Assessment badges signifying our Services have been reviewed and approved as compliant with federal, California and Colorado laws governing student data including:
• Family Educational Rights and Privacy Act (“FERPA”)
• Privacy Protection of Pupil Rights Amendment (“PPRA”)
• California Education Code 49073.6 – Collection of Student Information from Social Media
• California AB 1584, Education Code section 49073.1 – Privacy of Pupil Records
• Student Online Personal Information Protection Act (“SOPIPA”)
• Colorado Student Data Transparency and Security Act
We are also a signatory to the Student Privacy Pledge, agreeing to a set of principles intended to safeguard student privacy, including responsible stewardship, protection, and transparent handling of student personal information.
1. Types of Information We Collect
We collect two types of information about our users: Personally Identifiable Information and Aggregate Information.
Personally Identifiable Information (“PII”):
This refers to information that lets us know the specifics of who you are. Examples of PII may include your first and last name; you or your child’s school or district name; your address, city or state; your phone number; your email address; your grade or your ID number assigned by your school or district. When you engage in certain activities on our Services, such as registering for an account, contacting us for support or information about our Services, validating your ID number, submitting orders for our products our Services, or sending us feedback, we may ask you to provide certain PII.
This refers to information that does not by itself identify a specific individual. We gather certain information about you based upon how you use our Services and what other websites may have directed you to us. This information, which is collected in a variety of different ways, is compiled and analyzed on both a personal and an aggregated basis. This information may include the Website’s Uniform Resource Locator (“URL”) that points to our Services you just came from, which URL you go to after visiting our Services, what browser or device type you are using, your Internet Protocol (“IP”) address and log reports generated by your use of our Services.
2. How We Collect and Use Information
We do not collect any PII about you unless you voluntarily provide it to us or your school or district provides it to us for the purpose of enabling our Services for your use. You may be required to provide certain PII to us when you elect to use certain features available in our Services. These may include: (a) registering for an account or accessing certain features within our Services; (b) submitting product orders; or (c) submitting a support request or request for product information or (d) sending us an email or placing or receiving a telephone call to or from us.
We do not use information which you provide about third parties, such as students or parents, for any marketing or promotional purposes or share this information with others.
We may also collect certain Aggregate Information. For example, we may use your IP address to diagnose problems with our servers, software, to administer our Site and to gather demographic information.
4. Release of Information
We will not sell, trade, or rent your PII to others.
Occasionally we may be required by law enforcement or judicial authorities to provide PII to the appropriate governmental authorities. In such cases, we will disclose PII upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our products or services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
5. Third-Party Service Providers
To best provide our Services, and keep your information safe, we work with a few other companies. These companies only have access to the information they need to provide our Services. We assess the security and privacy policies of third-party service providers at least once per year to ensure they are capable of complying with our guidelines and practices for ensuring the confidentiality, security and integrity of student data, the transfer of student’s PII to a school or district contracted with us upon request or contract termination and deletion of such data.
We use some third-party service providers strictly on this public-facing website (https://schoolappexpress.com/) and not within our full suite of Services. Here is a list of the essential third-party service providers we work with, if they are used only on this website or within our Services, why we use them and links to their respective privacy policies:
|Third Party||Services or Website Only||Purpose|
|Microsoft Azure||Services||Cloud Hosting|
|SendGrid||Services||Transactional email delivery|
|Google Maps API||Services||Map functions|
|Google Translation API||Services||Translation functions|
|JW Player||Services||Video hosting and playback|
|Canadian Web Hosting||Services (n/a outside Canada)||Cloud Hosting (n/a outside Canada)|
|Google Analytics||Website Only||Website traffic analytics|
|Google Adwords||Website Only||Digital Advertising|
6. Third-Party Service Partners
We market some product and service offerings on the behalf of affiliates, service providers, partners and other third parties (“Service Partners”). This document only addresses how we collect, use and disclose your information. We do not share PII provided to us with our Service Partners or collect PII from our Service Partners. We encourage our Service Partners to adopt and promote strong privacy policies; however, the collection and use of your PII by our Service Partners is governed by their respective privacy policies and is not subject to our control.
7. Updating and Correcting Information
We encourage you to promptly update your PII if it changes. You may ask to have the information on your account deleted or removed; however, some information, such as past transactions, logs of technical support calls, or other information may not be deleted during the duration of our contract with your school or district.
8. User Choices on Collection and Use of Information
You also have choices with respect to cookies, as described above. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies some parts of our Services may not work properly for you.
9. Security of Your PII
When you use our Services, you can be assured that your PII is secure as we strive to take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of your PII. For example:
- We work hard to ensure that the data we collect is reliable, accurate, complete and current. We use PII only for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
- We limit access to PII only to specific employees, contractors and agents who have a reasonable need to come into contact with your information. For example, we may provide members of our technical support team with limited access to your account in order to allow them to troubleshoot problems you may be having with our Services.
- Additionally, we also employ a number of physical, electronic, and procedural safeguards to protect PII. Our secure servers and our data centers are protected by encryption, and our servers reside behind firewalls and password protection. Data at Rest: Databases are stored in Azure Sql Server and are accessible only from our dedicated virtual machines via defined service accounts using SQL Server Authentication. The databases are encrypted using Azure’s Transparent Data Encryption (TDE). Data in transit: Data is accessible only through our ASP.Net Web API 2 application using OAuth2 authentication. We store all passwords hashed and salted. API endpoints are exposed only through SSL Secured HTTP. Our apps access data through a RESTful API authenticated with a client token/secret pair hard-coded in the apps.
- Finally, access by you to your PII is available through a password selected by you. This password is encrypted. We recommend that you do not divulge your password to anyone. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your PII, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) the security, integrity and privacy of any and all information and data exchanged between you and us through our Services cannot be guaranteed.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practices are 100% immune, and we can’t guarantee the security of information. Outages, attacks, human error, system failure, unauthorized use or other factors may compromise the security of user information at any time. If we learn of a security breach or other unauthorized disclosure of your PII, we will attempt to notify you so that you can take appropriate protective steps by posting a notice on our homepage (www.schoolappexpress.com) or elsewhere in our Service and we will send email to you at the email address you have provided to us. Additionally, we will notify the primary administrative contact at your school or district by email and telephone and assist with their efforts to ensure your notification.
Any such notice will include:
- The date of the breach.
- The type of information that was subject to breach.
- General description of what occurred.
- Steps we are taking to address the breach.
- The contact person with our Company who you can contact regarding the breach.
If you are a parent, legal guardian or eligible student and an unauthorized disclosure of your student’s PII records occurs, we will notify you by email at the email address we have on record for you or through notice to your school or district’s primary administrative contact in the event that we do not have an email address on record for you.
In the unlikely event that we go out of business, or file for bankruptcy, we will protect your personal information, and will not sell it to any third-party.
11. Safe Harbor Statement
12. FERPA, California AB 1584, the Colorado Student Data Transparency and Security Act, PIPEDA and FOIPPA
In some cases, we collect the Student Personally Identifiable Information (SPII) listed below defined and subject to various state and federal laws governing education, including but not limited to the Family Educational Rights and Privacy Act (FERPA), California Assembly Bill 1584 (AB 1584), the Colorado Student Data Transparency and Security Act:
- Student’s Name
- Student’s Parent(‘s) or Guardian(‘s) Name(s)
- Student’s School or District Identification Number
- Student’s Grade or Class
- Student’s Email Address
We use the SPII described above for allowing administrators with the public education entity contracted with us to target selected notifications and restrict selected content to certain students or groups of students that the notification or content is applicable to; displaying a digital Student ID and for issuing, tracking and reporting issuance of Hall Passes.
The SPII described above is the property of an under control of the school, district or other public education entity contracted with us.
We do not share or disclose SPII with third-parties or use SPII to engage in targeted advertising.
If we discover any misuse or unauthorized release of SPII, regardless of whether the misuse or unauthorized release is a result of a material breach of the terms of our Service, we will notify the public education entity contracted with us as soon as possible.
Upon termination or conclusion of a contract, we destroy all SPII collected, generated, or inferred as result of the contract within one year of the termination of the contract and notify the public education entity previously contracted with us that the deletion has occurred. Prior to deletion, we provide notice of our intent to delete all SPII previously collected to the public education entity previously contracted with us and will transfer all SPII collected as a result of the contract to the public education entity previously contracted with us upon request.
We also endeavor to provide privacy protection that is consistent with Canada’s private sector privacy laws, including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Freedom of Information and Protection of Privacy Act (“FOIPPA”). Click here for certification that all data for our Canadian-based customers is hosted on servers that are physically located within Canada. For any questions regarding how we comply with PIPEDA or FOIPPA, please contact us at email@example.com.
13. Contact Us