Core Privacy and Security Principles
Data Ownership: CatchOn considers and acknowledges all data that CatchOn may gather from an institution or the devices it owns and manages is the property of the customer institution. CatchOn’s customers have complete and unequivocal rights to their data and how they wish their data to be utilized.
Non-Disclosure to Third Parties: CatchOn is a trusted steward of education and student data. Data received from our customers is used solely for purposes of providing CatchOn services. CatchOn does not sell, provide, or disclose any information about student and staff utilization of content, resources, or devices to any third parties, other than to those third party specifically authorized via a signed consent form by our customers to receive their data solely for the purpose of providing services to such customer.
Security: CatchOn uses significant security measures to protect the privacy of student data. These security protections include, but are not limited to, AES-256, encryption of all data at rest, and Transport Layer Security (TLS) encryption of all data in transit. CatchOn also provide options for de-identification of personally identifiable student information through the use of an irreversible one-way hash.
As part of its services, CatchOn collects data related to the education of students, such as names, student identifiers, email addresses, usernames, and other information, including automatically collected information described below. CatchOn does not collect or receive any information not needed for a customer’s services. Any personally identifiable information we receive is maintained in encrypted form in secure environments compliant with multiple industry standards and not shared with any third parties, other than individuals and entities specifically authorized by the student’s subscribing school or similar institution.
The Children’s Online Privacy Protection Act (COPPA) puts additional protections in place and streamlines other procedures that companies covered by the rule need to follow. Customers and schools must adhere to all FTC and related regulations on privacy and children’s online safety as described here: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy which includes not giving access to the data within the platform to those other than account administrators.
Parents or guardians of children whose personal information has been collected can obtain a description of the personal information that has been collected of their child/children, contact us to delete the personal information of their child/children, or refuse any future collection and use of the personal information of their child/children by contacting us at:
Email: [email protected]
Mail: 618 Grassmere Park Drive, Suite 12
Nashville, TN 37211
Additionally, we acknowledge that our users, schools and districts are subject to the Family Educational Rights and Privacy Act (20 U.S.C. 12332(g)) (FERPA), which law and supporting regulations generally address certain obligations of an educational agency or institution that receives federal funds regarding disclosure of personally identifiable information in education records. CatchOn has been authorized by the subscribing school or similar institution as a “school official” under FERPA and has a legitimate educational interest in personally identifiable information from education records because We: (1) provide a service or function for which the users, schools and districts would otherwise use employees; (2) is under the direct control of the users, schools and districts with respect to the use and maintenance of education records; and (3) is subject to the requirements of FERPA governing the use and redisclosure of personally identifiable information from education records.
Information We Collect
In addition to the student information detailed above, we may collect the following types of information:
Utilization information: The CatchOn agent may gather some or all of the following information: user ID and email domain of the user as provided by the institution’s Mobile Device Management system, the URL the device visited, the date and time the visit occurred, the hardware ID of the device, the local Internet Protocol (IP) address, and the device hostname. The username and/or user ID is deidentified on the agent using a one-way hash before transmission and then the data payload is sent via TLS to the Platform.
Information you provide: When the subscribing school or similar institution signs up for CatchOn, we ask you for some basic personal information. This includes personally identifying information such as your name and school organization information. When you use the Platform, you may provide additional personal information at your sole discretion, including subject interests and grade level interests. The registering user is responsible for all activity on that user’s account.
Automatically Collected Information
Log information: When you access the Platform via a browser, application or other devices, our servers automatically record certain information. These server logs may include information such as your web request, your interaction with a Platform, IP address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account. When you use the Platform using your smartphone or other mobile devices, we collect information regarding device type, operating system, IP address and device ID. As you interact with the Platform, we obtain information regarding your interactions, such as time of day and date, how long you spend on different pages and the like. If you or your subscribing school or similar institution have installed our extensions to your browser, we may automatically record certain information while the extension is activated, such as your username, the website you visit, and the amount of time spent on each site.
User communications: When you send communications to us or to other users through the Platform, we may retain those communications to process your inquiries, respond to your requests and improve our Platform. We may use your email address to communicate with you about our Platform, including service-related notices. You acknowledge that these service-related notices are necessary for the provision of the Platform and you may not opt out of such service-related notices.
How We Use Information
CatchOn uses the information we collect to provide immediately actionable intelligence and data analytics to school districts and similar institutions to help improve educational outcomes and ROI on their technology investments.
We also use information you provide and information we automatically collect to administer the Platform and to allow you and other users to use the Platform.
We may also use your non-personally identifiable information, including as aggregated with other users’ information, to analyze use of our Platform, including obtaining demographic information on our users and their subscribing schools or similar institutions generally. We do not retain student personal information for longer than necessary to deliver services or for school purposes.
We may share information with our agents, outside vendors or service providers to perform functions on our behalf (for example, analyzing data, providing marketing assistance, and customer service).
We do not share your information with third parties for their marketing purposes.
Information You Disclose
You understand that certain information that you post to the Platform may be shared through the Platform and will be accessible to the other users. Likewise, you may be able to view information of other users.
Accessing Your Information and Your Choices
You can update, amend or delete your information at any time by logging into your account.
You can choose not to receive promotional emails from us by “unsubscribing” using the instructions in any email you receive from us. This will not stop us from sending emails about your account or your transactions with us.
