Visit our Student Privacy Center to learn more about TPT’s commitment to protecting the privacy and security of student information.
Last updated: 3/22/2022. See previous version here.
I. ACCESS BY STUDENT USERS
How Student Users may Access our Services. You may use our Student Tools with Student Users if (i) you use them in an education setting, (ii) the use is permitted by your school, and (iii) you have verified to us that you are a Teacher authorized to provide consent (via the terms described in more detail in the Easel By TpT User Agreement) for your Student Users to use our Student Tools, and to disclose Student Personal Information to us. Once we have these assurances, we collect Student Personal Information from your Student Users only after you have invited the Student User to interact with you via the Student Tool. More specifically, we permit a Student User to access our Services only through a Student Tool, and a Student User is permitted to access the Student Tool only after you initiate that access either through an invitation, assignment or class code or link, or other mechanism as provided by the Student Tool. If we find that anyone under the age of 18 has accessed or attempted to access our Services other than as permitted herein, we will remove those individuals and any personal information they may have provided from our system.
COPPA. COPPA requires operators of online services that collect personal information from individuals under the age of 13 to obtain “parental consent”, and to comply with certain rules with regard to how personal information collected from such individuals is processed, secured, and disclosed. COPPA permits schools and teachers using such online services in the education setting to act as the parent and provide consent to the operator of an online service to collect personal information from students who may be under the age of 13, for the use and benefit of the learning environment. When a Teacher connects with Student Users through Student Tools, we collect certain information (“Student Information”) — which may include Student Personal Information. We have adopted this Policy and the processes and protocols described herein to ensure that we’re meeting the requirements of COPPA, as applicable.
FERPA. Student Information may include information considered to be an education record subject to the Family Educational Rights and Privacy Act (“FERPA”). To the extent that FERPA applies to any Student Information we may receive as a result of your or your Student Users’ use of the Student Tool, TpT acts as a “school official" (as that term is used in FERPA).
Limited Use. Our Student Tools are intended to create interactive learning experiences between students and teachers and deepen student engagement with their learning materials, not to sell anything to students.
No Ads. We do not display, place, or allow any third-party ads on any Student Tools or other parts of our Services enabled for use by Student Users.
No commercial profiling. We do not use Student Personal Information to create profiles of Student Users for non-educational commercial purposes.
No Targeted Advertising. We do not use Student Personal Information in order to track and display ads to Students on other websites they may visit.
No Location Tracking. We do not use technology that enables us to track a Student User’s precise location or movements.
II. WHAT INFORMATION WE COLLECT
When a Student User interacts with our Service through a Student Tool, we may collect the following information.
Information you and your Student Users provide to us directly: We collect information that you and your Student Users provide to us directly, including.
Authentication information: To ensure secure access to our Services, we may require Student Users to create and use login credentials (that may include, for example, an email address and/or a username and password).
Name or Nickname: In order for you to identify and distinguish between different Student Users, we may ask a Student User to enter their nickname, first name, or full name, or you may add student names directly, by inputting them yourself or by importing or creating a class roster.
Response information: Using a Student Tool, Student Users are able to provide responses to questions, add content to materials shared by their Teacher, or otherwise enter or provide information to their Teacher (“Responses”). Such Responses may include text, drawings, answers to multiple choice questions, and other materials or uploads, including video, audio, and other content or format as the Student Tool may allow. If Student Users choose to use available recording features to add photos, or voice, video, or other recordings to their Responses, Student Users must affirmatively allow TpT to access the microphone and/or camera on the Student User’s device, and TpT will use the device’s microphone and camera features only when the Student User is actively using the Student Tool to record their Response.
Teacher Feedback and Grades. You may reply to, provide feedback on, or grade student Responses. Your feedback and grades will be stored within the Student Tool for review/reference.
