Welcome to the Kognity US Customer Privacy Policy
Last Updated: December 15, 2023
1. Introduction
This Customer Privacy Policy (“Privacy Policy” or “Policy”) describes how Kognity collects, uses and discloses personal information and data through the provision of its education products and services (“Products”), including the Kognity teaching and learning platform for IB DP, Kognity for Cambridge IGCSE, High School Science curricula and any other product or service that links to this Privacy Policy, to its users (K-12 students, educators and staff) and School Customers (Schools, School Districts and State Agencies, as defined below) in the United States. In the course of providing the Products to a School Customer, Kognity may collect or have access to “education records,” as defined by the federal Family Educational Rights and Privacy Act of 1974 (“FERPA”) and personal information that is directly related to an identifiable student (collectively, “Student Data”).
This Policy does not apply to Kognity’s company website or our hiring or recruitment process; information collected from users of the website or through our hiring and recruitment processes are governed by our General Privacy Notice.
We’re committed to maintaining the confidentiality and security of Student Data, and we collect and use Student Data solely for the purpose of providing our Products to, or on behalf of, our School Customers and for the purposes set out in this Privacy Policy and in applicable Customer Agreements. Our collection and use of Student Data is governed by this Privacy Policy, our Customer Agreements, and applicable laws including FERPA, the Children’s Online Privacy Protection Act (“COPPA”) as well as other applicable federal, state and local privacy laws and regulations, including New York State Education Law Section 2-d (NY EdLaw 2-D), California Student Online Personal information Protection Act (SOPIPA) and Illinois Student Online Personal Protection Act (SOPPA) (“Applicable Laws”). With respect to FERPA, Kognity receives Student Data as a “school official” under Section 99.31 of FERPA for the purpose of providing its Products, and such Student Data remains under the direct control of the School Customer. In case of any conflict between this Policy and the Customer Agreement, the Customer Agreement shall prevail. If any part of this Policy conflicts with Applicable Laws, Kognity will obey the standard that provides more protection for Student Data.
2. Definitions
Capitalized terms have the meanings set forth in this Section and in Section 1:
- “Authorized Users” means K-12 students, educators and staff in the United States using Kognity’s Products pursuant to a Customer Agreement by authority of a School Customer.
- “Customer Agreement” means the underlying contractual agreement (including trial or pilot agreements) between Kognity and a School Customer, as amended from time to time, and including any attachments or other documents referenced therein.
- “School” means an independent school, organizational unit of a School District or other organization providing K-12 instruction to students.
- “School Customer” means the School, School District or State Agency that is the party to the Customer Agreement to provide the Products to the School Customer’s Authorized Users.
- “School District” means a local education agency, school network, other regional education system or cooperative of any such entities, responsible for elementary or secondary education within the United States, the Commonwealth of Puerto Rico or other territories and possessions of the United States.
- “State Agency” means an educational agency primarily responsible for the supervision of public elementary and secondary schools in any of the 50 states, the Commonwealth of Puerto Rico, the District of Columbia or other territories and possessions of the United States.
- “Student Data” means any information that directly relates to an identifiable current or former student that Kognity collects, receives, or generates in the course of providing the Products to or on behalf of a School Customer. Student Data may include personal information from a student’s “education records,” as defined by FERPA.
3. Student Data Collected
Kognity receives Student Data in two ways: (i) from our School Customers to implement the use of our Products (including allowing for access to the Products by Authorized Users); and (ii) from Authorized Users.
a. Information provided by our School Customers: Kognity’s Products require some basic information about who’s in a classroom and who teaches the class to allow for access to the Product. This roster information, including name, email address, grade level, year of graduation, teacher, subject and school, is provided to Kognity by School Customers either directly from the School Customer, via the School Customer’s student information system or via a third party with whom the School Customer contracts or otherwise uses to provide that information. Where third party systems are leveraged, the foregoing student data may also be continuously updated by that third party. If an Authorized User uses Google SSO for Product access, their Google profile image may also be collected and displayed together with the student name in the Product.
b. Information collected through our Products.
- Schoolwork and student generated content. Kognity may collect information contained in student assignments and assessments within the Products, including information in responses to instructional activities or participation in collaborative or interactive features. As part of the digital teaching and learning experience, some of our Products may enable students to carry out assessments, write texts and create and upload images, video and audio recordings.
- Teacher comments and feedback. Some of our Products may enable educators to provide scores, written comments or other feedback about student responses or performance.
- Product generated data: Kognity Products may generate and process data related to usage, progress and results (including in relation to assignments and assessments) as well as similar data to differentiate teaching that may be available to the student and her/his teacher or other School administrators.
c. Other Personal Information Collected
- School Customer Information. Kognity collects personal information when a teacher, administrator or other authorized person associated with a School Customer creates an account or uses our Products or communicates with us. This could include contact information, such as a name, phone number, email address as well as information about the individual’s school and location.
