Privacy Policy

CatchOn Privacy Policy

Welcome! We are excited that you are considering the services of CatchOn, Inc. (“CatchOn”). CatchOn provides immediately actionable data analytics to schools, school districts, and other educational institutions. As such, CatchOn is committed to ensuring that the information of your organization and your students and staff is secure, and both your and your users’ privacy is protected. This Privacy Policy tells you how we collect, use and share personal information and is effective as of the date posted above. Please read this document in its entirety to understand our privacy policy. By using our services and submitting information you agree that we may use and disclose your information according to the terms of this policy. If you have any questions, please feel free to contact us at [email protected].

Core Privacy and Security Principles

Data Ownership: CatchOn considers and acknowledges all data that CatchOn may gather from an institution or the devices it owns and manages is the property of the customer institution. CatchOn’s customers have complete and unequivocal rights to their data and how they wish their data to be utilized.

Non-Disclosure to Third Parties: CatchOn is a trusted steward of education and student data. Data received from our customers is used solely for purposes of providing CatchOn services. CatchOn does not sell, provide, or disclose any information about student and staff utilization of content, resources, or devices to any third parties, other than to those third party specifically authorized via a signed consent form by our customers to receive their data solely for the purpose of providing services to such customer.

Security: CatchOn uses significant security measures to protect the privacy of student data. These security protections include, but are not limited to,  AES-256, encryption of all data at rest, and Transport Layer Security (TLS) encryption of all data in transit. CatchOn also provide options for de-identification of personally identifiable student information through the use of an irreversible one-way hash. 

Student Information

As part of its services, CatchOn collects data related to the education of students, such as names, student identifiers, email addresses, usernames, and other information, including automatically collected information described below. CatchOn does not collect or receive any information not needed for a customer’s services. Any personally identifiable information we receive is maintained in encrypted form in secure environments compliant with multiple industry standards and not shared with any third parties, other than individuals and entities specifically authorized by the student’s subscribing school or similar institution.

The Children’s Online Privacy Protection Act (COPPA) puts additional protections in place and streamlines other procedures that companies covered by the rule need to follow. Customers and schools must adhere to all FTC and related regulations on privacy and children’s online safety as described here: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy which includes not giving access to the data within the platform to those other than account administrators.

Access to the data within the Platform is intended for users aged 13 and over. We will not knowingly collect, use or distribute personal information from children under the age of 13 without prior verifiable consent from a parent or guardian. By way of this Privacy Policy, CatchOn gives notice to subscribing schools or similar institutions to not allow children under the age of 13 to register for CatchOn’s utilization information and data analytics platform (“Platform”) without prior verifiable consent from a parent or guardian. We will not knowingly ask a child under the age of 13 to divulge more information than is needed to use the Platform. We will not knowingly keep any personal information that is inadvertently included in a child’s email submission, help inquiry, or other one-time requests, if we know that the child is under the age of 13. Any such personal information will be deleted after the issue has been resolved.

Parents or guardians of children whose personal information has been collected can obtain a description of the personal information that has been collected of their child/children, contact us to delete the personal information of their child/children, or refuse any future collection and use of the personal information of their child/children by contacting us at:

Email:              [email protected]

Mail:                618 Grassmere Park Drive, Suite 12
                        Nashville, TN 37211

Additionally, we acknowledge that our users, schools and districts are subject to the Family Educational Rights and Privacy Act (20 U.S.C. 12332(g)) (FERPA), which law and supporting regulations generally address certain obligations of an educational agency or institution that receives federal funds regarding disclosure of personally identifiable information in education records. CatchOn has been authorized by the subscribing school or similar institution as a “school official” under FERPA and has a legitimate educational interest in personally identifiable information from education records because We: (1) provide a service or function for which the users, schools and districts would otherwise use employees; (2) is under the direct control of the users, schools and districts with respect to the use and maintenance of education records; and (3) is subject to the requirements of FERPA governing the use and redisclosure of personally identifiable information from education records.

Information We Collect

In addition to the student information detailed above, we may collect the following types of information:

Utilization information: The CatchOn agent may gather some or all of the following information: user ID and email domain of the user as provided by the institution’s Mobile Device Management system, the URL the device visited, the date and time the visit occurred, the hardware ID of the device, the local Internet Protocol (IP) address, and the device hostname. The username and/or user ID is deidentified on the agent using a one-way hash before transmission and then the data payload is sent via TLS to the Platform.

Information you provide: When the subscribing school or similar institution signs up for CatchOn, we ask you for some basic personal information. This includes personally identifying information such as your name and school organization information. When you use the Platform, you may provide additional personal information at your sole discretion, including subject interests and grade level interests. The registering user is responsible for all activity on that user’s account.

