The Site and its related products and services (collectively, “the Services”) are operated by BrightFish Learning, LLC. (“us”, “we”, “BrightFish”, “BrightFish Learning” or “the Company”), except and unless otherwise indicated. The Services consist of an online provider of educational tools and other materials and content. The text, images, data, illustrations, files, audio, videos, designs, documents, and other materials and content (collectively, the “Content”). Collectively, the Site, Services and Content are referred to in these Terms as the “Platform”. We use the term “Student Information” in this policy to refer to information that personally identifies a student and other information we receive about a student that is linked to information that personally identifies a student. Student Information does not include de-identified or aggregated information that does not personally identify an individual student.
2. Data We Collect
When you use the Platform, you provide us with three types of Student Information:
- Personal Data. For the general purposes of authentication and roster management, we collect information that is used to identify individual users (the “Personal Data”). Personal Data does not include Data that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. The Personal Data that we collect includes:
- first and last name,
- grade level,
- email address (optional), and
- school identification code (optional).
As a general matter, we do not request nor collect any of the following information:
- physical address(es),
- telephone number(s),
- photograph or physical likeness,
- date or place of birth,
- social security number,
- dates of attendance in school,
- grades or test scores,
- disciplinary records, or
- medical or health records.
We collect Personal Data in different ways. For example, we collect Personal Data when a student or teacher registers for a BrightFish account and when a person responds to BrightFish emails or surveys. We also receive Personal Data from other sources (“Third-Party Applications”), such as identity verification services like Clever, Google
andFacebook contingent on users granting such Third-Party Applications to share Personal Data with us. You have the right to decline to share certain elements of Personal Data that we ask you to provide, but must note that doing so may limit your use of certain features and functionality of the Platform. You may edit account information and submissions at any time by accessing your account through the Platform.
- Device Data. As you interact with the Site, we collect technical information (“Device Data”) such as cookies, your web browser type, your IP address, and your device’s operating system, among others. We take measures to ensure that our cookies do not collect personally identifiable or sensitive information. The aggregate information we collect is analyzed and may be combined with similar aggregate information of other visitors to the Site. You may set your browser to reject cookies; however, this may affect some functions of the Site.
- Performance Data. Student interactions with our Platform generate data we refer to as “Performance Data”. Performance Data may include, for example, the lessons a student chooses to
complete,when a student starts and stops a lesson, and student responses in the lesson. Performance Data will be used for educational purposes only.
3. How We Use Data
- Personal Data. We and our service providers use Personal Data
to:(i) provide the Services, ii) comply with applicable laws, and (iii) promote our products, systems, and tools. Examples of how we may use Personal Data include:
- To authenticate a user’s identity;
- To customize the features that we make available to you;
- To respond to inquiries, send service notices and provide customer support;
- To communicate regarding a payment, and provide related customer service;
- For regulatory purposes and compliance with industry standards;
- To send communications about new features and products;
We do not use Personal Data for maintenance, testing, or improvement of the Platform.
- Performance Data. We use Performance Data for reporting purposes to teachers and educational agencies, and to test and improve our product. We also use aggregate Performance Data to develop new products, improve or modify our Services, conduct aggregate analysis and develop business intelligence that
enableus to operate, protect, make informed decisions, and report on the performance of, our business.
4. How We Share Data
We do not disclose, share, rent, or sell any Personal Data or other personally identifiable information about students to any third parties for commercial uses, such as targeted advertising. We only disclose or share such Personal Data with bona fide service providers for purposes related to or arising out of the ordinary course of creation, development, operation, service, and maintenance of the Platform. Such bona fide third-party service providers shall only use such information for such purposes and not to sell such information under any circumstances. Third party providers who do help us operate our Services must adhere to privacy and security obligations in a manner consistent with the Company’s policies and practices
5. Educator Access To Student Data
If you are a student using the Platform in connection with a “class”, your school administrator(s) and teacher(s) (“Educator Users”) may have the ability to access, monitor, use, or disclose data related to User Performance Data and Personal Data. If you are an Educator User, you agree that you will obtain and maintain all required consents from End Users to allow: (i) your access, monitoring, use, and disclosure of this data and
All student Personal Data is securely encrypted within our database, which has daily backups and is protected by SSH (Secure Shell) and a firewall. All actions that involve the digital transmission of Personal Data are handled by a 256-bit SSL (Secure Sockets Layer) encryption.