- Support Information. Kognity may collect and process personal information from Authorized Users or School Customer representatives in relation to support matters, including in-app support.
- Parent and Guardian Information. If we’re contacted directly by a parent or guardian regarding our Products or this Privacy Policy, Kognity may collect personal information from or about a Student’s parent or legal guardian in order to address the inquiry with the appropriate School Customer.
d. Device and Usage Data.
- Depending on the Product, we may collect certain information about the device used to connect to our Product, such as device type and model, browser configurations and persistent identifiers, such as IP addresses and unique device identifiers. We may collect device diagnostic information, such as battery level, usage logs and error logs as well as usage, viewing and technical information, such as the number of requests a device makes, to ensure proper system capacity for all Authorized Users. We may collect geolocation information from a user’s device, or may approximate device location based on other metrics, like an IP address. Some of our Products use “cookies”, Web beacons, HTML5 local storage and other similar technologies to collect and store such data. We use this information to remember returning users and facilitate ease of login, to customize the function and appearance of the Products and to improve the teaching and learning experience. This information also helps us to track product usage for various purposes including website optimization, to ensure proper system capacity, troubleshoot and fix errors, provide technical assistance and customer support, provide and monitor the effectiveness of our Products, monitor and address security concerns and to compile analytics for product improvement and other internal purposes.
- With respect to cookies, an Authorized User may be able to reject cookies through the user’s browser or device controls, but doing so may negatively impact the user experience as some features may not work properly. If we link or combine device and usage information with personal information we have collected directly from users that relates to or identifies a particular individual, we’ll treat the combined information as personal information.
- Third-party website tracking. Kognity does not track students across third-party websites and does not respond to Do Not Track (DNT) signals. Kognity does not permit third party advertising networks to collect information from or about students using our Products for the purpose of serving targeted advertising across websites and over time.
4. Use of Student Data/Prohibitions
Kognity uses Student Data collected from, or on behalf of, a School Customer to support the teaching and learning experience, to provide the Products to the School Customer and Authorized Users and to ensure secure and effective operation of our Products, including:
- to provide and improve our Products and to support School Customers’ and Authorized Users’ activities;
- for purposes requested or authorized by the School Customer or as otherwise permitted by Applicable Laws and Customer Agreements;
- for customer support purposes, and to respond to the inquiries and fulfill the requests of our School Customers and their Authorized Users;
- to fulfill our obligations to School Customers, and administering contractual relationships;
- to enforce product access and security controls; and
- to conduct system audits and improve protections against the misuse of our Products, and to detect and prevent fraud and other harmful activities.
Kognity may use de-identified data as described in Section 6 of this Policy.
Kognity does not and will not:
- sell Student Data to third parties;
- use or disclose Student Data to inform, influence or enable targeted advertising to a student based on Student Data or information or data inferred over time from the student’s usage of the Products;
- use Student Data to develop a profile of an identifiable student for any purpose other than providing the Products to a School Customer; or
- use Student Data for any commercial purpose other than to provide the Products to the School Customer, as authorized by the School Customer, or as permitted by Applicable Laws.
Kognity may, from time to time, provide customized content, advertising, recommendations for educational products and services, and commercial messages to School Customers, teachers, school administrators or other non-student users, provided that such content will never be based on Student Data.
COPPA: Kognity does not knowingly collect personal information from a child under 13 unless and until a School Customer has authorized us to collect such information through the provision of Products on the School Customer’s behalf. We comply with all applicable provisions of COPPA. To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering School Customer, and on the basis of the School Customer’s informed consent on behalf of parents and guardians as further detailed in the Customer Agreement.
5. Disclosure of Student Data
Kognity shares or discloses Student Data only as needed to provide the Products under a Customer Agreement and in accordance with Applicable Laws, including:
- as directed or permitted by the School Customer;
- to other Authorized Users of the School Customer entitled to access such data in connection with the Products;
- to our service providers, subprocessors or vendors who have a legitimate need to access Student Data in order to assist us in providing our Products. Kognity maintains a current listing of all service providers, subprocessors, and vendors with access to Student Data on this section of our website. We provide these parties with the least information needed to do their work for Kognity, and contractually bind them to protect Student Data in a manner consistent with those practices set forth in this Policy, including complying with Applicable Laws;
- to comply with Applicable Laws, respond to requests in legal or government enforcement proceedings (such as complying with a subpoena), protect our rights in a legal dispute or seek assistance of law enforcement in the event of a threat to our rights, security or property or that of our affiliates, customers, Authorized Users or others;
- in the event Kognity or all or part of its assets are acquired or transferred to another party, including in connection with any bankruptcy or similar proceedings, provided that the successor entity will be required to comply with the privacy protections in this Policy and Applicable Laws with respect to Student Data; and
- Kognity may also share Student Data with Kognity’s affiliated companies, provided that such disclosure is solely for the purposes of providing Productss, including enforcing product access and security protocols, and at all times is subject to this Policy, Customer Agreements, and Applicable Laws.
