ISAFE offers diverse services which provide information, products and programming to the educational and commercial markets. Many of the terms or product requirements include age requirements.
1947 Camino Vida Roble
Carlsbad, CA 92008
Information We Collect
We collect information to provide a high quality service. That includes essential things, like making sure our services work really well for our customers, or basic things like helping people learn about other services we offer. We collect this information a few ways:
People give it to us: when an individual person signs up for an ISAFE account, we’ll ask them to share personal information including their name, address, phone and email address. We’ll also ask them for non-personal information such as their role, or to establish security questions. This information is used to carry out our services, i.e. notification of a request for approval, or to tailor offers that we believe will interest them based on what they do. This is also true if we meet people at events or through marketing activities and want to keep in touch, and we’ll always give a way to opt out.
In the course of performing a service:
When schools or school districts use any of our services, for example ISAFE Direct AUP (Acceptable Use Policies), they securely upload school directory files which includes personal information about students and the adults/guardians that have been bound to them as part of registration in those schools. We may also collect data on the usage of a service by subscribers within an organization, i.e. educators who have rights to use digital learning content from their district’s subscription.
When ISAFE is contracted by a school to provide CIPA mandated educational programming, and to report on student progress, we will collect only enough information to perform that task, such as first name and a hashed student ID number.
When ISAFE is contracted by a commercial provider of online services, apps, games or other technology solutions to assist them in meeting statutory regulations pertaining to child privacy laws, we will collect only enough information to perform that task, (such as the parent’s name and email address) and specifically to gather verified parental consent.
When ISAFE is contracted by a provider of services, i.e. health benefits and financial services, to assist them in verifying compliance with service eligibility or any statutory regulations, we will collect only enough information to perform that task, i.e. establishing and verifying the binding of a parent to a child.
When students under 13 register on our site to participate in other educational programming we first obtain parental consent. Only then will we collect the student’s personal information including name, email and home address for the purposes of distributing educational program content. We will keep contact information only as long as is necessary to complete the task and program.
On occasion, we provide links on our website to organizations outside of ISAFE, whose content and associated privacy policies are beyond our control. ISAFE Enterprises makes every reasonable effort only to link to content it believes its customers would approve. However, despite our efforts, customers are strongly encouraged and advised to make themselves aware of the privacy policies applicable to those online sites and pages, since ISAFE Enterprises cannot be held accountable for the content on, or linked to, them.
How We Use Information
We use personal information for the purpose of providing defined services to our customers, to improve upon those services, and to support our relationship with those customers, in full and absolute accordance with statutory regulations pertaining to child privacy laws including COPPA, CIPA, FERPA, PPRA and HIPPA. These regulations are complex, are subject to change, and our job is to make it simpler for our customers to comply.
All personal data transmitted over open, public networks is encrypted. We do not expose personal information in the execution of our services. We de-personalize data (i.e. through hashing) if we use information sourced from a school directory in combination with third-party identity verification organizations. Data collected from educational organizations, and which will be used only for education related activities, is not de-identified but we take care to only store those data points we need to perform the service. Data collected purely in support of commercial activities is held in a manner compliant with PII regulations such as PCI-DSS and HIPPA. Later in this document you will find details on our extensive security measures.
Personal information collected from customers setting up an ISAFE account is used to establish security for future communication such as notifications of a parental consent request, to provide them with access to services they own rights to, or to perform other identity based tasks. We will also, from time to time, communicate an offer of services we believe will be valuable, and newsletters or other marketing content if they have subscribed.
If an organization subscribes to one or more services, the contact information of all service administrators may be exposed to the people who have been assigned as users of those services within the organization, i.e. teachers, legal or marketing contacts. We track individual usage of assigned users to enable customer reporting, i.e. completion of a task by an individual school or grade. It also helps us understand usage trends, share insights with our customers, and help us improve on the design of our services.
Student information that is gathered from school directories is used purely to execute services for which the school has subscribed in accordance with FERPA, such as achieving verifiable parental consent to specific permission requests, or reporting on completion of tasks such as digital learning lessons. At no time will students be targeted for marketing activities.
