Knewton is founded on the principle that every student in the world should be able to receive a high-quality education personalized to his or her needs. In our world, “personalized” also means “designed to protect.” Knewton adheres to a single “privacy and security by design” policy and a set of principles that guide product development and delivery.
“Direct Identifiers” means information that directly identifies and can be used to communicate with an individual, including: (1) a first and last name (or first initial and last name); (2) a home or other physical address including street name and name of a city or town; (3) online contact information such as an email address; (4) a screen name or username that functions in the same manner as online contact Information; (5) an educational institution-issued student identifier or other government-issued identifier; (6) a telephone number; and/or (7) a photograph, video, or audio file where such file contains an image or voice.
“FERPA” means the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), a Federal law that protects the privacy, security and accuracy of student education records and PII of students contained therein. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. For more information about FERPA, go to the U.S. Department of Education’s website at to http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
“Indirect Identifiers” means information about an individual that is not a Direct Identifier, such as a unique indirect identifier assigned to that individual, birth date, payment information or IP address, which is used to single out an individual over time, but standing alone, cannot be used to contact that individual.
“Knewton Account” is defined in the Preamble as the account you create with us to access our Online Courseware.
“Non-Personal Data” means Usage Data (see below) and other information that contains no Personal Identifier(s).
“Payment Processing Data” means Personally Identifiable Information relating to individual’s purchase of Online Courseware through Knewton.com.
“Personal Identifiers” means Direct Identifiers and Indirect Identifiers.
“Personally Identifiable Information” or “PII” means information about an individual that contains Direct Identifiers (by itself or combined with Usage Data) and Indirect Identifiers when combined with Usage Data.
“Registered User” means a user who has registered for access to our Online Courseware on the Site and identified themselves as at least 13 years of age when establishing a Knewton Account.
“Usage Data” means the data we collect from a user’s interactions with our Online Courseware and analytical representations of this Usage Data. This data may include, but is not limited to, descriptions of content and problems you have viewed and attempted, problems you have answered correctly or incorrectly, the amount of time spent viewing content, etc. Standing alone, this information is not Personally Identifiable Information.
Our Site and the Online Courseware are intended exclusively for U.S. residents at least 13 years of age. Accordingly, we limit access to the Online Courseware to users that identify themselves as at least 13 years of age when establishing a Knewton Account and only provide access to certain activities, content, and collection of PII to such Registered Users. We collect information and Usage Data (as further detailed in the next section) directly from Site visitors and from our Online Courseware when a Registered User creates a Knewton Account and also as that Registered User accesses and interacts with the Online Courseware. We may also receive information (including PII) from your Institution (and in some cases from your Institution’s learning management system (LMS)) regarding classroom set up, course content, and other information specific to the Coursepack we deliver to you. We may also receive confirmation of your Courseware purchase from our payment processor.
For visitors to our Site without a Knewton Account, we may ask for your email address to subscribe to our newsletter(s).
You need to be a U.S. resident and at least 13 years of age to create an account to use our product. We collect information from website visitors and users who have created an account with us to make the website and our product useful to you.
The types of information we collect and receive when you use the Online Courseware and visit our Site falls into four categories:
1. Direct Identifiers and other information you provide directly to us such as first name, last name, and/or email address or other contact information (e.g. telephone number), educational institution-issued student identifiers or other government-issued identifiers, images and voice identifiers (e.g. photo or video) for the purpose of setting up and managing your Online Courseware or contacting us about our services.
2. Direct Identifiers, Indirect Identifiers and other information you provide directly to our payment processors when you purchase the Online Courseware through Knewton.com such as billing address, purchase history and credit card or other payment method.
3. Information we generate automatically in order to provide your services such as Indirect Identifiers for your Knewton Account and Usage data we collect automatically through your interactions with our Online Courseware and which may be combined with Direct or Indirect Identifiers to support personalization of your course experience.
