Services Privacy Policy

Student Privacy Pledge 2020 Signatory

Date of last revision of this policy: September 2nd, 2021

Edsby is a cloud-based suite of software services that modernizes how educators, students and parents engage with each other electronically. Edsby Services are owned and operated by CoreFour Inc.

We believe the foundation of any relationship is based on trust and transparency. Our clients entrust us with the Personal Information of students, parents and educators. We take that responsibility seriously. The privacy and security of the people we serve is of utmost importance to us. This Services Privacy Policy (“Policy”) enables you to better understand how Edsby collects, uses, and discloses information through the use of our Services.

1.0 What Does This Policy Apply To?

This Policy applies to the Personal Information we may collect relating to students, parents, and educators (“you” or “your”) through our private browser-based Edsby Services and Edsby applications in the Apple iOS and Google Play stores (“Services”). Please also refer to your Education Organization’s (i.e., your school or school district) privacy policy, which governs the use of your Personal Information.

For privacy practices relating to our public website (www.edsby.com), as well as those relating to marketing, sales, and support services, please refer to our Edsby Public Website Privacy Policy.

Other Links:

Our Services may contain links to other websites and services that we do not own or operate. By clicking on those links, you will leave our Services. Those third-party websites and services are governed by separate and independent privacy policies, which we recommend you read carefully.

2.0 Definitions

For the purposes of this Policy, the following definitions apply:

“Personal Information” is any information provided to us or generated within Edsby that personally identifies an individual, such as name or email address, or other information which could be reasonably linked to such identifying information.

“Education Organization” refers to various types of organizations that select Edsby as one of their technology solution providers for managing student information. These organizations may include private schools, public school districts, provinces/states, and national ministries of education. Edsby is selected by these Education Organizations, often through a formal competitive procurement process and rigorous evaluation of many factors including privacy and security of student user data. Education Organizations pay to use Edsby. Each Education Organization decides what information should be provided to Edsby, and retains ownership of all the information provided to Edsby as well as control over all the information created in Edsby by users within their organization.

“Parents” refers to the parents, guardians, and others such as aunts, uncles, step-parents, or grandparents that are identified by the Education Organization as someone with the right to have access to information in Edsby regarding a specific child.

3.0 What Personal Information Do We Store?

Each Education Organization determines what information they collect and how it is used. We process a portion of that information in accordance with the specific contractual agreement with that Education Organization. The Education Organization maintains the master repository of this information and controls how your Personal Information is used.

Personal Information Education Organizations provide to us: Education Organizations integrate information about you into our Services. The information that is integrated depends on the Services set out in their specific contract with us. This information may include but is not limited to:

  • Personal Information about students, including but not limited to name, date of birth, gender, grade level, school, student number, Ministry ID, address information, email address, photos for student profiles, certain health information kept in student records, course information, individual education program (IEP), indigenous status, and community service hours.
  • Personal Information about educators and staff, including but not limited to name, salutation, email address, school, staff number, title, and role.
  • Personal Information about parents, including but not limited to name, address, email, relationship to students, and flags about their access rights to information.

Please refer to your Education Organization’s privacy policy to inform yourself how the Education Organization collects your Personal Information.

4.0 What Personal Information Do We Collect?

Personal Information collected by us on behalf of Education Organizations: Edsby may collect Personal Information directly through your interaction on our Services depending on the Services set out in our specific contract with your Education Organization. That Personal Information may include but is not limited to:

  • Information about student progress, such as a student’s attendance status for each school date, a student’s score on an assessment along with comments by the educator, pictures of a student’s work along with observations by the educator, and report card information for each subject a student is taking.
  • User-generated digital content, such as text, images, audio, video, files and web links. This digital content can be placed in messages, profiles, private notes, calendar events, grade books, and postings in the Service. It also includes uploaded files that may have metadata associated with them, which is preserved by the Service and will be available to anyone that can view or download the file.
  • Usage information, such as information about how many students and/or parents at the Education Organization use the Services and how the Services are being used. This information is also collected for security purposes, such as to identify suspicious activity. The information collected may include information such as unique device identifiers, IP addresses, and browser types.

