RoboKind Data, Privacy and Compliance Statements and Policies

RoboKind's Data handling and retention policies, HIPAA, FERPA, COPPA, CIPPA, General Privacy Policies and, State Specific Compliance Statements

RoboKind Data and Privacy Policy

Effective Date: August 30th, 2023

Purpose and Scope

This privacy policy outlines RoboKind LLC's commitment to protecting the privacy of our users across all our products, including websites, web applications, mobile and tablet apps, and robots. This policy is compliant with the General Data Protection Regulation (GDPR) for the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canada, and relevant U.S. federal laws like the Children's Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act (CCPA).

For State Specific Addendum Click the state specific links below:
California
Colorado
Connecticut
Massachusetts 
New York 2-D
Texas

Information We Collect

Personally Identifiable Information (PII)

We collect PII such as your name, company, email address, phone number, billing address, and shipping address. Providing PII is voluntary, but refusal may result in the inability to provide you with certain services.

Non-PII

We collect non-PII like your computer's domain name and IP address for technical administration and research and development purposes.

Cookies

RoboKind uses cookies to store personal data on your computer. These cookies help us focus our marketing efforts more precisely.

Analytics

We use Google Analytics, HubSpot Analytics, and Meta Analytics on our website for data analysis purposes. These services do not have access to PII.

How We Use Your Information

Data Handling

We take commercially reasonable precautions to protect your information from loss, misuse, and unauthorized access. Your data may be stored on servers provided by third-party hosting vendors with whom we have contracted.

Data Sharing

We do not sell or rent your PII to third parties without your permission. We may share aggregated, anonymized data with external services to improve our services.

Data Retention

We retain user-provided data for as long as you use our services and for a reasonable time thereafter. You may request data deletion via email at privacy@robokind.com, and these requests will be handled no later than 90 days from the date of the request.

Information Collected for Educational Purposes

RoboKind LLC takes very seriously its responsibility to protect student, family, and teacher privacy in our training software, data storage, and management systems. We are fully compliant with the Family Education Rights and Policy Act (FERPA), the Health Information Privacy and Protection Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA).

Compliance Measures

  • FERPA: We adhere to the Family Education Rights and Policy Act, ensuring the privacy of education records.
  • HIPAA: Although the student records in our program are not health records when administered by an Education Agency (EA), we have added extra levels of confidentiality protection.
  • COPPA: We comply with the Children’s Online Privacy Protection Act, ensuring the online privacy of children under the age of 13.

Data Handling for Educational Purposes

  • Data is stored on a HIPAA and FERPA compliant cloud server hosted by a third party under contract with RoboKind.
  • We provide users with password protection and require individual logins, passwords, and/or pin codes on shared devices used to access our programs.
  • All data is heavily encrypted when stored and during transport.

Special Authorization for Additional Data Access

School district personnel granted appropriate levels of reporting access by their school or district can run specific reports directly within our systems. However, this access is limited to the data available via our existing reporting tools.

For access to additional data not available through these tools, requests must be made in writing, stating the reason access is needed. The request must be signed by at least one other qualified administrator, then approved (or not) by RoboKind's Security Officer.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems. Once the data has been exported, the customer assumes all responsibility for the security and proper use of that data in accordance with applicable laws and regulations.

Third-Party Links

Our website and applications may contain links to third-party websites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

User Rights

In accordance with the General Data Protection Regulation (GDPR), users have the right to access their personal data, as well as to seek to update, delete, or correct this information. To initiate this process, please contact us at privacy@robokind.com.

Jurisdiction

This Privacy Policy is governed by the laws of the State of Texas, where RoboKind LLC is headquartered and registered in Dallas County.

Your Privacy Responsibilities

To help protect your privacy, do not share your user ID or password with anyone else and log off the RoboKind website when you are finished.

Notice to European Union Users

Your information will be transferred out of the EU to the United States. By providing personal information to us, you consent to its storage and use as described herein.

Changes to This Privacy Policy

We reserve the right to change this privacy policy as we deem necessary. The date of the last update will be listed on this page. If you have opted into our mailing list or are an active partner, you will be notified of changes via email.

Contact Information

For queries related to data privacy and security, please contact privacy@robokind.com.

 


HIPAA, COPPA and FERPA Compliance Statement

We take very seriously our responsibility to protect student, family, and teacher privacy in our training, software, data storage and management systems, web-based services, and internal policies to regulate access. We are fully compliant with the Family Education Rights and Policy Act  (FERPA), the more stringent, Health Information Privacy and Protection Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA).  At the simplest level, it means we will NEVER disclose student personal information to any unauthorized parties.
Technically, the student records in our program are not health records when the program is administered by An Education Agency (EA), but because clinicians also use some of our programs, we have added extra levels of confidentiality protection that are not used by other social-emotional learning programs.  These include:

Protections within the software

  • Providing users password protection
  • Requiring individual logins, passwords and/or pin codes on shared devices used to access our programs
  • Limiting teacher access to only their assigned classrooms and students
  • Heavily encrypting all data when stored and during transport 

Where is the data stored?