4. Information gathered through our Site.
Information You Provide Directly to Us
If you register for our Online Courseware, we will ask for your name, email address and birthdate to create a Knewton Account and become a Registered User, enable and validate your use of our Online Courseware, communicate with you about your use of the Online Courseware, provide product support, and comply with regulations. You may also register by creating a Knewton Account using your Google account to login and in some instances, through your institution’s LMS in which case you are authorizing us to receive (and those third parties to send) information such as your name and email address in order to create a Knewton Account.
If you are a Registered User, we receive and store any PII you knowingly provide us. However, we only collect the minimum necessary Direct Identifiers from you that are relevant to providing our Online Courseware. For example, to set up a Knewton Account we will typically only ask for your first and last name, and an email address. Occasionally you, your institution, or your professor may provide us with additional information such as your educational institution-issued student identifier or you might be asked to provide us your telephone number or other information when you contact our customer service team.
You may also provide us PII when you submit content to the Site and in connection with your use of the social networking features available, such as email or feedback functionality within the Online Courseware. For example, our feedback tools allows you to add comments and take a snapshot of your screen and submit it to us as feedback. You control what information you put in those comments or what is on your screen at the time you submit the feedback, which could include PII such as your name, email address, grade data, etc.
Information You Provide to Our Payment Processing Partners and other Third Party Providers
Knewton’s Online Courseware utilizes business partners for data storage and integrated applications to enhance our Online Courseware functionality. If you are a Registered User who purchases Online Courseware directly through Knewton.com you will be required to provide payment processing information to Chargebee, a third party PCI-Compliant subscription and billing management service. Knewton authorizes Chargebee to collect from you only the minimum necessary information required to manage your subscription or process your payment and to share only the minimum necessary with specific third parties Stripe and Avalara for the sole purpose of completing your transaction. In order to protect your privacy, Chargebee assigns each user a unique Chargebee Indirect Identifier which serves as the basis for confirmation of an Online Courseware purchase. Information that Registered Users may provide Chargebee through the Site include contact information (name, billing and email address), products purchased and credit card or other payment information. In order to confirm your transaction is processed or your Subscription is active, Knewton receives back the unique Chargebee Indirect Identifier and a code indicating a successful or failed transaction. This token enables you to proceed into the purchased Coursepack within the Online Courseware. Chargebee also provides us with payment reports, such as sales and tax statistics for accounting and financial reporting purposes. Knewton does not see your credit card information. To protect your privacy, questions concerning your subscription or payment transaction should be directed to Chargebee at firstname.lastname@example.org.
Online Courseware utilizes other business partners for data storage and integrated applications to enhance our Online Courseware functionality. In most cases these other business partners will not collect PII with Direct Identifiers from you. Where these business partners are able to collect PII from you through the Online Courseware, we contractually require that such business partners protect the privacy and security of the PII collected and strictly limit their use of such PII to the purposes of storing or processing such data to facilitate the hosting and delivery to you of our Online Courseware. Wherever feasible, we will only use business partners that have privacy policies and practices as strong as our own.
The Site (including the Online Courseware) also contains links to other web sites. For example, certain videos accessible from our Site are hosted on YouTube. We also use third-party services to deliver the Site and provide the Online Courseware, such as hosting our platform, providing various blogs and community boards, payment processing and to help us understand Site usage, such as Google Analytics. These third-party service providers may collect information sent by your browser as part of a web page request, such as cookies or your IP address. Wherever feasible, we will only use third-party service providers that have privacy policies and practices as strong as our own. Please note, however, that we are not responsible for the privacy practices or the content of such other web sites. We encourage our users to read the privacy statements of these external web sites.
Usage Data Collected Automatically
Registered Users of our Online Courseware benefit from Knewton’s adaptive learning technology which personalizes content for each user. In order to accomplish this, we automatically collect Usage Data as users interact and access the Online Courseware. This data may include, but is not limited to, descriptions of content and problems a user has viewed and attempted, problems a user has answered correctly or incorrectly, content a user has viewed, the amount of time spent viewing content, etc. We only collect Usage Data that we believe is necessary to provide personalized learning and analytics through our Online Courseware.
