Privacy, Data, & Cookies
This policy is our Privacy Notice. It is meant to help you understand how we collect and use the personal information you provide on any of our digital properties. We will explain:
- What information we collect and why we collect it.
- How we use and share that information.
- The choices we offer you to protect your privacy and the rights you have, including how you can access and update your information.
- How to contact us if you have questions or concerns.
Sidekick Education Inc abides by a few fundamental principles regarding your privacy and data:
- We only collect your personal information when we need it, and only what we need to provide you with our services.
- We don't share your personal information with anyone except to provide and develop our services, comply with the law, or protect the rights, property or safety of Sidekick, our users or the public.
- We don't store your personal information unless it’s required for the ongoing operation of our services.
- We give you control over how your personal information is used, including what's made visible to the public, seen by search engines, kept private, and deleted.
Throughout this policy we will refer to the Service. We define the Service in the Master Terms of Service as the Sidekick website and all products and services. We serve several kinds of people, including students, teachers, parents, school leaders, employers, and volunteers. This means our Service represents a variety of data requirements based on the user we are serving.
This policy represents the maximum extents to which we will collect, use, and store your data. Many of the underlying products and services do not approach these extents. Access to and usage of student data are also further restricted in the Student Privacy and Data section.
We need to collect certain information about you to provide you with the Service or the support you request. The type of information we collect can vary depending on how you access and use our Service. Additionally, you can choose to voluntarily provide information to us.
We collect the information you provide when you contract with Sidekick, communicate with us, answer our surveys, upload content, or otherwise use our Services.
We request an email address and date of birth when you sign up for the Service so we can provide the Services to you and allow us to comply with applicable regulations. Without this information, we are not be able to provide you with the Service.
Users who engage in financial transactions with Sidekick are asked to provide additional information in order to complete the transaction, such as a credit card number, billing address and full name.
We may request your location information to provide you a better experience when you use location-aware features of the Service.
You can always refrain from supplying certain information, but it may prevent them from engaging in certain Sidekick services that require such information.
You can choose to provide us with additional information in order to obtain a better user experience when using the Service. This additional information will be processed with your consent and/or to provide you with services you request. This information includes your survey responses, participation in contests, promotions or other marketing efforts, suggestions for improvements, referrals, or any other actions on the Service.
We automatically collect information about you and how you use the Service, like when you visit our website or search for projects. This information we collect includes:
Like most website operators, Sidekick collects information about how users visit our site and the devices they use. We collect device-specific information (such as your hardware model, operating system version, device identifiers like IDFA and UDID, and mobile network information). Sidekick may associate your device identifiers or other device information with you to help us provide consistent services across your devices.
We may use your IP address to generate a general approximation of where you are located in order to provide you with an improved experience. We will not automatically use any location sensor information.
When you use Sidekick, we automatically collect and store certain information about some activity. This data includes details of how you used our service, like your search queries, clicks and site navigation information, or study activity. It also may include data such as:
- Browser type
- Language preference and time zone
- Referring site, and the date and time of each visitor request
- Connection information like ISP or mobile operator
- Log-in and Log-out times
We collect information about you when you use the Service for a variety of reasons in order to support Sidekick and to enable our team to continue to create engaging experiences for our users.
We process the data we collect about you to operate, improve and develop the Sidekick Service, including providing, maintaining, securing and improving our services, developing new ones, and protecting Sidekick and our users. We are able to deliver our services, personalize content, and make suggestions for you by using this information to understand how you use and interact with our services. We conduct surveys and research, test features in development, and analyze the information we have to evaluate and improve products and services, develop new products or features, and conduct audits and troubleshooting activities.
Here are some examples of how we use this information:
- Providing and maintaining the Sidekick Service. The information we collect from you allows us to help you host your content, and use the various study tools we have.
- Improving the Sidekick Service. The information we collect and content you host also allows us learn from how you and others use Sidekick to help create new activities and services.
- Measuring, tracking and analyzing trends and usage in connection with your use or the performance of the Service. In order to develop and enhance our products and deliver an experience that is fast and reliable, we need gather certain information to analyze usage and performance of the Service.
