Last Updated: January 9, 2023 (summary of updates)
Along is a free, web-based, digital reflection tool designed to make it easier for teachers to help each student feel seen and understood. The Services (defined below) enabled by Along have been developed to facilitate meaningful one-on-one relationships between teachers and students through research-informed resources and efficient communication (e.g., asynchronous text, video and/or other supported methods of communication).
Gradient Learning and CZI are signatories to the Future of Privacy Forum’s and SIAA’s Student Privacy Pledge. Along also participates in, and meets the standards of, the iKeepSafe Safe Harbor program.
Gradient Learning does not place ads in Along nor use personal information of users we have identified as Student Users for ad purposes, including for behaviorally-targeted advertising purposes. We do not, and will not, make or seek to make money from students or their schools, teachers, or parents. We do not, have not, and will not sell, rent, or lease the personal information of Student Users.
Along is a free reflection tool for students and teachers, provided by Gradient Learning with support from the Chan Zuckerberg Initiative. Along is designed to help build strong relationships between teachers and their students, and to help students develop key life skills.
Your privacy on Along is our priority. We don’t make money from students and teachers using Along, nor do we allow ads to be placed on Along. We do not and will never sell or rent personal information of users identified as Student Users.
2. Website Visitors
If you are a visitor to the Along website [www.along.org], we will collect certain information from you in order to provide our services. This includes information you give us directly, such as your first and last name, and information provided from your browser or device, like log data and cookies. Please see the Along Website Privacy Notice for more information.
3. Users of the Services
The User Agreement includes a Data Privacy Addendum that includes protections for Student User information and limits our use and sharing of Student User personal information to the Services.
3.1 Information We Collect
We collect the following types of information, including personal information, from students and teachers when they sign up for and use the Services.
- Account Sign-Up and Profile Information:
- Teacher and student contact information such as full name, preferred name/nickname, email address and school name
- Teacher and student profile information, such as a profile picture and descriptions of hobbies and favorite activities
- Any log-in details a teacher or student chooses to provide (e.g., email address)
- Use of the Services:
- Content and online communications: Content (including teacher prompts, student responses, and teacher feedback to students), online communications (such as written or audio messages, photos, or videos that are exchanged between students and teachers within the Services), and type of communication
- Communications metadata: Information such as file size, name of a file (e.g., photo, audio or video), or date or time the audio or video recording was taken
- Usage: Information about how students and teachers use and interact with the Services, such as the prompts they search for and choose, number of photos, written messages, or audio/video recordings exchanged, whether they open emails or click the links contained in emails, and what types of features they engage with in the Services
- Class and Student User Information. Teachers may choose to import the below information from outside third party services into the Services:
- Class rosters, homeroom, and grade level
- Student course schedules, teacher names
- Student identification numbers such as school identification number or school information system identification number
- Academic or extracurricular activities a student may belong to or participate in
- User-submitted Reports, Surveys, and Feedback:
- Information related to bug and content reports, such as descriptions of the issue and communications between users and product support staff
- Survey answers and other product feedback you choose to provide us
- Parent and School Administrator Information:
- Names, phone numbers, and email addresses of parents and school administrators (as provided by teachers and students)
- Device and Network Information:
- We may collect information about devices (such as operating system, and browser type) and networks (such as language, IP address, internet service provider, and connection speed) to better distinguish users of the Services to deliver a customized, secure, and reliable experience for users
- Cookies, Pixel Tags, and Similar Technologies:
- Cookies. Cookies are small text files placed on your device consisting of a string of numbers and letters that uniquely identifies your device. This helps us do things such as save your preferences and identify Student Users in order to limit our collection and use of personal information accordingly.
- Click-through URLs. If you “opt in” to receive newsletters, updates, or other information from us, our emails may use a “click-through URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails. If you prefer not to be tracked in this way, please do not click text or graphic links in emails you receive from us.
When teachers and students sign up for Along, we collect certain types of information — including:
- Account sign-up and profile information (such as your name, email address, and profile picture)
- Your usage of Along (such as content you upload, like teacher prompts, student responses, and teacher feedback; written messages, photos or videos, and other communications; metadata; and usage data)
- Class and student user information (such as student names, classes, grade levels, teacher names, school ID numbers, and academic or extracurricular activities)
- User-submitted reports, surveys, and feedback (such as technical support data and communications, survey answers, and other product feedback)
- Parent and School Administrator information (such as contact information for parents and school administrators and parent ID numbers)
- Device and network information (such as operating systems, browser types, networks, and devices being used)
- Cookies, pixel tags, and similar technologies (such as cookies that help us save your preferences and identify users)
3.2 Information We Do Not Seek to Collect or Store
We do not seek to collect sensitive information about Student Users or Registered Teachers, such as precise location or biometric data. If we become aware that such information has been provided, we will delete it within thirty (30) days of such awareness or get the appropriate School, Parent, or User consent to keep it if it is reasonably necessary for the Services.
