Effective June 22, 2020
The Summit Learning Program is a personalized approach to teaching and learning inspired by the vision to equip every student to lead a fulfilled life. T.L.P. Education ("Summit Learning" "we","us" and "our"), a California nonprofit public benefit organization and a 501(c)(3) nonprofit organization, operates the Summit Learning Program (the "Program"), including the Summit Learning Platform located at www.summitlearning.org (the "Platform").
The Learning Services (defined below) are designed to facilitate strong relationships between teachers and students through real-time data about progress towards goals, access to ongoing feedback, and access to a wide range of learning resources that enable students to build on what they learn from the teacher by self-directing some of their learning, too.
We are signatories to the Future of Privacy Forum's and SIAA's Student Privacy Pledge ("Student Privacy Pledge").
Summit Learning does not place ads in its Services or use information that we collect for ad purposes, including for behaviorally-targeted advertising purposes. We do not, and will not, make or seek to make money from students or their schools, teachers, or parents. We do not, and will not, sell, rent or lease student personal information.
1. Contract and Services
3. Users of the Learning Services
For Student Users, we define personal information as information that alone, or in combination with other, non-personal information would allow someone to identify or contact the child. This includes all information considered to be "personal information" under the Children's Online Privacy Protection Act ("COPPA") or "personally identifiable information" under the Family Educational Rights and Privacy Act ("FERPA"). For more information on COPPA please see section 5 below.
3.1. Information We Collect
Information Provided Directly to Us
Licensed Users or their Partner School may choose to provide us personal information and Partner Schools may direct that personal information be provided to us by others for use in connection with the Program. Examples of such information include the following:
Account Sign-Up and Profile Information
- Contact information such as full name and email address;
- Username and password; and
- Teacher information, including, but not limited to, name and years of experience.
Class and Student User Information
- Class rosters, homeroom, and grade level;
- Student name;
- Student email address;
- Student identification numbers such as school identification number or school information system identification number;
- Student record information such as attendance, suspension, and expulsions;
- Student demographic data, including date of birth, gender, ethnicity or race, and socioeconomic status;
- Student subgroups, such as English learners;
- Student subgroups, such as students with disabilities;
- Mentor observations;
- Student outcome information such as grade level promotion and matriculation, AP and IB test information, college admission test scores, college eligibility and acceptance, and employment; and
- Academic or extracurricular activities a student may belong to or participate in.
Course Information and Student User Scores
- Course data including coursework in applicable media (e.g., video, audio, text and images) and course progress;
- Student scheduled courses;
- Test scores, grades, standardized test results (such as NWEA MAP, SBAC, etc.), and teacher feedback on coursework; and
- Teacher curricula and notes and feedback to or about students.
- Names, mobile phone numbers and email addresses of parents/legal guardians, if provided to us by the Partner School or the parent/legal guardian.
- Answers to surveys about the Services or curricula; and
- Feedback, suggestions, questions, and ideas submitted to us.
- Account Sign-Up and Profile Information
- Information We Collect Through Services Engagement
- Information Received from External Sources
- Information We Do Not Seek to Collect or Store
We may collect certain information from Users' and Visitors' computers and devices as they use or engage with the Services, such as Internet protocol (IP) addresses and other identifiers that are automatically assigned to a User's or Visitor's computer or device, browser type, operating system, and Internet service provider. We also collect the date and time of your use of the Services, and information about the links clicked and pages viewed within the Services. We collect this information to better distinguish users of the Services, which helps us to better secure our Services, understand which of our content and features users find valuable and, for Licensed Users, to provide personalized Services.
We do not seek to collect sensitive information about students, such as precise location or biometric data. If we become aware that such information has been provided, we will delete it within a reasonable time of such awareness or get school or parent consent to keep it if it is reasonably necessary for the Program.
