Effective Date: August 9th, 2024

1. Introduction

At Evress, we are committed to protecting the privacy of all personal data (PII) our customers entrust with our Platform, including educational institutions, administrators, students, and parents. This Privacy Policy explains how we collect, use, disclose, and safeguard information through our Platform, in compliance with relevant privacy laws, such as the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA). We understand that privacy is tremendously important to our customers, and we take privacy very seriously. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we store.

By using our Platform, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Guiding Principles on Data Management

• Data Ownership: Evress acknowledges that all personally identifiable information (PII) about students, teachers, administrators, and parents is the property of the customers that Evress serves. Additionally, the data aggregated by 3rd-party vendors our customers may work with is also the property of Evress’s customers and not the property of that vendor or of Evress.
• Purpose: Evress is a trusted steward of personal data. Data received from its customers is to be used solely for the purposes of providing educational services. Such data will not be sold or used for marketing purposes. Customers may use Evress tools to share data with educational vendors of their choice.
• Type of Data Maintained in Evress: Evress maintains personal data needed for the satisfactory operation of the Evress system, and to enable services including data validation and cleaning checks of engagement and activity event data coming from the 3rd party vendors and programs the customer seeks to integrate with Evress. The personal data Evress collects includes what is generally regarded as Directory Information such as name, school building affiliation, grade level, email address, and other identifiers specific to their enrollment in their educational organization to assist with the identification matching process. Depending on the analysis and insights goals of the customer, Evress may also pull gender, date of birth, and other personal demographic data.
• Protection: Evress keeps all personal data confidential and secure. Evress’s data security protections include internal data management policies and procedures, limitations on access to personal data, data encryption (for both data in transit and at rest), data systems monitoring, incident response plans, and safeguards to ensure personal data is not accessed by unauthorized persons when transmitted over communication networks. Evress may disclose personal data to public authorities if required by lawful requests.
• Data Termination: Evress permanently deletes personal data after the termination of a contract, when no longer needed, or when advised to do so by the customer, by or before 90 days after the event that triggered the data termination.
• Discovery of a Security Breach That Results in Unauthorized Release of Personal Data: Evress shall promptly notify affected customers of such breach, shall conduct an investigation, and shall restore the integrity of its data systems as soon as possible. Evress will fully cooperate and assist with required notices to those individuals affected by such breach.
• Financial Protection: Evress shall maintain business insurance policies to protect the customers that it serves.

3. How we Use Information We Collect

Evress collects different types of information solely to improve our services to our customers, and holds itself to the following commitments:

• Personal Information: This may include names, contact details, login credentials, and other identifiers related to the use of the Platform.
• Student Data: We collect and process data related to students’ educational activities, such as behavioral metrics, grades, program usage data, and attendance records.
• Usage Information: We collect information on how users interact with the Platform, including IP addresses, browser types, and pages visited.
• Data from Third-Party Programs: We integrate data from third-party applications and digital curriculum platforms used by your institution.
• Combined Information: We may combine the information we collect from the data sources the customer integrates with Evress along with publicly available information we receive from our business partners, and other third parties. We may use that combined information to enhance and personalize your experience with us, to communicate with you about products, services, and events that may be of interest to you.
• Aggregated Information:  Evress creates aggregated data and insights for the purpose of enhanced customer decision-making around the programs they are implementing to make an impact on the goals of their organization. Evress may use this information to analyze and improve its services for the customer.
• Limitation: Evress does not collect, maintain, use or share student personal information (PII) beyond that needed for authorized educational/school purposes.
• Prohibition: Evress does not sell student personal information (PII).
• Restriction: Evress does not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
• Purpose: Evress does not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
• Notice: Evress does not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided.
• Retention: Evress does not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes.
• Authorization: Evress will collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency.
• Disclosure: Evress will disclose clearly in data sharing contracts or privacy policies what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
• Protection: Evress maintains a comprehensive security program designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks.
• Continuity: Evress will allow a successor entity to maintain student personal information, in the case of our merger or acquisition, provided the successor entity adheres to these same commitments.

4. Data Security

At Evress, we have implemented rigorous measures to protect the confidentiality, integrity, and security of student data and personal information. All data collected through the Platform is stored on secure servers with firewalls and is encrypted both at rest and in transit. Our commitment is to maintain robust controls and safeguards that meet industry standards for data security.

However, we recognize that educational organizations may work with third-party vendors and service providers to gather and manage data, and these third parties may have different or less stringent data management and privacy practices. While Evress can ensure the security of data within our own systems and the integrity of the data as it enters our platform, we cannot guarantee or be held responsible for the data privacy and security practices of third-party vendors that customers choose to work with. We recommend that educational organizations review the data protection policies and procedures of any third-party vendors they engage with to ensure they meet the necessary standards for protecting student data.

By using the Platform, you acknowledge that Evress is only responsible for the security and handling of data within its own systems and not for the practices of any third-party vendors or external data providers that may interact with the educational institution.

5. COPPA

Evress does not provide its services directly to children under the age of 13. Since Evress collects and uses Student Data at the direction of and under the control of educational organizations that are its customers, we rely on those organizations to obtain any necessary parental consent required under applicable laws, such as the Children’s Online Privacy Protection Act (COPPA). If we become aware that personal information from a child under the age of 13 has been collected without the appropriate consent, we will work with the educational organization to ensure that the information is deleted promptly. If you have any concerns or believe that we have processed such information improperly, please contact us at info@evress.com.

6. FERPA

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA sets forth protocols for ensuring the privacy and security of personally identifiable information of students. Evress adheres to the data protection protocols set forth in FERPA.

7. Contact Us

If you have any questions about this Privacy Statement or our information practices, please email us at info@evress.com.