“personally identifiable information will be stored and processed in Canada, in full compliance with the British Columbia Personal Information Protection Act (PIPA), the Canada Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the British Columbia Freedom of Information and Protection of Privacy Act (FOIPPA) and the U.S. Family Educational Rights and Privacy Act (FERPA).”
The page next defines what “personal information” includes. Personal information basically covers everything about a user (name, address, geographic location, date of birth, etc.) besides “aggregate” information which is data that helps them understand users without any identity attached to it.
Children under 13 are not allowed to use FreshGrade without parent consent. In addition to this, if FreshGrade ever discovers that a child under the age of 13 has been using FreshGrade without parental consent, they will delete any information of that student “as quickly as possible.” It does not clarify how long this may take.
Next, it goes through all of the information it can collect from users besides the obvious personal information. For example, they collect the IP address of the computer used to access FreshGrade, “your mobile device id, your computer’s operating system, the browser type, the address of a referring website, and the time and date of your visit and purchases.” Although these aren’t things would first come to mind as personal information, they treat this as personal information as well. Mostly, this information is collected through cookies, which you don’t have to accept, but your experience using FreshGrade will not be as complete as if you accept the cookies.
- General Services: This includes sharing information with other users as necessary, for example when a teacher shares information about students with their parents.
- Children’s Personal Information: This is used to create student account and send notifications to the parent or teacher about the student. The child’s personal information will be visible to the parent/guardian, the teacher, and possibly an administrator of the school.
- Aggregate Data: As mentioned before, aggregate data is not included in the definition of “personal information,” as it is not attached to any identity. This information is used for statistical data that can be shared, and to guide the updating of FreshGrade.
- Improve our Services: This one is fairly self-explanatory. They will use information to make their services better or to “detect, investigate and prevent activities that may violate our policies or be illegal.
There is also a mention of third party websites, such as Google Drive or YouTube that could share information with FreshGrade about users where applicable. In these cases, it is important users understand the policies of any third parties that they may be using in conjunction with FreshGrade.
FreshGrade briefly summarizes their security practices, including encryption and confidentiality agreements for their employees. They also make it clear that users should choose a secure password, as they are not responsible for anyone unauthorized accessing users’ accounts through their own computers or devices. Parents of children under 13 also have the right at any time to access any information about their child, or to direct FreshGrade to delete it.
As with any technology, bugs and other glitches could happen, which they mention could potentially cause a problem with privacy. There could also be problems with slow updating in the event that you change or delete an account, however these changes are typically immediately updated. Finally they state that this policy could change at any time and users will have to accept any changes to continue using their services.