You can choose to delete or block cookies by setting your browser to either reject all cookies or to allow cookies only from selected sites. If you block cookies performance of the Site may be impaired and certain features may not function at all.
Other Important Information
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures. However, we cannot guarantee its absolute security or that unauthorized persons will not access or use your personal information for improper purposes. In the event of a breach of security affecting personal information on our servers, we will take such notification and other steps as may be required under applicable law. We ask that you do not ever send us or post any highly sensitive information on the Platform, such as social security numbers, personal health information, Driver’s License numbers and the like. We will not be liable for the use or disclosure of any such information if posted through the Platform.
Each registered user is responsible for the security of their own account. If we receive information or instructions using your account information, we will consider that you have authorized the instructions or transmission.
Links to Third Party Sites
Social Media Sites
Data Processing and Cross-Border Data Transfers
Our site is maintained on servers located in the United States, and personal information submitted is stored on our servers in the United States. If you are accessing this Platform from another jurisdiction, you hereby consent to the transfer and processing of your information in the United States and acknowledge that the data protection laws in the United States may be different from those in your location.
California Consumer Privacy Act (CCPA) Rights
Verified California residents have the right to:
For purposes of the CCPA personal information means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
In order to make a request for disclosure California residents may contact us by calling us toll free at (866) 615-1101 or by emailing us at [email protected]. We will ask you for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose. We may request that you submit a signed statement under penalty of perjury that you are the individual you claim to be. We will acknowledge receipt of your request for disclosure or deletion within 10 days and will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time. For requests that we not sell your information we will comply with your request within 15 days. We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm that the personal information relates to you.
You may make a request for disclosure of our information collection practices, the information we collected about you, or our sharing practices up to twice within a 12-month period. You may make a request that we not sell information or for deletion of your information at any time.
For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.
For requests for deletion of your information please understand that California law permits us to retain certain information and not to delete it under certain circumstances. By way of example, we are not required to comply with a request to delete information if the information is necessary for us to complete a transaction for you or otherwise perform a contract; to detect, protect against, or prosecute security incidents, fraud or illegal activity; to use the information only internally in ways reasonably aligned with your expectations as our customer (such as maintaining sales records), and to comply with legal obligations. If we receive such a request from you, we will notify any service providers we have engaged to delete your information as well.
We will not discriminate against you as a result of your exercise of any of these rights.
During the past 12 months, we have collected the following categories of information from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. The categories of information include information we collect from our website visitors, registered users, employees, vendors, suppliers and any other person that interacts with us either online or offline. Not all information is collected about all individuals. For instance, we may collect different information from applicants for employment or from vendors or from customers.
|Category of Information collected||Source||Business purposes* for use||Categories of third parties receiving information|
|Identifiers (name, email, unique personal identifier, IP address)||Information we may receive from Customer Database submitted by Customer||
|Sensitive Information (faculty login information (not for student level data))||Information we may receive from Customer Database submitted by Customer||
|Protected classification information (race, gender, ethnicity, religion)||Not collected.||Not collected.||Not collected.|
|Commercial information||Not collected.||Not collected.||Not collected.|
|Electronic network activity (browsing or search history, website interactions,)||Information automatically collected from site visitors.||
|Audio, video or similar information||Not collected.||Not collected.||Not collected.|
|Biometrics||Not collected.||Not collected.||Not collected.|
|Geolocation||Not collected.||Not collected.||Not collected.|
|Professional, educational or employment related information||Not collected.||Not collected.||Not collected.|
|Inference from the above||Not collected.||Not collected.||Not collected.|
1. Performing services for you:
- To administer or otherwise carry out our obligations in relation to any agreement to which we are a party;
- To assist you in completing a transaction or order;
- To respond to queries or requests and to provide services and support;
- To create and manage our customer accounts;
- To notify you about changes to our services and products;
- To provide you information regarding our products and services.
2. Advertising customization:
- Not collected.
3. Internal research and development:
- To provide for internal business administration and operations, including troubleshooting, Site customization, enhancement or development, testing, research, administration and operation of our Sites and data analytics;
- To create products or services that may meet your needs;
4. Security detection, protection and enforcement; functionality debugging, error repair:
- As part of our efforts to keep our Sites safe and secure;
- To ensure the security of your account and our business, preventing or detecting fraud, malicious activity or abuses of our Sites, for example, by requesting verification information in order to reset your account password (if applicable);
- To resolve disputes, to protect the rights, safety and interests ourselves, our users or others, and to comply with our legal obligations.
5. Quality control:
- To monitor quality control and ensure compliance with our legal obligations, codes and ordinances, policies and procedures;
- To develop and improve our products and services, for example, by reviewing visits to the Sites and various subpages, demand for specific products and services and user comments.
For Site Visitors from Nevada
We do not transfer personal information for monetary consideration. If you would like to tell us not to sell your information in the future, please email us at [email protected] with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.
The CatchOn websites and Platform are operated by CatchOn, Inc. You can contact us through the Contact Us page, or by writing, calling or emailing us at: [email protected].
Address: 618 Grassmere Park Drive, Suite 12
Nashville, TN 37211
Email: [email protected]
Last updated: September 30, 2020