Date of last revision of this policy: January 5th, 2018
Edsby is a cloud-based software service that modernizes how teachers, students and parents engage with each other. The types of education organizations which use Edsby include public school districts and private schools. Edsby is selected by these organizations, often through a formal competitive procurement process and rigorous evaluation of many factors including privacy and security of student data, and is managed by the education organization as one part of the suite of technology solutions that every education organization requires.
Education organizations pay to use Edsby, and own and manage the information stored and collected by Edsby on their behalf. Edsby’s sole business focus is to serve the needs of these education organizations. Edsby does not subject end users to any advertising, nor does it sell any of the information it is entrusted with to any third parties.
Edsby includes a public website at www.edsby.com (the “Site”) and a set of private web domains that each provides a suite of software services (the “Services”) to the teachers, students, parents and administrators of a specific education organization. The Site and the Services are owned and operated by CoreFour Inc. (the “Company”).
For the purposes of this document the term “Parents” will be used to refer to the parents, guardians, and others such as aunts, uncles, step-parents, grandparents that are identified by the education organization as someone with the right to have access to information in Edsby regarding that child.
1) Information We Collect and Store About You
We collect and store three kinds of information about you : i) your personal information, ii) content you provide, and iii) information related to your usage of the Site and Service.
i) Your Personal Information
Our Service has the ability to store personal information such as your name, user ID, password, home address, telephone numbers, and email addresses. Most or all of this information is provided by your education organization to the Edsby Service as part of the Edsby deployment process. This information may be updated from time to time by your education organization as you inform them of changes to this information. Parents, Teachers and Administrators may have the ability to enter/modify/update some of the above information directly via the Service; that is at the discretion of your education organization. Students are never allowed enter/modify/update their own personal information directly in the Service.
ii) Content You Provide
The Edsby Service enables you to provide a wide range of digital content including text, images, audio, video, files and web links. This digital content can be placed in messages, profiles, private notes, calendar events, gradebooks, and postings in shared places. Edsby stores this information on your behalf and tracks the fact that you provided that information. Note that files that you upload into the Service may have metadata associated with them. This metadata is preserved by the Service and will be available to anyone that has the ability to view or download the file you have uploaded.
Edsby has the ability to integrate with other computer systems that are used by the education organization you are part of. Examples of such computer systems include Microsoft Office 365 and Google G Suite. When Edsby integrates with these systems it provides a way for you to log in to Edsby by using your Microsoft or Google authentication credentials. In addition Edsby provides a convenient way for you to select files you have stored in the Microsoft and Google offerings and share either a link to that file or a copy of that file in Edsby. If you choose to share a copy of the file within Edsby then the Edsby software will make a copy of the file and store it on the Edsby server where it is subject to the permissions and access control settings of Edsby. A typical example where this would happen is when a student writes an essay in Office 365 or Google Docs and selects that file through Edsby and submits it to their teacher. Edsby will make a copy of the selected file and make it available to the teacher via the Edsby Service.
iii) Information Related to Your Usage of the Site
Service Access details: Each time you log in to the Edsby Service we store information about that session including the time of login, the duration of the session, information about the type of computing device being used, the IP address of the computing device, and the type of browser or application software being used to access Edsby.
Content Usage details: Edsby stores information about your usage of the Site including which areas of the Site you have visited and which items you have viewed.
2) How We Use the Information We Collect and Store About You
- The information we collect and store about you is accessible to authorized employees of your education organization. For example, a school principal may use Edsby to quickly find a Parent’s telephone number to call in the case of an emergency.
- The information we collect and store about you is accessible to authorized employees, consultants and contractors of CoreFour Inc. and whatever subsidiaries and/or parent companies CoreFour Inc. may have. This access is used for the purpose of providing technical support to the education organization and its users of the Service.
- The information we collect and store on your behalf may be provided to other third parties that provide software that extends the suite of services supported by Edsby on behalf of your education organization. This will only be done when specifically requested and approved in writing by an authorized senior member of the education organization you are using Edsby through.
- The information we collect and store on your behalf will be disclosed by us to legal authorities if we are required to do so by law.
- We may disclose at our discretion a portion of the information we collect and store in special cases where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing interference with the rights, property or rules of the education organization using Edsby, or someone who may cause or be at risk of imminent bodily harm, or someone who may be violating the terms and conditions of use of this Site or Service. In all such cases of disclosure the education organization that is managing this instance of the Edsby service will be informed.
