Last Updated: August 8, 2022 (summary of updates)
Along is a free, web-based, digital reflection tool designed to make it easier for teachers to help each student feel seen and understood. The Services (defined below) enabled by Along have been developed to facilitate meaningful one-on-one relationships between teachers and students through research-informed resources and efficient communication (e.g., asynchronous text, video and/or other supported methods of communication).
Gradient Learning and CZI are signatories to the Future of Privacy Forum’s and SIAA’s Privacy Pledge 2020 (formerly the Student Privacy Pledge), and we apply those standards to Along. Along also participates in, and meets the standards of, the iKeepSafe Safe Harbor program.
Gradient Learning does not place ads in Along nor use student personal information that we collect for ad purposes, including for behaviorally-targeted advertising purposes. We do not, and will not, make or seek to make money from students or their schools, teachers, or parents. We do not, have not, and will not sell, rent, or lease the personal information of students, teachers, or anyone else.
Along is a free learning tool for students and teachers, provided by Gradient Learning with support from the Chan Zuckerberg Initiative. Along is designed to help build strong relationships between teachers and their students, and to help students develop key life skills.
Your privacy on Along is our priority. We don’t make money from students and teachers using Along, nor do we allow ads to be placed on Along. We do not and will never sell or rent student or teacher personal information.
2. Website Visitors
If you are a visitor to the Along website [www.along.org], we will collect certain information from you in order to provide our services such as our mailing list. This includes information you give us directly, such as your first and last name and information provided from your browser or device, like log data and cookies.
We collect and use information from Along website visitors so that we can send requested information, such as sending users newsletters that they sign up for. This collection and use is subject to its own Website Privacy Notice.
3. Users of the Services
For Student Users, we define personal information as information that alone, or in combination with other non-personal information would allow someone to identify or contact the child. This includes, but may not be limited to, all information considered to be “personal information” under the Children’s Online Privacy Protection Act (“COPPA“) or “personally identifiable information” under the Family Educational Rights and Privacy Act (“FERPA“). For more information on COPPA please see section 5 below.
We define “personal information” from students using Along as any information that would allow that student to be identified or contacted by another individual. We collect this type of personal information on Along so that we can provide students with educational services and use such information only for educational purposes.
3.1 Information We Collect
We collect the following types of information, including personal information, from students and teachers when they sign up for and use the Services.
- Account Sign-Up and Profile Information:
- Teacher, School Administrator, and student contact information such as full name, preferred name/nickname, email address and school name.
- Teacher and student profile information, such as a profile picture and descriptions of hobbies and favorite activities
- Any log-in details teacher, School Administrator or student choose to provide (e.g. email address)
- Use of the Services:
- Content and online communications: Content (including teacher prompts, student responses, and teacher feedback to students), online communications (such as written or audio messages, photos, or videos that are exchanged between students and teachers within the Services), and type of communication
- Communications metadata: Information such as file size, name of a file (e.g. photo, audio or video), or date or time the audio or video recording was taken
- Usage: Information about how students and teachers use and interact with the Services, such as the prompts they search for and choose, number of photos, written messages, or audio/video recordings exchanged, whether they open emails or click the links contained in emails, and what types of features they engage with in the Services
- Class and Student User Information. Teachers or School Administrators may choose to import the below information from outside third party services into the Services:
- Class rosters, homeroom, and grade level
- Student course schedules, teacher names
- Student identification numbers such as school identification number or school information system identification number
- Academic or extracurricular activities a student may belong to or participate in
- User-submitted Reports, Surveys, and Feedback:
- Information related to bug and content reports, such as descriptions of the issue and communications between users and product support staff
- Survey answers and other product feedback you choose to provide us
- Parent and School Administrator Information:
- Names, phone numbers, and email addresses of parents and school administrators (as provided by teachers and students)
- Device and Network Information:
- We may collect information about devices (such as operating system, and browser type) and networks (such as language, IP address, internet service provider, and connection speed) to better distinguish users of the Services in order to deliver a customized, secure, and reliable experience for users
- Cookies, Pixel Tags, and Similar Technologies:
- Cookies. Cookies are small text files placed on your device consisting of a string of numbers and letters that uniquely identifies your device. This helps us do things such as save your preferences, and to identify Student Users in order to limit our collection and use of personal information accordingly.
