Privacy Statement

CheckIT Learning has developed a comprehensive framework to protect user information while providing exceptional educational tools. This document outlines our multi-layered approach to data security and regulatory compliance, ensuring that educational institutions can confidently implement our solutions.

Full Privacy Policy

User Data Collection and Usage

What Personal Information We Collect

We collect the following types of Non-Public Information (NPI) and Personally Identifiable Information (PII):

  • Username, ID, and contact information
  • Academic records and performance data
  • Attendance information
  • Parent/guardian contact details
  • Accessibility requirements and accommodations

How User Data is Stored
  • All PII is encrypted using AES-256 encryption at rest
  • Data in transit is protected with TLS 1.2 encryption
  • Information is stored in Microsoft Azure cloud infrastructure with education-specific compliance certifications
  • Access is controlled through multi-factor authentication and role-based permissions

Data Retention Periods
  • Schools maintain complete control over retention periods
  • Default retention period is set per school requirements
  • Automated data minimization processes after retention period expires
  • Complete deletion capabilities available to institutions at any time

How User Data is Used
  • Exclusively for providing educational services as specified in our agreements
  • To facilitate personalized learning experiences
  • For administrative functions requested by the institution
  • For platform improvement (using anonymized data only)
  • Never for advertising, marketing, or behavioral profiling

Third-Party Data Sharing
  • User data is never sold to third parties under any circumstances
  • Limited sharing with authorized service providers who:  
  • Have signed strict data protection agreements
  • Process data only for educational purposes
  • Meet or exceed our security standards
  • Are regularly audited for compliance

User Control Over Data
  • Access and Review: Teachers, parents, students (where applicable) and school administrators have the right to access and review personal data stored on the platform.
  • Correction and Updates: Teachers, students and parents can request corrections or updates to the data through the appropriate school or district channels, i.e. school administrators.
  • Data Deletion: Schools manage deletion requests, ensuring data is removed in compliance with FERPA, GDPR, and other relevant regulations.
  • Consent Management: Schools oversee consent collection and can modify or revoke permissions as needed.

Regulatory Framework Implementation

FERPA Implementation
  • User records accessible only to authorized educational personnel
  • Comprehensive access controls with institutional oversight
  • School-controlled data management and disclosure processes
  • Mechanisms for handling parental rights requests

COPPA Implementation
  • Institutional consent management for under-13 users
  • Educational-purpose data collection restrictions
  • Transparent policies for school administrators and parents
  • Third-party integration controls

GDPR Implementation
  • Complete data encryption throughout the system
  • Streamlined processes for exercising privacy rights
  • Educational-only data usage policies
  • Dedicated privacy officer oversight

CIPA Implementation
  • Advanced content filtering technology
  • Proactive content moderation systems
  • Administrative controls for external resources

Technical Security Architecture

Our platform employs enterprise-grade security measures:

System Security
  • TLS 1.2 encryption for all data in transit
  • AES-256 encryption for stored information
  • Cloud infrastructure with education-specific compliance certifications
  • Granular permission systems for information access

AI and Analytics
  • User data never used for behavioral profiling
  • Transparent AI operations with limited data requirements
  • No advertising or marketing applications
  • Algorithmic transparency and documentation

Data Management
  • Institutional control over retention periods
  • Automated data minimization processes
  • Comprehensive deletion capabilities
  • Data portability options for institutional transfers

Vendor Management

CheckIT Learning maintains strict oversight of all third-party services:

  • Comprehensive vendor assessment process
  • Legal requirements for data protection
  • Regular compliance verification
  • Limited data sharing with explicit purpose restrictions

Transparency Commitment

We maintain open communication about our data practices through:

  • Accessible documentation for all stakeholders
  • Available compliance certifications
  • Dedicated privacy specialists for schools
  • Regular updates on security enhancements

Monitoring and Incident Response

Proactive Protection
  • Continuous security monitoring
  • Regular vulnerability assessments
  • Independent security audits
  • Compliance reviews

Incident Response Plan

Should a security event occur; our structured response includes:

  1. Immediate Containment: We isolate affected systems and implement measures to prevent further unauthorized access
  1. Thorough Investigation: We conduct a comprehensive analysis to determine the nature and scope of the incident
  1. Notification Process: We promptly inform affected institutions, individuals, and authorities as required by applicable laws
  1. Remediation and Prevention: We implement corrective actions and enhance security measures to prevent similar incidents.

Endnote

CheckIT Learning combines educational innovation with unwavering commitment to user privacy. Our comprehensive approach to data protection and regulatory compliance ensures that schools can implement our platform with confidence.

We welcome detailed discussions with educational institutions about our security practices and compliance documentation.