5.0 How Do We Use Your Personal Information?

We process your Personal Information on behalf of and under the instructions of your Education Organization. We use the information in accordance with our agreement with the Education Organization to operate, maintain, and provide various features and functionality of our Services as set out in our specific contract with your Education Organization. The Education Organization determines how the Personal Information is used. Please visit your Education Organization’s privacy policy to see how it uses your Personal Information. We may also use non-identifying and aggregated usage information to improve, develop and optimize our Services and to monitor the security of our Services.

We do not subject users to any advertising and we do not sell any Personal Information. Please see Section 6.0, which describes who we may share your Personal Information with.

6.0 Who Do We Share Your Personal Information With?

We do not sell your Personal Information or the content you provide. There are certain circumstances in which we may disclose, transfer or share your Personal Information with third parties, such as under the following circumstances:

  • Your Education Organization: The information we collect and store about you is accessible to authorized employees of your Education Organization. For example, a school principal may use Edsby to quickly find a Parent’s telephone number to call in the case of an emergency. Your Education Organization controls who has access to information. We also make usage information available to your Education Organization.
  • Third parties at the request of the Education Organization: Education Organizations may request that we share your Personal Information with additional parties that also provide processing services to the Education Organization. We only do this when specifically requested and approved in writing by an authorized senior member of the Education Organization.
  • Microsoft and Google: Our Services can be integrated with Microsoft 365 and Google Workspace for Education if directed to do so by the Education Organization to enhance productivity. For example, when a student writes an essay in Microsoft 365 or Google Docs and submits it to their educator via the Edsby platform, Edsby can make a copy of the selected file and make it available to the educator via the Edsby Services. Also, when Edsby integrates with these systems it provides a way for the End-User to log into Edsby by using Microsoft or Google authentication credentials.
  • Cloud service providers: A carefully selected small number of companies provide essential elements of our cloud-based Service. We limit the information we share with these service providers through contractual, administrative and technical means. For example, we store Personal Information with Microsoft, the provider of our Azure hosting service, and protect it with encryption. Service providers may not use the information disclosed to them for any other purpose other than to provide us with a service.
  • Legal authorities, as required by law: The information we process and store may be disclosed by us to legal authorities if we are required to do so by law. We may also disclose, at our discretion, some information we collect and store where we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing interference with the rights, property or rules of the Education Organization using our Services, or someone who may cause or be at risk of imminent bodily harm, or someone who may be violating the Terms of Use of our Services. In such cases, the Education Organization that is managing this instance of our Service will be informed.
  • Business transaction: We may transfer our assets and rights to our Services, including information in our Services, in the event of a merger or sale (including any transfers made as part of an insolvency or bankruptcy proceeding) involving all or part of our business or as part of a corporate reorganization, stock sale or other change in control. In such a case, your Education Organization will be provided with notice and will have the option of opting out of our Services. We will limit the disclosure of Personal Information to only what is necessary and limit the use of the information to the purpose for which the personal information was collected before the transaction and in accordance with applicable laws.

We limit who we share your Personal Information with. We also limit what information we share and how third parties may use, access, process or store such information in the course of performing their duties for us. When we disclose Personal Information, we minimize the disclosure to only what is necessary, in accordance with instructions from our Education Organization customers, and in compliance with appropriate privacy, confidentiality, and security measures.

Should there be a conflict between our Privacy Policy and Terms of Use and our contract with an Education Organization, the terms and obligations set out in our specific contract with your Education Organization will prevail.

We do not have control over the Personal Information that Education Organizations may disclose to third parties. For example, an Education Organization may export certain Personal Information collected in Edsby and make it accessible to others at their discretion.

7.0 How Do We Protect Your Information?

We are committed to protecting the information we store about you. Edsby employs a variety of physical, administrative, and technical safeguards designed to protect Personal Information against loss, misuse and unauthorized access or disclosure. We have taken measures to protect the Personal Information on our Services, which include data encryption, firewalls and access controls for staff and vendors, as well as physical access controls to our facilities. Some other security measures we implement include:

  • Limiting account creation to only those individuals the Education Organization selects. Persons outside the Education Organization cannot create an account.
  • You may only access Edsby within an Education Organization with your user ID and password. Typically these credentials are provided and managed by the Education Organization.
  • The ability for Education Organizations to implement role-based access and usage of an account, which limits what you can do and what information you can see. For example, educators have limited access to students they can view on the Services (e.g. only students in their school) and what they can see on the student profile. Parents can only see the profile of their own children and staff at the school(s) that their children attend.
  • All data sent between the Edsby server and Edsby client (web browser, smartphone app, tablet app) is encrypted.
  • Restricting access to Personal Information to those Edsby staff members who need to know that information for the purpose set out in this Policy and ensuring those staff members are trained in the company’s information protection policies.
  • Adhering to a formal standard for Information Security. CoreFour Inc. is ISO 27001 certified.

