get demo

Privacy

We take very seriously our responsibility to protect student, family, and teacher privacy in our training software, data storage and management systems, web-based services, and internal policies to regulate access. We are fully compliant with the Family Education Rights and Policy Act (FERPA), the more stringent, Health Information Privacy and Protection Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA). At the simplest level, it means we will NEVER disclose student personal information to any unauthorized parties.

Technically, the student records in our program are not health records, but because sometimes older students use the program to look up private concerns, including family problems that might reasonably be expected to be shared only with a counselor, we have added extra levels of confidentiality protection that are not used by other social-emotional learning or discipline programs. These include:

Protections within the software

  • Providing users password protection
  • Limiting teacher content monitoring to strengths-based topics (asset
    building)
  • Requiring additional level of security to track compliance with
    discipline assignments
  • Shielding the content of private exploration, keeping only the
    category “personal exploration” on student records and score cards
  • Heavily encrypting all journal entries
  • Providing an instant privacy screen, to shield the program from prying
    eyes

Where is the data stored?

The storage of student data (i.e., first name last name, grade level, school/district ID, password, date of use and time spent on the program, information on completed and partially completed topics within the program) is on a HIPAA compliant, dedicated set of web and database servers hosted by a third party under contract with Ripple Effects.

Privacy protections with our cloud-based server systems

Ripple Effects has a HIPAA Business Associate Agreement with the 3rd party provider that hosts Ripple Effects products on their HIPAA compliant web and database server systems. Our provider offers these things:

  • Transport Encryption: Data is always encrypted as it is transmitted over the Internet
  • Backup: Data is backed up and can be recovered
  • Authorization: Data is only accessible by authorized personnel using unique, audited access controls
  • Integrity: Data cannot be tampered with or altered
  • Storage Encryption: Data is encrypted when it is being stored or archived
  • Disposal: Data can be permanently disposed of when no longer needed

Internal policies limit unauthorized access to student data

Any requests by school district personnel to directly access student data on the server, must be made in writing, stating the reason access is needed. The request must be signed by at least one other qualified administrator, then approved (or not) by Ripple Effects Security Officer. Instances, where limited authorization may be granted are:

  • For research projects where proxies for student identity are in place, and IRB approval has previously been granted
  • To export data to correlate with district administrative data, if authorized by District administrators

Even when data is exported for these limited uses, under no circumstances will the content, (topic names) of an individual student’s personal exploration ever be revealed. Authorization to access student data will never be granted for commercial use of any kind.