- Improving your experience using the Service. When you sign up with Sidekick and use our service, we may associate certain information with your new account, such as your prior usage of the Service. We do this in order to ensure that content from the Service is presented in the most effective manner for you.
We also process the data we collect about you to provide you with relevant information about the Service and to assist you in using the Service if required.
These communications may include:
- Sending you information we think you may find useful or which you have requested from us regarding your activity in the Service. We may send you information about the parts of Sidekick you use, such as confirmation or other notifications.
- Conducting surveys and collecting feedback about the Service. We do this to evaluate the effectiveness of any updates we provide.
- Delivering assistance to support requests. We send you the information and support you request, including technical notices, security alerts, and other administrative messages to provide assistance for problems you may encounter with the Service.
You may receive promotional messages from Sidekick when you first interact with the Service or by making a request to us. You can opt out of receiving promotional messages from Sidekick at the time we collect your information by following the instructions on screen or in those messages. If you decide to opt out, we can still send you non-promotional communications, such as receipts from digital transactions and messages about your account.
We use the data we collect to maintain Sidekick as a safe and secure platform for all our users, including appropriate enforcement of Sidekick policies, as well as compliance with the law and applicable regulations.
These efforts include:
- Preventing fraud, crime and abuse and the security and integrity of the Service. This includes investigating, detecting and preventing or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited or illegal activities or to otherwise help protect your account.
- Protecting our and third parties’ rights and property and enforcing our agreements or policies, including our Acceptable Conduct policy.
- Verifying your identity. In some cases, we may need to verify your identity in order to protect the security and integrity of the Service and your account.
- Complying with any applicable laws or regulations. This includes appropriately responding to lawful requests for information from the government or third parties through legal process.
- Contacting you to resolve disputes.
We can use third-party service providers to provide site metrics and other analytics services. These third parties can use technologies discussed below, such as cookies, web beacons, and other technologies, to collect information, such as your IP address, identifiers associated with your device, other applications on your device, the browsers you use to access the Service, the pages viewed, how much time you spend on a page or Sidekick overall, links you clicked, and activity information. This information can be used by Sidekick and third-party service providers on behalf of Sidekick to analyse and track usage of the Service, determine the popularity of certain content, and better understand how you use the Service. The third-party service providers that we engage are bound by confidentiality obligations and other restrictions with respect to their collection, use and disclosure of your information.
We may process data for any other purpose disclosed to you in connection with the Service from time to time. If we intend to process your personal data for a purpose other than that set out above and which is not compatible with the original processing purpose, we will provide you with relevant information prior to such processing and will obtain your consent where necessary.
You remain in control of the information you provide to Sidekick. You may also opt to have your information deleted (for example, when you end your relationship with Sidekick). If you choose to have your information deleted, all your information will also be deleted in accordance with our data retention practices.
For information on children under 13, guardians also control of the information the child provides to Sidekick and opt to have this information deleted. If the parent chooses to have the child’s information deleted, all the child’s information will be deleted in accordance with our data retention practices.
You may choose to display publicly certain information about you or activities you perform on Sidekick. Whenever possible, we provide you with choices about the privacy of your information on Sidekick. For example, Online Exhibitions featuring student work can be private (only viewable by teachers, students, and specific adults) or public (viewable by the general public).
Comments you post on our blog or in testimonials may be viewable by other users of Sidekick and the general public and you should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from these areas, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
We will share personal information with companies, organizations or individuals outside of Sidekick when we have your instruction and consent to do so.
Sidekick provides personal and non-personal information to our partners, trusted organizations, vendors and other affiliated organizations to process it on our behalf. Some of these contractors and affiliated organizations may be located outside of your home country. Our providers process data in accordance with our instructions, this policy and any other appropriate confidentiality, security or other requirements we deem necessary in order to comply with Sidekick’s obligations. By using Sidekick, you agree to allow these companies to process your data on our behalf, regardless of where they are located.
