FableVision Learning Data Security & Privacy Plan

Overview

This Data Security and Privacy Policy statement explains the data processing practices of FableVision Learning, LLC. If you have any requests concerning your personal information or any questions about these practices please contact us by email at info@fablevisionlearning.com.

At FableVision Learning, we take the privacy of our customers seriously. We are committed to safeguarding your privacy while providing a personalized and valuable service.

FableVision Learning uses Personally Identifiable Information only for providing use of the online software. By using the online program, you agree to the collection and use of information in accordance with this policy.

This document outlines FableVision Learning’s data collection and use practices as it relates to the FableVision Learning educational software tools, accessed through FableVision Games platform (www.fablevisiongames.com), including FabMaker Studio, an online engineering design tool; Animation-ish, an online animation program; Zoombinis, an online game for computational thinking; Cyberchase Fractions Quest, an online game to teach fractions; Civics-An American Musical, an online game for learning to use primary documents in understanding civics; Bajillions Early Math, a suite of online math games.

At FableVision Learning, we take the privacy of our customers seriously. We are committed to safeguarding your privacy while providing a personalized and valuable service.

We comply with the Children's Online Privacy Protection Act (COPPA) which can be found on our website at www.fablevisionlearning.com.

We do not intentionally collect any information on children under 13 years of age. We will undertake to delete any details of such users where a parent or guardian has notified us that any such details have been obtained.

We agree to operate as a school official as the term is used in the Family Educational Rights and Privacy Act (FERPA), and operate at the direct control of our school and district customers with respect to our use and handling of their student records.

This document informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of our online software tools.

Any changes to the Privacy Policy, Terms of Use or changes in company ownership will be notified via email.

Privacy Policy

This privacy policy applies to all the software tools accessed via FableVision Learning at www.fablevisiongames.com and its affiliates owned and operated websites and mobile applications (which we collectively refer to as “Services”). By accessing or using our Services, you agree to the terms of this Privacy Policy.

Definitions

For purposes of this policy, we will use the following definitions:
Personally identifiable information (PII) is information that can identify a user of the Services, including his or her e-mail, name, and address. It also includes PII combined with non-PII.
De-identified information is information from which personally identifiable components have been removed and a reasonable determination made that an individual is not identifiable.
Student Records are records that are directly related to a student and maintained by FableVision Learning on behalf of a school or district subscriber.

Information Collection and Use

While using our Sites, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name ("Personal Information").

The elements of your data that we collect and hold may include:

• Name
• School/account name email address of administrators or teachers
• IP address and browser information
• Status of users as administrator, teacher/student

Teacher/admin accounts are set up in order for the school to manage individual student accounts for access to our tools. When student accounts are set up by the school, either within the dashboard or via 3rd party programs such as ClassLink to facilitate access, we do not have access to information to identify the student individually. Thus, we do not use student or children’s personal information for advertising purposes, including targeted advertising nor do we rent or sell student data.

We limit the data collected from students or children to only that which is necessary to meet the educational purposes of the tool. We do not collect sensitive data like biometric or health data or behavior data. We do not use student PII for commercial use. We do not disclose PII to third parties for non-educational commercial purposes.

We limit the data collected from students or children to only that which is necessary to meet the educational purposes of the tool. We do not collect sensitive data like biometric or health data or behavior data.

We store PII indefinitely, or until a request is put in to have this data deleted by a customer or at FableVision Learnings' discretion.

School districts and administrators cannot delete student PII, but the FableVision Learning systems team will do so upon written request.

Student Accounts

Student accounts can be created by the school, the district, or by the teachers, or the teacher can invite the students to create the accounts using a class code provided by the teacher. We collect students’ full names. Students will be able to store digital files they’ve created within the program within their individual accounts.

Student Work

Some programs allow users to create designs which may be stored on the user computer, or the user’s Google Drive or in the online files (stored on the Amazon Web Server). We do not have access to know the identity of the student for any individual work and it can only be identified to us by a school. Access is only available by our technical development team and not program administrators and it would only be accessed if identified to us by a school. Work created by students/users remains the property of the creator.

Google Drive with FabMaker Studio

Use of the Google OAuth and API services are optional and not required for the use of FabMaker Studio. The Google OAuth and Google Drive API services are only used to store and load MakerStudio project files from the user's Google Drive account. The Google Drive data is requested by and sent directly to the end-user's computer, no Google data is intentionally sent to our servers during the Google Drive loading or saving processes. Project files that are saved to a non Google Drive location will send the user's project data to our site's servers for processing and storage.

Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Sites ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

Communications

We may use Personal Information labeled as “teacher” or “administrator” to contact you with information that will assist you in delivering the educational experience to students. If you opt in to receiving our newsletter, we may send our newsletters and other company information which you are free to unsubscribe to at any time. Student emails are not collected or used by the system and we do not communicate with students. Students can not interact with other students outside of the system. Teachers can not use the system to communicate with students.

Use of Cookies and Other Tracking Devices

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be
able to use some portions of our sites.

We do not use any tracking devices to track your usage of the Internet on other sites not operated by other sites. If you are a registered user this may include your name and email address for verification purposes.

Security

We strive to maintain security policies and procedures that are designed to protect your information. Our servers are located in a secured, locked, and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, U.S.-based, off-site data center.

We apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to encrypt data in transit between the server and the browser. We also encrypt the data at rest. FableVision Learning uses Amazon RDS (relational database service) for this.

Governance policies and access controls are in place to ensure that the information of each district, school, or other subscriber is separated, and all subscribers can only access their own data. Only limited FableVision Learning personnel and/or contractors have access to the database, and personnel only access it when necessary to provide services.

We follow standardized and documented procedures for coding, configuration management, patch installation, and change management for all applicable servers.

While we strive to maintain industry-standard privacy and security practices, it should be noted that no industry system is fail proof, and we are not responsible for security incidents not reasonably foreseeable or reasonably within our control.

In the event of unauthorized access to Personally Identifiable Information, we will notify the affected subscriber(s) in accordance with applicable law, and as appropriate, coordinate with the subscriber to support notification of affected individuals, students, and families.

Data Breach Protocol

In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by FableVision we will provide notification to all users within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In
such an event, notification shall be made within a reasonable time after the incident. We will follow the following process:

(1) The security breach notification described above shall include, at a minimum, the following
information to the extent known:

i. The name and contact information

ii. A list of the types of personal information that were or are reasonably believed to have
been the subject of a breach.

iii. If the information is possible to determine at the time the notice is provided, then
either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date
range within which the breach occurred. The notification shall also include the date of the
notice.

iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and

v. A general description of the breach incident, if that information is possible to determine
at the time the notice is provided.

(2) We agree to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.

(3) We have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide, upon request, with a
summary of said written incident response plan.

To Exercise Your Rights

FableVision Learning is used in schools at the direction of our customers. In addition, we are obligated under FERPA to remain under the direct control of our customers with respect to our use and maintenance of student personal information that is part of the education record. As such, if you use FabMaker Studio, Zoombinis, Animation-ish, Fractions Quest, or Bajillions through a school account and wish to exercise your rights in respect to student personal information, please contact your education institution and we will work with them to facilitate your request.

All other users and visitors may exercise these rights by:

• Calling us at phone number: 1-800-828-0017
• Emailing us at info@fablevisionlearning.com
• Or mailing us at P.O. Box 1242 - Dedham, MA 02027

Your exercise of the above rights is subject to certain exemptions to safeguard the public interest and our interests. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if and why we are unable to fulfill your request.