Product Security Policy

Learnosity follows a simple policy to ensure our staff and customers have a clear understanding of our data handling and privacy requirements. The following relates to our Product offering and the users of those products, authors, teachers, students etc.

We do not share data across our customers for any reason.



Learnosity adheres to the following principles:

1. We are entrusted with the data of our customers and their users. We do not own this data but will look after it as if it were our own

2. We use best practice security including industry standard TLS encryption in transit and AES 256 encryption at rest.

3. Data is not shared - the data is only available to the customer who saved it, and we will not share this data with any other parties except if legally obliged to by a statutory body.

4. We may from time to time reprocess this data to allow more efficient storage or analysis.

5. We may process this data to provide insights for the benefit of our customers and their users. This will not mix or share data across customers.

6. We store data in an orphaned manner, meaning you control the mapping and context for the data.

FAQs

What is data?

Data is any responses, recordings, content created or uploaded by our Customers or our customers users (students, teachers, administrators etc).

Do you store PII
(Personal Identifiable Information)?

All user identifiers stored with Learnosity are set by you and should be one way functions [https://en.wikipedia.org/wiki/One-way_function]. This ensures that the data is orphaned and anonymous in Learnosity's Data Stores without the full user context and function/hashing pattern. This approach ensures our clients are the only ones in control of the mapping between their user identities and any data stored with us.

Will you share my data with advertising agencies?

No - Data stored in Learnosity will not be shared by Learnosity with other providers.

Will data from one Education Provider be shared with any other organisation?

No - Data is controlled by the education provider and Learnosity will not share this data.

Reporting Security Vulnerabilities

Security is a top priority at Learnosity, and if you believe that you have found a security vulnerability on any of our sites or APIs, we encourage you to let us know straight away at security@learnosity.com.

We will investigate all legitimate reports and do our best to quickly fix the problem. As long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability, we will not pursue legal action.

Student Privacy Pledge Signatory

Learnosity is a member of the Student Privacy Pledge created by the Future of Privacy Forum (FPF) and the Software and Information Industry Association (SIIA).

By signing the Pledge, Learnosity joins major ed tech companies including: Amplify, Atomic Learning, Clever, Code.org, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, Renaissance Learning, Think Through Math and Triumph Learning and publicly confirms that the company will:

  • Not sell student information
  • Not behaviorally target advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data

The Pledge and more information about how to support it is available here.