LEGAL
Product Privacy Policy
At Blocksi, your privacy is our priority. We understand that your personal data is entrusted to use when you use our services, a responsibility we take very seriously. This Product Privacy Policy outlines our commitment to protect your information and use it responsibly. By using our services, you accept our privacy practices described herein. We encourage you to review this policy to stay informed about our privacy safeguards.
In this Product Privacy Policy, we have aligned our principles and practices to satisfy a broad spectrum of data protection and student privacy laws applicable across various jurisdictions. That said, we would like to take a moment to share a few philosophies that guide how we treat data and privacy here at Blocksi, now and in the future:
Data you provide us, or that is collected on your behalf, is owned entirely by you and will be available to you on demand as well as removed on demand.
We consider data a liability and only collect and share the minimum amount required to provide you with a great Service. We have made an effort to make this document as clear and easy to understand as we can, but if you have any questions, please do not hesitate to reach out at privacy@blocksi.net.
To Whom This Product Privacy Policy Applies
This Product Privacy Policy applies to our Customers who use the Blocksi Manager Education Everywhere (“Service”) as well as the End-Users of our Customers who interact with our Service. It is important to note that this Product Privacy Policy covers all Blocksi Products and Services, excluding those with their own separate policies that do not incorporate this Product Privacy Policy.
Some of these services such as YouTube Filtering use YouTube API services and by using our Services you agree to be bound by YouTube’s Terms
of Service and Google’s Privacy Policy.
Please note that this Product Privacy Policy does not apply to: Information submitted by job applicants to Blocksi Inc.; Entities or third parties that are not under our ownership or control, nor to individuals who are not employed or managed by us; individuals visiting or using our main website and the information they provide (for this, please refer to our Website Privacy Policy). Our Product Privacy Policy does not cover the information practices of other companies and organizations who may be using our services through API we may provide in the future.
What Data Do We Collect?
Please note that the specific elements shared with us are largely determined by our Customer preferences and requirements. Our platform is designed with flexibility in mind, allowing our Customers to choose the extent of information they wish to share. The following is an overview of the data elements typically shared with us by our Customers, with an emphasis on the optional nature of most data sharing.
If our Customer decides to use one of our features we will obtain specific information about a student’s parent(s) / guardian(s). This information may include parent(s) / guardian(s) First and Last Name (option to use pseudonyms, if approved by a School Administrator); Email Address, Telephone Number (optional).
We may collect the following information from our Customer: Organization related information (this information may include the School / School District / Organization Official’s Name, Email Address, School / School District / Organization Name, Address, Billing Address, number of devices, number of students); School Employee Information (this information may include First and Last name, Email Address, Organizational unit, Class name and applicable policy, IP address); Class List related information (this information may include the name of the specific class, the class period, the owner of class list, class chat message history); Other Information (if a Customer decides to contact us via telephone, email or other communication methods, we may collect additional information as provided by the Customer during the course of this interaction. This data collection will be based on the context and nature of the communication and will be used to address the specific needs or inquiries); License data (excludes personal information).
We may collect the following information from students through BMEE: Name, Email Address, School or System Identifier, Student domain, Student class attendance data, online communications that are captured (email, blog entries), Student school enrollment, Student grade level, Student First and / or Last Name, Organizational unit, Student generated content, writing, pictures, a student’s browsing history, online content, location information (IP address, State, in / out of School), device information. We collect personal information from students through BMEE products for the use and benefit of the Customer (School / School District / Other organization), and for no other commercial purpose.
How We Use Information We Collect
BMEE: We use the information we collected from all of our Services to provide, maintain, protect, and improve them, to develop new ones, and to protect Blocksi and our users.
We also use collected information to respond to any of your enquiries, and to fulfill your orders and requests. In addition, we use some of the collected data to analyze how you interact with our Services.