Typically, data collected automatically, including Usage Data, is Non-Personal Data. Where we combine this Usage Data with a Registered User’s Direct or Indirect Identifier(s) through a Knewton Account, we will treat this identified Usage Data as PII.
Other Information Collected Automatically
We also collect additional Non-Personal Data from users of the Online Courseware that is not permanently associated with any online account or registration information, and that cannot be used to directly contact you or identify you. For example, Non-Personal browser metadata from visitors to our Site which is ordinarily in aggregate, summary, or other anonymous form, and may include, by way of example, statistics regarding popularity of particular pages within the Site, or information regarding types of Internet browsers used by Registered Users. We also collect Non-Personal Data about users’ IP address to help diagnose problems with our server, and to administer our Site and the Online Courseware. Such Non-Personal Data is not associated with individual account profiles or registration information.
The “help” portion of the toolbar on the majority of browsers will direct you on how to prevent your browser from accepting new cookies, how to command the browser to tell you when you receive a new cookie, how to fully disable cookies and how to enable “Do Not Track” settings. You can disable cookies and still access the Site and use the Online Courseware. Your use of the Online Courseware may however be limited as a result. We do not track you over time after you have left our Site or across third party Web sites to provide targeted advertising and therefor do not respond to Do Not Track (DNT) signals from your web browser.
There are four general categories of information we collect: 1. Personal data you provide directly to us like your name and email, 2. Personal data provided to our third party vendors that we use to augment the product, such as our PCI compliant payment processors when you purchase the product through our website, 3. Personal and non-personal data we generate automatically as you interact with the product, such as questions you answer right or wrong and 4. Non-personal data gathered through our site such as cookies so we can remember your preferences and log information that we use to help us improve the website.
We strive to use reputable third party vendors that will respect your privacy rights and to limit the personal data we collect from you to only that we believe is necessary to effectively deliver our product to you and personalize your learning experience.
Necessary Uses and Disclosures
For users of our Online Courseware who have created a Knewton Account, we use and/or share PII as necessary to provide personalized learning through the Online Courseware and as further described below. We also describe below how we use and share Non-Personal Data. Please be assured that we will not sell your Direct Identifiers or your Usage Data with any type of Direct Identifier to third parties for marketing or advertising purposes.
The types of disclosures described below (“Necessary Disclosures”), to the extent applicable to your use of the Online Courseware, are necessary if you wish to use the Online Courseware. As mentioned above, we may use Non-Personal Data for business purposes. If you do not want us to make such Necessary Disclosures, or do not want us to use Non-Personal Data without restriction, you must not use the Online Courseware.
- We use PII as strictly necessary to provide personalized learning through the Online Courseware. For example, we will use certain Personal Identifiers to allow you to create a Knewton Account so that we can identify you in order to maintain a longitudinal learning profile across Coursepacks within the Online Courseware. We then associate to your Knewton Account only that Usage Data (and analysis performed on that Usage Data) that we view as necessary to personalize your learning experience each time you use our Online Courseware and to provide analytics and reporting to your Educators. We share your PII with your Educators in connection with your use of the Online Courseware. In some cases, your institution has requested that we share certain PII, such as grade book data w/ Indirect Identifiers to your institution’s LMS provider. Where we allow this sharing of PII, we require as part of our Terms of Service that Educators use such information solely to the extent necessary to perform their services as an Educator.
- In limited circumstances we may disclose collected information or direct you through the Site to provide information, including PII, to certain of our business partners who provide certain functionality in connection with providing the Online Courseware. Chargebee, a third party subscription management company utilized by Knewton as mentioned above and described in our Terms of Service, would be an example of one of our business partners. Where feasible, we use Indirect Identifiers and avoid disclosing Direct Identifiers to our business partners unless they need it to perform their specific function and we have contractually required that such business partners protect the privacy and security of the PII disclosed.