- Click-through URLs. If you “opt in” to receive newsletters, updates, or other information from us, our emails may use a “click-through URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails. If you prefer not to be tracked in this way, please do not click text or graphic links in emails you receive from us.
When teachers and students sign up for Along, we collect certain types of information — including:
- Account sign-up and profile information (such as your name, email address, and profile picture)
- Your usage of Along (such as content you upload, like teacher prompts, student responses, and teacher feedback; written messages, photos or videos, and other communications; metadata; and usage data)
- Class and student user information (such as student names, classes, grade levels, teacher names, school ID numbers, and academic or extracurricular activities)
- User-submitted reports, surveys, and feedback (such as technical support data and communications, survey answers, and other product feedback)
- Parent and School Administrator information (such as contact information for parents and school administrators and parent ID numbers)
- Device and network information (such as operating systems, browser types, networks, and devices being used)
- Cookies, pixel tags, and similar technologies (such as cookies that help us save your preferences and identify users)
3.2 Information We Do Not Seek to Collect or Store
We do not seek to collect sensitive information about Student Users or Registered Teachers, such as precise location or biometric data. If we become aware that such information has been provided, we will delete it within thirty (30) days of such awareness or get the appropriate School, Parent, or User consent to keep it if it is reasonably necessary for the Services.
We don’t intentionally collect sensitive information through Along, such as the exact location of students. If we become aware that sensitive information is on the service, we will delete it or notify the appropriate party to get consent to keep it if necessary.
3.3 We Limit the Use of the Information We Collect
We use the personal information we collect from the Services for educational purposes as directed by Registered Teachers or Schools, including to:
- Allow students and teachers to communicate with each other in the Services;
- Drive learning and mentoring engagement between students and teachers;
- Customize the experience for students and teachers, such as by suggesting prompts for teachers to use with students;
- Operate, develop, analyze, evaluate, and improve Gradient Learning’s educational sites, services, or applications;
- Communicate with Users, Parents, and School Administrators in connection with providing the Services;
- Communicate with teachers and school administrators for marketing purposes;
- Maintain the security and reliability of the Services, troubleshoot, and fix bugs;
- Perform other activities requested by Registered Teachers or Schools for educational purposes or with the consent of a Parent or Student User of the age of majority;
- Protect or defend the rights, safety, or property of Gradient Learning, Schools or Users, or to comply with any law enforcement, legal, or regulatory process;
- De-identify the information for other Gradient Learning purposes; or
- Comply with applicable laws.
Safety. We are committed to making Along a safe space for students and teachers. Your well-being is very important to us. We also use the personal information we collect to improve safety for our Users on and off the Services. This includes helping Registered Teachers and School Administrators investigate suspicious activity, reported content, violations of School’s policies or our policies; preventing spam and other bad experiences; combating harmful conduct; verifying accounts and activities; and maintaining the integrity of the Services. We may accomplish this through human review and automated systems such as PhotoDNA.
Advertising. Along does not include advertisements for third-party goods and services. However, we may use advertising to promote Along itself to Registered Teachers and School Administrators, such as by using their email address or cookies to direct ads for Along to them on third-party sites, including on third-party online services like Twitter or LinkedIn. We do not use student personal information for ad purposes.
Disabling Cookies. Most browsers allow you to block or delete cookies through settings they provide, but please know that some of our Services may not work properly if cookies are disabled. We currently do not support “do not track” signals or related opt-outs.
We use the personal information collected from Along for educational purposes only, as directed by teachers and schools that use the service. This personal information also helps us to improve safety for our users. We may use the personal information of teachers and school administrators to direct ads for Along on websites outside of Along. You may be able to have your browser block or delete cookies, but some parts of the services may not work properly as a result.
To be clear, we will NOT:
- Seek to make money from students or their schools, teachers, or parents/legal guardians through the Services;
- Include advertising in the Services, including behaviorally-targeted advertising to Users;
- Use communications content (e.g. audio or video recordings) for anything other than offering, improving, and securing the Services, which includes responding to and/or
investigating user reports or other flags regarding such content;
- Sell, rent or lease (or authorize Service Providers to sell, rent or lease) any personal information we collect from Users for any purpose – including for advertising and marketing purposes;
- Disclose personal information to third parties except in a few limited cases such as to service providers who help us provide the Service, as required by law, or with your consent;
- Use (or authorize Service Providers to use) the personal information we collect from Users for the creation of commercial products or services; or
- Use information collected from Student Users for any purposes other than for educational purposes of our Schools unless we have de-identified the information such that it cannot reasonably be linked to an identifiable Student User.
