First Edsby Privacy Policy changes in four years

Edsby has updated its Privacy Policy. The new version became effective September 2nd, 2021. 

We wanted to share details of what changes we made and why. Differences from our previous version include:

Now two policies: We’ve separated our privacy policy into two: a Services Privacy Policy regarding our paid Edsby service and one regarding our Public Website Privacy Policy. We wanted to underscore these are two very different entities with very different priorities and objectives regarding their handling of personal information.

For instance, our previous privacy policy suggested certain trusted third parties were able to track usage and analyze data. In fact, this practice referred only to the public Edsby marketing website, not inside our paid Edsby service. These two new policies aim to disambiguate issues like this.

Clarity around data in transfer of ownership: Our privacy policy previously stated that the data we hold on behalf of our customers transfers to an acquirer in the event of a merger or sale or other corporate transaction. That’s a standard practice in any industry and is still the case. But our customers (school districts, ministries of education, private schools, etc.) own their data and are free to remove it from the Edsby service at any time. If they’re not comfortable with the integrity of an acquirer, they are not obligated to continue using Edsby. The new policy states this outright and clarifies it’s our education organization customers that would be notified in such a case and make this decision.

Cloud service provider systems: Our Services Privacy Policy acknowledges that, like any other software provider that provide services on the cloud, a small number of infrastructure companies that provide essential elements of Edsby’s Services have limited access to personal information. But we put safeguards in place. For instance, while we store customer data on Microsoft’s Azure military-grade hosting service, it is protected with encryption.

No disclaimers: We no longer include language disclaiming responsibility for breaches in our security caused by third parties violating our Terms of Use, or that we cannot guarantee that a user will not share private, confidential or inappropriate information in Edsby with other Edsby users. These sorts of malicious actions could happen in any system, are not unique to Edsby and therefore not material to distinguish.

Recommendation to learn your school district’s privacy policy: Our new services policy specifically invites users to familiarize themselves with their education organization’s policies regarding the collection and handling of personal data. Edsby is configured by our customer organizations to handle student data consistent with their policies, which are governed by local laws.

ISO 27001-certified information security standards: In the last three years, our company has taken steps to establish and follow formal standards for information security. We now have a robust, over-arching security framework that has been ISO 27001 certified, and our policies now reflect that.

You can always find Edsby’s latest Services Privacy Policy in its entirety here, and our new Public Website Privacy Policy here. Our About Edsby & User Data document details the many measures we take to safeguard user data.

Your continued use of Edsby is your acceptance of the revised policy.

If you have any questions about these changes, you can reach us at privacy@edsby.com.