We don’t intentionally collect sensitive information through Along, such as the exact location of students. If we become aware that sensitive information is on the Services, we will delete it or notify the appropriate party to get consent to keep it if necessary.
3.3 We Limit the Use of the Information We Collect
We use the personal information we collect from the Services for educational purposes as directed by Registered Teachers or Schools, including to:
- Allow students and teachers to communicate with each other in the Services;
- Drive learning and mentoring engagement between students and teachers;
- Customize the experience for students and teachers, such as by suggesting prompts for teachers to use with students;
- Operate, develop, analyze, evaluate, and improve Gradient Learning’s educational sites, services, or applications;
- Communicate with Users, Parents, and School Administrators in connection with providing the Services;
- Communicate with teachers and school administrators for marketing purposes;
- Manage the oversight and use of the Services, pursuant to School policies;
- Maintain the security and reliability of the Services, troubleshoot, and fix bugs;
- Perform other activities requested by Registered Teachers or Schools for educational purposes or with the consent of a Parent or Student User of the age of majority;
- Protect or defend the rights, safety, or property of Gradient Learning, Schools or Users, or to comply with any law enforcement, legal, or regulatory process;
- De-identify the information for other Gradient Learning purposes; or
- Comply with applicable laws.
Safety. We are committed to making Along a safe space for students and teachers. Your well-being is very important to us. We also use the personal information we collect to improve safety for our Users on and off the Services. This includes helping Registered Teachers and School Administrators investigate suspicious activity, reported content, violations of School’s policies or our policies; preventing spam and other bad experiences; combating harmful conduct; verifying accounts and activities; and maintaining the integrity of the Services. We may accomplish this through human review and automated systems.
Advertising. Along does not include advertisements for third-party goods and services. However, we may use advertising to promote Along to teachers and school administrators, such as by using their email addresses or cookies to direct ads for Along to them on third-party sites, including third-party online services like LinkedIn. We do not use personal information of users identified as Student Users for ad purposes.
As described in Along’s Website Privacy Notice, under California law, this practice is considered to be “sharing” of personal information and may also be deemed a “sale” of such information. You can opt-out of this practice by clicking this Do Not Sell or Share My Personal Information link or the link provided in the footer of the Website and turn off the toggle switch for Marketing and Social Media Cookies. You may also be able to opt-out by broadcasting the Global Privacy Control (“GPC”) signal from a supported browser (see Section 10.5 for more information).
We use the personal information collected from Along for educational purposes only, as directed by teachers and schools that use the Services. This personal information also helps us to improve safety for our users. We may use the personal information of teachers and school administrators to direct ads for Along on websites outside of Along. You may be able to have your browser block or delete cookies, but some parts of the services may not work properly as a result.
To be clear, we will NOT:
- Seek to make money from students or their schools, teachers, or parents/legal guardians through the Services;
- Include advertising in the Services, including behaviorally-targeted advertising to Users;
- Use communications content (e.g. audio or video recordings) for anything other than offering, improving, and securing the Services, which includes responding to and/or investigating user reports or other flags regarding such content;
- Sell, rent or lease (or authorize Service Providers to sell, rent or lease) any personal information we collect from Student Users for any purpose – including for advertising and marketing purposes;
- Disclose personal information to third parties except in a few limited cases such as to service providers who help us provide the Service, as required by law, or with your consent;
- Use (or authorize Service Providers to use) the personal information we collect from Users for the creation of commercial products or services; or
- Use information collected from Student Users for any purposes other than for educational purposes unless we have de-identified the information such that it cannot reasonably be linked to an identifiable Student User.
We don’t sell or use personal information to make money from students and teachers using Along, and we require our own service providers to make the same commitment. We also don’t use personal information of users we have identified as Student Users for anything other than educational purposes. In certain cases, we may use de-identified information, (i.e., information that cannot be used to identify or contact an individual) to improve your experience on Along.
De-identified information. We de-identify personal information and use de-identified information for other purposes, including research and product improvement of Gradient Learning’s educational sites, services, or applications. We consider “de-identified” information to be information that has direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact an individual. Such identifiers include persistent unique identifiers, name, ID numbers, and date of birth.