We regularly update a list of our partners, service providers and subprocessors, which you can view in the Third-party providers section.
Sidekick will share personal information with companies, organizations or individuals outside of Sidekick if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Respond to or meet any applicable law, regulation, legal process or other enforceable governmental request.
- Investigate potential violations of our agreement with you.
- Detect, prevent, or otherwise address fraud, security, or technical issues.
- Protect against and prevent harm to the rights, property, or safety of Sidekick, our customers, or the public as required or permitted by law.
If Sidekick is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
From time to time, Sidekick may release non-personal information in the aggregate or as part of anonymized datasets, for example, by publishing a report on trends in the usage of its Service.
Sidekick retains your personal information for as long as your account is active, to fulfill our legitimate business purposes, or to comply with our legal obligations. When these conditions no longer exist, Sidekick removes that information in accordance with our standard deletion processes. Sidekick may retain and use non-personal information, including information which has been de-identified, aggregated, or anonymized, indefinitely.
When you delete or update your account or information, we first aim to immediately remove that data from view. We then begin the process of securely and safely deleting your personal information from our systems. We design our systems to protect information from accidental or malicious destruction, so to ensure a safe and thorough removal process, we may not immediately delete residual copies from our active servers and may not remove some information from our backup systems. In addition, events like routine maintenance, unexpected outages, bugs, or failures in our protocols may cause delays in our standard processes and timeframes, however we maintain systems designed to detect and remediate such issues.
We retain records of support tickets and other communications between Sidekick and our users, for example support emails, survey responses, feedback submissions, or comments on our blogs or other posts, indefinitely in order to better manage our support processes, maintaining accurate business records, and identifying other trends. We reserve the right to publish these communications in order to help us clarify or respond to your request or to help us support other users.
We take all measures necessary to protect against the unauthorized access, use, alteration or destruction of personal information.
We build apps to take advantage of decentralized storage systems, such as blockchain technologies and personal data stores. For example, the Sidekick Storyboard application relies on integrations with your data systems to store and use data all within your private network, similar to how an on-premises software solution would store and use data on your servers. This means you fully control the data. We never even see this data.
In situations where we must store data, we encrypt all databases containing service data. This means that even if a malicious actor were able to breach our security and access our data, they would not be able to interpret it without first decrypting the data.
We follow industry standards to protect the personal information submitted to us, both during transmission and once we receive it. For example, our website and apps are protected by HTTPS encryption and when you enter credit card information on our order forms, that information is encrypted and protected by our third-party payment providers. If you have any questions about security of our Service, you can contact us at [email protected].
If we know or have reason to know of a systems security breach by an unauthorized party of your user data where that data is being or is likely to be used for an unauthorized purpose, we will promptly notify you so that you can take appropriate steps.
We comply with relevant laws regarding data breaches. If we know or have reason to know of a systems security breach by an unauthorized party of your user data where that data is being or is likely to be used for an unauthorized purpose, we will promptly notify you and, where necessary, the relevant governmental authorities, so that you can take appropriate steps.
This policy extends the General Privacy and Data Policy and supercedes all other policies regarding data privacy, use, and security for data collected from activities of students or other minors, from the activities of others conducted on the behalf of students or other minors, or data clearly tied to personal or confidential information regarding students or other minors.
This policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and Family Educational Rights and Privacy Act (FERPA), and outlines our practices world-wide regarding the personal information of all students under 13. For more information about COPPA and general tips about protecting children’s online privacy, please review the Federal Trade Commission's Consumer guide.
If you are using Sidekick with students as part of an educational institution in an educational context, the following provisions also apply:
- You represent and warrant that you are solely responsible for complying with the Child Online Privacy Protection Act (COPPA) requirement to secure parental consent for accessing applications which require personal information from children under 13.
- You may need to obtain verifiable parental consent (“Consent”) from all parents whose children will be using Sidekick and provide a copy to us upon our request. For more information on your obligations under COPPA, please see www.ftc.gov/privacy.
