Book DemoFree Trial

Botdoc Now

Securely transmit documents via text or email – No Pins, No Passwords, No Logins

Pricing

Free Trial

Try it for free! Sign up Now

Start Building

Deploy encrypted containers with a few lines of code

Pricing

Developer Login

FERPA Privacy Policy – Student Data

Print

Effective August 13, 2019

Botdoc is committed to maintaining the confidentiality and security of all users who transport student data in accordance with all applicable state and federal regulations, and Botdoc takes a number of precautions (that are consistent with industry standards) to protect data.

To review Botdoc’s main Privacy Policy please see Botdoc Privacy Policy.

Botdoc is a secure digital transportation vice used to send or collect sensitive files or data and once the secure transportation takes place, the data/files evaporate from Botdoc’s environment.  Botdoc is never privy to what our users transport.  (Botdoc is like the Secure FedEx of Internet Data)

Certain information that may be provided to Botdoc by School Personnel that is directly related to a student and maintained by an Institution, may be considered an education record (“Education Record”) under the Family Educational Rights and Privacy Act (“FERPA”). Additionally, certain information, provided to Botdoc by School Personnel about a student, such as student name and grade level, may be considered directory information under FERPA (“Directory Information”) and thus not an Education Record. A school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent of the parent and/or eligible student or without meeting one of the exemptions set forth in FERPA (“FERPA Exemption(s)”), including the exemption for Directory Information (“Directory Information Exemption”) or disclosure to school officials with a legitimate educational interest (“School Official Exemption”).

As School Personnel or Institution providing Directory Information or any Education Record to Botdoc, you represent, warrant and covenant to Botdoc, as applicable, that your Institution has:

  • complied with the Directory Information Exemption, including, without limitation, informing parents and eligible students what information the Institution deems to be directory information and allowing parents and eligible students a reasonable amount of time to request that schools not disclose directory information about them; and/or
  • complied with the School Official Exemption, including, without limitation, informing parents in their annual notification of FERPA rights that the Institution defines “school official” to include service providers and defines “legitimate educational interest” to include services such as the type provided by Botdoc; or
  • obtained all necessary parental or eligible student written consent to share the Directory Information and Educational Records with Company, in each case, solely to enable Company’s operation of the Service.
  • student data should only be shared with third parties that are consistent with Botdoc privacy policy, and/or the Pledge.

Botdoc will never share Education Records with third parties except as directed by a Botdoc user (i.e., teacher sharing with another teacher or parent via Botdoc secure transportation)

Any third party Botdoc shares information with will have privacy practices consistent with the Student Privacy Pledge.

Education Records are never used or disclosed for third party advertising or any kind of first- or third-party behaviorally-targeted advertising to students or parents. Additionally, information collected and transported directly from a user using Botdoc is never used, sold, rented or disclosed for third party advertising, or any kind of first- or third-party behaviorally-targeted advertising as this data evaporates. This section shall not be construed to prohibit Botdoc from marketing or advertising directly to parents (with a Botdoc created account) so long as the marketing or advertising did not result from the use of Educational Records to provide behaviorally targeted advertising. (Botdoc does not create or keep student profiles for non-educations purposes)

Botdoc will not collect, maintain, use, or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student. ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).

Botdoc is a secure digital transportation vice used to send or collect sensitive files or data and once the secure transportation takes place, the data/files evaporate from Botdoc’s environment.  Botdoc is never privy to what our users transport.

Because of the type of service Botdoc provides to schools, students (and/or parents) wishing to access student data shared with Botdoc should contact their school in order to access, review and correct this data.

Information We Collect Automatically 

When you visit Botdoc website, including our web forms, we and our service providers acting on our behalf automatically collect certain information using tracking technologies like cookies, web beacons, and similar technologies. We use this information to understand how visitors to our websites are using them and which pages and features of the websites are most popular. This helps us understand how we can improve our websites and track performance of our advertisements. Cookie settings can be changed at any time by any website visitor and each visitor to our website can decline the collection of the above by clicking on “no thanks” or by accepting by clicking on “accept cookies”.

Cookies and Related Technologies

We may use cookies, which are text files containing small amounts of information that are downloaded on your device (“Cookies”), or related technologies, such as web beacons, local shared objects and tracking pixels to store or collect information. We also allow others to use Cookies within the Services as described below. Cookies can store your preferences, your username, and help tailor advertisements.

For choices you have on cookies and related technologies, please see Section 5 of Botdoc Privacy Policy.  For additional information about cookies and related technologies, please go to our Cookies Policy at https://botdoc.io/cookies

INFORMATION SHARING

We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes. Further, we do not sell your end users’ personal information (whether contained in Customer Usage Data or Customer Content). And, we do not share it with third parties for their own marketing or other purposes.

Business Transactions. We may share User information during a corporate transaction like a merger, reorganization or sale of our assets. If a corporate transaction occurs, personal information that we have collected from users (not files or data that were transported via Botdoc) would be one of the assets transferred to or acquired by that third party. This Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of a corporate transaction within thirty (30) days following the completion of such a transaction, by posting on our homepage, and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, you may request its deletion from the company.

HOW WE PROTECT YOUR INFORMATION

To keep your information safe, we use physical, electronic, and managerial tools. We apply these tools based on the sensitivity of the information we collect for secure transport, use, and store, and the current state of technology. Although we take steps to prevent unauthorized access to or use of personal information, the Internet and our Services are not 100% secure. For this reason, we are not able to guarantee that information we collect for secure transport or store will always be protected from unauthorized access, or that it will only be used as described in this Privacy Policy.

To protect the confidentiality of your account and protect from unauthorized use of your account, we recommend enabling two-factor authentication for your account.   Similarly, if you provision an API Key, you should store your API Key in a secure location.

SECURITY

Data Encryption – Files are encrypted in transit (only strong cipher suites) and at rest (AES-256).

Authentication – Two-factor authentication with RSA, SecurID or a digital certificate as well as Active Directory integration.

Network Security – Dual redundant firewalls, network IPS, layer 7 IPS, DOS prevention, and penetration tests.

Application Security – Static and dynamic application scans, comprehensive logging, and adherence to programming best practices (OWASP Top Ten, etc).

Service Organization Controls (SOC) – Annual Type 2 SOC 2 and SOC 2+ audits based on standards set by the AICPA.

Privacy Shield Certified – Botdoc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.

Other Rights

You can access and review information associated with your account at any time. You also can request the following information: how we collect and use your information and why; the categories of personal data involved; the categories of recipients of your personal data; how we received your personal data; and how long we use or store your personal data or the manner in which we determine relevant retention periods.

Data Retention

Botdoc is a secure digital transportation vice used to send or collect sensitive files or data and once the secure transportation takes place, the data/files evaporate from Botdoc’s environment.  Botdoc is never privy to what our users transport.

Changes to this Privacy Policy 

We may change our Privacy Policy from time to time. If we make changes we’ll revise the “Effective” date at the top of this statement, and will provide additional notice such as on the Botdoc website homepage, account portal sign-in page, or via the email address we have on file for you.   We will provide a prominent statement stating the changes are in effect and your continued use of our website or services is your consent to the new privacy policy following the change(s).  We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.

How to Contact Us

If there are any questions, any disputes relating to our data protection practices or suggestions regarding FERPA Privacy Policy, you may contact us at [email protected] or via postal mail at Botdoc, Attention: Privacy Team,  19925 Monument Hill Road #103, Monument, CO 80132