3.4 We Limit How Personal Information Is Shared
In order to provide the Services, we share your personal information in the limited ways outlined below:
- Between students and teachers. Student Users and Registered Teachers will share content and messages with each other in the Services. The Services do not include features that make Student or Registered Teacher personal information publicly available.
- School Administrators. Because Along is an educational tool, authorized School Administrators from Schools may have legal rights to view, export, and request deletion of information in the Services. School Administrators may have access to information for a limited time period, even after a Student User or Registered Teacher has requested deletion of an account.
- Parents. We may share information with a Student User’s Parent as authorized by the student’s Registered Teacher or School Administrator or as required by applicable law.
- Service Providers. We use Service Providers to support the operation of the Services, such as through document management, data hosting, and provisioning customer service tools related to the Services. CZI is our long-term technology partner and works as a Service Provider to help us develop and support the Services. We do not and will not grant Service Providers the right to sell your personal information or to use it for any purpose other than what’s necessary to support the Services. We also require Service Providers to implement reasonable security practices. We maintain a list of our Service Providers (“Service Providers“), which may be updated from time to time.
- Law enforcement requests. We may access, preserve, and share User information in response to a legal request (e.g., warrants, subpoenas, court orders), if we have a good-faith belief that the law requires us to do so. In such cases, to the extent permitted by law, we will attempt to provide the Student, School, Registered Teacher, School Administrator, or Parents (as applicable depending on circumstances) with notice of such legal request prior to complying with requests for User information.
- To coordinate with law enforcement to advance safety on and off the Services. We may also share User information when we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of Along, violations of School’s or our policies, to protect ourselves (including our rights, property or products), you or others; or to prevent death or imminent bodily harm.
- With other third parties. We may share User information with other third parties, if directed or authorized by the Registered Teacher or School, or with parental consent, to the extent permitted by law and subject to our User Agreement, including the Data Privacy Addendum.
We may share your information in limited ways with the following parties:
- Those who need it to use Along (for example, sharing information between teachers and students communicating with one another through Along).
- School administrators or parents.
- Third-party service providers that help us operate Along (Note: We never sell personal information of users identified as Student Users and require our third-party service providers to make the same commitment).
- Law enforcement, in response to a legal request or if we believe it’s necessary to ensure the safety of teachers and students on Along.
- Other third parties if directed or authorized by a teacher or school (with parental consent, and in accordance with the law and our User Agreement).
De-identified information. We will only share de-identified information should we wish to demonstrate how the Services are used, its efficacy, or otherwise provide information or marketing materials related to the Services. We may share aggregated and/or non-personally identifiable information publicly (such as statistics about visitors and website traffic patterns).
To demonstrate the efficacy of Along or how it’s being used in classrooms and schools, we may publicly share information that has been de-identified (i.e., information that cannot be reasonably used to identify or contact an individual).
4. We Support Parent/Legal Guardian Engagement
We support and encourage the involvement of Parents in their Student Users’ education. Parents and Student Users may, at any time, make a request to access, review, correct, or delete personal information in the Services by contacting the Student User’s Registered Teacher or School. If the Registered Teacher or School determines that the request should be implemented, the Registered Teacher or School may direct us to make such a change. We will process such School requests within thirty (30) days of receiving a written request in a manner consistent with applicable law and the terms of the User Agreement (including the Data Privacy Addendum).
We support and encourage parent/legal guardian involvement with Along. Students and parents/legal guardians may request to access, review, correct or delete personal information. Such requests must be made through the student’s teacher or school.
5. Student User’s Personal Information
All students who use the Services will be invited by a Registered Teacher who has agreed to the User Agreement. Pursuant to the User Agreement (including the Data Privacy Addendum), each Registered Teacher, on behalf of their School, has consented to our practices regarding the collection, use, and disclosure of personal information from Student Users as permitted by law.
When the Registered Teacher invites their students to Along, we rely on consent obtained from the Registered Teacher or the School acting as an agent of the Student User’s parent or legal guardian in order to process the Student User’s personal information.
Registered Teachers are also required to provide notice to School Administrators and are encouraged to notify Parents that they are using the Services to increase student engagement.
COPPA governs the collection of certain information from children under the age of 13 (“child” or “children”). For more information about COPPA and generally protecting children’s online privacy, please visit the Federal Trade Commission COPPA FAQs and OnGuard Online. While COPPA does not directly apply to non-profit organizations such as Gradient Learning, we voluntarily comply with COPPA’s guidelines regarding students under the age of 13 as part of our commitment to transparency with parents regarding the collection and use of their child’s data.
