BRIGHTBYTES PRIVACY POLICY
This Privacy Policy describes our collection, use, and sharing of personal information collected through our websites, BrightBytes Platform, and other online products and services, (collectively, the “Services”), as well as when you reach out to us for customer support purposes, or otherwise interact with us.
A note about Student Data: BrightBytes provides applications and software on our BrightBytes Platform to assist school districts, schools, and other educational partners (collectively referred to as “Schools”) in accessing, using and analyzing data with the goal of improving student learning outcomes. During the course of offering certain Services to our School customers, we may have access to the personal information relating to students, primarily as provided to us by Schools and we process Student Data solely on the instructions of Schools. When we refer to “Student Data,” we mean information provided to BrightBytes which personally identifies a current or former student, such as their name, email address, or attendance information, or other data that can be reasonably linked to such information by BrightBytes. Student Data may include information contained in “educational records” as defined in the Family Educational Rights and Privacy Act.
While this Privacy Policy provides information about Student Data that we generally collect, use, and disclose as a part of providing the Services to Schools, those activities are controlled by our School. Customers and students or parents with specific questions about what Student Data we process for a specific School should direct those questions to their school or educational institution.
Capitalized terms that are not defined in this Privacy Policy have the meaning given them in our Terms of Use.
Click on the links below to jump to each section:
1. What Information We Collect
2. How We Use Your Information
3. How We Disclose Information About You
4. How We Store and Protect Information About You
5. Your Choices
6. Children’s Privacy
7. Links to Other Websites and Services
8. Retention and Deletion of Information about You
9. U.S. State Privacy Law Requirements
10. How to Contact Us
11. Changes to the Privacy Policy
1. WHAT INFORMATION WE COLLECT
We collect the following types of information:
Information you provide to us directly: We ask for certain types of personal information when you correspond with us, request a demo, fill out a survey, or otherwise engage with us through the Services, including your name, school name, school district, email address, username and password, phone number, and survey responses. We may also collect personal information when you correspond with us via email.
Information collected through technology: Like most websites and online services, we automatically collect certain types of usage information when you visit our Website. This information is typically collected through cookies, log files, web beacons, and similar tracking technology (collectively, “cookies”). These cookies collect information about how you use the Website (e.g., the pages you view, the links you click, and other actions you take on the Website), information about your browser and online usage patterns (e.g., Internet Protocol (“IP”) address, browser type, browser language, referring / exit pages and URLs, pages viewed, whether you opened an email, links clicked), and information about the device(s) you use to access the Website (e.g., mobile device identifier, mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, and, depending on your mobile device settings, your geographical location data at the city, state, or country level ). In addition, we may also use clear gifs in HTML-based emails to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Website. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Website.
Information collected from Schools: BrightBytes has access to Student Data only as provided by the School in order to perform the Services. The type of Student Data we collect will depend on how the School uses the Services and the particular Services we provide to the School, but could include information relating to the individual student and the student’s educational record, such as a name, student ID numbers, grades, and coursework. In some instances, the Student Data we receive may include information that is considered sensitive information under applicable laws. From time to time, and at the direction of the school, we may collect information from other sources, including from non-school sources or from the students themselves. If we combine or associate information from other sources with Student Data we collect through the Service, we will treat the combined information as Student Data under our policies and agreements, including under this policy. Please talk to your school if you have additional questions about the type of Student Data the school provides to BrightBytes.
2. HOW WE USE YOUR INFORMATION
We use your information to: operate, maintain, provide, and improve the features and functionality of the Services and to communicate with you; assist you; protect you, our users, the public, and our affiliates; comply with legal obligations; and other purposes with your consent or at your direction. We may also aggregate and anonymize your data to eliminate personal details.
We use or may use information collected through cookies, log files, device identifiers, and clear gifs information to: (a) remember information so that you do not have to re-enter it on subsequent visits; (b) to provide and monitor the effectiveness of our Website; (c) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Website; (d) diagnose or fix technology problems; and (e) otherwise plan for and enhance our Website.
All Student Data that we have access to, if any, is owned and controlled by the Schools. We use such data to provide the Service to the School and for other limited purposes permitted by our agreements with the Schools, such as to evaluate, improve, and develop our products, applications and services. We will never use Student Data for marketing purposes or to engage in targeted advertising.
3. HOW WE DISCLOSE YOUR INFORMATION
BrightBytes only discloses your information in a few limited circumstances, described below. We do not rent or sell personal information for any purpose, without exception.
We may disclose information in the following ways:
• As needed to perform the Service, including at the direction of a School and as authorized by our contract with the School. For example, information including Student Data, will be disclosed between and among authorized School users and School administrators who access the Service under the same Agreement, but only for the purpose of providing the Service purchased by the School. This sharing may depend on the settings and functionality selected by the School.
