Anaya Nolan
ClassDojo is a communication platform that helps teachers encourage students in class and engage parents and other teachers. Teachers can use the app to give students points for good behaviour and deduct points for bad behaviour. The app is used by at least one teacher in roughly one out of three schools in the United States.
ClassDojo's privacy policy states that it does not sell or rent users' personal information to third parties and that it is compliant with COPPA, FERPA, and GDPR in Europe. However, there have been concerns about the app's potential privacy risks, with some critics arguing that it collects more student data than is necessary.
| Characteristics | Values |
|---|---|
| Personal information collected | Names, email addresses, telephone numbers, passwords, relationship to a child, profile photos, school information, geolocation information, content (e.g. photos, videos, files), feedback points, billing and payment information, testimonials, conduct and safety information, contact information, IP addresses, device information, mobile application information, server log information, location information, cross-device collection, product events, cookies and other similar technologies, local storage, user-generated content, survey responses, etc. |
| How personal information is used | To provide and improve the service, for educational purposes, security, safety purposes, or as allowed by law |
| How personal information is stored | Student personal information is not retained for longer than is necessary for educational purposes and legal obligations, or to provide the service for which it is collected. Non-student user personal information is stored for as long as it is necessary to provide products and services. |
| How personal information is shared | With third-party service providers, social media platforms, analytics services, and other users on ClassDojo. |
| How personal information is protected | Encryption, security safeguards, security industry best practices, bug bounty programs, restricted access, etc. |
What You'll Learn
ClassDojo's privacy policy
ClassDojo is a communication platform that helps teachers encourage students in class and engage parents and other teachers. The platform is designed to be used by teachers, school leaders, students, and parents.
Information Collection
ClassDojo collects two types of information:
- Information that users voluntarily provide by using the service, such as account information, school information, class information, and billing and payment information.
- Information collected automatically as a result of using the service, such as device information, mobile application information, server log information, and location information.
Information Use
ClassDojo uses the information it collects to:
- Operate, provide, enhance and improve the service
- Provide internal analytics and reviews
- Process transactions
- Communicate with users
- Request participation in surveys or focus groups
- Ensure security and fraud prevention
- Comply with the law
Information Sharing
ClassDojo does not sell or rent user information to third parties. However, it may share information with:
- Other users on the platform
- Third-party apps, websites, or services that are integrated with ClassDojo
- Service providers
- Social media platforms
- Analytics services
- ClassDojo companies and affiliates in the event of a change of control
Information Security
ClassDojo takes several measures to protect user information, including:
- Using encryption and other security safeguards
- Verifying users
- Monitoring for unusual activity
- Conducting security testing
- Undergoing third-party audits
- Restricting access to authorized users
- Hosting the service on secure servers
Additional Information
ClassDojo provides users with several rights regarding their personal information, including:
- Right to access and correct personal information
- Right to delete personal information or accounts
- Right to object to or restrict processing
- Right to data portability
Hillary Clinton: Lawbreaker or Smear Campaign?
You may want to see also
COPPA, FERPA, and GDPR compliance
ClassDojo is a platform that connects teachers, students, and parents. It collects two types of information: (1) information that users voluntarily provide, and (2) information collected automatically as a result of the user's activities on the platform.
ClassDojo is certified by iKeepSafe as compliant with the Children's Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). It has also signed the Student Privacy Pledge, agreeing to a set of principles for safeguarding student privacy.
COPPA Compliance
COPPA requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children under 13. ClassDojo only collects personal information from students under 13 when their school, district, and/or teacher has agreed to obtain parental consent for the use of the platform.
FERPA Compliance
ClassDojo is certified by iKeepSafe as compliant with FERPA. FERPA is a US law that protects the privacy of student education records. It applies to schools and school districts and prohibits the disclosure of personally identifiable information from students' education records without parental consent.
GDPR Compliance
The General Data Protection Regulation (GDPR) is a comprehensive data protection and security framework that applies to organizations that control or process the data of individuals in the European Union. ClassDojo is headquartered in Dublin, Ireland, and has operations worldwide. It has implemented measures to ensure compliance with GDPR, including staff training, appointing a Data Protection Officer, conducting data audits, and updating its privacy policies.
ClassDojo's privacy policy outlines users' rights under GDPR, including the right to access, correct, and delete personal data. The company also provides a process for users to exercise these rights by contacting their support team.
Chemours' Legal Troubles: Breaking the Law?
You may want to see also
Student data protection
Understanding the Value of Student Data
Student data encompasses various types of information, including personal details such as name, address, and date of birth, as well as academic records, disciplinary actions, and special education needs. This data is valuable for educational institutions, policymakers, and researchers, as it enables them to make informed decisions and improve the overall quality of education. However, it is crucial to recognize that student data is sensitive and must be protected to safeguard students' privacy and well-being.
