K-12 School Service Provider Pledge to Safeguard Student Privacy 2020
Thank you for your interest in the Student Privacy Pledge. The Pledge listed on this page is the updated Student Privacy Pledge, which we released following our Pledge 2020 effort. A series of supplemental, explanatory guidelines relating to the Pledge updates can be found on our FAQs page. If you are an eligible organization seeking to sign the Pledge, please follow the link below to find the submission page.
The original Pledge, which we have renamed the Legacy Pledge, can be found by following the link at the bottom of the page.
K-12 School Service Providers are honored to be entrusted by educators and families to support their educational needs and school operations. School Service Providers take responsibility to both support the effective use of student information and safeguard student privacy and information security.
School Service Providers support schools – including their teachers, students and parents – to manage student data, carry out school operations, support instruction and learning opportunities, and develop and improve products/services intended for educational/school use. In so doing, it is critical that schools and School Service Providers build trust by effectively protecting the privacy of student information and communicating with parents about how student information is used and safeguarded. Student PII is provided by students, their parents, and their schools; it should be used to serve and support students’ best interests.
We pledge to carry out responsible stewardship and appropriate use of Student PII according to the commitments below and in adherence to all laws applicable to us as School Service Providers.
We Commit To:
✘We will not collect, maintain, use or share Student PII beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
✘We will not sell student PII.
✘We will not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
✘We will not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
✘We will not make material changes to School Service Provider education privacy policies without first providing prominent notice to the users and/or account holder(s) (i.e., the institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of Student PII that are inconsistent with contractual requirements.
✘We will not knowingly retain Student PII beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
✔We will collect, use, share, and retain Student PII only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
✔We will disclose clearly in contracts or privacy policies, including in a manner easy for institutions and parents to find and understand, what types of Student PII we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
✔We will support access to and correction of Student PII by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
✔We will maintain a comprehensive security program that is reasonably designed to protect the security, confidentiality, and integrity of Student PII against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
✔We will provide resources to support educational institutions/agencies, teachers, or parents/students to protect the security and privacy of Student PII while using the educational service.
✔We will require that our vendors with whom Student PII is shared in order to deliver the educational service, if any, are obligated to follow these same commitments for the given Student PII.
✔We will allow a successor entity to maintain the Student PII, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected Student PII.
✔We will incorporate privacy and security when developing or improving our educational products, tools, and services and comply with applicable laws.
- Some School Service Providers may be subject to additional legal obligations, contractual commitments, or requests from educational institutions or parents/students that direct or otherwise authorize additional uses of Student PII, other than those specified above.
- Nothing in this pledge is intended to prohibit the use of Student PII for purposes of adaptive learning or customized education.
- This pledge is intended to be applicable to new contracts and policies going forward and addressed — where inconsistent and as agreed to by the educational institution or agency — in existing contracts as updated over time.
- Companies subject to COPPA should consider when obtaining parental or school consent is appropriate. The Federal Trade Commission has stated that organizations subject to COPPA (15 U.S.C. 6501–6505; 16 CFR Part 312), (operators) “should not state in Terms of Service or anywhere else that the school is responsible for complying with COPPA, as it is the responsibility of the operator to comply with the Rule.” For more information, see the Commission’s Complying with COPPA FAQs. (https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions-0)
- Student Privacy Compass contains resources for edtech companies at the following link: (https://studentprivacycompass.org/audiences/ed-tech/).
- This Pledge shall be effective as of December 1, 2020, but will be binding on signatories as of the date a signatory opts in to updated terms of this pledge. The Legacy Student Privacy Pledge will sunset in June of 2021. After the Legacy Pledge is sunset, the updated Student Privacy Pledge 2020 shall be the only Pledge language in effect.
- ‘School Service Provider’ refers to any entity that: (1) is providing, and is operating in its capacity as a provider of, an online or mobile application, online service or website that is marketed for use in United States elementary and secondary educational institutions/ agencies and is used at the direction of their teachers or other employees; and (2) collects, maintains or uses Student PII in digital/electronic format. The term ‘School Service Provider’ does not include an entity that is providing, and that is operating in its capacity as a provider of, general audience software, applications, services or websites not designed and marketed for schools.
- ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).
- ‘Signatory’ refers to a School Service Provider that has signed the Student Privacy Pledge.
- ‘Student PII’ is a student’s personally identifiable information. The term Student PII has the same definition as “covered information” under California’s Student Online Personal Information Protection Act (SOPIPA), Cal. Bus. & Prof. Code § 22584(i) (2020). Student PII does not include de-identified information.
- ‘Student’ applies to students of United States elementary and secondary schools, and with regard to notice and consent applies only to students of appropriate age as authorized under relevant United States federal law. See FERPA, 20 U.S.C. § 1232g; 34 CFR Part 99.
- ‘Consumer privacy policies’ include those privacy policies that are posted by the company to be available to all users to the site or service.
- ‘Parent’ includes a student’s legal guardian.