We don’t sell or use personal information to make money from students and teachers using Along, and we require our own service providers to make the same commitment. We also don’t use student personal information for anything other than educational purposes. In certain cases, we may use de-identified information, (i.e. information that cannot be used to identify or contact an individual) to improve your experience on Along.
De-identified information. We de-identify personal information and use de-identified information for other purposes, including research and product improvement of Gradient Learning’s educational sites, services, or applications. We consider “de-identified” information to be information that has direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact an individual. Such identifiers include persistent unique identifiers, name, ID numbers, and date of birth.
3.4 We Limit How Personal Information Is Shared
In order to provide the Services, we share your personal information in the limited ways outlined below:
- Between students and teachers. Student Users and Registered Teachers will share content and messages with each other in the Services. The Services do not include features that make Student or Registered Teacher personal information publicly available.
- School Administrators. Because Along is an educational tool, authorized School Administrators from Schools may have legal rights to view, import, export, and request deletion of information in the Services. School Administrators may have access to information for a limited time period, even after a Student User or Registered Teacher has requested deletion of an account.
- Parents. We may share information with a Student User’s Parent as authorized by the student’s Registered Teacher or School Administrator or as required by applicable law.
- Service Providers. We use Service Providers to support the operation of the Services, such as through document management, data hosting, and provisioning customer service tools related to the Services. CZI is our long-term technology partner and works as a Service Provider to help us develop and support the Services. We do not and will not grant Service Providers the right to sell your personal information or to use it for any purpose other than what’s necessary to support the Services. We also require Service Providers to implement reasonable security practices. We maintain a list of our Service Providers (“Service Providers”), which may be updated from time to time.
- Law enforcement requests. We may access, preserve, and share User information in response to a legal request (e.g., warrants, subpoenas, court orders), if we have a good-faith belief that the law requires us to do so. In such cases, to the extent permitted by law, we will attempt to provide the Student, School, Registered Teacher, School Administrator, or Parents (as applicable depending on circumstances) with notice of such legal request prior to complying with requests for User information.
- To coordinate with law enforcement to advance safety on and off the Services. We may also share User information when we have a good-faith belief it is necessary to: detect, prevent and address fraud, unauthorized use of Along, violations of School’s or our policies, to protect ourselves (including our rights, property or products), you or others; or to prevent death or imminent bodily harm.
- With other third parties. We may share User information with other third parties, if directed or authorized by the Registered Teacher or School, or with parental consent, to the extent permitted by law and subject to our User Agreement, including the Data Privacy Addendum.
- We may share your information in limited ways with the following parties:
- Those who need it in order to use Along (for example, sharing information between teachers and students communicating with one another through Along).
- School administrators or parents.
- Third-party service providers that help us operate Along (Note: We never sell your information, and require our third party service providers to make the same commitment).
- Law enforcement, in response to a legal request or if we believe it’s necessary to ensure the safety of teachers and students on Along.
- Other third parties if directed or authorized by a teacher or school (with parental consent, and in accordance with the law and our User Agreement).
De-identified information. We will only share de-identified information should we wish to demonstrate how the Services are used, its efficacy, or otherwise provide information or marketing materials related to the Services. We may share aggregated and/or non-personally identifiable information publicly (such as statistics about visitors, and website traffic patterns).
To demonstrate the efficacy of Along or how it’s being used in classrooms and schools, we may publicly share information that has been de-identified (i.e., information that cannot be reasonably used to identify or contact an individual).
4. We Support Parent/Legal Guardian Engagement
We support and encourage the involvement of Parents in their Student Users’ education. Parents and Student Users may, at any time, make a request to access, review, correct, or delete personal information in the Services by contacting the Student User’s Registered Teacher or School. If the Registered Teacher or School determines that the request should be implemented, the Registered Teacher or School may direct us to make such a change. We will process such School requests within thirty (30) days of receiving a written request in a manner consistent with applicable law and the terms of the User Agreement (including the Data Privacy Addendum).