3.2. We Limit The Use Of The Information We Collect
We use the personal information we collect from the Learning Services for educational purposes as directed by Partner Schools, including to:
- Provide curricula choice or recommendations;
- Drive learning engagement and progress via content suggestions to Users;
- Maintain the security of the Services, troubleshoot, and perform audits;
- Administer surveys, studies, and interviews;
- Operate, develop, analyze, evaluate, and improve the Services;
- Communicate with Users in connection with providing the Services;
- Send parents/legal guardians who are Users informational alerts or other communications via SMS or email messages (see Section 9 ("How We Communicate with You") for information on how to manage or opt-out of communications);
- Evaluate the efficacy of the Services and Program;
- Perform other activities requested by Partner Schools for educational purposes or with the consent of a parent or legal guardian or Student User of the age of majority;
- Protect or defend the rights, safety, or property of Summit Learning, Partner Schools or Users, or to comply with any law enforcement, legal, or regulatory process;
- De-identify the information for other Summit Learning purposes; or
- Comply with applicable laws.
In addition, we de-identify personal information and use de-identified information for other purposes, including research and product improvement. We consider "de-identified" information to be information that has all direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact an individual. This includes, but is not limited to, persistent unique identifiers, name, ID numbers, date of birth, and school ID.
To be clear, we will not:
- Include ads in the Services;
- Use personal information collected through the Services for advertising, including for behaviorally-targeted ads;
- Seek to make money from students or their schools, teachers, or parents through the Services;
- Use the personal information we collect from Users for marketing purposes (but may ask Users to participate in surveys or provide feedback regarding the Services);
- Get paid to make recommendations to students or use (or authorize Service Providers (defined in Section 3.3 below) to use) the personal information we collect from students for advertising purposes, including behaviorally-targeted advertising purposes. [Note: Our personalized learning may include recommendations for further learning resources, including some resources provided by others.];
- Sell, rent or lease (or authorize Service Providers to sell, rent or lease) any personal information we collect from Student Users for any purpose – including for advertising and marketing purposes;
- Use (or authorize Service Providers to use) the personal information we collect from Users for the creation of commercial products or services; or
- Use information collected from Student Users for any purposes other than educational purposes of our Partner Schools unless we have de-identified the information such that it cannot reasonably be linked to an identifiable Student User.
3.3. We Limit How Information Is Shared
We only share information:
- With the Partner Schools and other Licensed Users within a school as authorized by the Partner School and for the Partner School's educational purposes. The Learning Services do not include features that make Student User personally identifiable data publicly available.
- With a Student User's parent/legal guardian as authorized by the Partner School or as required by applicable law.
- With Service Providers who help us develop and provide the Services. The list of our Service Providers ("Service Providers"), may be updated from time to time. We use Service Providers for tasks such as document management; data hosting; and provisioning customer service tools related to the Learning Services. We do not and will not grant Service Providers the right or permission to use your personal information beyond what is reasonably necessary to assist us in providing the Services. We include protections for personal information in our Service Provider contracts, including contractually prohibiting them from selling personal information, or using it for any purpose other than providing services to us. We also require Service Providers to implement reasonable security practices in accordance with the Data Privacy Addendum. You can learn more about our security practices in our Security Whitepaper ("Security Whitepaper").
- With others as required to comply with any law enforcement, legal, or regulatory process (e.g., warrants, subpoenas, court orders), or other applicable laws and regulations. In such cases, to the extent permitted by law, we will attempt to provide the Partner School or parent/legal guardian (as applicable) with notice of such legal request prior to complying with respect to requests for Student User personal information.
- With successors in connection with a change to our organization. We along with other Student Privacy Pledgers have committed to protect Student User personal information in the event an acquisition, sale or reorganization our Summit Learning results in a transfer of personal information to a successor entity.
- With third parties, if directed or authorized by the Partner School or with parental consent, to the extent permitted by law and subject to our User Agreement.
In the event we wish to demonstrate how the Program is used or its efficacy, or otherwise provide information or marketing materials related to the Program (collectively, "Information Purposes"), we will only share de-identified information. We may share aggregated and/or non-personally identifiable information publicly (such as statistics about visitors, and traffic patterns). We will not share personal information for such Information Purposes.