A HIPAA and FERPA compliant cloud server hosted by a third party under contract with RoboKind

Privacy protections with our cloud-based server

We have a HIPAA Business Associate Agreement with a 3rd party, for use of a secure, HIPAA compliant server. Under this agreement, RoboKind utilizes:
  • Transport Encryption: Data is always encrypted as it is transmitted over the Internet
  • Backup: Data is backed up and can be recovered
  • Authorization: Data is only accessible by authorized personnel using unique, audited access controls
  • Integrity: Data cannot be tampered with or altered
  • Storage Encryption: Data is encrypted when it is being stored or archived
  • Disposal: Data can be permanently disposed of when no longer needed

Internal policies limit unauthorized access to student data

Any requests by school district personnel to directly access student data on the server, must be made in writing, stating the reason access is needed. The request must be signed by at least one other qualified administrator, then approved (or not) by RoboKind's Security Officer.  Instances, where limited authorization may be granted are:
  • For research projects where proxies for student identity are in place, and IRB approval has previously been granted
  • To export data to correlate with district administrative data, if authorized by District administrators

Authorization to access student data will never be granted for commercial use of any kind.

 

HIPAA Compliance

Student records that are disclosed to RoboKind by EAs and maintained within RoboKind's products are by definition “education records” under FERPA and not “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage. See the exception at paragraph (2)(i) to the definition of “protected health information” in the HIPAA Privacy Rule at 45 CFR § 160.103. See, also, Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to Student Health Records, USED and U.S. Department of Health and Human Services (November 2008).

 

For more information please contact:
RoboKind ATTN: HIPAA Officer
PO Box 130299
Dallas, Texas 75313
Phone: 972-331-7050
E-mail: privacy@robokind.com

 


RoboKind LLC Compliance Document for New York State Education Law Section 2-D

Purpose and Scope

This document outlines RoboKind LLC's compliance with New York State Education Law Section 2-D, focusing on the protection of Personally Identifiable Information (PII) of students and educators. This document aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this document supersedes the general policies for Partners located in the State of New York.

Services Provided

RoboKind LLC offers digital curriculum and instruction for general education and special education students. Additional services include Professional Development, Data Reporting for usage and student progress, and software in the form of Web and iOS apps.

Subcontractors

RoboKind LLC uses subcontractors for Professional Development Services. All subcontractors are required to comply with this data privacy and security policy.


Data Privacy and Security Plan

Data Encryption

All data is encrypted end-to-end during storage and transmission using best practices for data encryption and access controls for storage, access, and transmission.

Access Control

  • Internal System Administrators: Full access to manage databases and provide limited endpoints to developers.
  • Account Managers: Limited access to data needed to provide support to partners.

Data Retention

Data is retained for the lifetime a partner remains active and is deleted two years after a partner is no longer active. Data deletion is carried out in accordance with ISO 27001:2022 best practices. Partners may request data deletion before the end of the two-year retention period.


Contractual Obligations

Data Sharing

Data will only be shared with authorized entities and for the purposes outlined in the contract.

Data Retention and Deletion

Data retention and deletion policies are as described in the "Data Privacy and Security Plan" section.


Notification and Consent

Unauthorized Disclosure

In the event of unauthorized disclosure of PII, RoboKind LLC will notify all affected current and former partners via email and will provide updates throughout its investigation and solutions process.

Parental Consent

RoboKind LLC relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. This is in accordance with federal laws governing the collection and use of student data.


Marketing Restrictions

RoboKind LLC will not sell or use PII for marketing purposes.


Compliance and Penalties

RoboKind LLC affirms compliance with New York State Education Law Section 2-D and acknowledges that non-compliance may result in civil penalties.


Policy Review

This policy will be reviewed periodically and updated as necessary.


Contact Information

For queries related to data privacy and security, please contact privacy@robokind.com.

 


RoboKind Texas Student Data Privacy Compliance Statement

Purpose and Scope

This document outlines RoboKind LLC's compliance with Subchapter D of the Texas Education Code concerning the protection of student data. This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This document aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this document supersedes the general policies for Partners located in the State of Texas.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with Texas Education Code Subchapter D

Unauthorized Sale or Disclosure

In compliance with Texas Education Code § 32.151, RoboKind LLC does not sell student data. Furthermore, we do not disclose any information that could be used to identify a student for targeted advertising or create a personal profile of a student other than for educational purposes.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction, as required by Texas Education Code § 32.152.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Contact Information

For queries related to data privacy and security in the State of Texas, please contact privacy@robokind.com.

