January 1, 2022
If we intend to use or disclose members’ Personal Information (as defined below) in a manner materially different from that stated at the time of collection we will send notification by email to those who have shared with us their email addresses.
What is This Policy?
Information Collection/How we use your information: We primarily use the information we collect when you use the Services in connection with your relationship with Imagine Learning, your use of the Services, and for sending you information from us.
Information Sharing: Remember that if you create an account or share Personal Information with other users on the Services, your information may be visible to others. However, student data will only be visible to their administrators, teachers and parents, and students cannot share data with other students. Note that we do not share your Personal Information with third parties for their marketing purposes; however, we may share your Personal Information under certain limited circumstances.
Third party analytics providers: We work with analytics service providers and other vendors to provide us with information regarding traffic on our websites or through our service (collectively referred to as “Sites”), including the pages viewed and the actions users take when visiting the Sites and to provide us with information regarding the use of the Sites.
How Are Accounts Created?
When the primary account belongs to a LEA, student accounts will be populated in coordination with that LEA. Students will then be provided login information in a manner specific to that district and in accordance with LEA policy, which may in some cases be through a LEA-wide “single sign-on” or by communicating an initial login and password to the student.
Some Services may also allow a LEA to create a parent account tied to a student account if so desired.
Consent by LEAs, Teachers, and Parents
If you are a student of any age, you must get permission from your LEA or LEA-authorized representative to use the Services.
What Information Does Imagine Learning Collect About Students, Teachers, and Parents?
Information shared with us: We may collect “Personal Information” (which is information that can reasonably be used, alone or in combination with other reasonably available information, to identify or contact a specific individual). Personal Information includes, but is not limited to, student data, metadata, and user content. The information that we collect from logged-in users includes information that you voluntarily provide to us when you use your account and information that is automatically collected when you are logged into the Imagine Learning platform. The information collected depends on whether you are a teacher, LEA, parent, or student and may vary slightly from product to product. Below is a list of information collected across all our Services.
- Required student information
- Student first and last name
- Grade level
- Student number
- Student username and password for our Services
- LEA name
- Information provided through use of our Services:
- Assessment results and scores including academic performance and placement, psychographic information, and screening results
- Curriculum progress
- Audio recordings
- Student-generated content (e.g., responses to writing prompts and math journals)
- Communications (such as chat text logs between students and certified teachers, grade commentary, etc.)
- Certificates of achievement and curriculum completion
- Optional student information (Note that we will never condition a student’s participation in an activity on the student’s disclosure of more Personal Information than is necessary to participate in the activity)
- Single sign-on ID (for schools that use a single sign-on functionality)
- Demographic information (such as date of birth, gender, ethnicity/race, language).
- Special indicators (such as Individual Education Plan (IEP) status, English-Language Learner (ELL) status, living situations (foster care/homeless), low-income status etc.)
- Organization number (e.g., school or district identifier, state identification, or other number)
- Student email
- Teacher/Administrator first and last name
- Teacher/Administrator title
- Email address
- LEA name
- Teacher/Administrator username and password for our Services
- Single sign-on ID (for schools that use a single sign-on functionality)
- Certificates of completion for online training
Parent Account (optional):
- Parent first and last name
- Email address
- Parent username and password for our Services
Information collected from our marketing website: Independent of our Services used by students and teachers, we have websites limited to those browsing our marketing content. Our marketing websites collect some data, such as name and contact information, via online forms and some data via cookies and other social media trackers used on marketing pages.
Information we collect automatically: In every case we also log certain detailed technical information about all users’ interactions with our Services that could be linked with users (including students). This includes the IP addresses that we get when users connect to our Services, information that is sent by web browsers automatically when they connect to our Services (such as the type of web browser, the operating system used and the time zone set on the user’s computer), and the timing and frequency of how users interact with different content and different areas of our Sites.
