- Why TCI?
- Social Studies
- Training & Support
(Effective February 16, 2021) Teachers’ Curriculum Institute (“TCI”) is committed to the privacy and protection of your information. We want you to both understand and feel assured by the practices we use to safeguard the information you provide to TCI’s websites (“Websites”), including our Student and Teacher online application service (“Application”) and our corporate website.
In short, TCI:
- collects the minimum information needed to provide users access and support
- does not market or advertise to students
- deletes all student accounts and content on June 30 of each year
- does not sell or distribute the information of any user
- meets or exceeds the industry standard for securing user information
- What student information is collected through the Application and how that information is used
- What information is collected from teachers, administrators, and other non-student users and how that information is used
- Third-Party vendors and disclosure exceptions
- How your information is protected and what steps TCI will take in the event of a security breach
- Links to other websites, contacting TCI about this policy, and changes to this policy
Student information collected through the Application and how that information is usedStudent information collected: To create a Student account, TCI requires a first name, last name, username, and password. Schools and districts may provide student emails as usernames. Parents, legal guardians, and students can view this information in a student’s account. The actual content of these fields is at the discretion of the teacher or administrator managing the account. Student passwords can only be reset within our Admin tool by a user authorized to manage that student account. Parents, legal guardians, and eligible students can contact the teacher or administrator managing the account to make any corrections. Within the Application, students may answer content-based questions, which include open-ended question prompts. Students are never asked for personally identifiable information and should be instructed to never include such information in an open-ended question. COPPA: TCI complies with the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that website operators never knowingly collect personally identifiable information from anyone under the age of 13 without prior verifiable parental consent. TCI offers access to children under 13 to the Application based upon the presumption that you, or any other party facilitating access to this Application by students, have obtained authorization for the storage and use by TCI of all student information you provide to this Application, including, without limitation, parental consent to the collection of such information by TCI. FERPA: TCI provides schools and districts full access to their student information through our Application and Admin tool. Teachers can view their students’ information and download it at any time to a CSV file. All student accounts and content, including any grading information, are permanently deleted on June 30 each year as part of TCI’s annual student and class reset. It is the responsibility of schools and districts to export any student information such as points assigned for individual assessments, notebooks, and other content prior to that date. TCI does not maintain any student records. Parents and legal guardians can request deletion of student data prior to the June 30 reset by emailing a signed request to [email protected] How student information is used: TCI uses student information exclusively to enable access to and usage of our Application. Data is used for educational purposes only. We will not sell, rent, or transfer any student information to any third party. We will not grant access to student information to any third party vendor other than to support the internal operations of TCI’s Application. TCI does not use student information for any marketing or advertising purpose. Content entered by a student remains the property of that student while it is stored in a TCI database and is shared only with the student’s teachers for grading purposes. In the interest of 100% transparency, we want you to know that TCI maintains anonymized student usage metadata solely to support and improve the internal operations of our Application.
Information collected from teachers, administrators, and other non-student users and how that information is usedPersonal information: When you sign up for a Teacher account, submit a support request, make a purchase, or otherwise contact TCI, you may provide TCI with “personally identifiable information” such as your full name and email address. TCI collects as little information as possible to facilitate your usage of TCI’s Websites. You should be aware that any personal information that is voluntarily posted by you to a public area of this Website may be viewed and used by other users. How it is used: The personal information that you provide to TCI may be stored, processed, and used by TCI as follows:
- to respond to your comments, requests for information, and inquiries
- to help administer and protect the security or integrity of TCI’s websites
- to process online purchases
- to permit access and use by users of our Application
- for marketing and promotional purposes, including, without limitation, sending newsletters.
- for sending invitations to participate in user testing and feedback of Application features.
Third-Party vendors and disclosure exceptionsThird party vendors: Like many companies, TCI engages third-party vendors to provide various services relating to TCI’s Websites, including hosting and data storage, analytics, and development services. To protect user privacy, we require our vendors to maintain the confidentiality of any information and do not authorize our vendors to retain, disclose, or share any information. TCI uses the following third party services:
- Amazon Web Services (“AWS”): TCI uses AWS for hosting and data storage. The AWS services TCI uses comply with multiple security standards including ISO 27018.
- Google Analytics (“GA”): TCI uses GA for understanding technical trends including browsers and page usage. GA has access to non-personal information and persistent identifiers as described above.
- ProdPerfect: TCI uses ProdPerfect to automate testing based on user behavior. ProdPerfect has access to non-personal information and persistent identifiers as described above.
- Domo: TCI uses Domo for analytics and data storage. The Domo services TCI uses comply with multiple security standards including SOC2.
- Campaign Monitor (“CM”): TCI uses CM to send emails to users, including order confirmations, welcome emails, product update emails, and emails regarding timely content. TCI never sends automated emails to students, and student account information is never stored in CM. The CM services TCI uses comply with multiple security standards including the NIST Cybersecurity Framework and ISO 27001.
- Delighted: TCI uses Delighted to collect feedback from teachers. Delighted hosts and manages data using AWS, which complies with the security standards described above.
- Salesforce: TCI uses Salesforce products to facilitate responding to customer questions and to track user activity on our corporate website. The Salesforce products TCI uses comply with multiple security standards including ISO 27018.
- To comply with legal process such as a search warrant, subpoena or court order;
- To protect TCI’s rights or defend against legal claims;
- To protect any other party’s rights, property and safety;
- To report to any law enforcement agency any activities that we, in good faith, believe to be unlawful;
- To investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving harassment, abusive messages or potential threats to the physical safety of any person
- In the event that TCI or all or part of its assets are acquired or transferred to a third party, including in connection with a sale, bankruptcy, or similar event resulting in a change in control, provided that the new owner has agreed to comply with the strict data privacy standards described in this Policy.
How your information is protected and what steps TCI will take in the event of a security breachSecurity Measures: To protect the privacy of student and all other users’ information, TCI employs controls, including:
- Limiting data collected and saving only the minimum amount of information needed to perform tasks.
- Role-based access to data with the minimum amount of access needed to complete work being granted to both internal staff and customer users.
- Designating and training individuals responsible for the privacy and security of user data.
- Use of a Virtual Private Cloud on Amazon Web Services, an ISO-27018 compliant provider for storage of data.
- Periodic penetration tests to check for any system vulnerabilities.
- Deleting all student accounts and content on an annual basis.
- Automated monitoring and alerts for suspicious log-in attempts.
- Encrypting all user data in transit and at rest.