8.0 How Long Do We Keep Your Personal Information?

Edsby retains Personal Information on behalf of Education Organizations pursuant to its specific contractual terms with each Education Organization. Our general practice is to not retain Personal Information for any longer than is necessary for educational purposes and legal obligations. Your Education Organization determines how long they retain Personal Information collected via our Services.

9.0 What Are Your Rights?

As a user of our Services, you have rights to access, correct and/or delete your Personal Information in accordance with applicable laws. Some Education Organizations enable you to access and make changes to your Personal Information directly through Edsby’s Services. Where your Education Organization does not enable access and changes to Personal Information, please make your request directly with your Education Organization. We will assist the Education Organization in fulfilling your request in accordance with our obligations.

Our Services can send updates and notifications via email and mobile “push” notifications. You can manage your notifications (including turning them off) via the “Account Settings” facility.

10.0 Children’s Privacy

We comply with our obligations outlined in the Family Educational Rights and Privacy Act (“FERPA”) and the Children’s Online Privacy Protection Rule (“COPPA”), U.S. federal laws designed to protect the privacy rights of children.

We are a service provider to Education Organizations, which disclose Personal Information to us about students and parents either via existing student records or those developed directly on our Services. The information we collect is limited to what we need to fulfill our obligations as outlined in our contracts with Education Organizations. The disclosures are authorized by FERPA. We do not use your Personal Information for any purpose other than to provide our Services to Education Organizations and improve our Services to you.

In accordance with COPPA, we do not knowingly collect information from children under the age of 13 unless and until an Education Organization has provided us with authority for a student under the age of 13 to use our Services. Further, we do not knowingly collect or solicit Personal Information from anyone under the age of 13 in a manner not permitted by COPPA.

If you are a parent or guardian who believes that we have inadvertently collected or stored Personal Information about your child without proper consent, please contact your Education Organization and we will work with them to investigate and delete any such information to the extent required by applicable law.

11.0 Where is your information stored?

We generally store and process your Personal Information in the country in which your Education Organization is located. From time to time, your Personal Information may be accessed by Edsby-authorized services or staff in another country where Edsby or authorized third parties operate. We implement measures to protect your information and to ensure compliance with applicable laws.

Please also refer to your Education Organization’s privacy policy to identify where they process and/or store Personal Information and how they protect it.

12.0 Cookies and Similar Technologies

Our Services use cookies and similar technologies. “Cookies” are small text files installed on your computer hard drive or web browser when you visit or use our website. Most browsers accept cookies by default. 

What information do we collect using cookies?

We use first-party cookies, such a session cookie, to help us authenticate you. The session cookie is deleted when the browser session is ended. We may also use third-party cookies to help staff file a customer support ticket with us. Other third-party cookies include firewall cookies for security purposes. Most of the cookies on our Services collect information that is not identifiable to you. To learn more about cookies, visit www.allaboutcookies.org.

How can you manage cookies?

Although most browsers accept cookies, you can set your browser to reject cookies. You will need to follow the instructions contained in your browser’s help file (usually located within the “Help,” “Tools,” or “Edit” settings). If you have more than one browser, the opt-out or settings you set will only apply to that specific browser and not the others. If you choose to disable cookies, some Edsby Services might not function properly.

13.0 Changes To This Privacy Policy

Edsby reserves the right to modify or update this Privacy Policy from time to time to reflect the changes in our business and practices. When we change the Policy we will reflect the ‘last modified’ date at the top of this Privacy Policy.

14.0 How To Contact Us?

You may contact us at [email protected] with any questions or concerns you have related to your Personal Information. We may also be reached as follows:

68B Leek Crescent, Suite 200
Richmond Hill, Ontario
L4B 1H1
Canada

+1 (877) 337-0070

Previous Versions