At Siembra Mobile, Inc., we have created and operate a student management platform and associated services that combine schools’ deep expertise with innovation. Like many hosted service providers, the name of our company is also the name of our suite of product and service solutions. We refer to our platform and services as “Siembra” in this Policy, and will refer to the Siembra Mobile, Inc. entity as “Company” or “we.” We have documented our policy in plain English, in an effort to make this Policy, as well as our Acceptable Use Policy, more accessible to the schools, counselors and parents.
In basic terms, Siembra is designed to be a hub of student case management and pushing ownership of their academic careers directly to the student in an effective game-ified environment. We provide a configurable holistic solution for student performance. The core of Siembra’s feature set is to make collecting and disseminating actionable information easier for counselors, administrators, and most importantly, the student. In addition to counselors, many of the schools and school districts that use Siembra authorize other educators (for example, special education coordinators) and principals, other administrators and ultimately community colleges outreach coordinators and university recruiters to enter the ecosystem to help counselors. A school or district may also give parents or guardians of a student the ability to login to a Siembra “parent portal” to access information relating to that student. In an effort to make this Policy a bit more readable, unless the context indicates otherwise, we refer to:
• Schools and school districts that use or purchase Siembra subscriptions collectively as “schools,”
• Counselors and other individuals including university admission counselors, authorized by a school to use Siembra in their work directly with students as “Counselors,”
• Principals and other supervisory or support personnel authorized by a school to use Siembra as “administrators,”
• Counselors and administrators together as “school officials,”
• Adult parents or guardians of a minor student authorized by a school to use Siembra as “parents,” and
• Each authorized school official and parent or student user as “you.”
Although we may add new features in the future that contemplate direct student interaction, Siembra is currently intended for use only by Counselors, school officials, students and their parents, and selected nonprofit postsecondary outreach personnel. Much of Siembra’s value is its ability to accept and store, and ultimately process and present back in usable ways, information relating to student academic progress to s postsecondary “goal.” In other words, when schools and school officials take advantage of Siembra’s full potential, they are providing and accessing information relating to the students entrusted to them, and are in turn entrusting that information to us. That trust is something we take very seriously and have prepared this Policy in an effort to be transparent about the steps we take to protect information entered in Siembra about both students and school officials, who has access to that information and how that information is used.
Scope of Policy
This Policy describes the types of information we may collect, or that you may provide, when registering with, accessing or using Siembra. This Policy does not apply to information we collect offline or on any other Company websites (such as our company site here) or to information that you may provide to, or is collected by, third parties.
Role of school and school officials
Although the balance of this Policy will focus largely on what we do — and what we confirm we will not do — with information entered in Siembra, we believe schools and school officials are critical partners in our collective efforts to protect and ensure only appropriate use of student-related information entrusted to them and to us. In that regard, it is important that schools and school officials using Siembra be mindful that in granting or allowing access to Siembra, they are controlling who has access to student information. When we reference “granting or allowing access,” we are referring to both intentional actions, such as an administrator authorizing a Siembra account for a Counselor, as well as unintentional actions or consequences that may flow from, for example, allowing students access to Siembra login credentials or a school’s failure to maintain sufficient data governance or security practices. In cases where FERPA applies (more below), access to certain student information remains the legal responsibility of the applicable school. In all situations, it is incumbent upon our customers to make an affirmative determination prior to furnishing access to anyone that the party has a legitimate need for access to Siembra and the sensitive information that may be accessible to that party through Siembra.
Information about Students
FERPA and Education Records
Although the Family Educational Rights and Privacy Act, or FERPA, was enacted roughly 40 years ago, and certainly well before internet-based services became ubiquitous in academic settings, one of its core tenets was and remains the protection of the privacy of personally identifiable information (often called “PII”) in students’ education records. As defined in FERPA, “education records” are “those records, files, documents and other materials which (i) contain information directly related to a student; and (ii) are maintained by an educational agency or institution or by a person acting for such agency or institution.” PII from education records includes information, such as a student’s name or identification number that can be used to distinguish or trace an individual’s identity, either directly or indirectly through linkages with other information.
FERPA generally requires that educational institutions and agencies that receive certain federal funds (for example, public schools) get prior consent from a parent before disclosing any education records regarding that student to a third party. Consequently, if you are using Siembra on behalf of an educational agency or institution and FERPA applies, before you enter, upload or access any data concerning a minor student, you must confirm that your agency or institution has (1) obtained appropriate consent from the parent or guardian of that student or (2) determined that one of the limited exceptions to the consent requirement applies.
We will only use PII from students’ education records to enable Counselors (including High School District College Counselors), school officials, parents and postsecondary (nonprofit institution outreach) to access and use Siembra. Unless a school official expressly instructs otherwise, we will not share or reuse PII from education records for any other purpose than to help increase graduation rates to post-secondary. Once the student opts-in for university or community college recruitment through Siembra (uncheck the box to opt-out) we limit such information to:
• Name and high school
• Range of GPA
• Subject matter completion
• Interests, Awards, Career Goals
• Ethnicity and Gender
Some people tend to link (and sometimes confuse) FERPA and COPPA. The intent of the Children’s Online Privacy Protection Act, or COPPA, is to give parents control over commercial websites’ and online services’ collection, use and disclosure of information from children under the age of 13. Many assume COPPA applies to all internet-based services, regardless of the identity of the end user. When Siembra is used as intended by high school officials and parents, COPPA does not apply. However, COPPA does apply for our Middle School deployments in that Siembra does not share any information about the student with any third party.
