EdGraph® Privacy Policy
Effective as of October 16, 2024

EdWire, Inc. d/b/a EdGraph (“EdGraph”) considers user privacy paramount, and utilizes great care in keeping the information of customers, students, parents, educators, and end users (also collectively referred to as “you” and “your” this this Privacy Policy) private and secure.  Additionally, EdGraph knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly. To demonstrate our firm commitment to privacy, the following provisions have been created to explain and describe our privacy policies and procedures in relation to all data collected (the “Privacy Policy”). By visiting EdGraph’s website, using the EdGraph® software, and/or providing information to EdGraph, you are accepting the practices described in this Privacy Policy.

EdGraph is committed to protecting the privacy of students, parents, and educators, while providing students and schools with an extensible integration platform that supports the latest educational data standards and provides critical metrics and performance monitoring via pre-built dashboards and reports in the educational environment (“EdGraph” and/or the “Software”). This Privacy Policy addresses the privacy practices of EdGraph. EdGraph's products and services are intended for ultimate use by parents, teachers and students, but only school districts, teachers, or parents may sign up for EdGraph. This Privacy Policy is applicable to all EdGraph products and services available.  This Privacy Policy states our standards for maintenance of data and we will make efforts to meet them.  However, we do not guarantee these standards will be met as there may be factors beyond our control that may result in disclosure of data.  As a consequence, we disclaim any warranties or representations relating to maintenance or non-disclosure of data.

If we intend to use or disclose members' personal information in a manner materially different from that stated at the time of collection we will notify you by email.

EdGraph’s Commitment to You
EdGraph hereby commits to:

  • Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
  • Not sell student personal information.
  • Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
  • Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
  • Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
  • Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
  • Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
  • Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
  • Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
  • Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
  • Provide resources to support educational institutions/agencies, teachers, or parents/students to protect the security and privacy of student personal information.
  • Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
  • Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
  • Incorporate privacy and security when developing or improving our educational products, tools, and services and comply with applicable laws.
 
Consent by School Districts, Teachers and Parents
If you are a student of any age, you must get permission from your school, parent or teacher to use the Software.

EdGraph is not offered directly to students on any basis, and school districts, teachers, or parents must first sign up for primary accounts, and then invite students to use EdGraph through student accounts. Only school districts, teachers and parents that have obtained licenses, provided consent on behalf of students for EdGraph to collect and use student data described in this Privacy Policy and opted to allow for student account creation can create or provide enrollment codes for students to create student accounts.

If EdGraph learns that a student of any age has created a primary account, that account will be deleted. Further, if EdGraph learns that we have inadvertently collected personal information from a student of any age with the appropriate consent, we will take the necessary steps to delete it.

What Definitions Apply to the Privacy Policy?
“School” or “school district” means a school district, individual public school, charter school or private school which contracts with EdGraph and licenses the use of EdGraph for your child where he or she is enrolled.

“Information” and “personal information” means personally identifiable information (“PII”) that, alone or in combination, is linked or linkable to a specific person that would allow a reasonable person, who does not have personal knowledge of the relevant circumstances, to identify the person with reasonable certainty.

What Laws Generally Apply to Student Records?
Your children's education records will be protected by EdGraph as required by the Family Educational Rights and Privacy Act ("FERPA") and applicable state laws regarding the privacy of student records or PII. We will only disclose education records or provide access to them in compliance with FERPA and applicable state laws, and we will require third parties that contract with us and have access to education records to do the same. EdGraph will not use PII to target a student for advertising, sell PII or use PII to create profiles about a student (other than for purposes of the student’s education in a school) when those activities are prohibited by law. EdGraph will not use, or will seek permission to use, a student’s PII for purposes unrelated to providing or improving their education where required by law to do so. If any provision of this Privacy Policy conflicts with FERPA or other federal or state law, EdGraph will comply with the more protective standard for the education records.

We understand that children who are under 13 years of age need enhanced safeguards and privacy protection, as set forth in the Children's Online Privacy Protection Act ("COPPA").  COPPA protects the information privacy of children under the age of 13 by requiring web site operators and online services to post privacy policies and obtain verifiable parental consent before collecting information from those children.

