Latest update: April 4, 2022
1. What is Personal Information?
2. When is this Policy not applicable?
This Policy only applies to how we process Personal Information of end-users within our Services and does not apply to our marketing activities and websites which are not within the Services. We do not leverage Personal Information collected through the Services for marketing purposes.
3. What Personal Information do we process?
We collect the following types of Personal Information when end-users access or use our Services:
- Identifiers such as first and last names, username or similar unique personal identifier, student ID, Zoom name or nickname, and online identifiers.
- Contact Information such as e-mail addresses.
- Educational Information such as grade level, class rosters, classes that end-users are enrolled in, and other information which educational institutions may deem necessary.
- Profile Data such as username, password, and grade level.
- User Created Content such as transcripts of conversations generated by students or teachers when using our Services (along with documents shared and emojis used), message content from support requests, feedback on tutoring sessions, essays reviewed through our tutoring services, questions asked by students, and essays submitted for review (along with related information provided by students, such as the essay title, language, teacher’s instructions and similar educational requirements).
- Usage and Performance Data includes information about how end-users interact with our Services, such as statistics regarding the opening and clicking on emails sent by Paper, clickstream information, activity on the site (e.g. top questions asked and which students use our Services the most), bugs, errors and logs which are generated by end-users, and other data collected in using an anonymous ID associated with end-users.
- Technical Data such as IP address, browser information, screen resolution, operating system name and version, device ID, and device manufacturer and model.
- Communications Information such as preferences, consent to receiving e-mail communications from us, and email and text communications.
You can manage your cookie preferences through your browser using the instructions provided below by clicking on the browser that you are using. However, by blocking essential and functional cookies, parts of the Services may not be available.
Pixel tags (a.k.a. web beacons) are tiny graphics with a unique identifier, similar in function to cookies, which allow us to monitor the use of our Services. We use pixel tags in our HTML-based emails to let us know which emails have been opened by the recipients. This allows us to gauge the effectiveness of certain communications. If you do not want to receive pixel tags you can opt-out of these emails or change the type of email you receive to text only.
4. How do we collect Personal Information?
Information We Collect When you Use Our Services
We may collect Personal Information from you that you voluntarily provide to us in various ways, including, but not limited to:
- Create an account with us
- Use our Services
- Call, email, text, submit contact form, or otherwise communicate with us
- Upload content and interact with instructors and tutors on the Services
- Otherwise interact with Paper or our Services
Information We Collect From Third Parties
We receive Personal Information from your educational institution when they authorize your use of the Services.
If the Services are integrated with Clever or ClassLink, then class rosters are automatically updated within our Services whenever students or teachers change classes or switch schools. Clever and ClassLink offer services that we use to integrate with most student information systems, and which securely syncs student information systems with our database. These services are only available to educational institutions who are registered to use this service and is synchronized daily.
5. Why do we process Personal Information?
Our primary purpose in collecting Personal Information is to provide you with our Services with a safe, smooth, efficient, and customized experience. We may also process your Personal Information for the following purposes:
- Provide the Services and customer support requested.
- Provide services to your educational institution pursuant to our written agreement
- Assist with setting up and managing accounts within our Services.
- Contact end-users with e-mail and/or browser or in-app notifications if they have opted-in to receive such notifications.
- Resolve disputes.
- Troubleshoot problems and support.
- Customize, measure, and improve our services and content.
- Inform end-users about our Services and updates.
- Enforce our agreement with you and the terms of this Policy.
- To protect our interests, including establishing, exercising and defending legal rights and claims.
- As necessary to comply with legal requirements, to prevent fraud, to cooperate with law enforcement and regulatory authorities, and to stop other prohibited, illegal, or harmful activities.
- For purposes disclosed at the time you provide Personal Information to us, or as otherwise set forth in this Policy.
6. Where is Personal Information stored?
We offer hosting in the United States. However, we use third-party service providers which may be in other countries.
7. How is Personal Information shared with third parties?
We do not sell Personal Information, and we do not use Personal Information for any other purposes than to provide the Services, which means that we do not share it with marketing partners. We only share or disclose Personal Information in a limited number of instances, including the following:
Educational Institutions. Any Personal Information collected through the Services is available to your educational institution and its school administrators and district administrators. Teachers may also access limited information. Teachers generally have access to the same categories of information as school and district administrators, except that teachers generally only have access to students enrolled in their class.
Service Providers. We may share information with our service providers if necessary for them to support our “internal operations” (as defined by COPPA), including activities necessary for the Services to maintain or analyze its functioning; perform network communications; authenticate users or personalize content; protect the security or integrity of the user, website, or online service; ensure legal or regulatory compliance; or fulfill a request of a user. Service providers are only allowed to use, disclose or retain the Personal Information to provide these services, which include, but are not limited to, hosting and IT services, customer support services, communications services, website development services, performance services, and analytics services. Here are the categories of service providers with whom your personal data is shared so that we can provide you with the functionalities within our Services.
Category of recipients
Non-exhaustive examples and explanations
Support Service Providers
IT Service Providers
Performance Service Providers
We use tools to monitor our online application such as to diagnose, fix and optimize the performance of our Services.
