The following services are covered under this policy:
|firialabs.com||Web storefront||No. Admin, Teachers, Parents|
|make.firialabs.com||CodeSpace Learning Platform||Yes. Students, Teachers|
More restrictive policies are enforced on the Student-facing services, as noted below.
What personal information do we collect from users of our application?
Each login to our web application is authenticated with the user’s Google account. We use Google’s basic account information (email address, user name) to provide individual progress tracking through the lessons. We also request authorization using the Google Drive API for the application to create files and access files it creates while the user is logged in.
When do we collect information?
We collect information from you when you login to our web application, place an order, fill out a form, or enter information on our site.
How do we use your information?
We may use the information we collect from you in the following ways:
- To personalize your experience.
- To improve our website.
- To respond to your customer service requests.
How do we protect your information?
Your personal information is held in secure data centers only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information is transported over secure HTTPS network connections encrypted via Transport Layer Security (TLS).
We implement a variety of security measures when you place an order, and when you enter, submit, or access your information to maintain the safety of your personal information. All transactions are processed through a gateway provider (Shopify) and are not stored or processed on our servers.
Do we use 'cookies'?
Do student-facing services allow third party behavioral tracking?
Do non student-facing services allow third party behavioral tracking?
Yes. On the web storefront for example, via Google Analytics and Facebook pixel.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the world approach data privacy. Firia Labs is committed to complying with all GDPR mandates. Any questions regarding compliance may be directed to Firia Labs’ Data Protection Officer at firstname.lastname@example.org. This is your direct contact for help as an EU citizen in exercising your rights as a “Data Subject” under GDPR including, but not limited to the right to erase your personal data, and to access / export your data.
Under the definitions of GDPR, Firia Labs acts as a “Data Controller”, and will only use “Data Processors” that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR. Firia Labs employs Google (Cloud Platform, gSuite) as the principle “Data Processor” entity. Other 3rd party data processors listed below are used to provide essential services such as user forums, managing support inquiries, and the online shop:
3rd Party Data Processor
Saving user programs and progress
Functional Software, Inc.
Error diagnostic logging (sentry.io)
Online troubleshooting support
This Application is compliant with California Student Online Personal Information Protection Act (SOPIPA), meeting the following requirements at minimum:
- do not use any data collected via the service to target ads
- do not create advertising profiles on students
- do not sell student information
- do not disclose information, unless required by law or as part of the maintenance and development of the service
- do use sound information security, including encryption of data and other industry-standard practices
- will delete data that we have collected from students in a school when the school or district requests it
- share information only with educational researchers or with educational agencies performing a function for the school
- innovate safely without compromising student privacy by only using de-identified and aggregated data to develop and improve the service
California Online Privacy Protection Act
Use of G Suite “Google Apps for Education”
This Application uses G Suite and related Google Cloud Platform services to authenticate users and securely manage retained user information. We consider Google a trusted 3rd party provider, given widespread adoption by schools and given CETPA’s finding that the G Suite data privacy terms and conditions comply with FERPA and AB 1584, bolstered by findings of Ernst & Young, which held that G Suite privacy terms and conditions were consistent with the privacy standards established by the International Standards Organization for data privacy.
Fair Information Practices
The United States Federal Trade Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.
In accordance with FIPPs, should a data breach occur, we will notify the affected users via email within 7 business days.
Assembly Bill 1584 requires all school districts in California to enter into legal agreements with software and other vendors who follow strict rules concerning the disclosure of student information via electronic or other methods.
The Firia Labs Web Application (Application) is compliant with AB 1584. All pupil-generated content is stored on the pupil’s individual Google Drive account. Pupils retain possession and full access to their content at all times, and may transfer or delete content at any time. Pupils may also de-authorize the Application from their Google account, and retain access to any data previously created by the Application.
COPPA (Children Online Privacy Protection Act)
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. The Federal Trade Commission enforces the COPPA Rule in the US, spelling out what operators of websites and online services must do to protect children's privacy and safety online.
We adhere to the following COPPA tenets:
- We will not require a child to disclose more information than is reasonably necessary to participate in our service.
- Teachers and parents can review, delete, and manage their students' information through account settings on our website or by emailing email@example.com.
- Parents can give consent by creating accounts for their children and providing the minimum necessary personal information needed during that account creation.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Authenticate your user account.
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- We may also send you additional information related to your product and/or service (optional).
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if used
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can change your email settings in your account preferences, email us, or follow the instructions at the bottom of each email, and we will promptly remove you from all correspondence.
1038 Research Blvd Suite 240
Madison, AL 35758