Apply to Take Pledge 2020 (New Process Draft)

Step 1 of 6

Apply to Sign the Student Privacy Pledge

The Student Privacy Pledge is a public commitment to the responsible collection and use of student data. You must be a school service provider that collects, processes or shares student data to apply to sign the Student Privacy Pledge. If you are a school service provider and would like to be added to the list of Signatories of the Student Privacy Pledge, you may submit the information below.

Before doing so, please be sure to read the full text of the Student Privacy Pledge and then review your policies around student data, including any company's Privacy Policy, to ensure that your policies are consistent with the commitments outlined in the Pledge.

As part of the Pledge application process, you will need to provide the language in your privacy policy that applies to each of the Pledge commitments.

All submissions through this form are for the updated Student Privacy Pledge 2020. We are no longer taking applications for the Legacy Pledge. If you are currently a signatory of the Legacy Pledge and wish to become a Pledge 2020 signatory, please do not use this form. Instead, contact FPF staff at [email protected] to inform us that you want to become a Pledge 2020 signatory.

Primary Contact Name*

Primary Contact Email*

Secondary Contact Name

Secondary Contact E-mail

Your Company's Permanent Email Contact for Privacy Matters*

Please provide a email address for privacy matters that will be consistent and not impacted by staff changes.

The Pledge requires that a signing company “clearly disclose” their privacy practices to students, parents, and teachers, in a manner that is easy to understand. This page must be publicly available prior to sign on and account creation and must be the active policy and not a draft. A good practice is to separate policies for your EDTech application(s) from that of your general corporate website(s).

If you have other privacy policies that apply to your EDTech products in addition to the one provided above, please list the URL and a brief description (e.g. if it is a unique policy for a specific product, or it is supplemental terms for a product, or Education specific terms)

Are you a member of the Future of Privacy Forum?

Yes

Unsure

Are you a member of SIIA (Software and Information Industry Association)?

Yes

Unsure

Have you signed the Student Data Privacy Consortium's National Data Protection Agreement (https://privacy.a4l.org/)

Yes

Unsure

Please upload a copy of your company's logo, sized to 200 x 200 pixels (.png, .jpg, or .gif).

Logo Upload*
Accepted file types: png, jpg, gif, Max. file size: 5 MB.

Privacy Policy Review

In this section please review each pledge commitment against your current privacy policy and provide the privacy policy language that addresses each pledge commitment below.

Pledge Commitment 1

We will collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.

Explanation: A signatory is not allowed to use the student PII for purposes outside of those authorized by the school, or parent. A parent may authorize a signatory to use student PII for non-educational purposes. This Pledge provision is intended to align with the structure for disclosing student educational records to school officials under the Family Educational Rights and Privacy Act (FERPA) and its applicable regulations, 20 U.S.C. § 1232g; 34 CFR Part 99. There are some circumstances in which signatories may be required to disclose Student PII in compliance with a judicial order or pursuant to other legal process (e.g. a lawfully issued subpoena). A disclosure under such circumstances qualifies as an authorized school purpose provided the signatory follows all applicable law in disclosing Student PII. Please familiarize yourself with the many laws that prohibit or limit a company’s ability to disclose information so that you are familiar with limits on sharing data.
Your Privacy Policy Language for Pledge Commitment 1*
In the box below, please paste the language from your privacy policy that addresses the above pledge commitment.
Pledge Commitment 2

We will not sell Student Personally Identifiable Information (PII)

Explanation: The Pledge is intended to align with the general requirements in FERPA and many state student privacy laws that also prohibit the sale of student PII. In the context of the Pledge, "sell" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a student' personal information by the signatory to a third party for monetary or other valuable consideration
Commitment 2-We will not sell Student PII*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 3

We will not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.

Explanation: This limitation on using student PII for behavioral targeting of advertisements applies to all web pages and apps that students are required to access and/or use in order to use an educational service. If a signatory has products, applications, or web pages that are not used to access an educational service, the signatory should clearly distinguish between data collected for advertising purposes and Student PII covered by the Pledge, which cannot be used for behavioral targeting of advertising to students. This Pledge requirement is intended to align with the general requirements in FERPA and many state student privacy laws, which also prohibit the use of student data for behavioral targeting of advertisements.
Commitment 3-No behavioral advertisements to students*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 4

We will not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.