We support and encourage parent/legal guardian involvement with Along. Students and parents/legal guardians may request to access, review, correct or delete personal information. Such requests must be made through the student’s teacher or school.
5. Student User’s Personal Information
All students who use the Services will be invited by a Registered Teacher who has agreed to the User Agreement. Pursuant to the User Agreement (including the Data Privacy Addendum), each Registered Teacher, on behalf of their School, has consented to our practices regarding the collection, use, and disclosure of personal information from Student Users as permitted by law.
When the Registered Teacher invites their students to Along, we rely on consent obtained from the Registered Teacher or the School acting as an agent of the Student User’s parent or legal guardian in order to process the Student User’s personal information.
Registered Teachers are also required to provide notice to School Administrators and are encouraged to notify Parents that they are using the Services to increase student engagement.
COPPA governs the collection of certain information from children under the age of 13 (“child” or “children”); for more information about COPPA and generally protecting children’s online privacy, please visit the Federal Trade Commission COPPA FAQs and OnGuard Online. While COPPA does not directly apply to non-profit organizations such as Gradient Learning, we voluntarily comply with COPPA’s guidelines regarding students under the age of 13 as part of our commitment to transparency with parents regarding the collection and use of their child’s data.
We are committed to trying to protect the personal information for students of all ages on Along. As part of this commitment, we voluntarily comply with the core principles of COPPA.
6. Security and Accuracy of Personal Information
The security of personal information from our Users is important to us, and we work hard to protect it from unauthorized access and use. In an effort to prevent unauthorized access, disclosure, or improper use of User information, and to maintain data accuracy, we have established physical, technical, and administrative safeguards designed to protect the personal information we collect. For additional technical details regarding Gradient Learning’s security programs and measures, please see our Security Whitepaper.
We’re constantly evolving our security procedures as technology changes, but our security procedures at a minimum include the following:
- We restrict access to personal information to authorized Gradient Learning employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Employees and contractors (“Staff”) are subject to discipline if they fail to meet these obligations.
- We require our Service Providers with which we share Student User personal information to employ industry standard data protection and security protocols.
- We use strong authentication methods including multi-factor authentication for all Staff.
- We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information.
- We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored.
- We strive to maintain a data backup and recovery capability designed to help ensure a timely and accurate restoration of personal information.
- We work hard to maintain industry standard software development lifecycle with industry standard security practices designed to establish secure application, infrastructure, and network architectures.
- We endeavor to maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of the Services.
- We regularly provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.
- We employ trained security professionals with experience in security incident response and event monitoring.
- We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks. Any identified security vulnerabilities are remediated in a timely manner.
- We implement oversight and governance procedures for security risks, including a vulnerability disclosure program and mandatory reviews of any incidents affecting the Services.
We are constantly working on ways to prevent unauthorized access and misuse of personal information through administrative, physical, and technical safeguards. These include:
- using strong authentication methods,
- limiting who has access to student data,
- destroying or deleting personal information as needed,
- using strong encryption technology,
- using secured data backup and recovery capability,
- maintaining a secure software development lifecycle,
- providing security training to employees and staff, and
- requiring Service Providers to follow similar terms.
If there is a data breach, we will provide notice to the school as required by law.
We regularly develop and implement features to help keep personal information safe. Should you discover any security bugs or vulnerabilities in our Services or have any questions regarding our data practices, please contact our team at firstname.lastname@example.org.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practice can be 100% guaranteed. The security of personal information can be compromised by outages, attacks, human error, system failure, unauthorized use or other factors at any time. If we learn of a breach of your personal information, we will provide notice which will include information required by applicable law.
7. Data Retention
We will only retain personal information, including personal information from Users, for the time period required to support the authorized educational purposes. If a Student, Registered Teacher or School requests removal of any personal information or closure of their account, we will promptly direct our Staff to delete, dispose of, or de-identify the personal information.
Following a Student User’s account deletion, we will notify their Registered Teacher and School Administrator and the Student Account will be removed from Along after verifying the Student User’s request. Following a Registered Teacher’s account deletion request, we will notify their School that the Registered Teacher’s account, along with associated Student accounts, will be removed from Along after verifying the Registered Teacher’s request.