Legal Framework for Student Data Protection
In the United States, the Family Educational Rights and Privacy Act (FERPA) serves as the main federal statute guiding student data privacy. FERPA ensures that schools protect the privacy of education records and gives parents the right to access and control the disclosure of their children's information. Additionally, the Protection of Pupil Rights Amendment (PPRA) outlines restrictions on student privacy in federally funded surveys or evaluations. These laws provide a legal framework to safeguard student data and hold educational institutions accountable for its protection.
Best Practices for Student Data Protection
To effectively protect student data, educational institutions and technology providers should implement robust security measures. This includes encryption, firewalls, content filters, and regular security updates. Additionally, staff members who handle student data should receive comprehensive training on privacy laws and best practices to ensure they are well-equipped to handle student information securely and responsibly.
Transparency and Consent
It is essential to maintain transparency with students, parents, and guardians regarding the collection and use of student data. Educational institutions and technology providers should clearly communicate what data is being collected, how it will be used, and the rights individuals have over their personal information. Obtaining informed consent from parents and guardians is crucial before collecting and using student data, especially for sensitive information.
Data Retention and Deletion
Student data should only be retained for as long as it is necessary to fulfil educational purposes and legal obligations. After that, the data should be securely deleted to prevent unauthorized access or misuse. Educational institutions should have clear data retention policies and regularly review and purge outdated or unnecessary student data from their systems.
Incident Response and Breach Notification
Despite best efforts, data breaches can still occur. In the event of a student data breach, educational institutions should have an incident response plan in place. This includes promptly notifying affected individuals, conducting a thorough investigation, and taking appropriate remedial actions to prevent similar incidents in the future. Transparency and timely communication are crucial during such incidents to maintain trust and confidence among students, parents, and the wider community.
Ethical Codes: When Morality and Legality Diverge
You may want to see also
Data ownership
ClassDojo's data ownership policy is outlined in its Privacy Policy. The company states that it does not own any content or information provided by its users, who retain ownership of their data. Users can create, upload, and delete content, and can also update, correct, or delete their personal information.
ClassDojo also provides processes for users to access or review their data, and outlines the company's data retention policies. The company will not retain student personal information for longer than is necessary for educational purposes, legal obligations, or providing its services. It also automatically deletes student feedback points after a year and deletes student accounts after 12 months of inactivity.
However, some data may be retained for school legal compliance reasons, such as the maintenance of "education records" under the Family Educational Rights and Privacy Act (FERPA) or "Student Data" under state student privacy laws. In such cases, data will only be deleted when ClassDojo receives direction from the relevant school authority.
Kathy Griffin's Legal Troubles: Did She Cross the Line?
You may want to see also
Security standards
ClassDojo's security standards are outlined in its Security Whitepaper, which is designed to provide technical readers with clarity and specifics about its security commitments. The company also has a Privacy Center, where users can access more digestible versions of the technical information.
Infrastructure Security
ClassDojo uses Amazon Web Services (AWS) to host its infrastructure, which undergoes strict ongoing security assessments from external audit firms to ensure compliance with security standards such as ISO 27001, SOC 2, PCI DSS Level 1, and FISMA. Access to the ClassDojo Services infrastructure is highly restricted, with AWS hosted infrastructure residing in a dedicated Virtual Private Cloud (VPC) that only allows authorized traffic over approved ports. ThreatStack is used to monitor for suspicious activity.
Backups and Availability Control
ClassDojo has a data backup and recovery system in place to ensure timely restoration of services in the event of a catastrophic failure. These backups are encrypted and stored in multiple availability zones. The company also has a disaster recovery plan in place.
Physical Access Controls
ClassDojo employs various technical and organizational measures to prevent unauthorized persons from accessing data processing systems, including establishing security areas, restricting access paths, and implementing access control systems.
Virtual Access Control
ClassDojo uses technical and organizational measures to prevent data processing systems from being used by unauthorized persons. This includes user identification and authentication procedures, ID/password security procedures, and encryption of archived data media. Access to the ClassDojo Services infrastructure is highly restricted, and the company limits access to only those individuals who need it to perform their jobs. All access requires the use of strong passwords and multi-factor authentication, and all access is logged.
Encryption
All access to the ClassDojo Service occurs via encrypted connections (HTTP over TLS, also known as HTTPS), which encrypt all data before it leaves the ClassDojo Service's servers and protects that data as it transits over the internet. All personally identifiable information is encrypted at rest using modern encryption algorithms.
Louis CK's Sexual Activities: Legal or Not?
You may want to see also
Frequently asked questions
No, Class Dojo does not sell or rent your personal information to any third parties. They will only disclose personal information as set forth in their Privacy Policy, such as with a limited set of third-party service providers necessary to provide or develop their Services.
Class Dojo collects two types of information about you: (1) information that you voluntarily provide, such as your name, email address, telephone number, password, relationship to a child, and an optional profile photo; and (2) information collected automatically as a result of your use of the Service, such as your IP address, device information, mobile application information, and server log information.
Class Dojo uses security industry best practices to protect personal information, including encryption and other security safeguards. They also restrict access to personal information to authorized Class Dojo employees, agents, or independent contractors.
