For Kite to serve its purposes, we must collect personal data from you when you use the Kite Suite. Personal data is data that includes information such as your name, email, or other data that could reasonably be identifiable to you. We may receive information about you, which may include educator or student records as applicable, from other third-party data sources to the extent permitted by law. In all cases, we will store, collect, use and share your personal data and student records in compliance with applicable state and federal law, including without limitation Family Educational Rights and Privacy Act (“FERPA”) at 20 U.S.C. § 1232g (34 CFR Part 99), Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. § 6501-6506; Protection of Pupil Rights Amendment (“PPRA”) 20 U.S.C. § 1232h. To the extent permitted by law, we may share your data, including personal data, with third parties solely for the performance of our service obligations. Such third parties are also required to meet all legal protections of personal data.
When you use the Kite Suite we may log and store your IP address and technical information about your visit (“cookies”). We will collect, store and use the data you upload or post, analytical information about your device, such as IP address, OS version, and clickstream, or similar. This data, including personal data, will be used for educational and research purposes only, except where otherwise required by law; provided, however, we may use and share your non-personal, de-identified or aggregated data in a manner consistent our educational and research purposes, to include without limitation, reports, publications, and activities to improve the website’s information, resources and services or conduct of research as approved by our institutional review board.
Access to Student Records
If any student records are shared with us, we will treat such information as confidential and protected under the Family Educational Rights and Privacy Act (“FERPA”) 20 U.S.C. § 1232g and any other pertinent state and federal laws. If you are using the Kite Suite on behalf of an educational institution in a school district setting, we agree to serve as a “school official” for purposes of outsourcing to us certain institutional services and functions when we access your educational records to carry out your responsibilities in the program. In such instances, you acknowledge that we have a legitimate educational interest in access to educational records and that such access shall be subject to and limited by 34 CFR 99.31(a)(1)(B).
Storage and Data Security
We maintain your data on secure servers and follow industry standard procedure for log files for accessing accounts. The information collected by log files may include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and clickstream; this information is not linked to personally-identifiable data. Access to Kite data will be password protected and restricted to only those individuals that require access, which is controlled by role based access controls. You are responsible for maintaining the security of your credentials. Do not share your password with anyone. Our website automatically generates a CSRF “token” for each active user session managed by the Kite Suite. This token is used to verify that the authenticated user is the user actually making the requests to the Kite Suite.
If you have any questions about this Privacy Statement or requests regarding your personal data, please contact us through email at firstname.lastname@example.org
The effective date of this Privacy Statement is April 29, 2020.