Privacy Policy

Last Updated: May 10, 2021

 

AN EDUCATIONAL SERVICE THAT IS TRULY PRIVATE

 

ReflEQ is designed with privacy in mind. It is a secure online platform, providing schools/universities with a methodology to develop student self-awareness and metacognition alongside the “nuts and bolts” steps of a project, unit or assignment.

To accomplish its goals, it is essential that ReflEQ is a safe place for students to document their learning, and that they (and their instructors) are in complete control of how their information is shared.

Protecting individual privacy is fundamental to our mission. This Privacy Policy describes our stringent policies for protecting personal information in clear language that you – as an administrator, instructor, student or parent – can understand.

 

OUR PROMISE TO YOU

 

Students solely own the content they create in ReflEQ.

Student work is private to the student and their instructor(s) by default.

We use the latest security industry best practices to protect you.

We are transparent about our practices.

We are compliant with all applicable federal and state data privacy laws including the Family Educational and Privacy Rights Act (“FERPA”), the Children’s Online Privacy Protection Act (“COPPA”), and for EU subscribers the General Data Protection Regulation (“GDPR”).

We do not collect, maintain, use or share personal information beyond what is necessary for authorized educational/school or legal purposes.

There is no tracking of any personal information for third-party or marketing purposes on ReflEQ.

We will never expose any student, instructor or other user of ReflEQ to any third-party advertisements on our site.

We will never allow data collection by third-party advertisers or data brokers.

We do not, and never will, sell any student’s (or any individual’s) data to any third party.

The only instance in which we may share such personal information is if obligated to do so by law.

 

SCOPE OF THIS PRIVACY POLICY

 

This Privacy Policy governs the use of the ReflEQ (“ReflEQ” or “the Service”). This includes any personally identifiable information that we collect when you create an account (the “Account Information”) at your school or Site, and subsequent content added to student journals (“Student Content”). Any personally identifiable data collected by ReflEQ that can be linked back to an individual student is considered “Student Data”.

By using ReflEQ, you acknowledge that you accept and agree to this Privacy Policy. If you don’t agree, please don’t use ReflEQ. You can contact us anytime with questions about this policy at support@refleq.com.

We may occasionally update this Privacy Policy. You can see when it was last updated by looking at the last updated date at the top of this page.

If we make significant changes to our Privacy Policy, we’ll post a notification on the ReflEQ homepage. Continued use of the website after a revision to the Privacy Policy indicates your acceptance and agreement to the current Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

 

GUIDING PRINCIPLES FOR STUDENT/USER PRIVACY

 

For any Site subscribing to ReflEQ, we follow these guiding principles related to identifiable personal information and privacy:

ReflEQ upholds all COPPA, FERPA, General Data Protection Regulation (GDPR) and related regulations.

An organization has complete discretion as to which student and instructor accounts it wishes to create within its Site license.

Students own their own Student Content on ReflEQ.

Student Content is only visible to either the one or two instructors (Assigning Instructors) who are using ReflEQ with that student alongside a specific classroom project, assignment or unit.

Beyond the Assigning Instructor(s) of a project, the student may choose to share his/her own Student Content beyond that, for example by generating a secure weblink to a ReflEQ journal and sharing that weblink with another instructor, coordinator or parent. However this additional sharing of Student Content beyond the Assigning Instructors is by the student’s choice entirely.

 

COLLECTION AND PROCESSING OF PERSONAL INFORMATION (PI)

 

Any Account Information and Student Data collected and processed by ReflEQ will always be done so with the consent of its users and for the specific purposes outlined below, which are necessary for the operations of the Service.

 

(1) Site-Subscription Creation

 

A Site subscriber is typically a school, district or university department. There are no individual or single classroom subscriptions to ReflEQ.

When a Site subscribes to ReflEQ, we collect only the minimal pieces of Account Information that we need for subscription registration and billing purposes. Usernames, passwords, and IP addresses collected for the purpose of Site-access authentication are held in the strictest confidence.

ReflEQ is the sole owner of any information collected for subscription purposes. We will not sell, share, or distribute this information in any way, or use it for any other purpose than for Site access authentication and subscription/renewal processes. Such collected information may be provided to an entity that purchases all or substantially all of the business or assets of ReflEQ through a merger, financing, acquisition, or bankruptcy transaction or proceeding (“Successor Entity”), assuming that the Successor Entity has data privacy principles that are consistent with the principles described in this Privacy Policy.

