Last Revised: October 30, 2020 | Past policies
- 1. Definitions
- 2. Student Data Collected
- 3. Use of Student Data
- 4. Disclosure of Student Data
- 5. De-Identified Data
- 6. Prohibitions; Advertising; Advertising limitations
- 7. External Third-Party Services
- 8. Security
- 9. Review and correction
- 10. Student Data retention
- 11. COPPA
- 12. Updates to this policy
- 13. Contact us
- Supplemental Disclosures
Amplify Education, Inc. (“Amplify”) is leading the way in next-generation K-12 curriculum and assessment. Amplify’s programs provide teachers with powerful tools that help them understand and respond to the needs of every student and use data in a way that is safe, secure, and effective.
Amplify is also an early adopter and proud signatory of the Student Privacy Pledge, an industry-wide pledge to safeguard privacy and security of student data. For more information on the pledge, see https://studentprivacypledge.org/.
Capitalized terms not defined in this section or above will have the meaning set forth by Applicable Laws.
- “Agreement” means the underlying contractual Agreement between Amplify and the School Customer.
- “Authorized Users” means K-12 students, educators, staff and families using Amplify’s Products pursuant to an Agreement.
- “School Customer” means the School District or State Agency that is the party to the Agreement to provide the Amplify Products to the School Customer’s Authorized Users.
- “School District” means a local education agency, school network, independent school, or other regional education system.
- “State Agency” means the educational agency primarily responsible for the supervision of public elementary and secondary schools in any of the 50 states, the Commonwealth of Puerto Rico, the District of Columbia or other territories and possessions of the United States, as well as a national or regional ministry or department of education in other countries, as applicable.
- “Student Data” means any information that directly relates to an identifiable current or former student that Amplify collects, receives, or generates in the course of providing the Products to or on behalf of a School Customer. Student Data may include personal information from a student’s “educational records,” as defined by FERPA.
2. Student Data Collected
Amplify receives Student Data in two ways: (i) from our School Customers to implement the use of our Products and (ii) from Authorized Users.
- Information provided by our School Customers
- Most of Amplify’s educational Products require some basic information about who is in a classroom and who teaches the class. This roster information, including name, email address, grade level, and school ID numbers, is provided to Amplify by our School Customers either directly from the School Customer’s student information system or via a third party with whom the School Customer contracts to provide that information.
- Our Customers may also choose to provide additional student demographic data (e.g. socio-economic status, race, national origin) and other school records (e.g. grades, attendance, assessment results) to Amplify for tailoring individual learning programs or enabling additional reporting capabilities through Amplify Products. For example, a School District may wish to analyze student literacy assessment results based on English Language Learner status in order to better differentiate classroom instruction, and in that case may provide that data along with other roster information.
- Information collected through our Products.
- Schoolwork and student generated content. We collect information contained in student assignments and assessments, including information in responses to instructional activities and participation in collaborative or interactive features of our Products. As part of the digital learning experience, some of our Products may enable students to write texts and create and upload images, video and audio recordings.
- Teacher comments and feedback. Some of our Products may enable educators to provide scores, written comments, or other feedback about student responses or student course performance.
- Other Personal Information Collected
- School Customer Information. We collect personal information when a teacher, administrator or other authorized person associated with a School District or State Agency Customer creates an account or uses our Products or communicates with us. This could include contact information, such as a name, phone number, email address, as well as information about the individual’s school and location.
- Parent and Guardian Information. From time to time, we may collect personal information from or about a Student’s parent or legal guardian. This information may be provided by a School Customer or directly by the parent or guardian who communicates with us or creates an account.
- Device and Usage Data.
- Depending on the Product, we may collect certain information about the device used to connect to our Product, such as device type and model, browser configurations and persistent identifiers, such as IP addresses and unique device identifiers. We may collect device diagnostic information, such as battery level, usage logs and error logs as well as usage, viewing and technical information, such as the number of requests a device makes, to ensure proper system capacity for all Authorized Users. We may collect geolocation information from a user’s device, or may approximate device location based on other metrics, like an IP address. Some of our Products use “cookies,” Web beacons, HTML5 local storage and other similar technologies to collect and store such data. We use this information to remember returning users and facilitate ease of login, to customize the function and appearance of the Products, and to improve the learning experience. This information also helps us to track product usage for various purposes including website optimization, to ensure proper system capacity, troubleshoot and fix errors, provide technical assistance and customer support, provide and monitor the effectiveness of our Products, monitor and address security concerns, and to compile analytics for product improvement and other internal purposes.