- Under certain circumstances, we may be subject to legal requirements to disclose information collected through the Site, such as, by way of example, to a court or a governmental agency, and our policy is to comply fully with all such legal requirements.
- We may also disclose information collected through the Site whenever we reasonably believe that disclosing such information is necessary or advisable to protect the rights, property, or our safety or the safety of others.
Other Uses and Disclosures
If you are a visitor to the Site and do not directly provide us information as described above, please note that we do not collect or store any Direct Identifiers but may retain visitor information for statistical analysis.
Optional Uses and Disclosures
We may also use information collected about Registered Users or to provide optional services and communications. However, unlike communications described above which are necessary to provide the Online Courseware, communications like our newsletter(s), news about new features of the Online Courseware and/or other new products are optional (“Optional Disclosures”), and users will still be able to access and use the Online Courseware even if they indicate their preference that we are not permitted to make some or all of such Optional Disclosures. We will respect your preferences.
We do not rent or sell your personal data to anyone. We use it as necessary to deliver our product to you and personalize the learning experience, to comply with laws, or as instructed by you. This may include sharing personal data with our business partners that we use to augment the product. This policy does not limit our ability to use non-personal data (i.e. de-identified data that cannot be associated with an individual) for business purposes, such as improving our product.
You should not use our product if you do not want your personal data to be used as required to access the product, or if you do not want us to use non-personal data without restriction.
Also, if we are acquired, we may disclose your information to our successor. There are also optional ways we may use and share personal data we collect from you but we will only do this if you permit us to.
You may update the Direct Identifiers in your Knewton Account at any time by logging into your account and accessing the PII in your account settings. Additionally, if you are a Registered User who has purchased the Online Courseware directly through Knewton.com, you can access your payment processing information (including updating your Direct Identifiers, credit card information and billing address) through the “Billing Information” section of the Site.
You can delete your Knewton Account by going to the account page and clicking “Delete Account.” When you select to delete your Knewton Account, Knewton will delete or de-identify your PII that we have collected or received during your use of the Online Courseware. Note that if your institution hired us to manage your course, in some cases we will need to seek the approval of your institution prior to deleting or de-identifying certain information such as gradebook data and/or your institution may request to keep a copy of PII in your Knewton Account to the extent permitted under FERPA. Additionally, if you have entered payment information, when you delete your Knewton Account, Knewton will permanently remove from our systems any link between your Knewton Account and your Chargebee payment processing information including our use of your Chargebee unique identifier. Knewton and/or Chargebee however may retain certain payment processing information (including PII) after you have deleted your Knewton Account if reasonably necessary to comply with legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or enforce our Terms of Service with you.
Although it is technically unfeasible to display all the Usage Data linked to your Knewton Account, you can access your learning history (e.g. problems you have viewed and attempted, problems you have answered correctly or incorrectly, etc.) from assignments you have worked on within the Online Courseware by clicking on any assignment.
Currently, the Online Courseware does not allow you to remove the permissions you have granted to your Educators to access your PII through the Online Courseware. If you have a valid request to remove Educators’ access to your PII, please contact us directly at email@example.com.
If you have created a Knewton Account at the direction of a school official or your school is paying for your use, certain information collected through the Online Courseware, such as gradebook information, may be protected under FERPA, a Federal law that protects the privacy, security and accuracy of student education records. We work with institutional clients as a “school official” where appropriate and ensure our contracts and practices are consistent with their own policies and the rights and protections they are required to provide to their students. Where your Institution or Institution’s LMS provider is sending us information, your Institution is responsible for explaining to you its disclosures practices to third party vendors acting as school officials (including Knewton) and, where appropriate, requiring you to consent to having your information disclosed.