Analytics Service Providers
Integration Partners. Our Services can be integrated with other learning management platforms through Single Sign-On and APIs, such as Clever. Integration Partners are not our suppliers or service providers. Educational institutions enter into separate agreements with integration partners to which we are not party, and plug-ins, APIs or other accesses to Integration Partners are only activated at an educational institutions’ request. This allows educational institutions to integrate our Services with other educational technologies and services relevant to students such as to simplify education. We may share Personal Information with such integration partners when directed to by an educational institution. Educational institutions have full control over what Personal Information they share and with whom.
Legal Process. We may disclose Personal Information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose Personal Information: (i) in response to a law enforcement or public agency’s (including educational institutions or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability. We will take commercially reasonable measures to notify educational institutions prior to making any such disclosures, unless we are prohibited by law.
Business Transactions. If we go through a restructuring, merger and acquisition or sale of some or all of our assets, Personal Information may also be transferred in such context, subject to any limitations under applicable laws. If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy.
8. How do we obtain consent from students?
Most of the students who are using our Services cannot consent to the processing of their Personal Information under applicable laws, and parental consent is required. The educational institutions which retain our Services are responsible for obtaining such consent in accordance with applicable laws from parents.
The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. Paper is authorized by schools and districts to act as a school official under FERPA and thereby to receive and use educational data to provide educational services.
9. How does Paper comply with the Children’s Online Privacy Protection Act (COPPA)?
We do not knowingly collect any information from children under the age of 13 in the United States unless and until the relevant educational institution has provided consent and authorization for a student under 13 to use our Services and for us to collect information from such student.
Where the institution instructs us to collect Personal Information from children under the age of 13, we process such information solely to provide our Services to the student on its behalf and for the purposes set forth in our agreement with the institution and as described in this Policy. We process only as much information as is necessary to provide our Services and the institution may access, delete or withdraw consent for continued processing of the student’s information at any time.
If you are a parent or guardian, you can review or have deleted your child’s Personal Information, and refuse to permit further collection or use of your child’s Personal Information. To exercise any of these rights, please contact the relevant educational institution directly.
If an educational institution believes we have inadvertently collected Personal Information from a child under 13 without proper consent, please promptly contact us using the contact information below. This will allow us to delete such information as soon as possible.
10. How long is Personal Information retained within the Services?
We retain Personal Information for as long as we have an active contract with an educational institution, or as required by applicable laws, whichever is longer. Users or educational institutions may delete Personal Information by contacting us.
11. How is Personal Information protected?
We seek to implement controls that are proportional to the risks to protect the privacy of end-users, including use of multi-factor authentication, SSL encryption, physical access controls to files and buildings and secure file transfer protocols with encryption. Our cloud service provider, Google Cloud Platform, maintains several independent verifications of its security, privacy and compliance control, such as ISO 27017, ISO 27018 and ISO 27001. You can review Google Cloud Platform’s safeguards on Google’s Trust & Security Center available here.
However, no transmission of data over the Internet is guaranteed to be completely secure and we cannot guarantee that your submissions to the Services, any content residing on our servers, or any transmissions from our server will be completely secure. It may be possible for third parties to intercept or access transmissions or private communications unlawfully. Any such transmission is done at your own risk.
12. How does Paper respond to ‘Do Not Track’ browser settings?
Some web browsers incorporate a Do Not Track (“DNT”) feature that signals to the websites that you visit that you do not want to have your online activity tracked. At this time, our website does not respond to DNT signals. Other third party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.
13. How do end-users exercise their privacy rights?
End-users must contact the educational institution where the student or end-user is registered to exercise any applicable privacy rights, as the educational institutions have sole control of end-users’ Personal Information.
14. Can this Policy be modified?
Yes, we may modify this Policy from time to time, such as to reflect additional functionalities or changes to our collection and use of Personal Information. Any changes will be effective upon the revised Policy being posted to our Website. When we make material changes to this policy, we will also provide notice to end-users for whom we have contact information in advance of the effective date of the applicable changes. We will also post a notice at the start of the policy by updating the last updated date.
15. California Privacy Rights
California residents have the right to receive information that identifies any third party companies or individuals with whom a company has shared your Personal Information for such third party’s direct marketing purposes, as well as a description of the categories of Personal Information disclosed to that third party. Paper does not share your Personal Information with third parties for their own direct marketing purposes.
16. Canadian Privacy Laws
For Canadian residents whose Personal Information is subject to Canadian privacy laws, the following provisions are also in effect.
Transfer and Storage of Personal Information
Canada’s Anti-Spam Law
In accordance with Canada’s Anti-Spam Law, we obtain your consent in order to send you commercial electronic messages by email or text message. You may unsubscribe from receiving marketing communications from us, such as announcements about new products, services or features. Even if you have opted out of receiving marketing communications from us, please be aware that we may still contact you electronically for other purposes, for example, to provide electronic communications you have consented to receive or if you contact us with an inquiry.
Withdrawal of Consent, Access and Correction
You may withdraw your consent for the collection, use or disclosure of your Personal Information by notifying our customer service team though our online form, however, such withdrawal shall not have retroactive effect. You may also make a request to access or correct your Personal Information by making a request in writing using the contact information below.
17. Who do I contact if I have questions about the Policy?
If you have any questions, concerns or inquiries regarding the collection, use or disclosure of Personal Information or concerning this Policy, you can:
- E-mail us at firstname.lastname@example.org
- Call us at 1-855-800-2082
- Reach us by mail at the following address:
Paper Education Company Inc.
279 Sherbrooke St West, Suite 410
Montreal, QC, H2X 1Y2