We use following methods and tools to collect and track the automatically collected information described above:
- Cookies: Like many other websites and apps, we set cookies so that we may recognize when someone connecting to our Sites is currently logged in or has visited before. A cookie is a data file sent to a browser from a web server and stored on the user’s computer’s hard drive that allows us to recognize that browser when the user returns to our Sites. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your browser, or visit http://www.allaboutcookies.org.
- How we respond to Do Not Track signals: Please note that your browser setting may allow you to automatically transmit a “Do Not Track” (DNT) signal to websites and online service you visit. DNT is a privacy preference users can set in certain web browsers to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. However, we do not recognize or respond to browser-initiated DNT signals, as the internet industry is still working to determine what DNT means, how to comply with DNT, and how to create a common approach to responding to DNT. To find out more about “Do Not Track”, please visit http://www.allaboutdnt.com.
Like most online services, when you use the Services, we automatically collect and store details of how you used our service, such as your activity on the Services, and the frequency and duration of your visits.
By using our Services you agree to our use of these information collection technologies.
De-identified and Aggregate Data
What Student Information Can Other Users See?
When the primary account belongs to a LEA, the account administrator designated by the LEA can access all information we collect about students that we make available through our websites and online services. LEA-designated administrators can delegate the right to view student information in accordance with LEA policy. Each teacher within that LEA can see only information relating to students’ participation in classes taught by that teacher (unless granted additional access by the LEA account administrator).
Some Services may allow a LEA to create a parent account tied to a student account if so desired. Parents may view student information only for the student accounts to which they’ve been linked.
What Does Imagine Learning Do With Personal Information?
We do collect website usage information through third-party analytics services and anonymized data to help us improve our experiences for students, but such information does not contain Personal Information. We also collect website usage information through third-party analytics services for non-student users to support product support and development.
We use Personal Information and any other information collected through the website for the following reasons:
- to administer the Services;
- to improve the quality and types of services that we deliver;
- to analyze usage of the Services and the popularity and performance of our Sites;
- to communicate with parents, teachers and LEAs by responding to your requests, comments and questions;
- to track and assess student development and progress;
- to generate reports that allow parents, teachers, and other authorized persons to evaluate student progress, identify students who need intervention, and discover students who can be taught together as a group;
- to diagnose technical problems;
- to email parents, teachers, and other authorized persons regarding service, technical and other administrative matters. These communications may also include information regarding changes in services, new service offerings and important service-related notices, such as security and fraud notices. Such communications will only be delivered to parents, teachers and LEAs and will never be delivered to student users;
- to send users alerts to notify them about pertinent activity on our Services, such as messages from colleagues or upcoming assignments (“Notification Alerts”). These Notification Alerts may be sent to all users of our Services, including students;
- to provide useful analyses to users and primary account owners;
- to conduct research and analytics to improve our Services and value to you, and to perform research for authorized persons;
- to protect Imagine Learning and our users, such as conducting audits or notifying LEAs of inappropriate or potentially harmful behavior;
- to assist students who request online help from our state-certified, security-cleared teachers who are employed by Imagine Learning to provide individualized instruction;
- for other educational purposes requested and sanctioned by an authorized representative of the LEA;
- for billing, account management, and other administrative matters;
- to comply with a judicial order, subpoena or other legal request; or
- as required by applicable law or regulation.
How We Share Information
We use third-party service providers to provide a variety of services, such as assisting us with providing customer support, hosting our Services, providing us with analytics about how people use our Services, assisting us with marketing our Services to LEA administrators and teachers, sending and tracking responses to email, providing a framework for the delivery of assessment tools and analytics, storing data, providing single sign-on services (where applicable), and helping us identify and track bugs and errors in our Services. Student analytics data are anonymous, but teacher analytics data include teacher name and email address. Third parties we work with are contractually prohibited from using any Personal Information for any purpose other than providing the services we request from them.