Information we receive when you choose to use a third-party integration: We have designed our Student Tools (where applicable) to interoperate with certain third-party offerings, such as learning management systems, authentication or identity providers, and other educational service partners with which you and/or your Student Users (as the case may be) may have existing accounts (“Integrated Services”). You or your Student Users may use an Integrated Service with a Student Tool by providing the requisite permission to TpT. This permission will enable the Student Tool to access, receive, and/or export information to and from such Integrated Service at your direction. For clarity, Integrated Services are not Service Providers of TpT (as defined below), but third parties with which you and your Student Users have an independent relationship. As such, each such Integrated Service has its own privacy policies which apply to its collection, use and sharing of your information and TpT is not responsible for the treatment of your or your Student Users’ information by Integrated Services, including information you choose to export to your account with an Integrated Service.
Identity Providers: In certain instances, Student Users are able to access Student Tools via an account that the Student User has with a third party, such as Google or Canvas. In those instances, the third party (the “Identity Provider”) authenticates the identity of the Student User for purposes of our Student Tool. Specifically, the Identity Provider will check the Student User’s credentials in its own system to make sure they are correct, and then send back to us a confirmation, which may include an email address, name and other Student User details as determined by the Identity Provider. We will only store and use the information reasonably necessary to complete the authentication and identify the Student User.
Education and Learning Management Services: Integrated Services may include learning management tools and other educational services that Teachers use to manage or provide their classes, such as Google Classroom or Canvas (collectively, “Learning Services”). We provide these integrations (as applicable) in order to create more seamless experiences for Teachers and Student Users to assign, access, submit and review teaching materials and Responses using their existing Learning Services. The Teacher decides whether to connect an applicable Learning Service with an available Student Tool. Through the connection, TpT may receive classroom-related and other information, such as course titles and class rosters. You can remove access by TpT to this information through the settings in your account with the applicable Learning Service at any time.
Information collected automatically: We also collect certain information automatically about a Student User’s device and browser while they use our Services. Where this information includes Student Personal Information, we protect it as such under this Policy.
Device and system information: We may collect the IP address associated with that Student User’s use of the Services, and browser and device information (such as device type, browser version, and operating system) for security and performance monitoring purposes. We collect this information to ensure that our Services are working and properly configured for different devices and browser types. We do not use a Student User’s IP address or device information to identify or track their precise location or movements.
Authentication Cookies: We store authentication cookies in order to enable our Services to identify and properly authenticate each returning user and ensure that users are only able to access their own information, and for anonymous session tracking so we understand overall usage.
III. HOW WE USE THIS INFORMATION
We collect and process Student Personal Information only for educational purposes and to serve the needs of Teachers and Student Users, as follows:
Fulfill requests and provide the Service. We use Student Personal Information for purposes of (i) permitting Teachers to identify and communicate with specific Student Users, to review and reply to (or grade) their Responses, and to track their progress; (ii) permitting Student Users to receive assignments directed to them, to provide individual (or collective) Responses to these assignments, and to participate in projects via the Student Tools; and (iii) permitting both Teachers and Student Users to interact as identified individuals, using the Student Tools, for educational purposes.
Data ownership. All Student Information submitted or uploaded to or collected by our Student Tools remains the property of the school and/or Student User (as the case may be). You grant us a limited license to use Student Information for purposes of providing, maintaining, supporting, and securing our Services.
Secure Access. We use authentication information, which may include Student Personal Information, for security purposes to ensure that Teachers and Student Users access only the Student Information and Student Personal Information they are permitted to access.
Site Security and Operations. We may use Student Personal Information for operations purposes, and for site and user security purposes as set out in Section V below.
IV. USE OF AGGREGATED AND DE-IDENTIFIED INFORMATION
We may use and share de-identified, aggregated, anonymous usage and/or other information that does not constitute Student Personal Information about use of our Student Tools by Teachers and Student Users, in the manner permitted by applicable law including to understand usage, demonstrate effectiveness, make recommendations, and inform future development and improvements.