Information About school officials and parents
We collect information from and about you when you provide it to us, and automatically when you use Siembra. (Again, “you” refers to an authorized school official or parent Siembra user, not students.)
Information You Provide to Us
When you register with or use Siembra, you are expected to provide certain PII about you, such as first and last name, email address and associated school. You may also be asked to provide certain PII or other information as a means of validating that you are who you say you are. In addition, you may be asked to provide information from time to assist with ongoing support and maintenance; this may include information like records and copies of your correspondence (including email addresses and phone numbers) if you contact us.
Automatic Information Collection and Tracking
With respect to technology that automates information collection, we may use the following on Siembra’s web pages and in messages from us to you:
• Cookies, which are small files placed on the hard drive of your computer or other device, and
• Small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us to, for example, count users who have visited those pages or opened an email and for other related statistics.
Third-Party Information Collection
As discussed further under Disclosure and Retention of PII, we may use third-party providers to support elements of Siembra’s infrastructure or functionality. These providers may, like us, use automatic information collection technologies to enable or streamline certain features they are providing on our behalf. In all cases, these providers will be contractually bound to us to keep PII confidential and to only in use it in order to fulfill their responsibilities to us.
How We Use Your Information
We will use information that you, as a school official or parent, provide through Siembra to (as applicable):
• Provide Siembra and any other products or services you may request from us,
• Give you notices about your subscription, including expiration and renewal notices,
• Carry out our rights and responsibilities under agreements between us and your school, and
• Notify you of changes to Siembra (including substantive changes to this Policy or other user policies).
DISCLOSURE AND RETENTION OF PII
Except as expressly set forth below and under the Third-Party Information Collection heading above, and only in those limited circumstances, we will not disclose any PII relating to students, parents or school officials to third parties without your consent or the consent of your associated school.
We may disclose the student’s name and address to those contractors and other service providers that we use to support our business. These may include individuals and commercial vendors that provide or support elements of Siembra’s mission, infrastructure or functionality. In all cases, these providers will be bound by contractual obligations to keep PII confidential and to use it only for the purposes for which we disclose it to them.
We may also disclose PII to fulfill the purpose for which you provide it. For example, if you give us an email address to use the “email a friend” feature, we will transmit the contents of that email and your email address to the recipients.
If a third party purchases all or most of our ownership interests or assets, or we merge with another organization, it is possible that we would need to disclose PII to the other organization following the transaction, for example, were we to integrate Siembra with the other organization’s product offerings. To the extent any such transaction would alter our practices relative to this Policy, we will give schools advance notice of those changes and any choices they may have regarding PII.
We may also disclose PII to comply with a court order, law or legal process (including a government or regulatory request), but before we would do that, we would provide the applicable school with notice of the requirement so that, if the school so chooses, it could seek a protective order or other remedy. If after providing that notice we remain obligated to disclose the demanded PII, we will disclose no more than that portion PII which, on the advice of our legal counsel, the order, law or process specifically requires us to disclose.
We will retain PII for as long as the applicable school maintains its Siembra subscription in good standing. Once those subscriptions lapse or terminate, unless a written agreement between us and a school provides otherwise, we will retain PII for up to 12 months after which time it will be destroyed. Any retained PII will of course remain subject to the restrictions on disclosure and use outlined in this policy for as long as it resides with us.
Finally, although we outlined earlier in this Policy what constitutes PII, we also want to be clear what information is not PII. Once PII, whether relating a school official, parent or student has been de-identified, that information is no longer PII. PII may be de-identified through aggregation or various other means. The U.S. Department of Education has issued guidance on de-identifying PII in education records here. In order to allow us to proactively address customer needs, we anticipate using de-identified information to improve Siembra and other of our products and services. That said, we will use reasonable de-identification approaches to ensure that in doing so, we are not compromising the privacy or security of the PII you entrust to us.
We have implemented measures designed to secure PII from accidental loss and from unauthorized access, use, alteration and disclosure. Among other things, PII is encrypted in transit to and from Siembra using SSL technology. In addition, all PII is stored on secure servers behind firewalls by our hosting providers. In addition, consistent with guidance from the U.S. Department of Education that storing sensitive education records within the United States is a “best practice”, all the servers used by Siembra are located in the United States. All that said, unfortunately, the transmission of information via the internet is not completely secure and, although we do our best to protect PII, neither we nor any other hosted service provider can absolutely guarantee the security of all personally identifiable information.
You can and should ask questions about this Policy and our privacy practices. You should always feel free to contact us at:
Siembra Mobile, Inc.
485 Lausen Mall, CERAS 282 c/o Dr. Geoff Cohen
Stanford, CA 94305