Skip to content

Privacy Policy - Educational Support System

Latest update: April 4, 2022

This privacy policy (“Policy”) covers how Paper Education Company Inc. (“Paper,” “we,” “our,” “us”) processes Personal Information (as defined below) within our Educational Support System services offered through our Paper Education online learning platform and mobile app, which includes our tutoring services, support and maintenance services, reporting services, and hosting services (collectively, “Services”).  Our Services are provided in partnership with educational institutions, and, depending on the Service, are open to teachers, school administrators, and students (each an “end-user” or collectively “end-users”). This Policy is designed to tell you what information we collect and how we use it. 

1. What is Personal Information?

This Policy applies to personally identifiable information that allows us to identify you directly or indirectly (“Personal Information”). Paper may process non-Personal Information that cannot be linked or associated with any individual’s identity. When non-personal information is combined with other information so that it does identify an individual person, we treat that combination as Personal Information.  This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as Personal Information may not be protected as personal information under applicable laws.

2. When is this Policy not applicable?

This Policy only applies to how we process Personal Information of end-users within our Services and does not apply to our marketing activities and websites which are not within the Services. We do not leverage Personal Information collected through the Services for marketing purposes.

Our Services may contain links to websites and services operated by third parties (“Third-Party Sites”).  For instance, a tutor may provide a student with a link to a website to learn more about a certain topic. Paper does not control any Third-Party Sites and is not responsible for any information they may collect. The information collection practices of a Third-Party Site are governed by its privacy policy. It is your choice to enter any Third-Party Site. We recommend that you read its privacy policy if you choose to do so. 

3. What Personal Information do we process?

We collect the following types of Personal Information when end-users access or use our Services:

  • Identifiers such as first and last names, username or similar unique personal identifier, student ID, Zoom name or nickname, and online identifiers. 

  • Contact Information such as e-mail addresses.

  • Educational Information such as grade level, class rosters, classes that end-users are enrolled in, and other information which educational institutions may deem necessary.

  • Profile Data such as username, password, and grade level.

  • User Created Content such as transcripts of conversations generated by students or teachers when using our Services (along with documents shared and emojis used), message content from support requests, feedback on tutoring sessions, essays reviewed through our tutoring services, questions asked by students, and essays submitted for review (along with related information provided by students, such as the essay title, language, teacher’s instructions and similar educational requirements).

  • Usage and Performance Data includes information about how end-users interact with our Services, such as statistics regarding the opening and clicking on emails sent by Paper, clickstream information, activity on the site (e.g. top questions asked and which students use our Services the most), bugs, errors and logs which are generated by end-users, and other data collected in using an anonymous ID associated with end-users.

  • Technical Data such as IP address, browser information, screen resolution, operating system name and version, device ID, and device manufacturer and model.

  • Communications Information such as preferences, consent to receiving e-mail communications from us, and email and text communications.

  • Cookies      We and our service providers use cookies, pixels, and other tracking technology to recognize your browser or device and to capture and remember certain information about your activities when using our Services. A cookie is information that a website puts on a computer’s hard disk so that a website or web application can remember something about individuals at a later time. In this Privacy Policy, when we refer to “cookies” we also include other technologies with similar purposes, such as pixels, tags and beacons. For more information on cookies, see https://www.allaboutcookies.org/.  Our Services do not contain any marketing cookies and we do not conduct interest-based advertising. Our Services only contain essential, functional and analytic cookies as described below.

Type of cookie

Description

Essential

Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies.

Functional

Functional cookies are used to provide you with some functionalities, such as live chatting, and to remember preferences, consents and configurations.

Analytics

Analytics cookies are used to generate aggregated statistical data about traffic and behavior of users when using our Services.

You can manage your cookie preferences through your browser using the instructions provided below by clicking on the browser that you are using. However, by blocking essential and functional cookies, parts of the Services may not be available.

Pixel tags (a.k.a. web beacons) are tiny graphics with a unique identifier, similar in function to cookies, which allow us to monitor the use of our Services. We use pixel tags in our HTML-based emails to let us know which emails have been opened by the recipients. This allows us to gauge the effectiveness of certain communications. If you do not want to receive pixel tags you can opt-out of these emails or change the type of email you receive to text only.

4. How do we collect Personal Information?

Information We Collect When you Use Our Services

We may collect Personal Information from you that you voluntarily provide to us in various ways, including, but not limited to:

  • Create an account with us

  • Use our Services

  • Call, email, text, submit contact form, or otherwise communicate with us

  • Upload content and interact with instructors and tutors on the Services

  • Otherwise interact with Paper or our Services

Information We Collect From Third Parties

We receive Personal Information from your educational institution when they authorize your use of the Services.

If the Services are integrated with Clever or ClassLink, then class rosters are automatically updated within our Services whenever students or teachers change classes or switch schools. Clever and ClassLink offer services that we use to integrate with most student information systems, and which securely syncs student information systems with our database. These services are only available to educational institutions who are registered to use this service and is synchronized daily.