Cookies: Currently, software agents on school-owned and/or -managed devices do not use “cookies” to identify users. However, the CatchOn website, like most websites and on-line applications, does employ “cookies.” In the future (and without further notice or approval), we may send one or more cookies to your computer or mobile device. We only would use cookies to improve the quality of our Platform, including for storing user preferences for improving search results and tracking user trends, such as how people use our Platform. We may allow selected third parties to place cookies through the Site to provide us with better insights into the use of the Site or user demographics or to provide relevant advertising to you. These third parties may collect information about a consumer’s online activities over time and across different websites when he or she uses our website. We do not use technology that recognizes a “do-not-track” signal from a website visitor’s web browser. Further general information about cookies and how they work is available at www.allaboutcookies.org.

Automatically Collected Information

Log information: When you access the Platform via a browser, application or other devices, our servers automatically record certain information. These server logs may include information such as your web request, your interaction with a Platform, IP address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account. When you use the Platform using your smartphone or other mobile devices, we collect information regarding device type, operating system, IP address and device ID. As you interact with the Platform, we obtain information regarding your interactions, such as time of day and date, how long you spend on different pages and the like. If you or your subscribing school or similar institution have installed our extensions to your browser, we may automatically record certain information while the extension is activated, such as your username, the website you visit, and the amount of time spent on each site.

User communications: When you send communications to us or to other users through the Platform, we may retain those communications to process your inquiries, respond to your requests and improve our Platform. We may use your email address to communicate with you about our Platform, including service-related notices. You acknowledge that these service-related notices are necessary for the provision of the Platform and you may not opt out of such service-related notices.

How We Use Information

CatchOn uses the information we collect to provide immediately actionable intelligence and data analytics to school districts and similar institutions to help improve educational outcomes and ROI on their technology investments. 

We also use information you provide and information we automatically collect to administer the Platform and to allow you and other users to use the Platform.

We may also use your non-personally identifiable information, including as aggregated with other users’ information, to analyze use of our Platform, including obtaining demographic information on our users and their subscribing schools or similar institutions generally. We do not retain student personal information for longer than necessary to deliver services or for school purposes.

We may reveal information about you to unaffiliated, approved third parties as described in this Privacy Policy.

We may share data collected through the Platform with third parties who provide services to our customers, solely when expressly authorized by the customer, such as, but not limited to, data visualization tools in use by customers. The use of such data by an authorized third party is subject to the privacy policy of the third party and we take no responsibility for the use of such data by the authorized third party.

We may share information with our agents, outside vendors or service providers to perform functions on our behalf (for example, analyzing data, providing marketing assistance, and customer service).

We may disclose your information if we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or other governmental or law enforcement request, (b) enforce our Terms of Use, including investigation of potential violations, (c) detect, prevent, or otherwise address fraud, security or technical issues, (d) protect against or mitigate harm to the rights, property or safety of our company, the Platform, its users or the public as required or permitted by law, and (e) in order to respond or report on reports of abuse or misuse of the Platform.

We do not share your information with third parties for their marketing purposes.

Information You Disclose

You understand that certain information that you post to the Platform may be shared through the Platform and will be accessible to the other users. Likewise, you may be able to view information of other users.

Accessing Your Information and Your Choices

You can update, amend or delete your information at any time by logging into your account.

You can choose not to receive promotional emails from us by “unsubscribing” using the instructions in any email you receive from us. This will not stop us from sending emails about your account or your transactions with us.

You can choose to delete or block cookies by setting your browser to either reject all cookies or to allow cookies only from selected sites. If you block cookies performance of the Site may be impaired and certain features may not function at all.

Changes to This Privacy Policy

Please note that this Privacy Policy may change from time to time. The Policy in effect at the time you use the Site governs how we may use your information. We will post any changes on our website with a revised Effective Date and, if the changes are significant, we may provide a more prominent notice (including email notification of changes). Please check back here from time to time to review any changes.

Other Important Information

Corporate Events

If our company becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, user information may be transferred. In those cases, CatchOn will require that the acquiring entity carry out the terms of this Privacy Policy. In the event of a bankruptcy, insolvency, reorganization, receivership or assignment for the benefit of creditors, user information may be sold as part of the proceeding. CatchOn will require that the acquiring entity carry out the terms of this Privacy Policy.

Information Security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures. However, we cannot guarantee its absolute security or that unauthorized persons will not access or use your personal information for improper purposes. In the event of a breach of security affecting personal information on our servers, we will take such notification and other steps as may be required under applicable law. We ask that you do not ever send us or post any highly sensitive information on the Platform, such as social security numbers, personal health information, Driver’s License numbers and the like. We will not be liable for the use or disclosure of any such information if posted through the Platform.

Each registered user is responsible for the security of their own account. If we receive information or instructions using your account information, we will consider that you have authorized the instructions or transmission.