We use the collected information to comply with the law or legal proceedings. We also use anonymous and de-identified data to assess, improve, and develop our business, products, and services and for similar research and analytics purposes. Such information is generally not subject to the restrictions in this Product Privacy Policy, provided it does not identify and could not be used to identify a particular individual.
We do not sell Personal Student Information. We do not use Personal Student Information to target advertisements or market to students or anyone else or for any other purposes prohibited by the applicable legislation. We use your Personal Student Information only in accordance with the applicable data privacy laws and student privacy laws across different jurisdictions.
Return or Deletion of Customer Data
As per the Customer’s request, we are committed to deleting Student Personal Information both during and post the expiration of all Customers’ licenses for our Services, unless we are required to retain such information to comply with our legal obligations with law enforcement, resolve disputes, or enforce our agreements. Upon receiving the deletion instruction, we will take reasonable efforts to delete and / or de-identify such information in a commercially reasonable amount of time under applicable time. Upon license termination, we may also agree to return the School’s Personal Student Data. Similarly, we will follow the Customer’s documented instruction to return this data, making reasonable efforts to do so in a legally and commercially suitable time frame, unless retention is legally mandatory.
On termination of the Blocksi Manager Agreement due to Customer breaching its payment obligations or opting not to purchase the Services at the end of a free trial of the Services, we will delete all Customer Data from its systems within a maximum period of 180 days, unless applicable legislation or legal process prevents it from doing so.
Accessing and Updating Your Personal Data
We are committed to providing parents and guardians the ability to access their child’s web analytics and insights via the Parent Dashboard. Data inaccuracies can be promptly corrected or deleted, unless business or legal obligation necessitate retention. Prior to any changes, parent / guardian identity verification is required. Individuals above 18 years, including emancipated minors have equivalent access rights, subject to identity confirmation. Repetitive, technically complex, privacy compromising, or impractical requests may be denied. When feasible, we provide information access and correction free of charge, barring disproportionate efforts.
We provide a variety of user controls that enable Blocksi Manager for Education Everywhere users (administrator and guardians) to make meaningful choices about how long information is stored in Blocksi services. Depending on the settings enabled by the school, users can use the various controls described in the Privacy Policy, such as Blocksi activity controls, to manage their privacy and information. We provide additional information for parents, students, and administrators on the Blocksi Manager for Education Everywhere Privacy Center.
School Administrators can facilitate this process in the line with our Services’ functionality. To cease data collection or usage, parents or guardians may request service controls to restrict features or services, or completely delete a child’s account. Guidance for administrators on how to use service controls to accomplish this is available in the Help Center.
BMEE provides various user controls enabling meaningful decisions on data storage duration.
Information We Share
We do not share personal information with companies, organizations, and individuals outside of Blocksi, unless one of the following circumstances applies:
With Domain Administrators
If the Blocksi students analytics and filtering policies are managed for you by a Domain Administrator (for example, for Google Apps users) then your Domain Administrator and resellers who provide user support to your organization will have access to your Blocksi Account Information (including Web and YouTube Analytics). Your Domain Administrator may be able to:
- If the Blocksi students analytics and filtering policies are managed for you by a Domain Administrator (for example, for Google Apps users) then your Domain Administrator and resellers who provide user support to your organization will have access to your Blocksi Account Information (including Web and YouTube Analytics). Your Domain Administrator may be able to:
- Suspend or terminate your account access
- Access or retain and print information stored as part of your account
- Receive your account information in order to satisfy applicable law, regulation, legal process, or enforceable governmental request
- Restrict your ability to delete or edit information or privacy settings
Please refer to your Domain Administrator’s privacy policy for more information.
For External Processing
We do not provide personal information to any affiliates or other businesses or persons to process it for us.