We will retain a Student User’s and Registered Teacher’s information for a 30-day record retention period in order to support the management by a School or Registered Teacher of information considered part of an Education Record. At the end of that record retention period, we will delete, dispose of, or de-identify the personal information within 30 days unless, consistent with applicable law, there is a legitimate reason to retain such personal information for a longer period.
We may retain personal information for a longer time period if we have consent to retain such information or if we are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, protect the safety and security of our Users or our Services, or enforce the User Agreement (including the Data Privacy Addendum), other agreements, or any posted guidelines, policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
We will also delete Student User or Registered Teacher accounts after a period of inactivity.
We only keep personal information for as long as it’s necessary to provide Along. In certain cases, we may need to keep personal information if the law requires a different duration, or as directed by the teacher or school.
If you are a Parent and wish to have your student’s personal information removed from the Services, please contact your student’s Registered Teacher or School and review the information in Section 8 (” Schools Can Delete Information”).
8. Schools Can Delete Information
Registered Teachers or School Administrators may request the review or deletion of their Student User information, or the closure of accounts associated with their School in the Services. At the end of the 30-day record retention period, we will delete or de-identify such information within 30 days, unless we otherwise have consent to retain such information or are required to retain such information to comply with a valid access or transfer request for Education Records, our legal obligations or law enforcement requests, resolve disputes, or enforce the User Agreement (including the Data Privacy Addendum), Code of Conduct, or other policies or rules applicable to specific features of the Services. Such information will be deleted when it is no longer needed for the purpose for which it was retained.
Teachers and schools can request that we delete and update student personal information.
9. Information for California Residents
While the CCPA does not apply to nonprofit organizations like Gradient Learning, we take privacy seriously and have chosen to inform our practices with the CCPA. Specifically, this means the below.
9.1 The Right to Request Information
The CCPA gives consumers who are residents of California the right to request the following information about the personal information that we’ve collected in the past 12 months:
- Information about Data Collection
- The categories of personal information that have been collected
- The specific pieces of personal information that have been collected about you
- The categories of sources from which we have collected personal information
- The business purpose for which we have collected personal information.
- Information about Data Disclosure
- The categories of third parties with whom personal information has been shared
- The categories of personal information that we have disclosed for a business purpose
9.2 Additional Disclosure
- Information we collect. We have collected the following categories of personal information within the past 12 months: (1) identifiers; (2) internet or other similar network activity; (3) education information; and (4) audio and visual information as part of the content and communications exchanged between students and teachers using the Services.
California residents have the right to request information about the personal data we collect. Requests should be sent to email@example.com.
- Over the past 12 months we’ve collected certain personal information from student and teacher users, in order to provide educational services.
- We collect this personal information both from direct and indirect sources.
- We may disclose personal information for select business purposes, such as to protect against fraudulent activity or to debug our website.
10. How We Communicate With You
If you created an account on the Services (or otherwise provided an email address or phone number to us, or otherwise opted-in to receive communications from us), we may send you messages related to the Services, including messages regarding your account, privacy and security notices, and updates and information regarding the Services. These communications may be sent through SMS, push notifications, email, telephone calls, and postal mail. [Note: Standard carrier fees may apply to messages sent to your mobile devices.] If you have an account with us, we’ll also use your contact information for customer service purposes, or to contact you for legal matters or purposes. We may receive a confirmation when you open an email from us if your device supports it.
We may contact you with messages and notifications about Along, including information about your account, privacy and security notices, and service updates.
For School Administrators. We require Registered Teachers signing up for the Services to tell their School Administrator about it. This means a Registered Teacher may provide us with your email address so we can send you an email from the Registered Teacher telling you about their use of the Services. We would also contact you with questions related to your School’s use of the Services via your Registered Teachers and Student Users.
For Parents and Legal Guardians. We encourage Registered Teachers signing up for the Services to tell you about their use of the Services in their classroom with your child. This means Registered Teachers may provide us your email address and/or phone number so we can send you content from the Registered Teacher telling you about their use of the Services. We would also contact you with questions related to your child’s use of the Services.
Teachers may give us contact information about school administrators and parents. We may contact school administrators and parents to provide requested information, respond to inquiries, or provide information as directed by the school.
11. We Are Transparent About Changes
When we make material changes to this policy, we will notify you before the changes go into effect.
12. We Want To Hear From You
You can learn more about Gradient Learning on our website, http://gradientlearning.org/.