Explanation: The creation of any student profiles must be limited to uses authorized by the school, parent, or student. This commitment does not prohibit profiles such as student profiles used in personalized learning, so long as such profiles are only used for authorized educational purposes or used as authorized by a student or parent. Student profiles containing student PII should be subject to a retention policy consistent with the requirements of this Pledge.
Your Privacy Policy Language for Pledge Commitment 4*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 5

We will not make material changes to School Service Provider education privacy policies without first providing prominent notice to the users and/or account holder(s) (i.e., the institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of Student PII that are inconsistent with contractual requirements.

Explanation: Notice to account holders about material changes to a signatory’s privacy policy must be prominent. Examples of such prominent notice include, but are not limited to: A direct email to the account holder stating that the signatory is changing its privacy policy, with details about the prospective changes to the privacy policy. A banner or other visual communication when a user visits the signatory’s website, if such communication is prominently displayed when a user first visits the website and includes choice about whether to opt-out of data use under the new policy. Notices other than those described above may also satisfy the Pledge requirements so long as they are sufficiently prominent to notify the account holder. Notice of any material changes to a privacy policy described in this Pledge provision must be provided to the account holder before data use, collection, or sharing that was not covered in the current privacy policy may take place. After receiving notice of the proposed material changes to a privacy policy, account holders must have a choice – an opportunity to agree or disagree with using the service after the change. A signatory can provide account holders with an option in the notice to consent to use, collection, or sharing under the new policy by clicking “I agree” or “OK.” If an account holder does not accept the new policy, they may stop using the signatory’s product or service. If an account holder opts out of changes after material changes to a privacy policy as described in this Pledge provision, student PII that the signatory has already collected may not be used under the terms of the new policy. If student PII is received by the signatory pursuant to a contract with an account holder, the contract should be understood to control the provider’s use of student PII and to constitute adequate notice and choice for the purposes of the Pledge.

Your Privacy Policy Language for Pledge Commitment 5*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 6

We will not knowingly retain Student PII beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

Explanation: A signatory should securely delete or de-identify student PII after it is no longer needed by a school or needed to support the authorized educational purpose, or after the time period authorized by the parent/student. Student PII may be retained for shorter or longer periods, depending on the nature of the signatory’s service and requirements of the educational institution. A signatory can satisfy this requirement of the Pledge by agreeing to a retention schedule or specific requirements for deletion in a service contract with an account holder. The signatory should not hold student PII for an amount of time that is unreasonable in the context of the nature of the particular product or service.
Your Privacy Policy Language for Pledge Commitment 6*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 7

We will disclose clearly in contracts or privacy policies, including in a manner easy for institutions and parents to find and understand, what types of Student PII we collect, and the purposes for which the information we maintain is used or shared with third parties.

Explanation: Provide the content of your privacy policy where you disclose what types of Student PII you collect, and the purposes for which the information is used or shared with third parties.
Your Privacy Policy Language for Pledge Commitment 7*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 8

We will support access to and correction of Student PII by the eligible student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent..

Explanation: FERPA requires schools to provide parents the right to inspect and request correction of educational records.
Your Privacy Policy Language for Pledge Commitment 8*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 9

We will maintain a comprehensive security program that is reasonably designed to protect the security, confidentiality, and integrity of Student PII against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

Explanation: A signatory’s security program should contain security controls and procedures appropriate to the nature and scope of the signatory’s activities and the sensitivity of the student PII. Administrative, technical, and physical safeguards should be designed to protect against both external risks, such as a malicious hack or ransomware attack, and also the possibility of internal breaches, such as an employee inadvertently exposing student PII through an error or an unauthorized employee accessing student PII.
Your Privacy Policy Language for Pledge Commitment 9*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 10

We will require that our vendors with whom Student PII is shared in order to deliver the educational service, if any, are obligated to follow these same commitments for the given Student PII.