• We may disclose information with our trusted vendors, third party service providers and other individuals who perform services on our behalf (e.g., accountants, mailing houses, hosting providers), but only if such providers have a need to access such information for the purpose of carrying out their work for us and do so under confidentiality and data security terms.
• BrightBytes is a Google company and we may disclose with other companies and brands owned or controlled by Google, which also includes Google’s subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies may use your personal information in the same way as we can under this Policy;
• We may be required to disclose information with law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our Terms of Use, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our visitors.
• In the event of a change of control: If we sell, divest or transfer the business or a portion of our business, we may transfer information, provided that the new provider has agreed to data privacy standards no less stringent than our own. We may also transfer personal information – under the same conditions – in the course of mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of our business.
• With your consent or at your direction.
Third Party Tracking and Online Advertising: We may permit third party online advertising networks to collect information from visitors to our Website (https://brightbytes.net) to provide customized content, advertising and commercial messaging to you from time to time on other websites or services. Typically, the information is collected through cookies or similar tracking technologies. You may be able to set your browser to reject cookies or other tracking technology by actively managing the settings on your browser or mobile device. To learn more about cookies, clear gifs/web beacons and related technologies and how you may opt-out of some of this tracking, you may wish to visit http://www.aboutads.info/choices/ or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org. Please note that although we may permit third party advertising partners to collect information on our Website for the purpose of sending targeted advertisements, our Website is not directed to Students. We do not use Student Data for marketing or targeted advertising purposes.
4. HOW WE STORE AND PROTECT INFORMATION ABOUT YOU
Storage and processing: Your information collected through the Website may be stored and processed in the United States or any other country in which BrightBytes or its subsidiaries, affiliates or service providers maintain facilities.
Keeping information safe: BrightBytes maintains industry standard administrative, technical and physical procedures to protect information stored in our servers, which are located in the United States.
5. YOUR CHOICES
You can opt-out of receiving promotional email from us by clicking on the “unsubscribe” feature at the bottom of each email.
If you have any questions about reviewing, modifying or deleting your information, contact us at brightbytes-privacy@google.com.
You may be able to disallow cookies to be set on your browser. Please look for instructions on how to delete or disable cookies and other tracking/recording tools on your browser’s technical settings. You may not be able to delete or disable cookies on certain mobile devices and/or certain browsers. For more information on cookies, visit www.allaboutcookies.org. Remember, disabling cookies may disable many of the features available on the Website, so we recommend you leave cookies enabled.
Student Data is provided and controlled by the Schools. If you have any questions about reviewing, modifying, or deleting a student’s Student Data, please contact your school directly.
6. CHILDREN’S PRIVACY
BrightBytes collects information from children only at the direction of a school or educational institution for the purpose of providing the BrightBytes Service. Please contact us at brightbytes-privacy@google.com if you believe we have inappropriately collected information from a child under 13.
7. LINKS TO OTHER WEBSITES AND SERVICES
From time to time, we may provide links to third parties from our Website. We are not responsible for the practices employed by websites, applications or services linked to or from our Website. We recommend that you review the privacy policies of third party sites or services before providing any information to them.
8. RETENTION AND DELETION OF YOUR INFORMATION
We retain information about you for different periods of time depending on the type of data, how we use it, and the nature of the Services we are providing to you. When we no longer need the information, we delete or anonymize it.
For each type of information, we set retention timeframes based on the purposes for which we process it, and ensure that the information is kept for no longer than necessary. In some cases, some information about you may be kept for longer periods where there is a business need. We also generally have longer retention periods (which can be over a year) for information about you that is kept for the following purposes:
Security, fraud and abuse prevention. We retain information when it is necessary to protect against fraudulent attempts to gain access to user accounts, or to investigate violations of applicable agreements. Usually, the information retained where there is reason to suspect fraud or abuse would include information such as device identifiers and IP addresses, as well as log data about usage of the Services.
Complying with legal or regulatory requirements. We retain information about you when required by an enforceable legal process, such as when BrightBytes receives a lawful subpoena.
Complying with tax, accounting or financial requirements. When you make a payment to BrightBytes, we retain information about those transactions (including billing information), typically for a minimum of five years, as required for tax or accounting purposes, or to comply with applicable financial regulations.
At the end of the applicable retention period, we follow detailed protocols to make sure that the information about you is securely and completely deleted from our active systems (the servers BrightBytes uses to run applications and store data) or retained only in anonymized form. After completion of these steps, copies of information will remain for a limited period in our encrypted backup systems (which we maintain to protect the information from accidental or malicious deletion and for outage and disaster recovery purposes), before being overwritten by new backup copies.
9. U.S. STATE PRIVACY LAW REQUIREMENTS
Some U.S. state privacy laws like the California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA) require specific disclosures for state residents.