If you are an Educator and have questions about how FERPA applies to the Knewton Courseware, need to access student record(s) beyond what is provided by the Online Courseware, or need to correct a student record, please contact us at firstname.lastname@example.org.
If you want to understand exactly what types of information are stored within your Knewton Account, update your PII, understand who you have authorized to access your Usage Data, or if you discover any difficulties with our deletion process, please contact us at email@example.com.
You have control over your personal data. You can update your personal data, access your learning history and/or delete your entire account at any time (in which we will remove your personal identifiers like your name and email), but such actions may limit your access and experience with the product.
By using the product, you will also be granting your teachers access to your personal data and learning history.
The security of your PII is of utmost importance to us. We have put in place what we view as necessary physical, managerial, and technical safeguards to protect PII from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
For example, whenever the Online Courseware request that Registered Users provide Direct Identifiers, that information is encrypted with industry-standard encryption techniques during transmission to us. When you are viewing a secure page within the Site, such as our user registration form, an icon of a padlock will appear as “locked” at the bottom of web browsers such as Microsoft Internet Explorer, but the same icon will appear as “un-locked” when the user is merely “surfing.” We currently use an encryption technique known as “SSL,” or “Secure Sockets Layer.” To learn more about SSL, go to www.ssl.com.
When we use business partners to host the Online Courseware and store data of our users in online databases, we contractually require that such business partners protect the privacy and security of the PII disclosed. Their use of your data is also strictly limited to the purposes of storing such data to facilitate the hosting and delivery to you of our Online Courseware. Wherever feasible, we will only use business partners that have privacy policies and practices as strong as our own. Additionally, all Direct Identifiers and certain other information, such as passwords, are always stored in an encrypted form within such databases.
Furthermore, access to PII is restricted within our own offices, so that only certain of our employees are granted access to such PII as appropriate to perform specific jobs and tasks (e.g. performing customer service).
Please be aware that, although we use physical, managerial, and technical safeguards designed to preserve the integrity and security for PII and other Non-Personal Data in our possession and control, no security system can prevent against all potential security breaches, and we bear no liability for uses or disclosures of PII or Non-Personal Data arising in connection with the theft thereof. Likewise, users are responsible for safeguarding the confidentiality of passwords, and we bear no liability for access to, or use or disclosure of, PII, if such access, use, or disclosure arises in connection with the theft or disclosure (whether intentional or negligent) of a password.
If we learn of a data security incident that compromises or appears to compromise your PII, if required by law, we will attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on the Site if a data security incident occurs.
If you have any questions about our security measures, you can contact our security team at firstname.lastname@example.org.
The security of your information is important to us, and we take it very seriously. No data security is absolute, but we take the necessary technical, physical, and administrative steps to secure personal data. You must also keep it safe. We protect your account by encrypting your password and certain other personal information.
We recognize the privacy interests of children. If you are under the age of 13, do not attempt to register with our Site and create a Knewton Account and do not provide us with any Personal Identifiers about yourself. If it comes to our attention that an individual under the age of 13 has established a Knewton Account with us or that we have otherwise received personal information from a child, we will delete all Personal Identifiers from that account and suspend the account as quickly as possible. If you believe we might have any information from or about a child under the age of 13, please contact us at email@example.com.
If you are under 13, do not attempt register to use our product. Talk to your parent.
The Online Courseware is not intended for use by non-U.S. residents nor is it targeted at non-U.S. residents. The Online Courseware is operated and managed on servers located within the United States.
Our product is intended for use by U.S residents. If you are outside the U.S., by using the product, you are consenting to transferring personal data to the U.S.
If you are a California resident, you are entitled to request specific information regarding our privacy practices.
- Postal mail to: Privacy Administrator, Knewton, Inc., 440 Park Avenue South, 14th Floor, New York, NY 10016; or
- Telephone: +1 212-563-9866 (“request Privacy Administrator”)