Explanation: Subcontractors may only receive student PII from signatories if they are subject to restrictions to collect, use, or share student PII only in ways that are consistent with the signatory’s Pledge commitments. A signatory’s subcontractors do not need to be Pledge signatories to satisfy this Pledge requirement.
Privacy Policy Language for Pledge Commitment 10*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.
Pledge Commitment 11

We will allow a successor entity to maintain the Student PII, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected Student PII.

Explanation: The successor entity receiving the student PII does not need to be a Pledge signatory, but must commit to either: (1) follow the same commitments as found in the Pledge in order to continue to use or maintain the student PII; or (2) provide notice of changes that are inconsistent with the Pledge commitments to the account holder(s) (i.e., the institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent), and provide the account holder(s) an opportunity to opt in to the successor entity’s changed uses or sharing of student PII. If there is no opt-in, the signatory or its successor entity should delete or de-identify the student PII.
Privacy Policy Language for Pledge Commitment 11*
In the box below, please paste the language from you privacy policy that relates to the above pledge commitment.

The following pledge commitments are not required to be included or described in your privacy policies. Please check the boxes below to acknowledge your understanding and commitment to these pledge requirement.
Pledge Commitment 12: We will incorporate privacy and security when developing or improving our educational products, tools, and services and comply with applicable laws.*
Companies have incorporated privacy and security by, for example, taking a programmatic approach to privacy and security, applying privacy and security by design principles; considering privacy and security best practices; or analyzing guidance concerning reasonable privacy and security measures and comprehensive privacy and security programs. Signatories incorporating privacy and security should consider factors including: the potential for misuse or unexpected use of student PII; the privacy and security practices of third party vendors (if any); the potential harms that could result from product development or improvement; and whether any of these risks could be mitigated with additional training or resources for product users, educational institutions, or parents and students. Signatories should evaluate new technologies to ensure compliance with applicable laws. Signatories should carefully evaluate the use or development of new technologies in their products and services to consider the potential impact on the privacy and security of Student PII.
Acknowledged
Pledge Commitment 13: We will provide resources to support educational institutions/agencies, teachers, or parents/students to protect the security and privacy of Student PII while using the educational service.*
As applicable and appropriate, signatories should provide resources or information to users of their product or service about how to deploy and use their product or service in ways that promote privacy and security, such as by providing instructions on how to utilize privacy-protective settings or supporting the security of student PII by providing assistance with setting up a product for account holders or users. Such resources may also include, but are not limited to, providing privacy-protective settings by default, just-in-time privacy notifications, training materials, manuals for properly using the service, white papers about services, or in-person training.
Acknowledged

Ineligible to Sign the Student Privacy Pledge

You are inelgible to sign the Student Privacy Pledge for one of the following reasons:

School or District

Does not collect Student Data

Does not provide services to US Schools

Consent*
My organization commits to:
✘Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
✘Not sell student personal information.
✘Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
✘Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
✘Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
✘Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
✔Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
✔Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
✔Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
✔Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
✔Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
✔Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
My organization agrees to the conditions of the FPF Student Privacy Pledge 2020
Approved By*
First Last
Approver Title*

Approver Email*

Approver Signature*
By signing below you certify that you have the authority to enter into the voluntary Student Privacy Pledge commitment on behalf of your organization.
CAPTCHA
Email
This field is for validation purposes and should be left unchanged.

Apply to Take Pledge 2020 (New Process Draft)

You are not Eligible to Sign the Student Privacy Pledge

The Student Privacy Pledge applies to “school service providers.” This means you must be (1) collect or handle K-12 student data; and (2) is used at the direction of their teachers or school employees.

We will disclose clearly in contracts or privacy policies, including in a manner easy for institutions and parents to find and understand, what types of Student PII we collect, and the purposes for which the information we maintain is used or shared with third parties.

We will require that our vendors with whom Student PII is shared in order to deliver the educational service, if any, are obligated to follow these same commitments for the given Student PII.

We will allow a successor entity to maintain the Student PII, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected Student PII.