Sidekick only collects limited personal information from students with consent of a parent or a member of an educational institution acting on behalf of a parent. We use the collected information solely for the benefit of the educational context.
Under FERPA regulations, parents have the right to refuse the further contact with their child and to have access to their child’s school record information and to have it deleted by contacting the school administrator.
If you are a parent and would like more information on parental rights with respect to a child’s educational record under the U.S. Family Educational Rights and Privacy Act (FERPA), please visit the FERPA site. If you believe that a student’s school, district, or teacher has not required parental consent prior to our collection of any personal information, contact us at [email protected].
Providers of consent, both parents and education institutions providing consent on behalf of students, may make the following requests with respect to student data:
- Review your or your student’s personally identifiable information
- If your or your student’s personally identifiable information changes you may correct or update your student's information
- Cancel your or your student's account or delete all personal information and school record information related to the account
We retain information only for as long as an account is active or as needed to provide services to active students or comply with our legal requirements.
If you are a parent or guardian of a student, contact the member of the educational institution providing consent on your behalf (typically an administrator at your student's school), or you may contact us directly if you're providing direct consent.
You may contact us in multiple ways:
- Text the chatbot at the number you or your student is already using
- Update the data directly using our web application
For any data request, please include the student's username, the school or organization, and the teacher or parent’s email address and telephone number. To protect children’s privacy and security, we will take reasonable steps to help verify a teacher or parent’s identity before granting access to any personal information. We intend to resolve data requests fully within 30 days.
Instead, we use a meaningless unique identifiers and relevant security keys to integrate with your productivity suites, student information systems, or learning management systems. During real-time student experiences, we use these integrations to call up the data we need to the user's browser. Depending on how that data is used by your other vendors, it is possible student data never even leaves your network.
Some of our features, however, require us to send and store some student data on our servers.
Sidekick collects the minimum data required to provide and improve our Services. Sidekick does not accumulate personal information about any minor for distribution, sharing, or selling. Teachers working with parents of students using Sidekick services administer a Parent Information and Consent form to guardians of participating students. For students 13 or older, guardians may object to their students' participation in Sidekick Services. We do not require a minor to provide any personally-identifying information or any more information than is necessary to use any Sidekick service.
Sidekick must retain a limited subset of personal information of students. We use this information to operate as a school official to communicate with students and comply with applicable laws. We require:
- The student's first name
- The student's school email address
- The student's date of birth
Many districts and school corporations already consider this information directory information and have issued a notice defining it as such. If you haven't, however you will need to designate this information accordingly and release a public notice of doing so. The U.S. Department of Education even has a model notice you may review.
You may refuse to designate the required information as directory information, but it will limit many features of Sidekick Services as well as the number of students eligible to use them.
Wherever identity is not important, we do not collect personally identifiable information. Instead, we collect anonymous event data that help us improve user experience, performance, and security. We may also use aggregated anonymized information for research, analysis, and product development.
In some cases it is impossible to collect fully anonyous data. For example, event data for a comment in a Microsoft Word or G Suite Docs document will include a unique identifier Google has assigned a student, which could feasibly be tied to sensitive personal information. In another example, Sidekick will need to pair personal information such as grade levels or competency levels to a student's unique identifier in order to provide appropriate competency-based learning progressions. We may further need to retain this data to improve future recommendations.
Even though the student's unique identifier is a meaningless string of scrambled letters and numbers, a malicious actor with full access to both our data and encryption keys, as well as the correct school's data, could theoretically reconstruct student identities that include sensitive information. This would require an immense amount of effort and coordination from the malicious actor, but it is a very rare case we must prepare for.
We attempt to de-identify the data we collect before storing it through several means. We use meaningless identifiers as references to meaningful content, such as student records or grades, that a separate application in our system must decode so the malicious actor must gain control over multiple, isolated applications before the data has any utility. We also will clone original event data and student profiles, obfuscate personal information, then store only the cloned data. This allows us to power many of the features without storing any personally identifiable information.
Sidekick will record partner communication with minors and screen it for inappropriate content. Sidekick will temporarily store recordings of partner communication with minors that only teachers may access to share with their students or other legitimate purposes.