For Legal Reasons
We will share personal information with companies, organizations, or individuals outside of Blocksi if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process, or enforceable governmental request
- Enforce applicable Terms of Service, including investigation of potential violations
- Detect, prevent, or otherwise address fraud, security, or technical issues
- Protect against harm to the rights, property, or safety of Blocksi, our users, or the public, as required or permitted by law
We may share non-personally identifiable information publicly and with our partners – like publishers. For example, we may share information publicly to show trends about the general use of our services.
If Blocksi is involved in a merger, acquisition, or asset sale, we will continue to ensure the confidentiality of any personal information as per this policy and as per any privacy pledge Blocksi has made. We will give affected users notice before personal information is transferred or becomes subject to a different privacy policy which would have to comply at a minimum with all the requirements made under the current and latest updated Blocksi privacy policy.
Information / Data Security
Please be aware that the data security measures outlined below provide only a high level overview of our data protection efforts. If you require a more comprehensive understanding of our security protocol and practices, please let us know at privacy@blocksi.net.
In particular:
- Secure, high-level encryption for data in-transit and at rest, with a comprehensive key management system
- Our data centers maintain an on-site security operation responsible for all physical data center security functions 24/7/365
- We continuously gather and analyze information regarding new and existing threats and vulnerabilities, actual attacks on the institution or others, and the effectiveness of the existing security controls
- Our personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. We provide periodic security and privacy training to those of its employees who operate or have access to the system. Personnel handling customer personal data are required to complete additional requirements appropriate to their role (e.g., certifications)
- We have appointed a Data Protection Officer available to address data requests, provide assistance, and answer questions about privacy and security
- Our employees dealing with personal information are carefully screened to ensure that data remains in safe hands. Additionally, all of our employees and contractors sign strict nondisclosure agreements and must acknowledge receipt of, and compliance with, Blocksi’s confidentiality and privacy policies to prevent the release or misuse of any confidential data
- We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems
Data Privacy
We are committed to complying with all applicable data protection laws and regulations, including: Family Educational Rights and Privacy Act (FERPA); Children’s Online Privacy Protection Act (COPPA); General Data Protection Regulation (GDPR); applicable rules on data breach notification, applicable student data protection laws and other relevant State or Local regulations. In an effort to consistently uphold compliance and respond efficiently to potential amendments in privacy legislation, we commit to routinely revising and modernizing our privacy practices. We will protect and safekeep all of the Customer Data to the same or a higher degree of care that Blocksi takes with respect to its own information and data and as described in all applicable laws.
In the event that we receive a Data Subject Request from a Customer’s End-User, in accordance with applicable laws, we will promptly notify the Customer of the Request. Customer will be responsible for fulfilling such request, and we will provide Customer with any information necessary for Customer to fulfill the request, in a timely and reasonable manner.
We may anonymously compile statistical information related to the performance of the Service for purposes of improving the Service, but only if such information does not identify the data as Customer’s or otherwise include Customer’s or End-User’s name.
Additional Limitations
Despite our best efforts, no security measures are perfect or impenetrable. In this regard, we are not responsible for events or conditions beyond our reasonable control to the extent that they relate to or impact the obligations assumed, or commitments made. However, in the event of any data breach or other violation of this Product Privacy Policy caused by factors outside of our reasonable control, we will comply with all applicable laws in this regard, including those requiring notification in the event of certain defined data breaches.
Changes to the Product Privacy Policy
We reserve the right to amend this Product Privacy Policy from time to time, to reflect how we are processing your data. The most recent update date for this Product Privacy Policy will be displayed at the bottom of the page. In accordance with relevant laws, we will implement changes only after providing notification and / or obtaining your consent prior to any significant modifications to our Product Privacy Policy affecting you. We also keep all the prior versions of this Product Privacy Policy in an archive for your review.
Contact
If you have any concerns or questions about this Product Privacy Policy, please contact our Data Protection Officer by email to privacy@blocksi.net or by post to our current registered office (228 Hamilton Avenue, Palo Alto, California 94301, USA), marked for the attention of “The Legal Department”.
This Product Privacy Policy was last updated in July 2023.