For Site accounts, payment may be made by physical check, wire/ACH, or credit card. No credit card or other payment information is stored in our database, nor kept in any electronic or paper version.

 

(2) Account Creation

 

When instructor or school administrator accounts are generated in ReflEQ, we collect name, email address, password, and a profile icon or image if one is uploaded.

When student accounts are generated in ReflEQ, ReflEQ collects a small amount of personally identifiable Student Data about them including their names and email addresses. A student may also upload a profile icon or image on an optional basis only. The student email address is used for login. The student email may also be used if the instructor issuing a reflection question chooses that the student should receive email notifications to remind them of a due date for that reflection.

School administrators may generate both instructor and student accounts on ReflEQ by manual entry or CSV import.
Instructors may only create student accounts, by manual entry only.

ReflEQ Support can be requested by the Site to generate student and/or instructor accounts for the Site. In such cases, ReflEQ opens a secure single-use portal so that a Site administrator can securely provide ReflEQ the names and email addresses of those students and/or instructors whose accounts should be generated.

 

(3) Student Content

 

ReflEQ stores content that the student writes into a student ReflEQ journal for a specific classroom project or assignment. The purpose of such journal entry is to document student learning and is in written form only. Student Content may occasionally include an associated PDF if the student is requested by the instructor to upload such attachment. Student Content that is uploaded by a student may be considered a student education record as defined by FERPA.

 

(4) Withholding, Correction, Deletion of Personal Information

 

In situations where personal information is collected, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the site or for us to respond to your queries.

You have the right to access, correct, download for transport to a similar service, or delete any of your personal information collected by ReflEQ. If you are a instructor, you can update the information associated with your ReflEQ account directly by contacting ReflEQ directly. If you are a student (or parent who wants to correct, edit, download, or update information about your student), please work directly with your Site, or contact us directly at support@refleq.com.

If you would like to delete your ReflEQ account or any content submitted to ReflEQ, please send an email to support@refleq.com. If you request that your account or any content submitted to ReflEQ be deleted, ReflEQ may still retain information for up to 60 days to provide support and prevent accidental deletion.

If you are a instructor or school administrator within the US, please be aware that FERPA requires us to retain student education records once a valid request to inspect those records has been made.

 

PASSIVE INFORMATION COLLECTION TECHNOLOGIES FOR INTERNAL OPERATIONS

 

Some privacy frameworks like GDPR consider IP address logs to constitute personal information. Thus, no identifiers are ever used except for to provide support for our internal operations, site and service. Furthermore, IP addresses are never shared with any third parties. In order to compile usage statistics for subscribing organizations, we also record the date and time that users access the Service, and from what IP address they log in.

Cookies are small text files that we transfer to your web browser that allow us to identify your web browser and store information about your account. We use these cookies to keep you logged in to ReflEQ. If the ‘Remember Me’ checkbox is checked on login, it sets a cookie that will expire two days after login. This cookie will persist across browser restarts. If that box is not checked, it uses a ‘session cookie’ that will expire when the browser is closed. You can choose to remove or disable cookies via your browser settings. Please be aware that ReflEQ will not work properly if you disable or decline cookies.

 

EXTERNAL LINKS AND THIRD-PARTY INTEGRATIONS

 

No ads are served from the ReflEQ website or Service. There is no exchange of personal information by ReflEQ to any external service or website at this time, although an integration with NoodleTools, Inc. – a company with as stringent a Privacy Policy as ReflEQ – is coming shortly.

When a user asks a support question via the “Submit a Ticket” link on the ReflEQ Support webpage, an email address is collected to respond to the query. The Support line is facilitated through Zoho, which is regulated through its own privacy policy. Zoho is the CRM of choice for many educational platforms.

In addition to Zoho, we utilize the services of other companies to perform certain business-related services. We may disclose personal information to certain types of third-party companies but only to the extent needed to enable them to provide such services. ReflEQ currently uses services such as Stripe for credit card processing, and Heroku and Amazon Web Services (AWS) and related Cloud services for hosting, database management and backup. These and all such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by ReflEQ.