 

5. Why do we process Personal Information?

Our primary purpose in collecting Personal Information is to provide you with our Services with a safe, smooth, efficient, and customized experience. We may also process your Personal Information for the following purposes:

  • Provide the Services and customer support requested.

  • Provide services to your educational institution pursuant to our written agreement

  • Assist with setting up and managing accounts within our Services.

  • Contact end-users with e-mail and/or browser or in-app notifications if they have opted-in to receive such notifications.

  • Resolve disputes.

  • Troubleshoot problems and support.

  • Customize, measure, and improve our services and content.

  • Inform end-users about our Services and updates.

  • Enforce our agreement with you and the terms of this Policy.

  • To protect our interests, including establishing, exercising and defending legal rights and claims.

  • As necessary to comply with legal requirements, to prevent fraud, to cooperate with law enforcement and regulatory authorities, and to stop other prohibited, illegal, or harmful activities.

  • For purposes disclosed at the time you provide Personal Information to us, or as otherwise set forth in this Policy.


6. Where is Personal Information stored?

We offer hosting in the United States. However, we use third-party service providers which may be in other countries.

7. How is Personal Information shared with third parties?

We do not sell Personal Information, and we do not use Personal Information for any other purposes than to provide the Services, which means that we do not share it with marketing partners. We only share or disclose Personal Information in a limited number of instances, including the following:

Educational Institutions. Any Personal Information collected through the Services is available to  your educational institution and its school administrators and district administrators.  Teachers may also access limited information.  Teachers generally have access to the same categories of information as school and district administrators, except that teachers generally only have access to students enrolled in their class. 

Service Providers. We may share information with our service providers if necessary for them to support our “internal operations” (as defined by COPPA), including activities necessary for the Services to maintain or analyze its functioning; perform network communications; authenticate users or personalize content; protect the security or integrity of the user, website, or online service; ensure legal or regulatory compliance; or fulfill a request of a user.  Service providers are only allowed to use, disclose or retain the Personal Information to provide these services, which include, but are not limited to, hosting and IT services, customer support services, communications services, website development services, performance services, and analytics services.  Here are the categories of service providers with whom your personal data is shared so that we can provide you with the functionalities within our Services. 

 

Category of recipients

Non-exhaustive examples and explanations

Support Service Providers

We use Zendesk to provide support to our users. Zendesk does not use personal information for any other purpose than to provide us with their services and does not sell personal information. You can consult Zendesk’s Privacy Policy here.

We may use other tools for support purposes, such as FullStory. These tools may temporarily contain personal information of our users.

IT Service Providers

We use service providers to provide and host our Services online. For instance, our Services are hosted on Google Cloud Platform. IT Service Providers may also be used for security purposes, such as for log monitoring. You can find Google Cloud Platform’s Privacy Policy here.

Performance Service Providers

We use tools to monitor our online application such as to diagnose, fix and optimize the performance of our Services.

Analytics Service Providers

We use Google Firebase to obtain analytics based on how users are leveraging our Services. We use such analytics to provide reporting capabilities to educational institutions. Our analytic service providers are also used to build interactive and visual analysis for educational institutions or to generate reporting capabilities in accordance with our agreements with educational institutions. You can find more information about Firebase’s collection and use practices here or visit Google’s privacy policy here.

We also use Pendo and Firebase for analytics services.

Communication Partners

We use third parties to provide you with e-mail notification. For instance, we use Mailchimp and Mandrill, an add-on to Mailchimp, to provide teachers and students with notifications.You can find MailChimp’s Privacy Policy here. We have not enabled any marketing functions within MailChimp’s additional add-ons.


Integration Partners
.  Our Services can be integrated with other learning management platforms through Single Sign-On and APIs, such as Clever. Integration Partners are not our suppliers or service providers. Educational institutions enter into separate agreements with integration partners to which we are not party, and plug-ins, APIs or other accesses to Integration Partners are only activated at an educational institutions’ request. This allows educational institutions to integrate our Services with other educational technologies and services relevant to students such as to simplify education.  We may share Personal Information with such integration partners when directed to by an educational institution. Educational institutions have full control over what Personal Information they share and with whom.

Legal Process.  We may disclose Personal Information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose Personal Information: (i) in response to a law enforcement or public agency’s (including educational institutions or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.  We will take commercially reasonable measures to notify educational institutions prior to making any such disclosures, unless we are prohibited by law. 

Business Transactions. If we go through a restructuring, merger and acquisition or sale of some or all of our assets, Personal Information may also be transferred in such context, subject to any limitations under applicable laws.  If a change happens to our business, then the new owners may use your Personal Information in the same way as set out in this Policy.

 

8. How do we obtain consent from students?

Most of the students who are using our Services cannot consent to the processing of their Personal Information under applicable laws, and parental consent is required. The educational institutions which retain our Services are responsible for obtaining such consent in accordance with applicable laws from parents.