We are committed to trying to protect the personal information for students of all ages on Along. As part of this commitment, we voluntarily comply with the core principles of COPPA.
6. Security and Accuracy of Personal Information
The security of personal information from our Users is important to us, and we work hard to protect it from unauthorized access and use. In an effort to prevent unauthorized access, disclosure, or improper use of User information, and to maintain data accuracy, we have established physical, technical, and administrative safeguards designed to protect the personal information we collect. For additional technical details regarding Gradient Learning’s security programs and measures, please see our Security Whitepaper.
We’re constantly evolving our security procedures as technology changes, but our security procedures at a minimum include the following:
- We restrict access to personal information to authorized Gradient Learning employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Employees and contractors (“Staff“) are subject to discipline if they fail to meet these obligations.
- We require our Service Providers with which we share Student User personal information to employ industry standard data protection and security protocols.
- We use strong authentication methods including multi-factor authentication for all Staff.
- We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information.
- We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored.
- We strive to maintain a data backup and recovery capability designed to help ensure a timely and accurate restoration of personal information.
- We work hard to maintain industry standard software development lifecycle with industry standard security practices designed to establish secure application, infrastructure, and network architectures.
- We endeavor to maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of the Services.
- We provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.
- We employ trained security professionals with experience in security incident response and event monitoring.
- We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks, and work hard to timely remediate identified security vulnerabilities.
- We implement oversight and governance procedures for security risks, including a vulnerability disclosure program and reviews of incidents affecting the Services.
We are constantly working on ways to prevent unauthorized access and misuse of personal information through administrative, physical, and technical safeguards. These include:
- using strong authentication methods,
- limiting who has access to student data,
- destroying or deleting personal information as needed,
- using strong encryption technology,
- using secured data backup and recovery capability,
- maintaining industry standard software development lifecycle,
- providing security training to employees and staff, and
- requiring Service Providers to follow similar terms.
If there is a data breach, we will provide notice to the school as required by law.
We regularly develop and implement features to help keep personal information safe. Should you discover any security bugs or vulnerabilities in our Services or have any questions regarding our data practices, please contact our team at firstname.lastname@example.org.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practice can be 100% guaranteed. The security of personal information can be compromised by outages, attacks, human error, system failure, unauthorized use or other factors at any time. If we learn of a breach of your personal information, we will provide notice which will include information required by applicable law.
7. Data Retention
We will only retain personal information, including personal information from Users, for the time period required to support the authorized educational purposes. If a Student, Registered Teacher or School requests removal of any personal information or closure of their account, we will promptly direct our Staff to delete, dispose of, or de-identify the personal information.
Following a Student User’s account deletion, we will notify their Registered Teacher and School Administrator, and the Student User account will be removed from Along after verifying the Student User’s request. Following a Registered Teacher’s account deletion request, we will notify their School that the Registered Teacher’s account, along with associated Student User accounts, will be removed from Along after verifying the Registered Teacher’s request.
We will retain a Student User’s and Registered Teacher’s information for a 30-day record retention period in order to support the management by a School or Registered Teacher of information considered part of an education record. At the end of that record retention period, we will delete, dispose of, or de-identify the personal information within 30 days unless, consistent with applicable law, there is a legitimate reason to retain such personal information for a longer period.
We may retain personal information for a longer time period if we have consent to retain such information or if we are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, protect the safety and security of our Users or our Services, or enforce the User Agreement (including the Data Privacy Addendum), other agreements, or any posted guidelines, policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
We will also delete Student User or Registered Teacher accounts after a period of inactivity.
We only keep personal information for as long as it’s necessary to provide Along. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school.
If you are a Parent and wish to have your student’s personal information removed from the Services, please contact your student’s Registered Teacher or School and review the information in Section 8 (” Schools Can Delete Information”).
8. Schools Can Delete Information
Registered Teachers or School Administrators may request the review or deletion of their Student User information, or the closure of accounts associated with their School in the Services. At the end of the 30-day record retention period, we will delete or de-identify such information within 30 days, unless we otherwise have consent to retain such information or are required to retain such information to comply with a valid access or transfer request for education records, our legal obligations or law enforcement requests, resolve disputes, or enforce the User Agreement (including the Data Privacy Addendum), Code of Conduct, or other policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
Teachers and schools can request that we delete and update student personal information.
9. Your Choices Regarding Your Personal Information
We provide a variety of ways for you to control your personal information, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.
9.1 Access, portability, correction, and deletion
- Access personal information. You can ask us for a copy of your personal information, including in a machine-readable form (data portability).