4. We Support Parent Engagement
We support and encourage the involvement of parents and guardians in their Student Users' education. Parents, legal guardians, and Student Users may, at any time, make a request for access, review, correction or deletion of personal information in the Services by contacting the appropriate official at the Student User's Partner School. If the Partner School determines that the request should be implemented, the Partner School may either make the change themselves or ask us to make such change. We will use commercially reasonable efforts to process such requests in a timely manner consistent with applicable law.
5. Student User's Personal Information
All students who use the Program will be enrolled in a Partner School that has signed a Program Agreement to participate in the Program, including the Learning Services. Pursuant to each Program Agreement (including the Data Privacy Addendum), each Partner School has consented to our practices regarding the collection, use, and disclosure of personal information from Student Users as permitted by law.
Prior to a student accessing the Learning Services, the Student User's teacher or Partner School administrator must create the Student User's account on the Learning Services. When the Partner School administrator or teacher registers its students, we rely on consent obtained from Partner Schools acting as an agent of the Student User's parent or legal guardian. For more information, please see our FAQs including our commitment to the Student Privacy Pledge.
COPPA governs the collection of certain information from children under the age of 13 ("child" or "children"); for more information about COPPA and generally protecting children's online privacy, please visit the Federal Trade Commission COPPA FAQs and OnGuard Online. While COPPA does not directly apply to non-profit organizations such as Summit Learning, we voluntarily comply with COPPA's guidelines regarding students under the age of 13 as part of our commitment to transparency with parents regarding the collection and use of their child's data.
For more information about how we protect student information, see Section 12.
6. Security and Accuracy of Personal Information
The security of personal information from our Users is important to us, and we work hard to protect it from unauthorized access and use. In an effort to prevent unauthorized access, disclosure, or improper use of User information, and to maintain data accuracy, we have established physical, technical, and administrative safeguards designed to protect the personal information we collect. For additional technical details regarding Summit Learning's security programs and measures, please see our Security Whitepaper.
We're constantly evolving our security procedures as technology changes, but our security procedures at a minimum include the following:
- We restrict access to personal information to authorized Summit Learning employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations. Employees and contractors ("Staff") are subject to discipline if they fail to meet these obligations;
- We require our Service Providers with which we share Student User personal information to employ industry standard data protection and security protocols;
- We use identification and authentication methods such as multi-factor authentication;
- We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information;
- We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored;
- We maintain a data backup and recovery capability designed to ensure a timely and accurate restoration of personal information;
- We maintain a secure software development lifecycle with industry standard security practices designed to establish secure application(s), network, and infrastructure architectures;
- We maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of the Learning Services;
- We regularly provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response;
- We employ trained incident handling professionals with experience in security incident and event monitoring;
- We perform application security testing (including penetration testing) and conduct security risk assessments focused on the identification and remediation of risks. Any identified security vulnerabilities will be remediated in a timely manner;
- We implement oversight and governance procedures for security risks, including a vulnerability disclosure program and mandatory reviews of any incidents affecting the Summit Learning Platform.
We regularly develop and implement features to help keep personal information safe. You can find more information about our technical practices in our Security Whitepaper. Should you discover any security bugs or vulnerabilities in our Services or have any questions regarding our data practices, please contact our team at firstname.lastname@example.org.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practice can be 100% guaranteed. The security of personal information can be compromised by outages, attacks, human error, system failure, unauthorized use or other factors at any time. If we learn of a breach of your personal information, we will provide notice which will include information required by applicable law.
For additional information on our security practices, please visit our FAQs.
7. Data Retention
We will only retain personal information, including personal information from Users, for a limited time. If a Partner School leaves our Program or requests removal of any personal information, we will promptly direct our Staff to delete, dispose of, or de-identify the personal information. We will delete, dispose of, or de-identify the personal information in a commercially reasonable amount of time following such Partner School request unless, consistent with applicable law, there is a legitimate reason to retain such personal information. Our normal retention period will not apply if we have consent to retain such information or if we are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, protect the safety and security of our Users or our Services, or enforce the User Agreement, Program Agreement, including the Data Privacy Addendum, or any posted guidelines, policies or rules applicable to specific features of the Services.