EdGraph receives personal information about children who are under the age of 13 strictly from their parents or guardians at the time those children create an account using EdGraph. The only information received directly from your children is the information they provide (such as test answers, electronic mail and class discussions) in EdGraph.

Other than through EdGraph, EdGraph does not solicit children to provide personal information. We also do not knowingly contact or collect PII from children under 13.

EdGraph also complies with the Protection of Pupil Rights Amendment ("PPRA"), which applies to programs that receive funding from the US Department of Education.  The PPRA protects the rights of parents and students by making instructional materials available for inspection by parents if they are used in a survey, analysis, or evaluation in which their children participate when funded by the US Department of Education.  We also make sure we have written parental consent before children are required to participate in any survey, analysis, or evaluation funded by the US Department of Education that reveals information concerning (i) political affiliations, (ii) mental and psychological problems potentially embarrassing to the student and his/her family, (iii) sex behavior and attitudes, (iv) illegal, anti-social, self-incriminating and demeaning behavior; (v) critical appraisals of other individuals with whom respondents have close family relationships; (vi) legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers; (vii) religious practices, affiliations, or beliefs of the student or student’s parent; and (viii) income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program).

How Are Student Accounts Created?
We will ask you to create an EdGraph account to access certain portions of our Software. When you create an account, we will ask for your consent to collect certain types of personal information. Please note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your personal information, the use of the EdGraph Software may not be possible.

When school districts or teachers create primary accounts and invite students to create student accounts, they are acting on behalf of parents to give EdGraph permission to collect the information described in this Privacy Policy, and EdGraph is acting as a service provider to the school district or teacher.

When the primary account belongs to a school district, student accounts will be populated in coordination with that district. Students will then be provided login information in a manner specific to that district and in accordance with district policy, which may in some cases be through a district-wide “single sign-on” or by communicating an initial login and password to the student.

When the primary account belongs to a teacher or a parent, students are added using a name, nickname or pseudonym by the teacher or parent. EdGraph then generates enrollment codes that students can use to register student accounts.

What Information Does EdGraph Collect About Students and Teachers?
The information that we collect from logged-in users includes information that you voluntarily provide to us when you sign up for an account and information that is automatically collected when you are logged into the EdGraph platform. The information collected depends on whether you are a teacher, school, parent or student.
We maintain records for each student account of assignments that have been given (and results that have been submitted) and records of any online assessments taken by the students.

When the primary account belongs to a teacher or a parent, we collect the student name information provided by the teacher or a parent, and then collect a username and password when the student registers. Student records are linked to teacher or parent records, which may include the teacher’s or parent’s name, email address, grade levels taught, self-reported school and school district information, and geographic information about the district such as its zip code. We also collect information about teacher’s title, subject interests and teaching experience.

When the primary account belongs to a school district, initial information about students, teachers and schools is provided from the district’s records, and may include unique identifiers that link these records to other records in the district’s database system as well as teachers’ names and titles and the name of the teacher’s school. Districts also may provide information about a student’s grade level, the student’s username, password and email address, a statewide student identifier and information about the school that the student attends.

In every case we also log certain detailed technical information about all users’ interactions with our Software that could be linked with users (including students). This includes the IP addresses that we get when users connect to our Software, information that is sent by web browsers automatically when they connect to our Software (such as the type of web browser, the operating system used and the time zone set on the user’s computer), the timing and frequency of how users interact with different content and different components of our Software.

How We Automatically Collect Information
We the use following methods and tools to collect and track the automatically collected information described above.

We set cookies so that we are able to recognize when someone is connecting to our Software who is currently logged in or who has visited before. A cookie is a data file sent to a browser from a web server and stored on the user’s computer's hard drive that allows us to recognize that browser when the user returns to our Software. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your browser, or visit http://www.allaboutcookies.org.

Additionally, our video player may store local shared objects, also known as Flash cookies, on users’ computers. Local shared objects cannot be managed in the same way as browser cookies. For information on managing Flash cookies, visit http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.

We (or our third party service providers) may place a tiny image, also known as a pixel tag, in the emails we send, to tell us when you have opened the email. Our team uses this information to improve emails we send to you, and best tailor them to the needs of school districts, teachers and students.