The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. Paper is authorized by schools and districts to act as a school official under FERPA and thereby to receive and use educational data to provide educational services.

 

9. How does Paper comply with the Children’s Online Privacy Protection Act (COPPA)?

We do not knowingly collect any information from children under the age of 13 in the United States unless and until the relevant educational institution has provided consent and authorization for a student under 13 to use our Services and for us to collect information from such student.

Where the institution instructs us to collect Personal Information from children under the age of 13, we process such information solely to provide our Services to the student on its behalf and for the purposes set forth in our agreement with the institution and as described in this Policy. We process only as much information as is necessary to provide our Services and the institution may access, delete or withdraw consent for continued processing of the student’s information at any time.

If you are a parent or guardian, you can review or have deleted your child’s Personal Information, and refuse to permit further collection or use of your child’s Personal Information. To exercise any of these rights, please contact the relevant educational institution directly.

If an educational institution believes we have inadvertently collected Personal Information from a child under 13 without proper consent, please promptly contact us using the contact information below. This will allow us to delete such information as soon as possible.

 

10. How long is Personal Information retained within the Services?

We retain Personal Information for as long as we have an active contract with an educational institution, or as required by applicable laws, whichever is longer. Users or educational institutions may delete Personal Information by contacting us.

11. How is Personal Information protected?

We seek to implement controls that are proportional to the risks to protect the privacy of end-users, including use of multi-factor authentication, SSL encryption, physical access controls to files and buildings and secure file transfer protocols with encryption. Our cloud service provider, Google Cloud Platform, maintains several independent verifications of its security, privacy and compliance control, such as ISO 27017, ISO 27018 and ISO 27001. You can review Google Cloud Platform’s safeguards on Google’s Trust & Security Center available here.

However, no transmission of data over the Internet is guaranteed to be completely secure and we cannot guarantee that your submissions to the Services, any content residing on our servers, or any transmissions from our server will be completely secure.  It may be possible for third parties to intercept or access transmissions or private communications unlawfully.  Any such transmission is done at your own risk.

12. How does Paper respond to ‘Do Not Track’ browser settings?

Some web browsers incorporate a Do Not Track (“DNT”) feature that signals to the websites that you visit that you do not want to have your online activity tracked. At this time, our website does not respond to DNT signals. Other third party websites may keep track of your browsing activities when they provide you with content, which enables them to customize what they present to you on their websites.

13. How do end-users exercise their privacy rights?

End-users must contact the educational institution where the student or end-user is registered to exercise any applicable privacy rights, as the educational institutions have sole control of end-users’ Personal Information.

14. Can this Policy be modified?

Yes, we may modify this Policy from time to time, such as to reflect additional functionalities or changes to our collection and use of Personal Information. Any changes will be effective upon the revised Policy being posted to our Website. When we make material changes to this policy, we will also provide notice to end-users for whom we have contact information in advance of the effective date of the applicable changes. We will also post a notice at the start of the policy by updating the last updated date.

15. California Privacy Rights

California residents have the right to receive information that identifies any third party companies or individuals with whom a company has shared your Personal Information for such third party’s direct marketing purposes, as well as a description of the categories of Personal Information disclosed to that third party. Paper does not share your Personal Information with third parties for their own direct marketing purposes.

16. Canadian Privacy Laws

For Canadian residents whose Personal Information is subject to Canadian privacy laws, the following provisions are also in effect.

Transfer and Storage of Personal Information

Paper may transfer your Personal Information outside Canada to its affiliates or third party service providers with operations in other countries, which are subject to laws of a foreign jurisdiction. Paper uses contractual or other means to provide a comparable level of protection while Personal Information is being processed by a third party. By accepting this Privacy Policy or providing us with your Personal Information you acknowledge and consent to your Personal Information being processed by third parties on Paper’s behalf and transferred, accessed and/or stored in countries outside Canada.

Canada’s Anti-Spam Law

In accordance with Canada’s Anti-Spam Law, we obtain your consent in order to send you commercial electronic messages by email or text message. You may unsubscribe from receiving marketing communications from us, such as announcements about new products, services or features. Even if you have opted out of receiving marketing communications from us, please be aware that we may still contact you electronically for other purposes, for example, to provide electronic communications you have consented to receive or if you contact us with an inquiry.

Withdrawal of Consent, Access and Correction

You may withdraw your consent for the collection, use or disclosure of your Personal Information by notifying our customer service team though our online form, however, such withdrawal shall not have retroactive effect. You may also make a request to access or correct your Personal Information by making a request in writing using the contact information below.

17. Who do I contact if I have questions about the Policy?

If you have any questions, concerns or inquiries regarding the collection, use or disclosure of Personal Information or concerning this Policy, you can:

  • E-mail us at privacy@paper.co

  • Call us at 1-855-800-2082

  • Reach us by mail at the following address:
    Paper Education Company Inc.
    279 Sherbrooke St West, Suite 410
    Montreal, QC, H2X 1Y2
    Canada