- With respect to cookies, you may be able to reject cookies through your browser or device controls, but doing so may negatively impact your experience as some features may not work properly. To learn more about browser cookies, including how to manage or delete them, check the “Help,” “Tools” or similar section of your browser. If we link or combine device and usage information with personal information we have collected directly from users that relates to or identifies a particular individual, we will treat the combined information as personal information.
- Third party website tracking. Amplify does not track students across third-party websites and does not respond to Do Not Track (DNT) signals. Amplify does not permit third party advertising networks to collect information from or about Students using Amplify educational Products for the purpose of serving targeted advertising across websites and over time and Amplify will never use Student Data for targeted advertising.
3. Use of Student Data
Amplify uses Student Data collected from, or on behalf of, a School Customer to support the learning experience, to provide the Products to the School Customer and to ensure secure and effective operation of our Products, including:
- to provide and improve our educational Products and to support School Customers’ and Authorized Users’ activities;
- for purposes requested or authorized by the School Customer or as otherwise permitted by Applicable Laws;
- for adaptive or personalized learning purposes, provided that Student Data is not disclosed;
- for customer support purposes, to respond to the inquiries and fulfill the requests of our School Customers and their Authorized Users;
- to enforce product access and security controls; and
- to conduct system audits and improve protections against the misuse of our Products, or to detect and prevent fraud and other harmful activities.
Amplify may use de-identified data as described in Section 5 below.
4. Disclosure of Student Data
We only share or disclose Student Data as needed to provide the Products under the Agreement and as required by law, including but not limited to the following:
- as directed or permitted by the School Customer;
- to other Authorized Users of the School Customer entitled to access such data in connection with the Products;
- to our service providers, subprocessors, or vendors who have a legitimate need to access such data in order to assist us in providing our Products, such as platform, infrastructure, and application software. We contractually bind such parties to protect Student Data in a manner consistent with those practices set forth in this Policy;
- to comply with the law, respond to requests in legal or government enforcement proceedings (such as complying with a subpoena), protect our rights in a legal dispute, or seek assistance of law enforcement in the event of a threat to our rights, security or property or that of our affiliates, customers, Authorized Users or others;
- in the event Amplify or all or part of its assets are acquired or transferred to another party, including in connection with any bankruptcy or similar proceedings, provided that successor entity will be required to comply with the privacy protections in this Policy with respect to information collected under this Policy, or we will provide School Customers with notice and an opportunity to opt-out of the transfer of Student Data by deleting such data prior to the transfer; and
- except as restricted by Applicable Laws or contracts with our School Customers, we may also share Student Data with Amplify’s affiliated education companies, provided that such disclosure is solely for the purposes of providing Products and at all times is subject to this Policy.
5. De-Identified Data
Amplify may use de-identified or aggregate data for purposes allowed under FERPA and other Applicable Laws, to research, develop and improve educational sites, services and applications and to demonstrate the effectiveness of the Amplify Products. We may also share de-identified data with research partners to help us analyze the information for product improvement and development purposes.
Records and information are considered to be de-identified when all personally identifiable information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual. We de-identify Student Data in compliance with Applicable Laws and in accordance with the guidelines of NIST SP 800-122. Amplify has implemented internal procedures and controls to protect against the re-identification of de-identified Student Data. Amplify does not disclose de-identified data to its research partners unless that party has agreed in writing not to attempt to re-identify such data.
6. Prohibitions; Advertising; Advertising limitations
Amplify will not:
- sell Student Data to third parties;
- use or disclose Student Data to inform, influence or enable targeted advertising to a student based on Student Data or information or data inferred over time from the student’s usage of the Products;
- use Student Data to develop a profile of a student for any purpose other than providing the Products to a School Customer, or as authorized by a parent or legal guardian;
- use Student Data for any commercial purpose other than provide the Products to the School Customer, as authorized by the School Customer or the parent or guardian, or as permitted by Applicable Laws.