Links to Third Party Sites

This Privacy Policy applies to our Platform and our websites only. We do not exercise control over any other sites that may be linked to or accessed through the Platform or our website, including our customers. We have no responsibility for the privacy practices of other web sites, including the web sites of our customers. You should review the policies of any third-party sites before providing personal information to these sites.

Social Media Sites

We may have pages or other presence on various social networking sites or services, such as Facebook, Twitter and the like. Any information you post or provide through such sites and services will be subject to the policies of those sites and services. This privacy policy applies to our social media pages.

Data Processing and Cross-Border Data Transfers

Our site is maintained on servers located in the United States, and personal information submitted is stored on our servers in the United States. If you are accessing this Platform from another jurisdiction, you hereby consent to the transfer and processing of your information in the United States and acknowledge that the data protection laws in the United States may be different from those in your location.

California Consumer Privacy Act (CCPA) Rights

Verified California residents have the right to:

For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

In order to make a request for disclosure California residents may contact us by calling us toll free at (866) 615-1101 or by emailing us at [email protected]. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request for disclosure or deletion within 10 days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.

You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.

We will not discriminate against you as a result of your exercise of any of these rights.

Selling Information. We do not sell your information for monetary consideration and we do not disclose your information for other valuable consideration. If, in the future, we enter into arrangements that fall within the definition of a “sale” under the CCPA, we will update this privacy policy and our compliance with the CCPA.

During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.

Category of Information collected Source Business purposes* for use Categories of third parties receiving information
Identifiers (name, email, unique personal identifier, IP address) Information we may receive from Customer Database submitted by Customer
  • Functionality debugging/error repair;
  • performing services for you;
  • internal research and development;
  • quality control.
  • Service providers (web or platform developers,);
  • affiliated companies;
  • if relevant subpoena or action then government regulators;
  • law enforcement.
Sensitive Information (faculty login information (not for student level data)) Information we may receive from Customer Database submitted by Customer
  • Security detection, protection and enforcement;
  • functionality debugging/error repair;
  • performing services for you;
  • internal research and development;
  • quality control.
  • Service providers (web or platform developers,);
  • affiliated companies;
  • if relevant subpoena or action then government regulators;
  • law enforcement.
Protected classification information (race, gender, ethnicity, religion) Not collected. Not collected. Not collected.
Commercial information Not collected. Not collected. Not collected.
Electronic network activity (browsing or search history, website interactions,) Information automatically collected from site visitors.
  • Security detection, protection and enforcement;
  • functionality debugging/error repair;
  • performing services for you;
  • internal research and development;
  • quality control.
  • Service providers (web or platform developers);
  • affiliated companies;
  • government regulators;
  • law enforcement;
  • strategically aligned businesses.
Audio, video or similar information Not collected. Not collected. Not collected.
Biometrics Not collected. Not collected. Not collected.
Geolocation Not collected. Not collected. Not collected.
Professional, educational or employment related information Not collected. Not collected. Not collected.  
Inference from the above Not collected. Not collected. Not collected.  

*More specifically, the business purposes include:

1. Performing services for you:

  • To administer or otherwise carry out our obligations in relation to any agreement to which we are a party;
  • To assist you in completing a transaction or order;
  • To respond to queries or requests and to provide services and support;
  • To create and manage our customer accounts;
  • To notify you about changes to our services and products;
  • To provide you information regarding our products and services.

 

2. Advertising customization:

  • Not collected.

 

3. Internal research and development:

  • To provide for internal business administration and operations, including troubleshooting, Site customization, enhancement or development, testing, research, administration and operation of our Sites and data analytics;
  • To create products or services that may meet your needs;

 

4. Security detection, protection and enforcement; functionality debugging, error repair:

  • As part of our efforts to keep our Sites safe and secure;
  • To ensure the security of your account and our business, preventing or detecting fraud, malicious activity or abuses of our Sites, for example, by requesting verification information in order to reset your account password (if applicable);
  • To resolve disputes, to protect the rights, safety and interests ourselves, our users or others, and to comply with our legal obligations.

 

5. Quality control:

  • To monitor quality control and ensure compliance with our legal obligations, codes and ordinances, policies and procedures;
  • To develop and improve our products and services, for example, by reviewing visits to the Sites and various subpages, demand for specific products and services and user comments.

For Site Visitors from Nevada

We do not transfer personal information for monetary consideration. If you would like to tell us not to sell your information in the future, please email us at [email protected] with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.

Contacting Us

The CatchOn websites and Platform are operated by CatchOn, Inc. You can contact us through the Contact Us page, or by writing, calling or emailing us at: [email protected].

Address:        618 Grassmere Park Drive, Suite 12
                        Nashville, TN 37211

Phone:          866-615-1101

Email:           [email protected]

 

 

Last updated: September 30, 2020