Key Terms and Definitions
Cookies and similar technologies
Non-Personally Identifiable Information
An application data cache is a data repository on a device. It can, for example, enable a web application to run without an internet connection and improve the performance of the application by enabling faster loading of content.
Behaviorally-Targeted advertising is defined by the Digital Advertising Alliance (DAA) as "the collection of data online from a particular computer or device regarding Web viewing behaviors over time and across non-affiliate Websites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on preferences or interests known or inferred from the data collected." Behaviorally-Targeted Advertising does not include i) Contextual Targeting; ii) advertising or marketing to an individual in response to that individual's specific request for information or feedback; or iii) processing personal information solely for measuring or reporting advertising performance, reach or frequency.
This definition has largely been accepted by the Federal Trade Commission, and is described in similar fashion in its Self-Regulatory Principles for Online Behavioral Advertising. This type of advertising is precluded by the Children’s Online Privacy Protection Act (COPPA) for children under 13 without prior, verifiable parental consent, as well as by the existing self-regulatory advertising groups, including DAA and the Network Advertising Initiative (NAI).
*Also see the definition of targeted advertising in the Colorado Student Data and Transparency Act here (and below) as an example, with similar definitions in many other state student privacy laws, as well as our Student Data Protection Addendum for more information on the prohibition of using Student Data for targeted advertising to students.
Colorado Student Data Transparency Act:
"Targeted advertising" means selecting and sending advertisements to a student based on information obtained or inferred over time from the student's online behavior, use of applications, or personally identifiable information. "Targeted advertising" does not include: (a) advertising to a student: (i) at an online location based on the student's current visit to that location or in response to the student's request for information or feedback; and (ii) without the collection and retention of a student's online activities over time; (b) adaptive learning, personalized learning, or customized education; or (c) with the consent of a student or the student's parent, using the student's personally identifiable information to identify for the student institutions of higher education or scholarship providers that are seeking students who meet specific criteria.
Contextual Targeting (also referred to as Contextually relevant advertising) is defined by DAA as advertisements that are delivered “based on the content of a Web page, a search query, or a user’s contemporaneous behavior on the Web site.” NAI expands a bit further explaining, “the ad selected depends upon the content of the page on which it is served, or ‘first party’ marketing in which ads are customized or products are suggested based on the content of the page or users’ activity on the page (including the content they view or the searches they perform).”
The FTC echoes this in policy statements and in comments surrounding COPPA. There, the FTC notes that Contextual Targeting, “is more transparent and presents fewer privacy concerns as compared to the aggregation and use of data across sites and over time for marketing purposes.” Contextual Targeting is permitted under COPPA.
Additionally, under Colorado’s Student Data and Transparency Act and several other state student privacy laws, the following is allowed:
"Targeted advertising" does not include: (a) advertising to a student: (i) at an online location based on the student's current visit to that location or in response to the student's request for information or feedback; and (ii) without the collection and retention of a student's online activities over time; (b) adaptive learning, personalized learning, or customized education; or (c) with the consent of a student or the student's parent, using the student's personally identifiable information to identify for the student institutions of higher education or scholarship providers that are seeking students who meet specific criteria.
Cookies may be placed in your browser by third-party advertising companies when you view content off of our site (such as an embedded YouTube video) to help deliver the ads you see online. These “third-party cookies” may be used to “remember” parts of your online activities in order to deliver ads tailored to your interests. For example, if you read an article online about running, a cookie may be used to note your interest in running. As you continue to surf the web, you may see coupons to save money on running shoes. We do not allow any third parties to place Cookies on our site for advertising purposes in any areas where a Student or child under 13 is using our Service logged into his or her account.
Please see our Online Tracking Technologies Policy for more information.
Other Similar Technologies
Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable, such as the Advertising ID available on Android mobile devices and the Identifiers for Advertiser (“IDFA’) on iOS devices. Most modern mobile devices (iOS, Android, and Windows 10 and above) provide mobile advertising identifiers. These are randomly-generated numbers that are associated with your device that often come with options to reset the identifier and opt-out of advertising across apps (“Cross-App Advertising”) and in some cases (such as with the IDFA) opt-in to advertising. They are included to provide advertisers a method to identify your devices without using a permanent device identifier, like your phone’s serial number. We do not use any of these technologies where a Student or child under 13 is using our Service logged into his or her account.