Like most online services, when you use the Software, we automatically collect and store details of how you used our service, such as your activity on the Software, and the frequency and duration of your usage.

By using our Software you agree to our use of these information collection technologies.

You can disable or delete cookies.  However, because cookies allow you to take advantage of some of EdGraph 's essential features, we recommend that you leave them turned on.  If you disable or delete cookies, you may not be able to utilize all of EdGraph’s features and functionality.

Anonymized Data
We frequently aggregate information in a way that makes it impracticable to use that data to identify a particular person; we also sometimes maintain individual data records with personal identifiers removed, and maintain in a manner in which it is impracticable to relink it to any particular individual. In this Privacy Policy, we refer to such data as “Anonymized Data” and do not consider it to be personal information.

What Student Information Can Other Users See?
When the primary account belongs to a school district, the account administrator designated by the district can access all information we collect about students that we make available through our web-based user interface. District administrators can delegate the right to view student information in accordance with district policy. Each teacher within that school district can see only information relating to students’ participation in classes taught by that teacher (unless granted additional access by the district account administrator).

Primary account holders who register as teachers or parents can access all information available through our user interface relating to students’ interactions with assignments created by that teacher or parent. They cannot see information that we collect in connection with a student’s interactions with assignments created by another teacher or parent.

What Does EdGraph Do With Personal Information?
We will not share personal information we collect in any way not described by this Privacy Policy. Except as noted below, we do not share any personal information with third parties for advertising, marketing or other purposes. There is no third party advertising on EdGraph or within EdGraph. We do not amass student profiles except in the furtherance of school purposes.

We do not ask or require students to provide information beyond that which is reasonably necessary to use EdGraph. We do not share any student login information with any third party and we do not automatically collect personal information from student accounts. Information collected from students is never used or disclosed for any third party advertising or any kind of behaviorally targeted advertising. We do collect website usage information through third party analytics services and Anonymized Data to help us improve our experiences for students, but such information does not contain personal information.

We use personal information and any other information collected through the website for the following reasons:
  • to administer our website and access to our Software;
  • to improve the quality and types of services that we deliver;
  • to analyze Software usage and the popularity and performance of our EdGraph product;
  • to communicate with parents, teachers and school districts by responding to your requests, comments and questions;
  • to obtain consent from parents, teachers and school districts so that a student account may be created;
  • to diagnose technical problems;
  • to send users emails regarding service, technical and other administrative matters. These communications may also include information regarding changes in services, new service offerings and important service-related notices, such as security and fraud notices. Such communications will only be delivered to parents, teachers and school districts and will never be delivered to the Software’s student users;
  • to send users alerts to notify them about pertinent activity on the Software, such as messages from colleagues or upcoming assignments (“Notification Alerts”). These Notification Alerts may be sent to all users of the Software, including students;
  • to provide useful analyses to users and primary account owners;
  • for billing, account management and other administrative matters; or
  • as required by applicable law or regulation.

We use this information to help us to diagnose technical problems, administer the Software and improve the quality and types of services that we deliver. We may also collect, track and analyze information in aggregate form that does not personally identify users.
 
How We Share Information
We may use third party service providers to provide a variety of services, such as assisting us with providing customer support, hosting the Software, providing us with analytics about how people use our Software, assisting us with marketing the Software to school districts and teachers, sending and tracking responses to email, providing a framework for the delivery of assessment questions and helping us identify and track bugs and errors in the Software. All of our service providers have agreed to confidentiality and data security provisions consistent with this Privacy Policy. Third parties we work with are contractually prohibited from using any personal information for any purpose other than providing the services we request from them.

When a school district is the primary account holder, we share information with third parties at the direction of the school district, and it is the school district’s responsibility to make such requests in a manner that is consistent with their internal policies and the law. We may also share information that we collect in the following circumstances:

  • if we believe in good faith that it is necessary to disclose the information under any applicable law or regulation (for example, in response to a court order or a subpoena);
  • if we believe in good faith that it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person;
  • to investigate and act upon violations of the law or of our terms of use;
  • with teachers and parents who are the managers of a class so they can see information about their students or children in that class, such as the student’s or child’s name, school affiliation and activity on assignments (including time of activity and any responses to questions, extending to grades for those assignments);
  • when any user logs into EdGraph with a third party account (such as a Google or other account), that third party will learn that that user has visited EdGraph, and that information will be subject to that third party’s privacy policy and practices;
  • with third party products specifically configured by schools or districts to interoperate with EdGraph;
  • if the information is Anonymized Data;
  • with our corporate affiliates, parents and/or subsidiaries; or
  • in other circumstances in which you expressly consent.