7. Data Retention
We retain Student Information to provide the Services to you and our other users and to provide a useful user experience, and
- You will no longer be able to access your account.
- No further
activitymay take place on your account.
- Your account will no longer be publicly visible on the student leaderboard.
- All data associated with your account will be kept for reporting and compliance reasons.
- Your data up until your deactivation will continue to be shared with any teacher and school that previously had access to such data.
- A deactivated account can be restored, with all Student Information intact, upon request.
Following the termination of a license, a school or district may request that we deactivate and de-identify Student Information and we will do so, unless the school, district, or applicable regulations require the retention of such data, in which case the records shall be de-identified upon the expiration of the retention period. Prior to de-identifying any Student Information, we will first ensure that the school or district has downloaded backups of the same. This shall apply even in the case when the termination of a license is initiated by the Company. In the case of a request for deactivation and de-identification, the following happens:
- We will obfuscate all of the Personal Data in the relevant student accounts. This means that their email, first name, last name, and username get replaced with a long, meaningless identifier. This is a
one waychange, and we can never recover the identity associated with the account after this step. We will perform this obfuscation in our database, all backups that we maintain, and in any third party applications that we use to deliver the Services.
- We will retain all Performance Data associated with the accounts to improve the Platform. These reasons include, but are not limited
to:internal data analytics and preventionof fraud and abuse.
- This action also deactivates all relevant accounts, preventing them from being used in the future.
In order to request an account reactivation, please contact us at firstname.lastname@example.org. To request that Student Information be de-identified, please contact us at email@example.com.
8. Viewing & Correcting Information
A parent or guardian may review Student Information in the applicable student’s records by viewing their BrightFish account. The Platform enables any Educator User to permit parents, legal guardians, and eligible pupils to review personally identifiable information contained in Student Information, and to correct erroneous information, in accordance with procedures established by the school district or educational agency To the extent that a User opts to share his or her profile with his or her parent or guardian, such User expressly agrees to such sharing and all related responsibilities and liabilities therewith. We fully comply with the Requirements for Accessible Electronic and Information Technology Design as laid out by the U.S. Department of Education here.
9. Data Ownership & Control
Any and all student data provided to BrightFish, or to which BrightFish has been granted access, are and shall remain the sole property of the educational agency that provided or granted access to such records.
10. Users Under 13 Years Of Age
In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we require parental consent for students under the age of 13. Children under the age of 13 should not register for their own BrightFish account. Setup of accounts for children under the age of 13 is coordinated with a child’s teachers and parent for licensed school customers only. If you are a parent, please coordinate with your child’s teacher to set up
11. Data Breaches
Within 48 hours of learning about a data breach, or longer reasonable time as may be required by the legitimate needs of applicable law enforcement or as to take measures necessary to determine the scope of the breach and restore reasonable integrity of its systems, we will notify all teachers, parents, principals, and district administrators whose information may have been improperly disclosed, via email communication to the email address on file for each user. We will inform any users who oversee those students (i.e. relevant teachers, parents, principals, and district administrators) if any Student Information is involved. This email notification will describe the nature of the data breach, the date of the breach, the types of information that
12. Notice Of Changes
13. Contacting Us
BrightFish Learning, LLC
9s712 Brookbank Rd,
Hinsdale, IL 60527
14. California AB 1584 Compliance Statement
- Student-generated content. The Platform does not collect or store any student-generated content. In the event the Platform is updated to incorporate such a feature, we will amend this statement to describe the means by which students may retain possession and control of student-generated content.
- Security and confidentiality of Student Information.
BrightFishis committed to maintaining the security and confidentiality of Student Information. It has designated a Security Compliance Officer (SCO), who is responsible for: (a) ensuring that the Company’s servers are protected against unauthorized access to the greatest degree possible; (b) limiting employee access to Student Information to whatever extent is required for them to perform their job functions; and (c) regularly training employees in data security procedures to further ensure compliance with company data security policies.
- FERPA compliance BrightFish offers schools and districts utilizing the Platform the means to comply with their obligations under the Federal Educational Rights and Privacy Act (20 USC §1232(g)), by enabling Educator Users to inspect and review Student Information and to correct any inaccuracies therein as described in Section 8 of this Statement.