Lively Minds Institute Data Privacy Policy

Last updated: October 23, 2024 

1. Introduction

The Lively Minds Institute (“we,” “our,” or “us”) is committed to protecting the privacy of information we collect about teachers, students, and other authorized users in connection with providing services through the Cerebrate platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information on our platform, Cerebrate, in compliance with the applicable federal and state privacy laws. This policy also describes your rights under applicable privacy laws.

2. Platform Data We Collect

a. Data provided directly from you that may include:

• Name and contact information
• Login credentials
• Personal information, like subjects and grades teaching, years in education.
• Testimonials and responses to polls and surveys

b. Data provided by schools (administration, educators, specialists) about students that may include:

• Name, grade, photograph, student ID number, student email address
• Detailed information, like goals, skill levels, and motivators
• Behaviors and associated learning strategies, lessons, and progress
• Any information contained in free-form fields, like educator comments in student progress reports.

Please note that service does not require all of this information. For example, student ID number, photograph, student email address, detailed information, and behaviors are collected at the school’s discretion.

c. Usage Data

We collect data on how users interact with our website and services, such as pages visited, time spent, and usage patterns.

Usage Data may include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

 

Cookies and Tracking Technologies

We use Cookies (small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses) and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies we use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on your Device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted your browser setting so that it will refuse Cookies, our Service may use Cookies.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

d. Categories of Data Collection Sources

 We obtain the data listed above from the following categories of sources:

• From you directly. For example, from the forms you complete on our platform or preferences you express or provide through our Service.
• From users of the platform. For example, when a teacher records your child’s progress in acquiring a skill.
• From observing your activity on our services. For example, via cookies, other standard online technologies, and our routine monitoring and recording of your service usage.
• From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service or other third-party vendors that We use to provide the Service to you.

 

3. How We Use Platform Data

We use the personal information collected to:

• Provide contracted educational services to schools and districts. For example, to manage logins and maintain the security and confidentiality of data contained in the services; to communicate essential service information to you; to provide customer support; to monitor compliance with our Terms of Use; and to report service usage data to our customers.
• Conduct statistical research. For example, to evaluate the effectiveness of the Platform and improve our product. Any data used for this purpose is de-identified (made anonymous by removing all personally identifiable information).
• Comply with legal obligations and regulatory requirements. For example, we may need to use data to comply with applicable laws, our internal policies and to protect the legal rights of ourselves, our Districts and their users and others.
• Improve service and user experience. For example, to identify which parts of our services you find useful or difficult to use.

 

We also collect aggregated usage information that does not personally identify individual users. We use this aggregated data to improve our Platform and make the Platform valuable to as many users as possible. For example, this aggregated data can tell us how often users use a particular feature of the Platform. We do not use this data to:

• Display traditional or contextual advertisements;
• Provide promotional sweepstakes, contests, or surveys; or
• Send marketing messages.

This section describes how Lively Minds Institute uses your personal information. Remember that the school (our customer) has a high degree of control over the personal information processed in our platform. This Privacy Notice does not cover how schools use data, which will be determined by their own policies and legal obligations.

Lively Minds Institute will never sell your personal information.

 

4. How We Share Platform Data

We do not sell any information we collect on the Platform, including student personal information, nor do we use or disclose any information we collect for (a) behavioral targeting of advertisements to students or (b) any other marketing purpose. We do not allow third-party advertising networks to collect information about Platform users. We do not facilitate the use or disclosure of any student personal information by any other party for any marketing purpose or permit another party to do so.

We may share personal information with the following categories of recipients.

• Schools and Districts, to the extent that data pertains to individuals associated with that account
• Service Providers who provide services like hosting, analytics, and customer support and who are contractually bound to protect your data
• Authorities for legal compliance and protection services
• Business Partners who are in a corporate transaction with Lively Minds Institute

 

5. Platform Data Rights, Disclosure and Access

Parents and legal guardians have the right to review an data we collect about their children. Parents can submit a request using the information in the “Contact Us” section below. We will provide access to this data within 45 days of verification of identity. However, since the data we collect is provided by the school, we recommend that parents or legal guardians first reach out to their School or District.

Districts maintain all ownership rights to any personal information collected through the Platform. Consequently, our Districts may:

• Request that we delete, export, or correct any inaccurate data at any time.
• Access and review the collected data at any time by logging into our platform or requesting an export.

Users can also update certain personal information stored on the Platform by logging into their Cerebrate account or contacting their District’s administrator directly. If a parent or legal guardian has questions about modifying or deleting a student’s educational data, we will direct them to their District and collaborate to resolve the issue.

 

Children’s Online Privacy Protection Act (COPPA)

We do not collect information directly from students under the age of 13 unless we believe we have legal permission, as indicated by our Districts acting on behalf of parents or guardians. As the operator of a platform providing services to schools, Lively Minds Institute obtains consent through the child’s school. We require our Districts to obtain any necessary parental consent and provide required disclosures as mandated by law.

