System Status
We know you rely on Lightspeed Systems solutions to do amazing things, so we continuously monitor our services internally and through 3rd-party services. Find interruptions in services, updates, and maintenance announcements here.
We know you rely on Lightspeed Systems solutions to do amazing things, so we continuously monitor our services internally and through 3rd-party services. Find interruptions in services, updates, and maintenance announcements here.
Lightspeed Systems understands the need to safeguard the personal and confidential data of our customers, employees, and partners. Privacy and security is our responsibility, and we provide innovative solutions that enhance, rather than compromise, data privacy and security.
Since 1999, Lightspeed Systems has been partnering with schools around the world to protect students and make learning adaptable to the ever-changing technological landscape. The nature of our business mandates us to be compliant with the various student data privacy laws, to ensure student data is safeguarded.
Lightspeed Systems provides hosted services including mobile device management, web filtering, app analytics, and classroom management for schools. Our services are available at least 99.9% of the time, with servers being continuously monitored for performance and availability.
Data is encrypted in transit and at rest.
Lightspeed Systems has implemented a Data Retention Policy. Where appropriate, our solutions utilize automated rules to purge data according to policy.
We perform regular backups of data and systems. Backup intervals are dependent on the type of data and range from minutes to once per day.
Lightspeed Systems has a Vulnerability Remediation policy to identify and remediate vulnerabilities according to the risk they present. We utilize patch management software to monitor systems and ensure patches are implemented.
Lightspeed Systems has in place anti-malware and anti-spam solutions to protect servers and workstations.
Lightspeed Systems has deployed logging and monitoring solutions to identify and investigate possible security events.
Access to personal information is limited through login credentials to those employees who require it to perform their job functions. In addition, Lightspeed Systems utilizes access controls such as Multi-Factor Authentication, Single Sign-On, least privilege and access on an as-needed basis, strong password controls, and restricted access to administrative accounts.
Our solutions allow customers to create ‘Admin’ roles that provide only the rights needed to perform the required functions.
Lightspeed Systems maintains the following controls designed to prevent unauthorized access to our offices:
All data centers where data is processed and stored are located in the United States and hold SOC 2, HIPAA, PCI DSS and ISO 27001 certifications. Lightspeed has a process in place to log, monitor, and respond to events and anomalies in its systems and solutions. Data backup and recovery solutions are also in place.
Lightspeed Systems practices security by design. We utilize a Secure Software Development Lifecycle based on the OWASP methodologies.
COPPA applies to the online collection of personal information by persons or entities under U.S. jurisdiction about children under 13 years of age. Parental consent is required for the collection or use of any personal information of the users.
We meet the following COPPA guidelines listed below and agree to:
Education Law § 2-d went into effect in April 2014. The focus of the statute was to foster privacy and security of personally identifiable information (PII) of students and certain PII related to classroom teachers and principals.Lightspeed Systems complies with the NY ED Law 2-D and the Parents Bill of Rights, which requires the following:
The Student Privacy Pledge is a public and legally enforceable statement by ed tech companies to safeguard student privacy, built around commitments regarding the collection, maintenance, and use of student personal information.
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected].
Lightspeed Systems has the following procedures in place to ensure CCPA & CPRA compliance:
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
The Australian Privacy Act 1988 regulates the handling of personal information in Australia. This legislation serves as the foundation of data collection and management policies across the country The Act outlines 13 Australian Privacy Principles (APPs) for managing the use personal and sensitive information
Who does the Privacy Act apply to?
The Privacy Act applies to Australian Government agencies and organizations with an annual turnover exceeding AUD 3 million that handle the personal information of Australian residents.
Fundamental Principles of the Australian Privacy Act (1988)
Lightspeed Systems is committed to meeting the data protection requirements outlined Australian Privacy Principles as follows:
On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force. The EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce, the European Commission and the UK Government to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union/ European Economic Area and the United Kingdom, while ensuring data protection that is consistent with EU and UK laws.Lightspeed Systems complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Lightspeed Systems has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Lightspeed Systems is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Lightspeed Systems commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
For more details on our compliance with the Data Privacy Framework, please review the ‘International Data Transfers’ section of our Privacy Policy.
The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States.
Lightspeed Systems employees receive annual OFAC awareness training to ensure compliance.
Entity Name | Subprocessing Activities | Entity Location (HQ) |
---|---|---|
Amazon Web Services, Inc. | Application Hosting & Storage | United States |
LightEdge | Data Center | United States |
Microsoft Corporation (Microsoft Azure) | Application Hosting & Storage | United States |
Entity Name | Subprocessing Activities | Entity Location (HQ) |
---|---|---|
Ably.io | Presence Monitoring | United Kingdom |
Adobe Sign | Electronic Signature Provider | United States |
FullStory | Product Analytics | United States |
Greenhouse Software Inc. | Recruitment Management Software | United States |
Microsoft Corporation | Email and Collaboration Tools | United States |
Namely | Payroll Management Software | United States |
NetSuite | Accounting Systems | United States |
Pendo.io Inc | Software Experience Management | United States |
Salesforce | Customer Support – CRM Provider | United States |
Twilio | Communications Technology Provider | United States |
Entity Name | Subprocessing Activities | Entity Location (HQ) |
---|---|---|
Amazon Web Services, Inc. | Application Hosting & Storage | United States |
LightEdge | Data Center | United States |
Microsoft Corporation (Microsoft Azure) | Application Hosting & Storage | United States |
Entity Name | Subprocessing Activities | Entity Location (HQ) |
---|---|---|
Ably.io | Presence Monitoring | United Kingdom |
Adobe Sign | Electronic Signature Provider | United States |
FullStory | Product Analytics | United States |
Greenhouse Software Inc. | Recruitment Management Software | United States |
Microsoft Corporation | Email and Collaboration Tools | United States |
Namely | Payroll Management Software | United States |
NetSuite | Accounting Systems | United States |
Pendo.io Inc | Software Experience Management | United States |
Salesforce | Customer Support – CRM Provider | United States |
Twilio | Communications Technology Provider | United States |