V. WHO WE SHARE INFORMATION WITH
We do not sell Student Personal Information and we only share Student Personal Information in the following ways:
Within the classroom or school. Student Tools enable Teachers to interact with Student Users for sharing, completing, and receiving educational instruction and assignments electronically. Teachers will have access to all Student Information including Student Users’ engagement with the Student Tool, the name or nickname and other profile information about Student Users, and Responses. If Student Users collaborate on a Response, collaborating Student Users will be able to see each other's names and added Response information as well as any Teacher feedback or grades assigned to the Response. We may also disclose Student Information to school administrators through reporting features available to schools or upon request, as provided under FERPA.
TpT staff. Certain employees may have access to Student Personal Information from time to time. We limit access to those who need access to this information to do their work and they are obligated not to use or share this information for any other purpose.
Service Providers. In order to provide our Services, including our Student Tools, we engage the services of third-party service providers who, among other services, may host, store, transmit, and/or otherwise process information for us (“Service Providers”). We choose Service Providers who have agreed to maintain reasonable security and privacy controls, and our Service Providers are contractually obligated not to use, retain or process personal data, including Student Personal Information for purposes other than to provide their services to us.
Safety, security and law enforcement requirements. We may disclose Student Personal Information, in response to valid requests from law enforcement bodies, such as a court order, subpoena or other official request for information. We may disclose Student Personal Information to Service Providers and as needed to other third parties for purposes of protecting the safety and security of Teachers, Student Users, and others, and for the security of our systems, including the detection and prevention of fraud and violations of law.
The security of Student Personal Information is very important to us. We maintain, consistent with accepted industry practice, administrative, technical and physical safeguards reasonably designed to protect against unauthorized use, disclosure of or access to Student Personal Information, such as:
Password Protection. Access to Student Personal Information requires authentication to our Service with the Student User’s or Teacher’s login credentials. You can help keep your information secure by keeping those login credentials confidential and choosing a strong password.
Encryption. Data entered into our Student Tools is encrypted in transit using transport layer security (TLS) and encrypted at rest in our databases hosted by AWS which we chose for its high level of security.
Location. Our Servers are located in the United States.
Firewalls. We utilize industry standard firewalls to detect and protect against malicious traffic.
Incident Response. We maintain an incident response plan consistent with industry standards and comply with federal and state law requirements in the event of a data breach which includes as applicable, direct notification of impacted users by email or other means as may be required.
Periodic Assessment and Vulnerability Monitoring. We engage in continuous monitoring for vulnerabilities, vulnerability testing, and engage independent third parties for periodic penetration testing to ensure the security of our Student Tools.
VII. INFORMATION RETENTION AND CHOICES
How long we keep Student User information: We retain Student Personal Information only as long as necessary to provide the Services related to the Student Tool, which may be for as long as the Teacher associated with such Student User is an active Member of our Services, and for some time thereafter as needed to fulfill our legal obligations.
Access, deletion, and correction requests: In accordance with COPPA and to support schools’ FERPA obligations, we facilitate parental requests for access to, correction of, and (as applicable) deletion of Student Information. Parents wishing to make such requests, should contact their child’s teacher or school to begin that request and we’ll work with the school to timely fulfill that request. We allow Teachers to access, correct or delete Student Information as needed.
Successors. As part of a merger, acquisition, bankruptcy or other transaction in which a third party assumes control of our business (in whole or in part), we may transfer the data we have collected to the third party. In such an event, we’ll notify you in advance of that change so you can make an informed choice. In addition, any purchasing company will have to adhere to the terms of this Policy including notifying you before making material changes.
How to Contact Us:
Email: [email protected]
Mail: Attn: Privacy, 111 E. 18th Street, Fl 11, New York, New York 10003
Subprocessor list (as of March 2022):
We contract with the following Service Providers to provide our services which may involve the processing of Student Personal Information:
Amazon Web Services (AWS) - Cloud hosting provider
Akamai - Web Application Firewall which delivers content to end users and protects against malicious traffic
Datadog - Server-side and client-side performance monitoring service
Sendgrid - Email Service Provider (ESP) which manages email delivery (e.g. transactional emails as necessary)