We will not sell student or teacher information except in connection with the sale of EdGraph’s assets or a merger of EdGraph with another company, and then only on the condition that such information will continue to be covered by the then-applicable Privacy Policy. If there are changes to this Privacy Policy in the future, school districts, teachers and parents may agree to those changes or choose to stop using EdGraph and we will delete their information and the information about their students.

We may also obtain information, including personal information, from certain third parties (such as Google). Any personal information received from these third parties will be handled in accordance with this Privacy Policy. We sometimes combine information we receive from third parties with the personal information we collect through the Software. Any such combined information will be treated as personal information in accordance with this Privacy Policy.

Please also note that our service providers may be able to combine the data we share with them with the data they collect on their own. For example, if we share information with Google, Google may combine such information with the data they have already collected about you through their website. We are not responsible for such combinations of data and we encourage you to learn about their privacy and security policies before you use this Software or provide our service providers with your personal information.

Third Party Websites
Our Software may include some links to other sites. We are not responsible for the data collection practices on those other sites. We advise you to carefully review those sites' privacy policies before submitting personal information there.

Our Security Practices
We strive to protect the confidentiality, security and integrity of the personal information we collect from children and adults. We have put in place physical, electronic and administrative procedures to safeguard and to help prevent unauthorized access to and maintain the security of personally identifiable information collected through this Software.

Primary accounts and student accounts are protected by passwords. Please keep these passwords secret to prevent unauthorized access to these accounts. If you think someone has gained unauthorized access to an account, please contact us immediately at support@edgraph.com.

We take reasonable, industry standard measures to protect the confidentiality, security and integrity of personal information collected by our Software. This includes the use of encryption, firewalls and other security technologies to prevent access to the data from unauthorized parties. All connections between users and our Software are secured via encryption communication technology (SSL/TLS). All passwords are salted and hashed using the practices recommended by NIST (National Institute of Standards and Technology). We use highly rated application hosting providers who agree to perform frequent diagnostics, operating system updates, and network security monitoring. Our engineering team is committed to creating and maintaining systems to protect personal information.

Only employees who need to access user information in order to perform their job (for example, customer service) are granted access to student information.
While we have taken all steps to protect the personal information we collect, and we work to keep our systems in line with industry standards, no system is 100% fail proof and secure. If we discover that the security of personal information has been compromised, we will notify the parent, teacher or school district that established an account with us no more than thirty (30) days after the discovery of such compromise. We will conduct an investigation to determine the scope of the breach or restore the integrity of our system. You consent to our use of email as a means of such notification.

Your Choices Related to Your Privacy
In order to process your information, we rely on your consent or our legitimate interests to process your data. You may withdraw your consent or object to the use of our information at any time, but you may no longer be able to access EdGraph.

If you have an EdGraph account, you can edit your information in the account section of the Software. If you are unable to do this through our Software, you can contact us at support@edgraph.com and we'll help you make changes. We may ask you to verify your identity before we provide you with access to your information.
You have the right to opt out of emails from us by clicking unsubscribe. You may still receive transactional emails from us related to forgotten passwords, account expiration, or other necessary communication.

How You Can Delete or Edit Information or an Account
When school districts or teachers create primary accounts and invite students to create student accounts, they are acting on behalf of parents to give EdGraph permission to collect the information described in this Privacy Policy, and EdGraph is acting as a service provider to the school district or teacher. For these types of primary account, all requests to review, delete or edit student information must come from the school district or teacher, and parents should make use of the school’s policies with respect to reviewing, deleting or editing such information. When parents are the primary account holders, they may delete or edit student information through the EdGraph user interface or by contacting EdGraph at support@edgraph.com.

