Privacy Policy

Avosis, LLC’s mission is to revolutionize student motivation. We are constantly innovating in order to improve the lives of studets, and we recognize our moral and legal responsibility to protect student privacy and ensure data security.

This policy outlines Avosis, LLC compliance with federal privacy laws and details our data stewardship and security practices.

COPPA compliance

A portion of users of StudyCard may be young children. The Children’s Online Privacy Protection Act (COPPA) protects children under the age of 13. School officials and teachers are authorized under COPPA to provide consent on behalf of parents; therefore, Avosis, LLC does not obtain parental consent directly. A teacher or school district official provides consent for a child under the age of 13 to use Avosis, LLC when they create an Avosis, LLC account for that child.

For more information about COPPA, you may visit OnGuard Online.

FERPA compliance

The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. Avosis, LLC is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; apart from enabling the creation of accounts with which students access the Avosis, LLC individualized learning path, the data allows teachers to track student growth and identify students who need intervention. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. See Data Stewardship for more information about how we use and protect data we collect.

Data Stewardship

This section provides information about Avosis, LLC data stewardship practices and explains how we collect, use, and maintain student personal information.

Data collection

When a school or district creates a student account, Avosis, LLC begins to collect information about students. Some of the data stored is personally identifiable information (PII).

The following is a list of data fields that are populated to create a student account.

• First name

• Last name

• Grade level

• Language

• Student number

• Student username

• Student class and rostering data

• Organization number

• SSO ID (Classlink)

As students use Avosis, LLC, additional data is collected, including points and notes regarding student progress or achievements.

Usage data of discounts, perks, and rewards are also collected. This is only for the use of ensuring the student is able to access and redeem discounts that have been properly earned or made available to them. This also ensures a student doesn’t abuse the rewards or redeem more than they are given. PII of a student’s discount use is never shared with merchant partners or anyone outside of StudyCard. As we always make clear to our Merchant Partners, the discounts/rewards they provide will be like putting a coupon in the newspaper, no tracking or linking data to a user is possible or will shared with them.

Avosis, LLC also collects some personal information about teachers and administrators when a school or district creates accounts. This data potentially includes first and last name, and school or district name.

Data use

Data we collect is used to provide educational services. Avosis, LLC tracks and assesses a student’s development as they progress through the curriculum. This data is used to generate reports that allow teachers to evaluate student progress and identify students who need intervention. Avosis, LLC does not sell student personal information, nor do we use or disclose the student information we collect for behavioral targeting of advertisements to students.

We retain some de-identified data (data we have made anonymous by removing all personally identifiable information) to conduct statistical research. This research helps us evaluate the effectiveness of Avosis, LLC and improve our product.

Data disclosure and access

Avosis, LLC acknowledges the right parents and legal guardians have under FERPA to review any educational data we collect pertaining to their children. Upon request, and after verifying identity, we will provide parents and legal guardians access to this data within 45 days. However, we recommend that parents first contact their child’s school.

PII data collected by Avosis, LLC is accessible only to a limited number of Avosis, LLC employees who need the data to perform their job.

Data retention and management

Data maintained by Avosis, LLC is protected in a secure environment. See Security Overview for more information about Avosis, LLC security practices.

All PII provided to Avosis, LLC will be destroyed upon termination of our relationship with the school or district, or when it is no longer needed for the purpose for which it was provided.

Data destruction

Avosis, LLC employs United States Office of Education best practice recommendations for data destruction.

Avosis, LLC uses these processes for data destruction:

• Data is destroyed within 90 days of termination of a relationship with a school or district.

• Data is destroyed using National Institute of Standards and Technology (NIST) clear method sanitization that protects against non-invasive data recovery techniques.

• Sensitive data is completely removed using Eraser rather than methods such as file deletion, disk formatting, and one-way encryption that leave the majority of data intact and vulnerable to being retrieved.

• Occasionally, non-electronic media used within Avosis, LLC may contain PII. When these documents are no longer required, the non-electronic media is destroyed in a secure manner (most typically using a shredder) that renders it safe for disposal or recycling.

Security overview

At Avosis, LLC, we are serious about our data stewardship responsibilities. We have implemented several security measures to protect PII from unauthorized disclosure.

Software security

Avosis, LLC has implemented privacy and security practices which are compliant with FERPA and COPPA; however, to achieve comprehensive protection of student PII, it is necessary for each school or district to use secure practices as well.

Data encryption Data is encrypted when in transit.

File Transfer Protocol Data is securely transferred to Avosis, LLC using File Transfer Protocol (FTP) over secure (SSL/TLS) cryptographic protocol.

Firewalls Anti-virus software and firewalls are installed and configured to scan our system. The firewall is periodically updated and configured so users cannot disable the scans.

Security audits Avosis, LLC conducts security audits and code reviews.

Secure programming practices Avosis, LLC software developers are aware of secure programming practices and strive to avoid introducing errors in our application (like those identified by OWASP and SANS) that could lead to security breaches.

Account protection Each user of Avosis, LLC is required to create an account with a unique account name and password. Single Sign-On (SSO) users are authenticated with secure tokens.

Facility security

Avosis, LLC is located inside the continental United States. Physical access is protected by physical locks and fire/smoke alarm systems.

Changes to our privacy policies

Avosis, LLC periodically reviews the processes and procedures described in this document to verify that we act in compliance with this policy. If we determine that a change is necessary to improve our privacy practices, we may amend this policy. Changes will be posted 30 days prior to their implementation.

We Commit To The Student Privacy Pledge:

✘We will not collect, maintain, use or share Student PII beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.

✘We will not sell student PII.

✘We will not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.

✘We will not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.

✘We will not make material changes to School Service Provider education privacy policies without first providing prominent notice to the users and/or account holder(s) (i.e., the institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of Student PII that are inconsistent with contractual requirements.

✘We will not knowingly retain Student PII beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

✔We will collect, use, share, and retain Student PII only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.

✔We will disclose clearly in contracts or privacy policies, including in a manner easy for institutions and parents to find and understand, what types of Student PII we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.

✔We will support access to and correction of Student PII by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.

✔We will maintain a comprehensive security program that is reasonably designed to protect the security, confidentiality, and integrity of Student PII against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

✔We will provide resources to support educational institutions/agencies, teachers, or parents/students to protect the security and privacy of Student PII while using the educational service.

✔We will require that our vendors with whom Student PII is shared in order to deliver the educational service, if any, are obligated to follow these same commitments for the given Student PII.

✔We will allow a successor entity to maintain the Student PII, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected Student PII.