When a LEA is the primary account holder, we share information with third parties at the direction of the LEA, and it is the LEA’s responsibility to make such requests in a manner that is consistent with their internal policies and the law. We may also share information that we collect in the following (or comparable) circumstances:
- if we believe in good faith that it is necessary to disclose the information under any applicable law or regulation (for example, in response to a court order or a subpoena);
- if we believe in good faith that it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person;
- to investigate and act upon potential violations of the law or of our terms of service;
- to provide information to a claimed owner of intellectual property who claims that content you have provided infringes on their rights;
- in response to bankruptcy proceedings;
- with teachers (and parents where necessary) so they can see information about their students or children, such as the student’s or child’s name, school affiliation and activity on assignments (including time of activity and any responses to questions, extending to grades for those assignments);
- with third-party products specifically configured by LEAs to interoperate with Imagine Learning;
- if the information is De-Identified Data;
- with our corporate affiliates, parents, and/or subsidiaries; or
- in other circumstances that you expressly consent to.
When logged into our Services, users may choose to interact with Google APIs to submit assignments to our learning management system. For example, users may log into their Google Drive account to select files they wish to upload to the Services as work products. Access to these APIs is read-only. Imagine Learning’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Third Party Content, Links to Other Sites, and Imagine Learning Content Found Outside the Site
Certain content provided through the Services may be hosted and served by third parties. In addition, our Services includes some links to third party sites or content over which Imagine Learning has no control and which are governed by the privacy policies and business practices of those third parties. We are not responsible for the data collection practices on those other sites. We advise you to carefully review those sites’ privacy policies before submitting Personal Information there.
Please also note that Imagine Learning content may be included on web pages and websites that are not associated with us and over which we have no control. These third parties may independently collect data. Imagine Learning is not responsible or liable for the privacy practices or business practices of any third party.
Access through a Mobile Device
If you use our Services through a mobile device or one of our mobile applications, you agree that Imagine Learning may store and use that information for security purposes (for example, for user verification or authentication and to ensure that our APIs are being used appropriately.)
Students may have the option to log in with a QR code from their teacher. Scanning the QR code requires use of camera. All the processing happens through the LEA. No video is transmitted or stored on our servers. Students may be able to record themselves use the device’s microphone during certain educational activities. These recordings are processed and stored on our servers. Permission is obtained prior to access to the device’s camera or microphone.
Protecting the privacy of young children is especially important to Imagine Learning. For that reason, we created certain features designed to help protect Personal Information relating to children who are less than 13 years of age (or higher age if required by applicable law) (“Child Users”).
The Children’s Online Privacy Protection Act (“COPPA”) requires that all online service providers, including Imagine Learning, obtain parental consent before knowingly collecting personally identifiable information from children under the age of 13. Imagine Learning does not knowingly collect or solicit any personally identifiable information from children under the age of 13, and instead relies upon information provided to Imagine Learning by the account holder. Children under the age of 13 are prohibited from using the Services or creating an account unless they are doing so with parental consent or with the consent of an account holder who is providing such consent in compliance with COPPA. If we learn that we have collected personal information from a person under the age of 13 that does not comply with COPPA, we will delete that information in a reasonably prudent amount of time. If you believe that a child under the age of 13 has provided personally identifiable information to us without appropriate consent, please contact us at firstname.lastname@example.org.
How does a child register and use the Services?
Child Users cannot obtain a user account without it being created by a teacher or other LEA-authorized representative.
What children’s information is visible to others?
No student’s profile is made available or visible to the public through Imagine Learning. If a teacher utilizes certain features on a device in the classroom, other students may be able to view information that is displayed by the teacher in the classroom, but students can’t view each other’s individual student profiles.
Parents: To review your child’s user data you must request the information from your child’s teacher. Some Services may allow a LEA to create a parent account tied to their respective students. In such cases, a parent may access their child’s information through the parent account.
Our Security Practices
We strive to protect the confidentiality, security, and integrity of the Personal Information we collect from children and adults. We have put in place physical, electronic, and administrative procedures designed to safeguard and to help prevent unauthorized access to and maintain the security of personally identifiable information collected through our Services.