If a school district or school requests deletion of data under the control of the school district or school, we will promptly delete it, subject to any legal requirement to retain or transfer that data. Note that even following such deletion requests, we may store secure backups until they are deleted in accordance with our document retention policy. We may also preserve information as part of an investigation into violations of the law or our terms of use.

Please note that any information you share with others when using EdGraph or content other users may have copied, is not a part of your account and may not be deleted when you delete your account. If we share your data with one of our service providers, we will use our best efforts to cause such third party to delete such data when you delete your account.

How We Retain and Delete Your Data
We will retain personal information collected in connection with an account only for as long as is necessary to provide the services to the account holder, as required by applicable laws or regulations or otherwise per the terms or a contract with a school or district.

We may maintain Anonymized Data, including usage data, for analytics purposes.

Certain Rights for EEA Persons
Individuals in certain countries, such as the European Economic Area (the “EEA”), have certain statutory rights in relation to their personal data. These rights include the right to request access to personal data, as well as to seek to update, delete or correct their personal data. You may exercise these rights by following the steps explained above, which for holders of student accounts means making such a request to the primary account holder. If you have any problems exercising your rights or if you have any additional questions about our use of your personal data, please contact us at support@edgraph.com for additional information.
 
Data Protection Officer; Data Protection Authority
EdGraph has a “Data Protection Officer” who is responsible for matters relating to privacy and data protection. This Data Protection Officer can be reached at dataprotectionofficer@edgraph.com.

You may direct questions to the Data Protection Officer. You also have the right to (i) restrict EdGraph’s use of information that constitutes your personal data, which will cause you to lose access to EdGraph and (ii) lodge a complaint with your local data protection authority.

Identifying the Data Controller and Processor
We endeavor to be fully compliant with the General Data Protection Regulation (“GDPR”), effective as of May 25, 2018. However, we do not intentionally offer goods and services to individuals outside of the United States. EdGraph operates exclusively in the United States at this time and EdGraph’s operations are subject to United States law.  If you are located outside of the United States, please be aware that any information you provide to us will be transferred to and stored in the United States or other countries that may have data privacy laws that are less protective than the laws where you reside.  Subject to the foregoing limitations, we may act, depending on the circumstances, as either or both a Controller and a Processor of personal data (as those terms are defined in the GDPR). We act as the Controller of information when we ask you to provide to create an account and information that we automatically collect when you use the Software. We act as the Processor of user-generated content and information provided to us by school districts and teachers.

Location of Data and Processing
EdGraph is owned and operated by EdGraph, located at 17806 IH 10 W, Suite 300, San Antonio, Texas 78257-8222. If you are located outside of the United States, please note that personal data will be processed in the cloud by our cloud service provider (currently Microsoft Azure), which offers sufficient guarantees to implement appropriate technical and organizational safeguards that meet the GDPR’s standards. We have a data processing agreement in place with our cloud service provider, ensuring compliance with the GDPR and, in the event of any unauthorized access to, or use of, personal data, the appropriate authorities will be notified. All information is transmitted to us by our cloud service provider, will be processed in the United States, and will be handled and protected under the terms of this Privacy Policy and applicable U.S. laws, which may not be as protective as the laws in your country. By using the Software, you agree to this.

Notice of Changes to This Policy
We may occasionally update this Privacy Policy. You can see when it was last updated by looking at the new effective date at the top of this page.

If we make any significant changes we'll post them prominently on our website and notify you by other means as required by law. Your continued use of EdGraph after a revision to the Privacy Policy indicates your acceptance and agreement to the then current or revised Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we're keeping your information safe.

If you don't agree with any future changes to the Privacy Policy, please contact us to terminate your account.

You may contact us at support@edgraph.com.