 


RoboKind Connecticut Student Data Privacy Compliance Statement

Purpose and Scope

This document outlines RoboKind LLC's compliance with Connecticut's Act Concerning Student Data Privacy. This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This document aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this document supersedes the general policies for Partners located in the State of Connecticut.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with Connecticut's Act Concerning Student Data Privacy

Unauthorized Use for Advertising

In compliance with Connecticut's Act Concerning Student Data Privacy, RoboKind LLC does not use student data for targeted advertising or any other non-educational purposes.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems.

Contact Information

For queries related to data privacy and security in the State of Connecticut, please contact privacy@robokind.com.


RoboKind Illinois Student Data Privacy Compliance Statement

 

Purpose and Scope

This statement outlines RoboKind LLC's compliance with the Illinois Student Online Personal Protection Act (SOPPA). This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This statement aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this statement supersedes the general policies for Partners located in the State of Illinois.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with Illinois SOPPA

Parental Control

In compliance with SOPPA, RoboKind LLC provides parents with the right to control their child's personal information. Parents may request access to or deletion of their child's data by contacting privacy@robokind.com.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems.

Contact Information

For queries related to data privacy and security in the State of Illinois, please contact privacy@robokind.com.


RoboKind Massachusetts Student Data Privacy Compliance Statement

Purpose and Scope

This statement outlines RoboKind LLC's compliance with the Massachusetts Student Digital Privacy Act. This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This statement aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this statement supersedes the general policies for Partners located in the State of Massachusetts.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with Massachusetts Student Digital Privacy Act

Restricted Use of Student Data

In compliance with the Massachusetts Student Digital Privacy Act, RoboKind LLC does not use student data for targeted advertising or any other non-educational purposes.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems.

Contact Information

For queries related to data privacy and security in the State of Massachusetts, please contact privacy@robokind.com.


 

RoboKind Colorado Student Data Privacy Compliance Statement

Purpose and Scope

This statement outlines RoboKind LLC's compliance with the Colorado Student Data Transparency and Security Act. This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This statement aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this statement supersedes the general policies for Partners located in the State of Colorado.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with Colorado Student Data Transparency and Security Act

Data Transparency

In compliance with the Colorado Student Data Transparency and Security Act, RoboKind LLC is transparent about the data we collect and how it is used for educational purposes.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems.

Contact Information

For queries related to data privacy and security in the State of Colorado, please contact privacy@robokind.com.


 

RoboKind California Student Data Privacy Compliance Statement

Purpose and Scope

This statement outlines RoboKind LLC's compliance with the California Consumer Privacy Act (CCPA) and the Student Online Personal Information Protection Act (SOPIPA). This policy applies to all RoboKind products, including websites, web applications, mobile and tablet apps, and robots.

Note: This statement aligns with RoboKind's overarching data and privacy policies and procedures. Where there are any differences, this statement supersedes the general policies for Partners located in the State of California.

Information We Collect and Use

Personally Identifiable Information (PII)

We collect the following PII for students: First and Last Name, Date of Birth, Nickname, Gender, Ethnicity, Diagnosis or Identifications for Special Needs students, IEP goals, and Classroom associations.

Data Handling

All data is encrypted using best practices for data encryption and access controls for storage, access, and transmission. Data is retained for the lifetime a partner remains active and is deleted using industry best practices two years after a partner is no longer active. Data deletion can be requested by the partner before the 2-year retention period.

Compliance with California CCPA and SOPIPA

Consumer and Student Rights

In compliance with CCPA and SOPIPA, RoboKind LLC provides consumers and students with the right to request access to or deletion of their personal information. Consumers and students may also opt out of the sale of their personal information.

Security Measures

RoboKind LLC implements reasonable security procedures, including encryption and access controls, to protect student data from unauthorized access, disclosure, alteration, and destruction.

Notification and Consent

RoboKind relies on Local Education Agencies (LEAs) to obtain consent for the use of its programs, which are used exclusively in classrooms. In the event of unauthorized disclosure of PII, RoboKind will notify all affected current and former partners via Email and will provide updates throughout its investigation and solutions process.

Limitation of Liability for Data Export by Customers

RoboKind LLC takes extensive measures to secure the data within our systems. However, we cannot be held liable for the mishandling, unauthorized disclosure, or any other actions concerning data that a customer with appropriate system access rights has exported from our systems.

Contact Information

For queries related to data privacy and security in the State of California, please contact privacy@robokind.com.