 

OUR SECURITY PRACTICES

 

ReflEQ maintains a security program that is designed to protect the security, privacy, confidentiality and integrity of the student personal information against risks such as unauthorized access or use, or unintended or inappropriate disclosure. There are no software development activities occurring outside the U.S., and the code is written in languages with gold-standard security parameters. Our data is stored in the United States with robust digital and procedural safeguards in place to protect your personal information. All passwords are securely encrypted within our database, which has daily backups and is protected by SSH and a firewall. Users are authenticated with email address and password that are hashed by bcrypt. All actions that involve the digital transmission of personal data are handled by 256-bit encryption.

As previously noted, the service has minimal collection of personal information, and minimal integration with services that could cause any unintended transference of personal information. If you have any questions about the security at our website, you can contact us via our Support Desk.

 

Security Breach Response

 

In the unlikely situation of private user data breach, we will quickly respond to, and mitigate, any private user data breach based on our Breach Response Plan:

In the event that personal information is accessed or obtained by an unauthorized individual, ReflEQ (“Provider”) shall provide notification to the school or district (“Subscriber”) within forty-eight (48) hours. Provider shall email a Notice of Data Breach (“Notice”) to account contacts on record that details what happened, what Student Data was involved, and what is being done to resolve the issue. Subscriber will be given Provider email and phone contact information to obtain more information.

The Notice will specifically include:

  • A description of the breach in plain language.
  • Specific personal information that ReflEQ believes to have been compromised.
  • Estimated date or date range the breach occurred.
  • A description of what ReflEQ has done to protect against further data breach.
  • Advice to individuals whose information has been breached.
  • ReflEQ contact information to obtain further details.

Provider agrees to adhere to all requirements in applicable State and federal law with respect to a data breach related to the personal information, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.

Provider maintains and keeps updated a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of personal information or any portion thereof, including personally identifiable information.

 

PRIVACY COMPLIANCE

 

(1) REFLEQ and Parental Consent

 

COPPA regulations state that teachers or schools have parental consent to use ReflEQ with children who are under the age of 13. You should check your local laws to determine the relevant age in your country. If you are aware ReflEQ is collecting information from a student under the age of 13 without parental consent, please contact us immediately and we will delete the data.

 

(2) REFLEQ and FERPA

 

Data collected by ReflEQ may include personally identifiable information from education records that are subject to the Family Educational Rights and Privacy Act, “FERPA”, (“FERPA Records”). To the extent that Student Data includes FERPA Records, you designate ReflEQ as a “School Official” (as that term is used in FERPA and its implementing regulations) under the direct control of the school with regard to the use and maintenance of the FERPA Records and ReflEQ agrees to comply with FERPA.

 

(3) REFLEQ AND GDPR

 

ReflEQ has opened to schools and students in the European Union. ReflEQ complies with the European Union General Data Protection Regulation (the “GDPR”). We meet the privacy requirements of all EU members. All technical and procedural measures are in place to protect personally identifying information.

Under GDPR, ReflEQ stands behind your fundamental rights regarding how we will collect, use and store data:

  • We strive to be transparent and inform you in how we use personal data.
  • Users of ReflEQ shall have the right to know exactly what information is held about them and how it is processed, and are entitled to have personal data rectified if it is inaccurate or incomplete, or deleted if so requested.
  • With respect to personal information, we respect the right for subscribers to block or suppress its processing.
  • Users of ReflEQ have the right to retain and reuse their personal data for their own purpose.
  • Personal data is not used for the purpose of direct marketing, scientific and historical research, or the performance of tasks outside the scope of operation of the ReflEQ platform.

ReflEQ processes personal data as both a Processor and as a Controller, as defined in the EU Directive and the GDPR. ReflEQ has a “Data Protection Officer” who is responsible for matters related to privacy and data protection. The Data Protection Officer is Rigele Abilock, who can be reached per the contact information listed at the bottom of this agreement.

With respect to the processing of personal data relating to data subjects located in the European Economic Area (including the United Kingdom as of the Effective Date of this Privacy Policy) by ReflEQ solely on behalf of the End Customer, the terms of the Data Processing Addendum shall apply.

 

TERMS OF SERVICE

 

This Privacy Policy is incorporated into our Terms of Service and is part of that contractual agreement between you (the user) and ReflEQ and is enforceable under the provisions of that Terms of Service, as updated or amended from time to time.

 

CONTACT INFORMATION

 

If you have any questions or feedback about this Privacy Policy, please do not hesitate to contact the company:  support@refleq.com.

ReflEQ LLC
380 Hamilton Ave, Suite 172
Palo Alto, CA 94301

Ready to get started?

Let's Go!