If you are a User (or parent/legal guardian of a Student User that is under the age of 18) and wish to have personal information removed from the Learning Services, please contact your Partner School and review the information in Section 8 ("Partner Schools Can Delete Information").
For additional information relating to deletion and retention policies, please see our FAQs.
8. Partner Schools Can Delete Information
Partner Schools may request the review or deletion of their Student User information in the Services. We will delete or de-identify such information in a commercially reasonable amount of time in compliance with applicable law, unless we otherwise have consent to retain such information or are required to retain such information to comply with our legal obligations or law enforcement requests, resolve disputes, or enforce the User Agreement, Program Agreement (including the Data Privacy Addendum), or any posted guidelines, policies or rules applicable to specific features of the Services.
9. How We Communicate with You
If you created an account on the Services (or otherwise provided an email address or phone number to us, or otherwise opted-in to receive communications from us), we may send you messages related to the Services, including regarding your account, privacy and security notices, updates and information regarding the Program, including the Learning Services. These communications may be sent through SMS, push notifications, email, telephone calls, and postal mail. [Note: Standard carrier fees may apply to messages sent to your mobile devices.] If you have an account with us, we'll also use your contact information for customer service purposes, or to contact you for legal matters or purposes. We may receive a confirmation when you open an email from us if your device supports it.
If, as a parent/legal guardian of a Student User, you provided contact information to your school, your account ("Parent Account") will be set up by your Student User's teacher or Partner School. At the direction of the Partner School, we may send an invitation to you to log in to your Parent Account via the contact information that your Student User's teacher or Partner School provided to us to set up your Parent Account. The invitation may be sent via email or SMS text message. [Note: Your carrier may charge you fees for text messages.] We may also send you informational text messages, including, but not limited to, messages: (1) providing information related to your child's use of the Services; (2) supplying information that you request; or (3) responding to your inquiries regarding your account or use of the Services. If, as a parent/legal guardian of a Student User, you provide your telephone number to your Student User's Partner School, you are consenting to Summit Learning (on behalf of and at the direction of your child's Partner School) sending informational text messages related to the Partner School's mission. If, as a parent/legal guardian, you would prefer not to receive our communications, you may opt-out using the instructions contained in these communications.
10. We Are Transparent About Changes
11. We Want To Hear From You
You can learn more about T.L.P. Education and about the Summit Learning Program in our FAQs.
You can also reach us by emailing or writing to the contact information provided in this Summit Learning Help Center Article.
12. Useful Information Regarding Student Data
- What Information Does Summit Learning Collect from Students and How Does Summit Learning Use the Information?
- Classwork, for example: project submissions (including documents and other media), assessment responses, and academic goals;
- Communications with teachers and mentors, for example: responses to teacher feedback, free-form notes, and requests for guidance; and
- Non-academic information, for example: college and career interests, college preparation artifacts (essays, letters of recommendation), reflections on academic progress and other self-assessments, anonymous survey responses, and offers to tutor peers.
- What Student Information is Visible to Others?
The Learning Services limit access to each Student User's account and the content thereon to the Student User, the Student User's parents/legal guardians, teachers, school administrators, and other teachers in the Student User's Partner School (depending on the setting selected by the Partner School's administrator). Accordingly, the Learning Services do not permit any Student User's account or the content and grades thereon to be viewed or accessed by the general public.
- How Long Do You Keep a Student's Information?
Please see Section 7 ("Data Retention"). If you are a parent or legal guardian of a Student User under the age of 18 and you wish to have a Student's personal information removed from the Learning Services, please contact your Partner School.
- What Parental Choices are there?
Please see Section 4 ("We Support Parent Engagement").