- We may transfer the information we collect and store and all associated rights as an asset in connection with a merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business or as part of a corporate reorganisation, stock sale or other change in control. In such a case users will be provided with notice via communications on the Site.
On the public Edsby web site (Site) we may permit certain trusted third parties to track usage, analyse data such as the source address that a page request is coming from, your IP address or domain name, the date and time of the page request, the referring Web site (if any) and other parameters in the URL. This is collected in order to better understand usage of the Site, and enhance the performance of services to maintain and operate the Site and certain features on the Site. We may use third parties to host the Site; operate various features available on the Site; send emails; and analyse web site traffic data.
We use non-identifying and aggregate information to better design the Site and our Services and for business and administrative purposes. We may also use or share with third parties aggregated Services data that contains no personally identifiable information. We might do this, for example, to illustrate the usage patterns of Edsby users by role and by time of day and day of week.
3) How We Protect Your Information
We are committed to protecting the information we store about you.
Edsby runs in the cloud and embraces best practices for security and privacy. Edsby uses Microsoft as its cloud services provider as Microsoft has a strong focus on serving the information technology needs of organizations around the world in a secure and reliable manner. Microsoft’s cloud platform, called Azure, is used by thousands of other organizations, including governments, banks and large corporations. Microsoft Azure meets very stringent standards and requirements for information protection and data sovereignty issued by governments around the world.
All Edsby user accounts set up for an education organization are done so based on information provided by the education organization. There is no way for a person from outside the education organization to create an account. All users accessing Edsby within an education organization need to do so with a user ID and a password. Typically these credentials are provided and managed by the education organization. Each account within Edsby has a role assigned to it which limits the scope of what that user can do and what information they can have access to.
All data sent between the Edsby server and Edsby client (web browser, smartphone app, tablet app) is encrypted via SSL (Secure Sockets Layer). This is the standard security technology used by banks, online retailers and the like to establish an encrypted link between a web server and a browser/app. This link ensures that all data passed between the web server and browser/app remains private.
While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.
Edsby does not now nor never has provided any form of advertising to any Edsby user. In addition the company does not sell any data or information about users to any outside company for the purposes of advertising.
5) Accessing and Updating Your Personal Information and Preferences
A summary of the personal information provided to Edsby by your education organization is available via the “Personal Information” menu command that is accessed via the drop down under your name in the upper right corner of the standard Edsby interface (and by the “hamburger menu” on the Edsby smartphone interface). This information is only available to appropriately authorized staff members within the education organization.
Some education organizations will enable you to provide changes to your personal information via this same mechanism in Edsby. Many however turn this facility off in Edsby since they have established procedures for how changes to personal information are officially recorded, since such changes need to be entered into other systems within the education organization.
Your profile page is available via the “Profile” menu command that is accessed via the drop down under your name in the upper right corner of the standard Edsby interface (and by the “hamburger menu” on the Edsby smartphone interface). This page includes a placeholder for a photograph of the user. Staff members and Parents are usually free to upload their own photo if they choose; however students are not allowed to upload a photo. Typically the photos of students are uploaded by the education organization into Edsby. Access to each user’s profile page is restricted. For example, a teacher teaching at one school in a school district can only see student and parent profiles for students and parents at the school they teach at. A Parent can only see the profile of their own children and staff at the school(s) that their children attend.
The Edsby Service has the ability to provide you with updates and notifications via email, text messaging and mobile “push” notifications. You can manage this ability (including turning it off) via the “Account Settings” facility available in the same menu as “Personal Information” and “Profile”.
6) Student Privacy and Parental Access
Students are not allowed to create accounts on the Site or Service. Student accounts are created under the direction of administrators and/or teachers at the education organization. Students are also not allowed to add to, modify or delete the personal contact information and user ID that is provided for them on this site by the education organization.
The Service is designed so that only educators at the child’s school, designated administrative staff and the child’s Parents have access to the child’s personal information. Other students and other Parents do not have access to the personal information stored for the child.
No security measures are perfect. We cannot guarantee or warrant the security of any information you provide to us or that we store on your behalf.
Edsby provides very powerful ways for groups of users to communicate and collaborate. Edsby users must take care to wisely select what information they choose to share within Edsby and who they choose to share that information with. We cannot guarantee that a user will not share private, confidential or inappropriate information in Edsby with other Edsby users. We do provide facilities to ensure such items can be identified and deleted expeditiously.
9) CONTACT INFORMATION: