Student Data Security Policy
Adopted: 01 November 2023
The Contractor will comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security, all as may be amended from time to time.
What We Receive
From the Parents/Legal Guardians:
- Basic account information including name and email address.
- Student information such as name, address, birthdate, grade level, campus preferences, student number, siblings (if applicable), parent or guardian contact information, and other items as listed in the OneRoster documentation provided by 1EdTech Consortium Inc.
- Payment Information if contracted with the school and the parent provides payment information. This information is handled with the utmost care. We engage a secure and nationally recognized payment processor using strong industry standard encryption for credit card transactions. The Contractor does not store credit card numbers, nor do we have access to credit card numbers through our payment processor. To provide our service, we retain the details of a purchase, such as the payment date, the amount paid, and items paid for.
- Your direct communications. We keep records of communications including email and text messages when you or a school user uses a communication system such as text or email, when a user provides feedback, asks questions, or seeks technical support.
- Information stored in a student’s cumulative educational record.
From the School:
- The contracted school provides specific information to the Contractor to provide services as a “school official” to increase the efficiency of administrative duties performed by the school. The information provided to the Contractor depends on the services selected by the school, but may include student legal name, date of birth, grade level, entry/exit dates, list of enrolled courses, outstanding payment balances, etc.
From the Tech:
- Cookies: Like many websites, we rely on cookies (a small text file sent to your browser). The Contractor uses only necessary and functional cookies, for example to retain your preferences and remember the state of an activity (such as an online shopping cart for school fees or meal payments) or a service (such as accountholder sign-in). You can decline to have personal data collected via third-party tracking technologies by navigating to the settings feature in your browser and declining third party cookies or declining third party cookies from specific sites, or, for mobile, limiting ad tracking or resetting the advertiser identifier via the privacy settings on your mobile device.
- Other Non-Personal Information: We automatically receive and record non-personal information on our server logs from a user’s browser. We may collect technical information about the browser, operating system, or mobile device being used, as well as information about patterns of usage and technical performance.
- Use of Technical Information: We use the technical information collected to deliver content and support a user’s experience of our services. For example, when a user returns to the services after signing in, cookies help us recognize that user.
COPPA and FERPA
Our product is not targeted to students on any basis. The Contractor does not ask children for personal information. The Parent Information Center is not intended for children under 16 years of age. If you are under 16, do not use or provide any information on the site. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information.
Advertising & Social Media
As our product is intended for school personnel and parents and guardians, the Contractor does not display any advertising to children on our websites or apps.
Accessing & Updating Your Information
You may send the school an email to request access to, correct, or delete any personal information that you have provided.
We use Personal Information and any other information collected through the website for the following reasons:
- to administer the Services;
- to improve the quality and types of services we deliver;
- to analyze usage of the services and the popularity and performance of our products;
- to allow schools to communicate with parents by responding to their requests, comments and questions;
- to diagnose technical problems;
- to email parents and other authorized users regarding service, technical and other administrative matters. These communications may also include information regarding changes in services, new service offerings and important service-related notices, such as security and fraud notices. Such communications will only be delivered to parents and LEAs.
- to send users alerts to notify them about pertinent activity on our Services.
- to conduct research and analytics to improve our Services and value to you, and to perform research for authorized persons;
- to protect the Contractor and our users, such as conducting audits or notifying LEAs of inappropriate or potentially harmful behavior;
- to assist users who request technical support;
- for other educational purposes requested and sanctioned by an authorized representative of the LEA;
- for billing, account management, and other administrative matters;
- to comply with a judicial order, subpoena or other legal request; or
- as required by applicable law or regulation.
We strive to protect the confidentiality, security, and integrity of the Personal Information we collect from children and adults. We have put in place physical, electronic, and administrative procedures designed to safeguard and to help prevent unauthorized access to and maintain the security of personally identifiable information collected through our Services.
All accounts are protected by passwords. Please keep these passwords secret to prevent unauthorized access to these accounts. If you think someone has gained unauthorized access to your account, please change your password and contact us immediately.
We take customary and reasonable measures designed to protect the confidentiality, security, and integrity of Personal Information collected on our Services, both during transmission and within our systems. Such protections include, but are not limited to:
- Data encryption and storage: Data is encrypted in transit (SSL/TLS) and at rest. Personal Information is stored and processed within the continental United States.
- Access: Access to Personal Information is restricted to a limited number of Frogtummy Enterprises employees or contractors who need such access to perform their job.
- Data Systems Monitoring: We employ several third-party services that continuously monitor and scan our Services for vulnerabilities. Employees dedicated to operating the Services monitor these reports and receive automated alerts when performance falls outside of prescribed norms.
- Firewalls: Anti-virus software and firewalls are installed and configured to prevent malicious or unauthorized traffic.
- Security audits: the Contractor conducts security audits and code reviews, both by external and internal providers.
- Employee training: the Contractor trains employees and contractors in applicable data privacy and protection measures.
- All PII that was provided will be destroyed when no longer needed for the specific purpose for which it was provided, including any copies of the PII that may reside in system backups, temporary files, or other storage media. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
- No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Sharing of Your Personally Identifiable Information with Service Provider
Frogtummy Enterprises will not sell, rent, or trade your PII or your student’s PII to any third party. However, we may share your PII with third‐party service providers hired to support our business and who are bound by contractual obligations to keep PII confidential and use it only for the purposes for which we disclose it to them. Frogtummy Enterprises provides them with only the information they need to know to perform the requested services on our behalf. They are bound by confidentiality obligations prohibiting them from using your PII for purposes other than to facilitate and carry out the services for which they have been retained. Frogtummy Enterprises protects PII disclosed to third parties by contractual agreements, requiring those third parties to adhere to confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by Frogtummy Enterprises itself.
Only those personnel of Frogtummy Enterprises or third-party contractors, with whom Frogtummy Enterprises has contracted and who have a business need to know to perform the services being requested by Frogtummy Enterprises, will be granted access to PII.
We will allow a successor entity to maintain the Student PII, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected Student PII.
Please contact the contracted school with any questions or comments.