Students, school administrators, and parents may access the videos upon request during this period if and only if safety is a legitimate concern.
Videos that have been screened for inappropriate content and do not need to be retained for a legitimate use will be promptly deleted.
While Sidekick is intended for users primarily of age 13 and over, sometimes children under the age of 13 may be enrolled in participating schools. We accommodate these students by working through the teacher to offer a limited feature set that does not require us to collect any personal information. We offer this restricted experience for accounts of all users below the age of 13 and for some users below the age of 16 where applicable under local law.
For students 13 or younger, guardians must consent to their students' participation in Sidekick services. Parents and legal guardians of minors can consent to collection and use of a child's personal information without consenting to the disclosure of that information to third parties.
As described in the general security measures detailed in the General Privacy and Data section, we encrypt all databases containing service data. This includes student data. This means no directory information, video, or other personal information or data considered part of a students' education record is stored in a directly readable format.
As part of your agreement to use the service, you permit us to collect and use your information from activity on devices you use in accordance with this Privacy Notice. If you would like to block our cookies, view the methods described under How to Control Cookies or using the opt-out links provided in the Cookies Set by Third Parties section.
Cookies are small text files that a website saves on your computer or mobile device when you visit that website. These cookies help secure our authentication process during logins and signups or enable the website to remember your actions and preferences for a period of time, so that you don’t have to re-enter them each time you come back to the website or browse from one page to another.
For some features of the website, it’s necessary to store data temporarily on one page so that we can use it again on another. User Input cookies are persistent cookies with durations of anywhere from several days to several years.
Many features of the Service will store your preferences about how that feature is displayed or used in a cookie. For example, if you set a filter on competencies to teach or assess, your filter preferences about how many and what kinds of competencies appear are stored in a cookie. Cookies that store preferences can be set with durations anywhere from just the current session up to a year.
To understand how users interact with specific features of Sidekick and to further improve our website, we sometimes collect anonymous data about website usage and store it in cookies. We also set a cookie containing a unique, random value so that we can anonymously identify you each time you come to the website. These cookies can be set with durations anywhere from just the current session up to several years.
Beyond the cookies we set ourselves, we also work with various reputable companies to provide certain services on Sidekick, like advertising, and to help us analyze how visitors use Sidekick and optimize their experience. In general, these cookies:
- Enable features and experiences on Sidekick that are tailored to your activity and preferences
- Collect information on your and other users’ preferences in order to create more useful products
- Maintain Sidekick’s regular business operations by facilitating communications and notices, onboarding experiences, and by collecting impressions and click data
- Help diagnose and correct downtime, bugs, and errors in our code to ensure that our products are operating efficiently
Below we provide more information on these companies and the cookies they may set.
In addition to cookies, we also use similar technologies on Sidekick which capture and store user data as outlined below.
Web beacons, also known as clear GIFs or pixel tags, are small images that appear in the emails we send to our users, and are used to track whether the email is opened or forwarded to other people. Having this information gives us a better understanding of the usefulness and relevance of the emails we send to our users.
If you no longer wish to receive promotional email communications from us, you can click on the unsubscribe link at the bottom of any such email.
HTML5 local storage is an industry-standard technology for storing data in the browser that is very similar to cookies. The difference is that the data is only available in your browser, unlike cookies which are transmitted back to the server as part of loading a new page. Google Analytics may sometimes put data into local storage, and we use their services for the reasons outlined above.
In some browsers you are able to clear your local storage in a similar way to clearing cookies. Please consult the relevant documentation for your browser for further details.
In addition to opting out of third party cookies as described above, you can also control and delete cookies used by Sidekick at any time. For instructions on how to do this, which may vary depending on what browser you are using and where you are located, visit aboutcookies.org or youronlinechoices.com. You can delete all existing cookies on your computer and set most browsers to prevent them from being placed. However, please note that if you do this, you will no longer be able to log in to your Sidekick account and other functionality on our website may not work properly.