Within ISAFE’s applications, such as but not limited to ISAFE Direct My OK, or with agreement from a school/district or DOE, we may offer to parents the opportunity to use other capabilities such as managing COPPA consent approvals for both educational and commercial organizations from their account. For example, if a child under the age of 13 who was using an educational game that was introduced to the child at school as part of their educational instruction wishes to purchase a game from the same publisher, the parent would be able to use the same account to manage their consent to do so.
Collection and Use of Information from Children Younger than Age 13
Within ISAFE’s Digital Learning programs we do offer the opportunity for students, in collaboration with their teachers, to engage as advocates for e-safety and privacy. We support those efforts with materials on our website and, on occasion, printed matter.
Our communication with these students is in full-compliance with COPPA. When they register and request materials, we ask for their parents name and email address to first obtain parental consent. Then, with that consent, request the minimal information needed to be able to provide e-safety materials.
We may, from time to time, communicate with the parents to provide information about e-safety, the program their child is participating in, and additional programs the parents may find useful.
We do not sell, share, rent or otherwise provide a child’s personal information to any other organizations other than is described in the Disclosure of Information section of this document. Nor do we use if for any purpose other than the execution of the program in which they are participating. We do not enable or otherwise allow a child to expose their personal information through any property, website or content. We retain the child’s information only as long as is reasonably necessary to fulfill the purpose for which it was collected.
Disclosure of Information
Other than the list defined below we do not rent, sell, share or disclose personal information with any other person or organization:
We are a hybrid organization, part for-profit and part non-profit, and we share information within our organization in order to:
Service customers accounts
Provide programmatic resources and materials
Make people aware of and deliver new program offerings
Facilitate access to the full range of ISAFE Enterprises services, and
Support the internal operations of ISAFE Web site or online services.
We share customer information with outsourced service providers in order to provide the services requested. For example, in order to fill an order for training materials, a customer’s name, address and phone number may be provided to a third-party order filling agency so they can ship the materials.
When the law requires ISAFE to respond to subpoenas, court orders, or other legal process we provide the information needed to obey the law. ISAFE Enterprises also may provide information in order to establish or exercise our legal rights or defend against legal claims.
People can opt out of communications at any time however we do, in very rare instances, reserve the right to send important announcements or notices to all registered users regardless. ISAFE maintains archival copies of customer contact data to make sure we don’t accidentally re-add people to our service if they have requested not to receive further information. Concerns about this archival copy may be addressed to: firstname.lastname@example.org
We limit access personal information to those ISAFE employees who have a need to come into contact with that information for the purpose of providing program material and/or services or supporting the internal operations of our Web site.
How to edit account and personal information:
Individuals and administrators may edit their ISAFE account information at any time. To edit:
Visit the “My Info”, “My Account” or “Account Settings” link in the title bar after signing in.
Alter any information on this page then click the “Update Info” or “Save” button.
If younger than age 13, log in with your Parent Code and a Password.
Safeguarding confidentiality and security:
To protect Personal Information, ISAFE employs physical, electronic and procedural safeguards that comply with federal regulations, for example:
Building and Maintaining a Secure Network by:
- Installing and maintaining firewalls, virus scanners, and active system monitors to protect personal data
- All systems receive regular software updates and patches, including web servers, operating systems, databases, firewalls, and virus scanners
- Not using vendor-supplied defaults for system passwords and other security parameters
Protecting Personal Data by:
- Encrypting transmission of personal data across open, public networks
Maintaining a Vulnerability Management Program by:
- Using and regularly updating anti-virus software or programs
- Developing and maintaining secure systems and applications
Implementing Strong Access Control Measures by:
- Restricting access to personal data by business need-to-know
- Assigning a unique ID to each person with computer access
- Restricting physical access to Personal Information data
Real Time Monitoring and Testing Networks by:
- Tracking and monitoring all access to network resources and personal data
- Continuous testing security systems and processes
- Maintaining an Information Security Policy by:
- Maintaining a policy that addresses information security for all personnel
- Personal information is password protected and, in some cases, encrypted for additional protection.