ClassLink Privacy Statement

updated May 25, 2017

ClassLink is committed to ensuring that your information is secure and your privacy is protected. The information below outlines our privacy and security policies. Additional information is contained in our software license and service level agreements. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we store. Learn more about our security protocols.

Our guiding principles on personal data

  • Data Ownership: ClassLink acknowledges that all personally identifiable information about students, teachers, administrators, and parents is the property of the educational agencies ClassLink serves.
  • Purpose: ClassLink is a trusted steward of personal data. Data received from educational agencies is to be used solely for purposes of providing educational services. Such data will not be sold or used for marketing purposes.
  • Type of Data Maintained in ClassLink: ClassLink maintains personal data needed for the satisfactory operation of the ClassLink system. This data includes what is generally regarded as Directory Information such as name, school building affiliation, grade level, and email address. ClassLink may also maintain profile pictures, cell phone numbers for students age 13+ (to send password reset verification codes), student ID numbers, login credentials for various online resources, and personal computer files (temporarily cached for file transfers between cloud drives and stored until deleted by user for the ClassLink cloud drive). ClassLink does not generally maintain information such as mailing address, gender, date of birth, and other personal demographic data.
  • Protection: ClassLink keeps all personal data confidential and secure. ClassLink team members are bound by contractual non-disclosure agreements. ClassLink’s data security protections include: internal data management policies and procedures, limitations on access to personal data, data encryption (for both data in transit and at rest), data systems monitoring, incident response plans, and safeguards to ensure personal data is not accessed by unauthorized persons when transmitted over communication networks.
  • Disposal of Data: ClassLink permanently deletes personal data after the termination of a contract, when no longer needed, or when advised to do so by the  educational agency.
  • Correction: ClassLink enables users, or their authorized parents, to review personal information maintained in ClassLink and correct erroneous information.
  • Discovery of a security breach that results in unauthorized release of personal data: ClassLink shall promptly notify affected educational agencies of such breach, shall conduct an investigation, and shall restore the integrity of its data systems as soon as possible. ClassLink will fully cooperate and assist with required notices to those individuals affected by such breach.
  • Financial Protection: ClassLink shall maintain business insurance policies to protect the educational agencies it serves.

International – Student Privacy Pledge, introduced by Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA)

ClassLink is a signatory to the Student Privacy Pledge and abides by the commitments therein as follows:

  1. Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
  2. Not sell student personal information.
  3. Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
  4. Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
  5. Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
  6. Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
  7. Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
  8. Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
  9. Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
  10. Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
  11. Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
  12. Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.

United States – Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA sets forth protocols for ensuring privacy and security of personally identifiable information of students. ClassLink adheres to the data protection protocols set forth in FERPA.

United States – Children’s Online Privacy Protection Act (COPPA)

ClassLink is compliant with the regulations put forth by the Children’s Online Privacy Protection Act (COPPA). ClassLink maintains and protects only that information which enables users to operate ClassLink services.

United States – Children’s Internet Protection Act (CIPA)

The Children’s Internet Protection Act (CIPA) requires schools and libraries receiving certain e-Rate benefits from the Federal Communications Commission (FCC) to adhere to policies that provide safe internet experiences for minors. These include policies related to:

  • Preventing access by minors to inappropriate matter on the Internet;
  • The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;
  • Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;
  • Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
  • Measures restricting minors’ access to materials harmful to them.

Although ClassLink does not itself prevent access to inappropriate websites, that burden belongs to the school or library, ClassLink can help create an intentional internet experience for young students by enabling instant access to positive online resources from any device.

European Union –  General Data Protection Regulation (GDPR)

ClassLink is compliant with the regulations put forth by the EU General Data Protection Regulation.

  • Data Sovereignty: Personal data for educational agencies based in the EU or UK stored on ClassLink database infrastructure that are based in the EU or UK.

California – Chapter 22.2. Student Online Personal Information Protection Act (SOPIPA)

ClassLink is compliant with the regulations put forth by Chapter 22.2. Student Online Personal Information Protection Act (SOPIPA).

In addition to the above guiding principles on personal data:

  • Location: ClassLink contracts with educational agencies in California are governed by and construed in accordance with the laws of the State of California. Additionally, educational agencies in the United States are serviced by ClassLink servers and database infrastructure that are based in the United States.

Connecticut – §§ 10-234aa through 10-234dd, Student Data Privacy

ClassLink is compliant with the regulations put forth by §§ 10-234aa through 10-234dd, An Act Concerning Student Data Privacy.

In addition to the above guiding principles on personal data:

  • Location: ClassLink contracts with educational agencies in Connecticut are governed by and construed in accordance with the laws of the State of Connecticut. Additionally, educational agencies in the United States are serviced by ClassLink servers and database infrastructure that are based in the United States.

Florida – Fla. Stat. § 1002.22, Education records and reports of K-12 students; rights of parents and students; notification; penalty (§1002.22); and Fla. Stat. § 1002.222, Limitations on collection of information and disclosure of confidential and exempt student records (§1002.222)

ClassLink is compliant with the regulations put forth by Fla. Stat. § 1002.22, Education records and reports of K-12 students; rights of parents and students; notification; penalty (§1002.22); and Fla. Stat. § 1002.222, Limitations on collection of information and disclosure of confidential and exempt student records (§1002.222).

In addition to the above guiding principles on personal data:

  • Biometric data of students, parents, and siblings: ClassLink does not collect biometric information as defined statute for students, parents, and siblings in Florida.
  • Location: ClassLink contracts with educational agencies in Florida are governed by and construed in accordance with the laws of the State of Florida. Additionally, educational agencies in the United States are serviced by ClassLink servers and database infrastructure that are based in the United States.

New York State – Education Law §2-d (Section 2-d) and the Personal Privacy Protection Law, Article 6- A of the Public Officers Law (PPPL)

ClassLink is compliant with the regulations put forth by the Education Law §2-d and the Personal Privacy Protection Law (PPPL), Article 6-A of the Public Officers Law.

In addition to the above guiding principles on personal data:

  • Location: ClassLink contracts with educational agencies in New York are governed by and construed in accordance with the laws of the State of New York. Additionally, educational agencies in the United States are serviced by ClassLink servers and database infrastructure that are based in the United States.
  • Parents’ Bill of Rights: ClassLink includes the Parents’ Bill of Rights is included with every ClassLink contract in New York State.

Links to other websites

Our ClassLink system and company website contain links to other websites. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.