To help Sidekick provide, maintain, protect and improve our services, Sidekick shares information with our partners, trusted organizations, vendors and other affiliated organizations to process it on our behalf in accordance with our instructions and any other appropriate confidentiality, security or other requirements we deem necessary.
We will never sell or lease your or your students’ personal information with third parties.
Prior to engaging into a relationship with a third-party service provider, we will first review their privacy policies and ensure that these are compliant with those regulations that Sidekick is adhering to and that they are aware that Sidekick is directed to children. Third-party service providers who will have access to any Personally Identifiable Information (PII) will have their privacy policies reviewed by Sidekick on an annual basis to ensure that any changes made do not affect compliance with all applicable legislation.
When possible, we use restricted versions of our third-party services (for example, Google Analytics) that limit data sharing and tracking on areas of our site and mobile apps that are accessed by children to support our internal operations.
This Privacy Notice does not apply to, and we are not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. For more information, we encourage you to check the privacy policies of these third parties to learn about their privacy practices. You can find information on these partners and providers below, including what data we share with them and the services they provide us as well as links to their privacy policies.
Our service content and usage data is stored on AWS servers. All data written to disk is encrypted.
Provider of technical infrastructure for storage, service deliver, networking, and analytics
Our service content and usage data is stored on AWS servers. All data written to disk is encrypted.
Provider of servers and network infrastructure for storage, service delivery and analytics
Google Cloud Platform
Our service content and usage data is stored on GCP servers. All data written to disk is encrypted.
Provider of servers and network infrastructure for storage, service delivery and analytics. Corporate productivity suite.
Content and traffic data for our marketing site www.sidekick.education is stored on Netlify servers.
Provider of servers and network infrastructure for storage, service delivery and analytics
Recorded video. Vimeo account data, including emails.
Live mentor session video sharing
Email address and username
Email service for sending emails to our users
If you are in the European Economic Area (“EEA”), the provisions of this Section H apply to you, effective May 25, 2018.
Sidekick processes your personal data only when we have a lawful basis for doing so. We may process your Personal Data because you have given us permission to do so (e.g., by sending data through our contact or order forms), because the processing is in our legitimate interests and it’s not overridden by your rights (e.g., some of the information we collect from you we need to enable use to deliver the Service to you and fulfill our agreement with you), or because we need to process your Personal Data to comply with the law. At other times, we consider it to be in our legitimate interest to collect and process this information, taking into consideration your privacy rights. In rare cases we also may be required to process your data to protect your vital interests or for a task in the public good.
European users also have several rights under the General Data Protection Regulation in certain circumstances, including the right to access, update and remove your personal data, object to particular processing, or file a complaint with our privacy team or a supervisory authority. If you wish to know what Personal Data we hold about you, to have us remove it, or otherwise to exercise your rights, please contact us at [email protected]. Note we may need to verify your identity before granting access or otherwise changing or correcting your information.
In some cases, you also have the following rights related to your Personal Data:
- The right to access, update, or delete your Personal Data.
- The right of rectification—to have your information altered if it is inaccurate or incomplete.
- The right to object to our processing of your Personal Data.
- The right of restriction—to request that we restrict how we process your Personal Data.
- The right to data portability—to receive a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent to our processing of your Personal Data.
- The right to complain to an EEA data protection authority (a government agency) about our management of your Personal Data.
Sidekick reserves the right to modify this Privacy Notice at any time, so please review it frequently. If we materially change how we use your personal information, we will notify, by email, and/or by means of a notice on our website prior to the change becoming effective. If you disagree with these changes, you can delete your account at any time and/or stop using the Service. Your continued use of the Service constitutes your acceptance of any changes to this Privacy Notice.
If we make material changes to how we collect and use personal information from children under the age of consent, we will notify parents by email and, when appropriate, obtain additional parental consent for the new uses of the child's personal information.
If you have questions or wish to send us comments about this Privacy Notice, please contact us:
Data Protection Officer Contact Information
Attention: Data Protection Officer
1360 Regent St
Madison, WI 53715