This Privacy Policy is designed to help you understand how we handle your information:
● We explain the categories of information we collect and the sources of that information in “What Information We Collect”.
● We explain how we use information about you in “How We Use Your Information”.
● We explain when we may disclose information about you in “How We Use Your Information”. BrightBytes does not sell personal information about you to any third parties. BrightBytes also does not “share” your personal information as that term is defined in the CCPA.
● We explain how BrightBytes retains information about you in “Retention and Deletion of Your Information”.
State laws like the CCPA and VCDPA also provide the right to request information about how BrightBytes collects, uses, and discloses your personal information. And they give you the right to access and correct your personal information, and to request that BrightBytes delete that personal information.
To exercise your rights or if you have questions under these state laws, you (or your authorized agent) can reach out to us at brightbytes-privacy@google.com. Please note that we will validate your request by verifying your identity (for example, by asking for information about your interactions with us). If you disagree with the decision on your request, you can ask BrightBytes to reconsider it by responding to our email.
The CCPA also requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Privacy.
Categories of personal information we collect
Identifiers and similar information such as your username, password, name, phone number, and address, as well as unique identifiers tied to the browser, application, or device you’re using to access the Services.
Demographic information, such as your preferred language and age.
Commercial information such as records of charges, payments, and billing details and issues.
Technical and operational details of your usage of the Services, such as information about your usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain the Services and related software. This includes device identifiers, identifiers from cookies or tokens, and IP addresses.
Inferences drawn from the above, like aggregated performance metrics for a new product feature to determine product strategy.
Education information such as student names, contact information, roster data, and student records.
Professional or Employment-related information such as business contact information, corporate roles, and title.
Business purposes for which information may be used or disclosed
BrightBytes processes personal information for the following purposes:
Protecting against security threats, abuse, and illegal activity. BrightBytes uses and may disclose personal information to detect, prevent and respond to fraud, abuse, security risks, and for protecting against other malicious, deceptive, fraudulent, or illegal activity. For example, to protect our Services, BrightBytes may receive or disclose information about IP addresses that malicious actors have compromised.
Auditing and measurement. BrightBytes uses personal information for analytics and measurement to understand how our Services are used, and to provide you and our customers with recommendations and tips. We may disclose non-personally identifiable information publicly and with partners, including for auditing purposes.
Maintaining our Services. BrightBytes uses personal information to provide our Services and related technical support, and other services you request, and ensure they are working as intended, such as tracking outages or troubleshooting bugs and other issues that you report to us.
Product development. BrightBytes uses personal information to improve our Services and other services you request, and to develop new products, features and technologies that benefit our users and customers.
Use of service providers. BrightBytes discloses personal information with service providers to perform services on our behalf, in compliance with this Privacy Policy and other appropriate confidentiality and security measures. For example, we may rely on service providers to help provide technical support.
Legal reasons. BrightBytes also uses personal information to satisfy applicable laws or regulations, and discloses information in response to legal process or enforceable government requests, including to law enforcement.
Parties with whom information may be disclosed
We do not disclose personal information to non-affiliated companies, organizations, or individuals except in the following cases:
With your consent or at your direction. We will disclose personal information with third parties where we have obtained your consent or at your direction.
With your administrators and authorized resellers and co-ops. When you use our Services, your administrator and resellers and co-ops authorized to sell our Services to you or manage your or your organization’s account will have access to certain personal information.
For external processing. We disclose personal information to trusted third party providers to process it for us as we instruct them and in compliance with this Privacy Policy and appropriate confidentiality and security measures. In particular, we disclose personal information with our third party providers when you request technical support services (we disclose the information you provide in the support ticket) and professional services (we share your contact details to enable communication and collaboration).
For legal reasons. We may disclose personal information outside of BrightBytes when we have a good-faith belief that access to or disclosure of that information is reasonably necessary to:
Comply with applicable law, regulation, legal process, or enforceable governmental request.
Enforce applicable agreements, including investigation of potential violations.
Detect, prevent, or otherwise address fraud, security, or technical issues.
Protect against harm to the rights, property or safety of BrightBytes, our customers, users, and the public, as required or permitted by law.
10. HOW TO CONTACT US ABOUT THE WEBSITE
If you have any questions about this Privacy Policy or the Website, please contact us at brightbytes-privacy@google.com.
11. CHANGES TO THE PRIVACY POLICY
BrightBytes may modify or update this Privacy Policy from time to time so you should review this page periodically. When the Privacy Policy changes, we will note the effective date below. When we change the policy in a material manner we will provide notice on the website.
Our use of Student Data is governed by our Agreements with Schools and we will not make any changes to our privacy practices involving Student Data which would be inconsistent with those contractual requirements without the consent of the School.