All accounts are protected by passwords. Please keep these passwords secret to prevent unauthorized access to these accounts. If you think someone has gained unauthorized access to an account please change your password and contact us immediately.
We take customary and reasonable measures designed to protect the confidentiality, security, and integrity of Personal Information collected on our Services, both during transmission and within our systems. Such protections include, but are not limited to:
- Data encryption and storage: Data is encrypted in transit (SSL/TLS) and at rest. Personal Information is stored and processed within the continental United States.
- Access: Access to Personal Information is restricted to a limited number of Imagine Learning employees who need such access to perform their job.
- Data Systems Monitoring: We employ several third-party services that continuously monitor and scan our Services for vulnerabilities. Employees dedicated to operating the Services monitor these reports and receive automated alerts when performance falls outside of prescribed norms.
- Incident Response Plan: Imagine Learning maintains an incident response plan.
- Firewalls: Anti-virus software and firewalls are installed and configured to prevent malicious or unauthorized traffic.
- Security audits: Imagine Learning conducts security audits and code reviews, both by external and internal providers.
- Employee training: Imagine Learning has designated privacy and data security officials to oversee employee security training and compliance.
Data Breach or Security Incident
While we have taken customary and reasonable steps to protect the Personal Information we collect, no system is 100% fail-proof and secure.
In the event that Imagine Learning becomes aware of a data breach impacting your Personal Information, we will provide notification in compliance with all applicable laws and our contracts with LEAs. For example, we may post a notice on our landing page or elsewhere on our Services and may send an email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
Imagine Learning has procedures in place that are designed to stop threats that may expose Personal Information, restore the Sites to full functionality, and document and take proactive steps to ensure the incident cannot be repeated. Imagine Learning will also preserve necessary evidence for investigation by security professionals and law enforcement as appropriate. In the unlikely event of an unauthorized disclosure of records, Imagine Learning will follow its internal procedures, that articulate how to report the problem to internal and external stakeholders. The notification process includes any information that can identify which customers and students may have been impacted, the data that may have been accessed, Imagine Learning’s process to inform affected customers, and steps to prevent the incident from happening again as appropriate.
In the unlikely event of an unauthorized disclosure of Data, Imagine Learning has implemented a process for responding to incidents and notifying affected individuals and, if applicable, law enforcement personnel.
If you have any questions about security on our Services, you can email us by clicking here or emailing email@example.com directly.
Your Choices Related to Your Privacy
In order to process your information, we rely on your consent or our legitimate interests to process your data. You may withdraw your consent or object to the use of our information at any time, but you may no longer be able to access our Services.
Communications from Imagine Learning
Imagine Learning may send you information by email or may post notices on the Imagine Learning homepage (https://imaginelearning.com).
You may choose to stop receiving certain emails from Imagine Learning by using the unsubscribe button at the bottom of the Imagine Learning email. You may still receive transactional emails from us related to forgotten passwords, account expiration, or other necessary communication. However, we reserve the right to send you information on our behalf and on behalf of third parties in connection with providing our Services. If you no longer want to receive information from us, you will need to close your account.
How You Can Delete or Correct Student Information or an Account
When LEAs create accounts for students, teachers, and parents, the LEA remains the sole owner of the educational data. All requests to review, delete or correct student or teacher information should be directed to the LEA. If we receive a request to delete or correct a user’s data from a student, parent, or guardian, we will route such request to the LEA and will assist the LEA as needed to respond to authorized requests within a reasonable time frame and in compliance with applicable laws and regulations.
Please note that any information you share with others on the website or content other users may have copied is not a part of your account and may not be deleted when you delete your account. If we share your data with one of our service providers, we will use our best efforts to cause such third party to delete such data when you delete your account.