Amplify may, from time to time, provide customized content, advertising and commercial messages to School Customers, teachers, school administrators or other non-student users, provided that such advertisements shall not be based on Student Data. Amplify may use Student Data to recommend educational products or services to users, or to notify users about new educational product updates, features, or services.
7. External Third-Party Services
- Users may be able to login to our Products using third-party sign-in services such as Clever or Google. These services authenticate your identity and provide you with the option to share certain personal information with us, including your name and email address, to pre-populate our account sign-up form. If you choose to enable a third party to share your third-party account credentials with Amplify, we may obtain personal information via that mechanism. You may configure your accounts on these third party platform services to control what information they share.
- Amplify maintains a comprehensive information security program and uses industry standard administrative, technical, operational and physical measures to safeguard Student Data in its possession against loss, theft and unauthorized use, disclosure or modification. Amplify performs periodic risk assessments of its information security program and prioritizes the remediation of identified security vulnerabilities. Please see amplify.com/security for a detailed description of Amplify’s security program.
- In the event Amplify discovers or is notified that Student Data within our possession or control was disclosed to, or acquired by, an unauthorized party, we will investigate the incident, take steps to mitigate the potential impact, and notify the School Customer in accordance with Applicable Laws.
9. Review and correction
- FERPA requires schools to provide parents with access to their children’s education records, and parents may request that the school correct records that they believe to be inaccurate or misleading.
- If you are a parent or guardian and would like to review, correct or update your child’s data stored in our Products, contact your School District. Amplify will work with your School District to enable your access to and, if applicable, correction of your child’s education records.
- If you have any questions about whom to contact or other questions about your child’s data, you may contact us using the information provided below.
10. Student Data retention
We will retain Student Data for the period necessary to fulfill the purposes outlined in this Policy and our agreement with that School Customer. We do not knowingly retain Student Data beyond the time period required to support a School Customer’s educational purpose, unless authorized by the School Customer. Upon notice from our School Customers, Amplify will return, delete, or destroy Student Data stored by Amplify in accordance with applicable law and customer requirements. We may not be able to fully delete all data in all circumstances, such as information retained in technical support records, customer service records, back-ups and similar business records. Unless otherwise notified by our School Customer, we will delete or de-identify Student Data after termination of our Agreement with the School Customer.
We do not knowingly collect personal information from a child under 13 unless and until a School Customer has authorized us to collect such information through the provision of Products on the School Customer’s behalf. We comply with all applicable provisions of the Children’s Online Privacy Protection Act (“COPPA”). To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering School District or State Agency and on the basis of educational institutional consent. Upon request, we provide the School Customer the opportunity to review and delete the personal information collected from students. If you are a parent or guardian and have questions about your child’s use of the Products and any personal information collected, please direct these questions to your child’s school.
12. Updates to this policy
We may change this Policy in the future. For example, we may update it to comply with new laws or regulations, to conform to industry best practices, or to reflect changes in our product offerings. When these changes do not reflect material changes in our practices with respect to use and/or disclosure of Student Data, such changes to the Policy will become effective when we post the revised Policy on our website. In the event there are material changes in our practices that would result in Student Data being used in a materially different manner than was disclosed when the information was collected, we will notify School Customers affected by the changes via the email contact information provided by the customer and provide an opportunity to opt-out before such changes take effect.
13. Contact us
Nevada. This section applies if you are a resident of the state of Nevada. While Amplify does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personally identifiable information to email@example.com.
California. This section applies to you if you are a resident of the state of California and for purposes of this section the term “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”). Residents of California may be entitled to certain rights with respect to personal information that we collect about them under the CCPA: the Right to Know, the Right to Request Deletion and the Right to Opt-Out of Personal Information Sales. You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you the Products or engage with you in the same manner. To request to exercise your California consumer rights, please contact us at firstname.lastname@example.org with the subject line “California Rights Request.”
Note for students and other users who engage with Amplify in connection with a School Customer’s use of Amplify: Because Amplify provides the Products to School Customers as a “School Official,” we collect, retain, use and disclose Student Data only for or on behalf of our School Customers for the purpose of providing the Products specified in our agreement with the Customer and for no other commercial purpose. Accordingly, we act as a “service provider” for our School Customers under the CCPA. If you have any questions or would like to exercise your California rights, please contact your School directly.