Product Security Policy
Learnosity follows a simple policy to ensure our staff and customers have a clear understanding of our data handling and privacy requirements. The following relates to our Product offering and the users of those products, authors, teachers, students etc.
We do not share data across our customers for any reason.
Learnosity adheres to the following principles:
- We are entrusted with the data of our customers and their users. We do not own this data but will look after it as if it were our own.
- We use best practice security including industry standard TLS encryption in transit and AES 256 encryption at rest.
- Data is not shared – the data is only available to the customer who saved it, and we will not share this data with any other parties except if legally obliged to by a statutory body.
- We may from time to time reprocess this data to allow more efficient storage or analysis.
- We may process this data to provide insights for the benefit of our customers and their users. This will not mix or share data across customers.
- We store data in an orphaned manner, meaning you control the mapping and context for the data.
Reporting Security Vulnerabilities
Security is a top priority at Learnosity, and if you believe that you have found a security vulnerability on any of our sites or APIs, we encourage you to let us know straight away at firstname.lastname@example.org.
We will investigate all legitimate reports and do our best to quickly fix the problem. As long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability, we will not pursue legal action.
Student Privacy Pledge Signatory
Learnosity is a member of the Student Privacy Pledge created by the Future of Privacy Forum (FPF) and the Software and Information Industry Association (SIIA).
By signing the Pledge, Learnosity joins major ed tech companies including: Amplify, Atomic Learning, Clever, Code.org, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, Renaissance Learning, Think Through Math and Triumph Learning and publicly confirms that the company will:
- Not sell student information
- Not behaviorally target advertising
- Use data for authorized education purposes only
- Not change privacy policies without notice and choice
- Enforce strict limits on data retention
- Support parental access to, and correction of errors in, their children’s information
- Provide comprehensive security standards
- Be transparent about collection and use of data
The Pledge and more information about how to support it is available here.