How We Retain and Delete Your Data
Upon termination of your account, Imagine Learning will take commercially reasonable steps to delete any Personal Information from its live databases in a reasonable amount of time. We will retain Personal Information collected in connection with an account only for as long as is necessary to provide the services to the account holder, as required by applicable laws or regulations or otherwise per the terms or a contract with a LEA.
Data may be returned to the LEA as directed by the agreement with the LEA. If no specific instructions are included in the agreement, the data will be returned or destroyed upon one of the following (i) after termination of our relationship with a LEA or LEA-authorized person, (ii) when it is no longer needed for the purpose for which it was provided, (iii) when advised to do so by the LEA, or (iv) as directed by agreement with the LEA. Data are returned in a digital, machine-readable format via a secure means of transmission.
We may further retain information for business practices based on our legitimate interest or legal purposes, such as secure electronic archives that are not readily accessible to users or maintained for disaster recovery and/or information technology backups. We may also maintain De-Identified Data, including usage data, for any purpose that is consistent with laws, regulations, and contractual obligations.
Users in California
If you are a resident of the state of California, you have certain data protection rights. Imagine Learning aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. This section describes how we collect, use, and share Personal Information of California residents in operating our business and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
In certain circumstances, you have the following data protection rights:
- Information: You can request the following information about how we have collected and used your or your child’s Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or sharing Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party recipient.
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party recipient.
- Access: You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion: You can ask us to delete the Personal Information that we have collected from you. We will take reasonable measures to comply with a verifiable request, except when use of the Personal Information is necessary to comply with a legal obligation or for a legitimate business need permitted under the CCPA.
- Opt-out of sales: We do not currently sell Personal Information. If we plan to sell Personal Information, you will be notified and you can opt-out.
- Nondiscrimination: You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Services.
How to Exercise Your Rights
You may exercise your California privacy rights described above as follows:
- Emailing firstname.lastname@example.org
- Mailing Imagine Learning’s Privacy Office at 8860 E Chaparral Road, Suite 100, Scottsdale, AZ 85250.
Users Outside the United States
Consent to Transfer
The Services are operated in the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Services, or providing us with any information, you fully understand and unambiguously consent to this transfer, processing, and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
Important Information for Users in the European Economic Area
The following information only applies to users in the European Economic Area (EEA), provided that we are the controller of your Personal Information as described below.
If you use the Services through your employer, school, or another organization, that organization is the controller of your Personal Information. All questions or requests regarding your rights under European data protection legislation (including the rights described under Your rights below) or the processing of your Personal Information should be directed to the organization. Imagine Learning is the organization’s processor and uses your Personal Information only as instructed by the organization and to the extent necessary to comply with applicable law.
If you do not use the Services through an organization, Imagine Learning is the controller of your Personal Information and can be reached using the contact details in “For More Information” section below.
Legal bases for processing
We process your Personal Information on the following legal bases:
Cross-border data transfer
Whenever we transfer your Personal Information out of the European Economic Area (“EEA”) to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EEA’s data protection laws. Such safeguards may include applying the European Commission model contracts for the transfer of Personal Information to third countries described here. Please contact us for further information about any such transfers or the specific safeguards applied.
You may ask us to take the following actions in relation to your Personal Information that we hold:
- Access: Provide you with information about our processing of your Personal Information and give you access to your Personal Information.
- Correct: Update or correct inaccuracies in your Personal Information.
- Delete: Delete your Personal Information.
- Transfer:Transfer a machine-readable copy of your Personal Information to you or a third party of your choice.
- Restrict: Restrict the processing of your Personal Information.
- Object: Object to our reliance on our legitimate interests as the legal basis of our processing your Personal Information, where that processing adversely impacts your legal rights.
You may send us these requests by contacting us at email@example.com. We may request information from you to help us confirm your identity and process your request. Applicable law may require or permit us to reject part or all of your request. If we reject your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your Personal Information or response to your requests regarding your Personal Information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including to continue providing our Services to LEAs you sent information to and for the purposes of archiving and satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Notice of Changes to This Policy
For More Information