Special Considerations by State
Our Privacy Policy is consistent with our obligations pursuant to the state-specific policies and laws regarding the collection of student data including, without limitation, Arizona’s Student Accountability Information System (A.R.S. §§ 15-1041 to 15-1046), Arkansas’ Student Online Personal Information Protection Act (Ark. Code Ann. § 6-18-109), California’s Student Online Personal Information Protection Act (Cal. Bus. & Prof. Code §§ 2258422585; SOPIPA) and the Early Learning Privacy Information Protection Act (Cal. Bus. & Prof. Code § 22586), California’s Privacy of Pupil Records (Cal. Educ. Code §§ 4907349079.7), California’s Eraser Law (Cal. Bus. & Prof. Code §§ 2258022582), California’s Shine the Light Law (Cal. Civ. Code § 1798.83), California’s Age-Appropriate Design Code Act (AB 2273, Cal. Civ. Code §§ 1798.99.28 to 1798.99.40),  Colorado’s Colorado Privacy Act (C.R.S. Title 6, Art. 1), Colorado’s Student Data Transparency and Security Act (C.R.S. § 22-16-101), Colorado’s Colorado Privacy Act (C.R.S. Title 6, Art. 1); Colorado’s S.B. 41 Children’s Data Privacy Amendments, Connecticut’s Personal Data Privacy and Online Monitoring Act (CTDPA) (Conn. Gen. Stat. Ann. §§ 42-515 to 42-525), Connecticut’s Student Data Privacy Act (H.B. 5469, Public Act No. 16-189Conn. Gen. Stat. Ann. §§ 10-234aa-10-234ff), Connecticut’s S.B. 3 Child Online Safety Amendments, Delaware’s Personal Data Privacy Act (H.B. 154), Delaware’s Student Data Privacy Act (14 Del. C. §§ 8101A to 8106A),  District of Columbia’s Protecting Students Digital Privacy Act of 2016 (D.C. Code §§ 38-831.01 to 38-831.05), Florida’s Digital Bill of Rights (§§ 501.701 to 501.722), Florida’s S.B. 188 (1002.222 Fla. Stat.), Florida’s Student Online Personal Information Act (§ 1006.1494 Fla. Stat.), Georgia's Student Data Privacy, Accessibility, and Transparency Act (Ga. Code Ann., §§ 20-2-660 to 20-2-668; S.B. 89), Hawaii’s Student Online Personal Information Protection law (HRS §§ 302a-499 to 302a-500), Idaho’s Student Data, Transparency and Accountability Act of 2014 (Idaho Code § 33-133), Indiana’ Consumer Data Protection Act (S.B. 5), Illinois’ Online Personal Protection Act (105 ILCS 85/1-85/99), Iowa’s Act Relating to Consumer Data Protection Act (S.F. 262), Iowa’s Student Personal Information Protection law (Iowa Code Ann. § 279.71), Kansas’ Student Data Privacy Act and Student Data Personal Protection Act (K.S.A. 72-6312 to 72-6334), Kentucky’s Consumer Data Protection Act (H.B. 15), Kentucky’s law relating to prohibited uses of PISI by cloud computing service providers (KRS 365.734), Louisiana’ Children’s First Act (La. R.S. 17:3914), Maine's Student Information Privacy Act (Me. Rev. Stat. tit. 20 § 951-953), Maryland’s Student Data Privacy Act of 2015 (Md. Code Ann. Educ. § 4-131), Massachusetts’ Regulations on Access to Student Records (603 Code Mass. Regs. 23.02 to 23.07), Michigan’s Student Online Personal Protection Act (MCL 388.1291 to 388.1295), Minnesota’s Consumer Data Privacy Act (HF 4757), Minnesota’s Student Data Privacy Act (Minn. Stat. Ann. §§ 13.32(1), (13)-(15) and 13.463), Missouri’s Student Data law (MO Rev. Stat. § 161.096), Montana’s Consumer Data Privacy Act (S.B. 384), Montana’s Pupil Online Personal Information Protection Act (Mont. Code Ann. §§ 20-7-1325 and 1326), Nebraska’s Data Privacy Act (LB 1074), Nebraska’s Student Online Personal Protection Act (Neb. Rev. St. §§ 79-2,153 to 79-2,155), Nevada’s Privacy of Data Concerning Pupils (NRS 388.281-388.296), New Hampshire’s S.B. 255-FN, New Hampshire’s Student Online Personal Information Act (N.H. RSA § 189:68-a), New York Education Law (§§ 2-c and 2-d), North Carolina’s Student Online Privacy and Protection law (N.C.G.S. §§ 115C-401.2 to 115C-402.5), New Jersey’s Data Privacy Act (S.B. 332), Oklahoma’s Student Data Accessibility, Transparency, and Accountability Act of 2013 (Okla. Stat. tit. 70 § 3-168), Oregon’s Consumer Privacy Act (S.B. 619), Oregon’s Student Information Protection Act (O.R.S. §§ 336.184 and 336.187), Rhode Island’s Data Transparency and Privacy Protection Act (H 7787 and S 2500), Rhode Island’s Student Data Cloud Computing law (R.I. Gen. Laws § 16-104-1), Tennessee’s Information Protection Act (H.B. 1181), Tennessee’s Data Accessibility, Transparency, and Accountability Act (T.C.A. §§ 49-1-701 to 49-1-708), Texas’ Data Privacy and Security Act (H.B. 4), Texas’ H.B. 2087 (Tex. Educ. Code §§ 32.151 to -32.1576), Utah’s S.B. 163 Student Information Amendments and S.B. 164 Student Data Privacy Amendments (Utah Code §§ 53E-9-301 to 53E-9-310), Vermont’s Student Privacy law (9 V.S.A §§ 2443 to 2443f), Virginia’s Consumer Data Protection Act (VA Code §§ 59.1-57 to –59.1-585), Virginia’s Pupil Records law (Va. Code Ann. § 22.1-289.01) and Washington State's Student User Privacy in Education Rights Act (SUPER) (Wash. Rev. CodeRCW § 28A.604.010 to 28A.604.050; S.B. 5149), and West Virginia’s Student Data Accessibility, Transparency and Accountability Act (W. Va. Code § 18-2-5h).  If you are a California resident, California law may provide you with additional rights regarding our use of your personal information in addition to the named statutes above. Given the jurisdiction thresholds currently existing under the California Consumer Privacy Act (CCPA), EdGraph does not believe it is subject to the CCPA. However, should factors change in the future that bring EdWire under the jurisdiction of the CCPA, you will be provided all rights under the CCPA. As state laws change, we will update our Privacy Policy accordingly.  Once again, we recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we're keeping your information safe.

