Kidaptive Personal Data Policy

INTRODUCTION AND DEFINITION OF KEY TERMS
To do our job, we need to collect, store, analyze, and report on data about learners. Learners we support (and their families) deserve to know about our practices with respect to safeguarding those data, so we've tried to write a Personal Data Policy that is clear and concise.
Let’s start by defining some key terms:
  • “We”/”our” refer to Kidaptive, Inc.
  • “Partner(s)” refers to companies on whose behalf Kidaptive processes personal data.
  • “End user(s)” refers to people (learners, teachers, parents, etc.) who use our partners’ learning products.
  • “Personal data” is used as defined by the European Union’s General Data Protection Regulation (GDPR): https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
    (This definition is at least as broad as that used in the United States’ Children’s Online Privacy Protection Act (COPPA), California’s Student Online Personal Information Protection Act (SOPIPA), and other relevant laws, regulations, etc.)
WE COMPLY WITH THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (GDPR)
The simplest statement of our policy is that we are 100% GDPR-compliant. The following sections illustrate that compliance by describing how Kidaptive works with personal data. We will also delete personal data upon request as specified by the GDPR.
WE COLLECT PERSONAL DATA ONLY FROM PARTNERS, NOT END USERS
As of June 2019, Kidaptive works only with providers of learning products rather than directly with end users, so all personal data that Kidaptive processes have been obtained through end users’ interactions with our partners. We rely on our partners to have followed all applicable laws when obtaining personal data.
ALL PERSONAL DATA WE COLLECT FROM PARTNERS ARE PSEUDONYMIZED
All personal data that Kidaptive processes for our partners are pseudonymized before we receive them. This means that Kidaptive never has the ability to identify anyone whose personal data we process except by a partner-provided numeric ID.
WE PROCESS PERSONAL DATA ONLY TO IMPROVE LEARNING EXPERIENCES
Kidaptive will never sell, rent, give away, or otherwise distribute personal data except (a) when doing so is required by law or (b) in de-identified form as part of collaborations with researchers to advance the science of learning. (We are, after all, a company full of learning scientists.)
WE PROCESS AND STORE PERSONAL DATA SECURELY
Our technology runs on Amazon Web Services (AWS), which is certified on the following standards from the International Organization for Standardization (ISO): Our technology also uses state-of-the-art technical, administrative, and physical security protocols. For example, data are encrypted both while stored in our Adaptive Learning Platform (ALP) and while traveling back and forth to partners; data access is granularized so that people, tools, and services can only access data that are relevant for their current task; and our infrastructure is constantly monitored through AWS Cloud Watch.
WE WILL ANNOUNCE ANY MATERIAL CHANGES TO THIS POLICY
If we ever make a substantial (i.e., “material”) change to this Personal Data Policy, we will announce it on our website and via social media. And if someday some other company acquires us, we will require that all data collected under this Personal Data Policy remain protected by it.
CONCLUSION AND INVITATION
If you have any questions, comments, or concerns about anything in this Personal Data Policy, please send an email to our Data Protection Officer at dataprotectionofficer@kidaptive.com.