De-Identified or De-Identified Data is information that has all direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify, describe, or contact an individual. This includes, but is not limited to, persistent unique identifiers, name, ID numbers, and date of birth.
For EU residents, anywhere we use the term De-Identified, we will apply the General Data Protection Regulation (GDRP) definition of "pseudonymization" which states that pseudonymization is "the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” Additionally, consistent with the GDPR, we will ensure that the “additional information” is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.
Schoolhouse commits to maintaining and using De-Identified Data only in a De-Identified form and will not attempt to re-identify the information, except that the Schoolhouse may attempt to reidentify the information solely for the purpose of determining whether or not its deidentification processes are sufficient.
A device is a computer that can be used to access our website or services. For example, a device could be a desktop, tablet or smartphone.
Consistent with the Student Privacy Pledge, ‘educational or school purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services (including new products) intended for educational/school use). Additionally, consistent with both the Colorado Student Data and Transparency Act and other state student privacy laws, and the Student Privacy Pledge, this does not preclude the use of student Personal Information for adaptive learning or customized student learning or education purposes. We also consider Educational Purposes to be services or functions that a Student, Learner, or a child’s parent or legal guardian directs Schoolhouse (such as through setting up their child’s account, or otherwise providing their consent to us) to provide to them or their child for educational or learning activities outside of school (e.g. tutoring or other learning activities at home).
Education records shall have the meaning set forth under the Family Educational Rights and Privacy Act (“FERPA”) cited as 20 U.S.C. § 1232g(a)(4); 34 CFR Part 99. Certain Student Data elements will also be considered education records.
An HTTP Referrer is information transmitted to a destination webpage by a web browser, typically when you click a link to that webpage. The HTTP Referrer contains the URL of the last webpage the browser visited.
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks and are typically controlled by your Internet Service Provider (ISP), your company, or your university. An IP Address may be used to identify the location from which a device is connecting to the Internet. IP Address can be used to combat fraud and compliance with geographical legal restrictions and can be used to target advertising. When Schoolhouse stores an IP Address, we store it in truncated or encrypted form. Additionally, we only use IP Address information collected from Students and Learners under 13 for internal business purposes.
Learners are users who use the Service not at the specific direction of a school — such as through their parents and/or themselves signing up to use the Service directly. Any data collected from Learners would not be considered Student Data.
Local storage enables websites to store and retrieve data in a browser on a device. When used in “local storage” mode, it enables data to be stored across sessions (for example, so that the data are retrievable even after the browser has been closed and reopened). One technology that facilitates web storage is HTML 5. Other technologies include local shared objects, sometimes known as “Flash Cookies”. For more information, please see our Online Tracking Technologies Policy.
A mobile application or mobile “app” is an application software designed to run on mobile devices, such as smartphones and tablet computers. Mobile apps frequently serve to provide users with similar services as those accessed on PCs. Mobile apps differ from desktop applications that run on desktop computers, and with web applications which run in web browsers in that they run directly on the mobile device.
This is information that on its own does not permit direct association with any specific individual. For example, we consider the following to be Non-Personally Identifiable Information: your zip code, approximate location (e.g. region, city, zip), your browser type, and non-unique device identifiers. We also consider aggregated, De-Identified and/or anonymized data to be Non-Personally Identifiable Information. Anything that is Personal Information is excluded from the definition of Non-Personally Identifiable Information. Not all jurisdictions have the same definition for Personal Information and Non-Personally Identifiable Information.
This is a persistent and unique identifier that can be used to recognize a user over time and across different websites or online services. For example, this can be an IP address, a unique device identifier or a device serial number.
Personal Information is data that can be used to identify or contact a particular individual, such as the individual’s name, email address or billing information, or other data which can be reasonably linked to that data or to that individual’s specific computer or device. When anonymous or Non-Personally Identifiable Information is directly or indirectly linked with Personal Information, this anonymous or Non-Personally Identifiable Information is also treated as Personal Information. We will consider persistent identifiers that are not anonymized, De-Identified or aggregated as Personal Information. Not all jurisdictions have the same definition for Personal Information and Non-Personally Identifiable Information. Additionally, please check here for the definition of personal information under the Children’s Online Privacy Protection Act (“COPPA”) which we follow for any personal information collected from children under 13. Please also see the COPPA FAQ for more information.