Special California Considerations
We adopt this notice to comply with the CCPA, which will apply if EdWire becomes subject to the CCPA. Any terms defined in the CCPA have the same meaning when used in this Policy.

As previously noted, EdGraph collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include publicly available information from government records, de-identified or aggregated information, or information excluded from CCPA’s scope.

In particular, EdGraph has collected the following categories of personal information from users within the last twelve months:

CategoryExamplesCollected
A. Identifiers.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)A name, signature, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.YES
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).NO
D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
F. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.YES
G. Geolocation data.Physical location or movements.YES
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
I. Professional or employment-related information.Current or past job history or performance evaluations.NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.YES
K. Inferences drawn from other personal information.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YES

Such categories of personal information listed above may have been obtained directly from you, indirectly from you, or from third parties. However, as noted above, EdGraph does not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student. EdGraph does not sell student personal information. EdGraph does not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.

YOUR RIGHTS AND CHOICES

Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity we will disclose to you:

  • The categories of personal information we collected about you;
  • The categories of sources for the personal information we collected about you;
  • Our business or commercial purpose for collecting or selling that personal information;
  • The categories of third parties with whom we share that personal information
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
  • sales, identifying the personal information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • The specific pieces of personal information we collected about you (also called a data portability request).

Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the "right to delete"). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
You may exercise your Rights to Know or Delete as previously discussed in this Privacy Policy.

Personal Information Sales Opt-Out and Opt-In Rights
Because we do not sell your personal information at any time, there are no applicable opt-in or opt-out options under the CCPA. If you are concerned, please reach out to EdGraph and we will be happy to talk to you.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
 
Contact Information
If you have any questions or comments about this notice, the ways in which EdGraph collects and uses your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Phone: 888.222.6910
Website: https://www.edgraph.com/privacy-policy
Email: support@edgraph.com

Address:
EdWire, Inc. d/b/a EdGraph
Attn: Privacy Officer
17806 IH 10 W, Suite 300
San Antonio, Texas 78257-8222

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact support@edgraph.com or 888.222.6910.