 

Family Educational Rights and Privacy Act (FERPA)

The Platform is authorized by our Districts under the FERPA “school official” exception to receive and utilize educational data for providing educational services. This data is valuable for enabling teachers to identify students’ executive function strengths and challenges, create a customized curriculum of lessons, and track and report on student progress. Student personal information is used solely for the purposes outlined in this Platform Policy.

 

Personal information collected by Lively Minds Institute is accessible only to a limited number of employees who require this data for their job responsibilities. We do not rent or sell personal information for marketing purposes. For any questions related to the data we maintain, please contact us at yourteam@cerebrate.education.  For any other questions related to FERPA, please contact your school or district.

 

Your Rights Under CCPA (For California Residents)

California residents have specific rights regarding their personal information:

• Right to Know: You can request details about the information we collect, its purposes, and who we share it with.
• Right to Delete: You can request the deletion of your personal data.
• Right to Opt-Out: You can request that we do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at yourteam@cerebrate.education with the subject line “Privacy Rights.”

If you request that we delete your personal data, we will confirm your request once we receive it and will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for Us or Our Service Providers to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.) or other applicable law or regulation.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
• Comply with a legal obligation.
• Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

Only you, or a person registered with the California Secretary of State or other applicable official that you authorize to act on your behalf, may make a verifiable request related to your personal information.

Your request to us must:

• Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
• Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it

We cannot respond to your request or provide You with the required information if we cannot:

• Verify your identity or authority to make the request
• And confirm that the personal information relates to You
• We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice.

Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt.

For data portability requests, we will select a format to provide Your personal information that is readily usable and should allow You to transmit the information from one entity to another entity without hindrance.

 

6. Platform Data Security

We take appropriate technical and organizational measures to protect the confidentiality, integrity, and security of personal information, including encryption, secure servers, and restricted access. If we learn of a systems security breach by an unauthorized party or that any of the personal information stored on the Platform was used for an unauthorized purpose, we will immediately notify the relevant Districts electronically so that the District and its users can take appropriate protective steps. Our security measures include:

 

Software Security: We implement privacy and security practices which are compliant with FERPA and COPPA. Our Districts and their users, however, must use secure practices to help achieve comprehensive protection of student personal information as well.

 

Data Storage: The Student Data and/or Principal or Teacher Data will be stored within a secure MySQL database hosted on Azure. Azure provides robust security features such as network isolation, access controls, and encryption to safeguard data at rest.

 

Access Control: Access to the MySQL database is strictly controlled through Azure Active Directory authentication and authorization mechanisms. Role-based access control (RBAC) ensures that only authorized personnel can access sensitive data.

 

Network Security: The database is hosted within a Virtual Network (VNet) in Azure, utilizing network security groups (NSGs) to restrict inbound and outbound traffic. This helps prevent unauthorized access from external sources.

 

Encryption: All communication with the MySQL database is encrypted using TLS/SSL protocols to protect data in transit. Additionally, Azure Disk Encryption is employed to encrypt data at rest, ensuring that even if physical storage is compromised, the data remains secure.

 

Encryption in Transit: Data transmitted between the Azure app services and MySQL database is encrypted using industry-standard TLS/SSL protocols. This ensures that data remains confidential and protected from interception or tampering during transmission.

 

Encryption at Rest: Azure Disk Encryption is employed to encrypt data stored on disks associated with the MySQL database. This ensures that even if physical storage devices are compromised, the data remains encrypted and inaccessible to unauthorized parties.

 

Regular Audits and Monitoring: Azure provides comprehensive monitoring and logging capabilities, allowing for real-time detection of security threats and suspicious activities. Regular security audits are conducted to identify and address any vulnerabilities proactively.

 

Account protection and identity verification: We support account authentication and identity verification exclusively through single sign-on technologies and protocols, such as SAML.

 

We conduct regular audits and updates of our security measures to ensure they remain current and effective. For inquiries about our latest security protocols, please reach out to us at yourteam@cerebrate.education.

 

7. Platform Data Retention and Management

When we receive your personal information under contract with our customers, we will retain it for the duration of the contract and then, according to our customer’s instructions, return it to them, delete it, or transfer it to another service provider.

When we receive your personal information on our own account (that is, outside a contract with our customers), we will retain it as long as necessary to fulfil the purposes for which it was collected, and to satisfy legal, accounting, and reporting obligations, or to resolve disputes or enforce our Terms of Use.

 

8. Do Not Track (DNT)

Our website does not currently respond to Do Not Track signals. However, you can manage tracking preferences through your browser settings.

 

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify users by email or post a notice on our website. We encourage you to review this policy regularly.

 

10. Contact Us

For any questions or concerns regarding this Privacy Policy, please contact us:

Lively Minds Institute
975 E Riggs Rd, Ste 214
Chandler, AZ 85249
Email: yourteam@cerebrate.education