- Change or correct personal information. You can also ask us to change, update, or fix inaccurate personal information in certain cases, subject to our legal obligations and lawful exceptions.
- Delete personal information. You can ask us to erase or delete all or some of your personal information subject to our legal obligations and lawful exceptions.
To make such requests, contact email@example.com. In the email, please provide us with your name, state in which you live, which of the above rights you would like to exercise, and sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information. Please also let us know if you have questions or concerns related to exercising any rights you have under applicable law.
9.2 Object to, limit, or restrict use of personal information
- Communications preferences. You can opt out from communications with Gradient Learning at any time via the unsubscribe link in emails from us.
- Profiling and automated decisionmaking. Some privacy laws provide a right to opt-out of profiling or automated processing in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Gradient Learning does not engage in such profiling or automated processing.
9.3 Browser or platform controls
- Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” or similar controls that can send a signal to the websites you visit indicating your choice to opt out from certain types of data processing, including data sales and/or targeted advertising, as specified by applicable law. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.
- Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
If you would like to appeal a Gradient Learning decision with respect to a request to exercise any of your rights, please email us at firstname.lastname@example.org and explain the basis for your appeal.
Gradient Learning will not discriminate against you in any manner for exercising any of the above rights with respect to your personal information.
10. Additional Information for California Residents
While the CCPA does not apply to nonprofit organizations like Gradient Learning, we take privacy seriously and have chosen to inform our practices with the CCPA. Specifically, this means the below.
10.1 Data Subject Rights
In addition to the rights listed in Section 9, California residents have the additional “right to know.” This right allows you to request the following information about the personal information that we’ve collected about you in the past 12 months:
- Information about Data Collection
- The categories of personal information that have been collected.
- The specific pieces of personal information that have been collected about you.
- The categories of sources from which we have collected personal information.
- The business purpose for which we have collected personal information.
- Information about Data Disclosure
- The categories of personal information that we have sold, shared, or disclosed for a business purpose.
- The categories of third parties with whom personal information has been sold, shared, or disclosed for a business purpose.
10.2 Additional Disclosures / “Notice at Collection”
- Purposes of collection, use, and disclosure. As described in Sections 3.3. and 3.4 above, we do not “sell” or “share” personal information (as those terms are defined by the CCPA) of the users we have identified as Student Users. We may use teacher data for advertising purposes in ways that could be considered “sharing” or “selling” under the CCPA. In addition, we use or disclose the personal information we collect for one or more of the business purposes described in Sections 3.3 and 3.4 above.
- Retention of information. We only keep personal information for as long as it’s necessary to provide Along. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school. See Section 7 above for more details.
Consumers have the right to request information about the personal information we collect. Requests should be sent to email@example.com.
- Over the past 12 months, we’ve collected certain personal information from student and teacher users, to provide educational services.
- We collect this personal information both from direct and indirect sources.
- We may disclose personal information for select business purposes, such as to protect against fraudulent activity or to debug our website.
11. How We Communicate With You
If you created an account on the Services (or otherwise provided an email address or phone number to us, or otherwise opted-in to receive communications from us), we may send you messages related to the Services, including messages regarding your account, privacy and security notices, and updates and information regarding the Services. These communications may be sent through SMS, push notifications, email, telephone calls, and postal mail. [Note: Standard carrier fees may apply to messages sent to your mobile devices.] If you have an account with us, we’ll also use your contact information for customer service purposes, or to contact you for legal matters or purposes. We may receive a confirmation when you open an email from us if your device supports it.
We may contact you with messages and notifications about Along, including information about your account, privacy and security notices, and service updates.
For School Administrators. We require Registered Teachers signing up for the Services to tell their School Administrator about it. This means a Registered Teacher may provide us with your email address so we can send you an email from the Registered Teacher telling you about their use of the Services. We may also contact you with questions related to your School’s use of the Services via your Registered Teachers and Student Users.
For Parents and Legal Guardians. We encourage Registered Teachers signing up for the Services to tell you about their use of the Services in their classroom with your child. This means Registered Teachers may provide us your email address and/or phone number so we can send you content from the Registered Teacher telling you about their use of the Services. We may also contact you with questions related to your child’s use of the Services.
Teachers may give us contact information about school administrators and parents. We may contact school administrators and parents to provide requested information, respond to inquiries, or provide information as directed by the school.
12. We Are Transparent About Changes
When we make material changes to this policy, we will notify you before the changes go into effect.
13. We Want To Hear From You
You can learn more about Gradient Learning on our website, http://gradientlearning.org/.