If you are a resident of California, we follow the definition of personal information as set forth under the California Consumer Privacy Act of 2018 as amended (“CCPA), and its implementing regulations, including amendment by the California Privacy Rights and Enforcement Act of 2020 (“CPRA”) and its implementing regulations.
A Pixel Tag is a type of technology placed on a website, or within the body of an email for the purpose of tracking activity on websites or when emails are opened or accessed, and is often used in combination with cookies. Pixel refers to the software code that is placed within a web page in order to trigger the placing of cookies and transmits information to us or our third party service providers. This enables two websites to share information. The resulting connection can include information such as a device’s IP Address, the time a person viewed the pixel, an identifier associated with the browser or device, the type of browser being used and the URL of the web page from which the pixel was viewed. A Pixel Tag is also known as a web beacon or Clear GIFs. There may or may not be a visible graphic image associated with the pixel, and often the image is designed to blend into the background of a web page or email.
Sell also does not include sharing, transferring or disclosing of Student Data or other Personal Information with a service provider that is necessary to perform a business purpose (such as detecting security incidents, debugging and repairing, analytics, storage or other processing activities) provided that the service provider does not further use or sell the Student Data or Personal Information except as necessary to perform the business purpose. Schoolhouse is also not “selling” Personal Information if (i) a user directs Schoolhouse to intentionally disclose Personal Information or uses Schoolhouse to intentionally interact with a third party; or (ii) if a user, parent or a third party authorized by the parent, lawfully acquires Student Data or Personal Information (e.g. photos) for free or for a fee.
If you are a resident of California, we follow the definition of sell or sale as set forth under the California Consumer Privacy Act of 2018 as amended (“CCPA) and its implementing regulations, including amendment by the California Privacy Rights and Enforcement Act of 2020 (“CPRA”) and its implementing regulations.
Like most websites, our servers automatically record the page requests made when you visit our websites. These “server logs” or “log data” typically include your web request, IP Address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
“Student” means a child who is using the Schoolhouse Service at the direction of a school either in school or for Educational Purposes connected to a school or classroom and whose school has a contractual relationship with Schoolhouse.
“Student Data” means any Personal Information, whether gathered by Schoolhouse or provided by a school or its users, Students, or Students’ parents/guardians for a school purpose, that is descriptive of the student including, but not limited to, information in the student’s educational record or email, first and last name, birthdate, home or physical address, telephone number, email address, or other information allowing physical or online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information text messages, documents, student identifies, search activity, photos, voice recordings, geolocation information, or any other information or identification number that would provide information about a specific student. To the extent U.S. law applies, Student Data may include Education Records. Student Data as specified in Exhibit A to our Student Data Privacy Addendum is confirmed to be collected or processed by Schoolhouse pursuant to our Services. Student Data shall not include De-Identified Data or information that has been anonymized, or anonymous usage data regarding a student’s use of our Services. For clarity, any data collected from Learners will not be considered Student Data.
We consider Third-Party Advertising on our service to mean third-parties that would directly advertise their products or services on our service (i.e., such as when an advertiser would bid to place an advertisement directly on a platform such as Facebook). We don’t allow third parties to advertise directly on our service in user logged in areas of our service. We also do not use third-party ad servers (such as Google AdWords or AdSense) in user logged in areas of our Service. However, we may serve Contextually Relevant Advertising for third-party products and services ourselves that we believe may be of interest to you (e.g., our sponsorships with Wacom).
Additionally, as a non-profit, we are sustained through philanthropy and may have paid content partnerships with universities and other third parties. We will only enter partnerships that help us support learners and tutors as part of our educational mission. Sponsored content will always be labeled (e.g., “Sponsored by _”). We will not share any of your personal information with these sponsors without your explicit consent, and these sponsors do not have the ability to track or collect data about our site visitors or users.
A unique device identifier (sometimes called a universally unique ID or UUID) is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device (for example an IMEI-number of a mobile phone). Different device identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. A given device may have several different unique device identifiers. Unique device identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant advertising.