Privacy

resources-header

Privacy

FERPA and COPPA compliant

We take very seriously our responsibility to protect student, family, and teacher privacy in our training software, data storage and management systems, web-based services, and internal policies to regulate access. We are fully compliant with the Family Education Rights and Policy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA). At the simplest level, it means we will NEVER sell our program usage data or disclose student personal information to any unauthorized parties.

Get Ripple Effects’ Privacy Policy v3.0 here:

graphic representing the policy document
Select to view or download

 

In addition to the terms of Ripple Effects’ Privacy Policy, the collection, use, and disposition of user data is governed by the terms of any signed data agreement between a district or organization and Ripple Effects.

 

Because the protection of students’ and other user’s data is so important to us, we have added extra levels of confidentiality protection that are not used by other social-emotional learning or discipline programs. These include:

Protections within the software

  • Limiting the student data required to create an account to first and last name, grade, district or school provided ID, and school or program affiliation
  • Providing users password protection
  • By default, limiting educator content monitoring to strengths-based topics (asset
    building)
  • Requiring additional level of security to track compliance with
    individualized or discipline assignments
  • Shielding the content of private exploration, keeping only the
    category “personal exploration” on student records and “Scorecards”
  • Heavily encrypting all writing entries
  • Providing an instant privacy screen, to shield the program from prying
    eyes

Privacy protections with our cloud-based server systems

The Ripple Effects platform and programs are hosted on AWS servers restricted to the United States. We make full use of the security protection and monitoring systems offered by AWS. Our audited data policies require these things:

  • Transport Encryption: Data is always encrypted as it is transmitted over the Internet
  • Backup: Data is backed up and can be recovered
  • Authorization: Data is only accessible by authorized personnel using unique, audited access controls
  • Integrity: Data cannot be tampered with or altered
  • Storage Encryption: Data is encrypted when it is being stored or archived
  • Disposal: Data can be permanently disposed of when no longer needed

Internal policies limit unauthorized access to student data

Any requests by school district personnel to access student, educator, or program usage data on our servers, that is not available from our platform provided dashboard and tools, must be made in writing, stating the reason access is needed. The request must be signed by at least one other qualified administrator, then approved (or not) by Ripple Effects Security Officer. Instances where limited authorization may be granted are:

  • For research projects where proxies for student identity are in place, and IRB approval has previously been granted
  • To export data to correlate with district administrative data, if authorized by District administrators
  • If required by law enforcement, judicial, or legislative bodies