Kognity maintains a record of disclosures as required under FERPA that it can make available to School Customers, with respect to their Authorized Users, upon request.
6. De-Identified Data
Kognity may use de-identified or aggregate data for purposes allowed under FERPA and other Applicable Laws to research, develop and improve educational sites, services (including the Products) and applications and to demonstrate the effectiveness of the Products. We may also share de-identified data with research and evaluation partners to help us analyze the information for product improvement and development purposes.
Records and information are considered to be de-identified when all personal identifiers such as name and email have been removed or obscured, such that the remaining information does not permit a student’s identity to be personally identifiable, taking into account all reasonably available information. Kognity protects against the re-identification of de-identified Student Data, and does not disclose de-identified data to its research and evaluation partners unless that party has agreed in writing not to attempt to re-identify such data.
7. External Third-Party Services
This Privacy Policy applies solely to Kognity’s Products and practices. School Customers and Authorized Users may choose to connect or use our Products in conjunction with third party services and products. Additionally, our Products may contain links to third party websites or services. These third party services, products, and linked sites are not under Kognity’s control and this Policy does not address, and Kognity is not responsible for, the privacy, information, or other practices of such third parties. School Customers should carefully consider which third party applications to include among the products and services they provide to students and vet the privacy and data security standards of those providers.
Authorized Users may be able to log in to our Products using third-party sign-in services such as Google and Clever. These services authenticate your identity and provide you with the option to share certain personal information with us, including your name and email address. If you choose to enable a third party to share your third-party account credentials with Kognity, we may obtain personal information via that mechanism. You may configure your accounts on these third party platform services to control what information they share.
8. Security
Kognity maintains a comprehensive information security program and uses industry standard administrative, technical, operational and physical measures to safeguard Student Data in its possession against loss, theft and unauthorized use, disclosure or modification. Kognity’s servers for Student Data subject to this Policy are hosted in the United States. Kognity’s technologies, safeguards, and practices align with the NIST Cybersecurity Framework, as well as other leading international security assurance standards. Kognity encrypts Student Data while in motion and at rest in a manner that meets HIPAA Security Rule standards. Kognity performs periodic risk assessments of its information privacy and security program and prioritizes the remediation of identified privacy and security vulnerabilities. School Customers may contact Kognity at [email protected] for additional details on our information security program.
In the event any School Customer, Authorized User or parent or guardian of an Authorized User has reason to believe that a breach involving the unauthorized disclosure of Student Data has occurred, we ask you to contact us immediately at [email protected]. We’ll promptly investigate the matter and address any breach in accordance with our information security program.
9. Review and Correction; Student Data Retention
FERPA, COPPA, and other Applicable Laws require schools to provide parents and guardians with access to their children’s education records, and parents and guardians may request that the school correct records that they believe to be inaccurate or misleading. If you’re a parent or guardian and would like to review, correct or update your child’s data stored in our Products, contact the appropriate School Customer. Kognity will work with your School Customer to enable your access to and, if applicable, correction of your child’s education records. However, Kognity cannot delete or modify education records or other records collected through our Customer Agreements unless directed to do so by a School Customer. If you have any questions about whom to contact or other questions about your child’s data, you may contact us at [email protected].
Kognity retains Student Data for the period necessary to fulfill the purposes outlined in this Policy and our Customer Agreements. Kognity does not knowingly retain Student Data that has not been de-identified pursuant to Section 6 beyond the time period required to support a School Customer’s utilization of the Product and to enforce platform security and resilience. Upon notice from our School Customers, Kognity will delete Student Data stored by Kognity in accordance with Applicable Laws and customer requirements. We may not be able to fully delete all data in all circumstances, such as information retained in technical support records, customer service records, back-ups and similar business records.
10. Notifications
In the event of a material data breach involving School customer data, Kognity will notify the School Customer within 72 hours having become aware of the breach, and will, at the School Customer’s request, assist the School Customer in notifying any individuals whose Student Data has been affected by the breach, in each case, in accordance with applicable incident management or similar policies from time to time.
11. Updates to this Policy and Contact Information
Kognity may change this Policy in the future. For example, we may update it to comply with new laws or regulations, to conform to industry best practices or to reflect changes in our product offerings. When these changes do not reflect material changes in our practices with respect to use or disclosure of Student Data, such changes to the Policy will become effective when we post the revised Policy on our website. In the event there are material changes in our practices that would result in Student Data being used in a materially different manner than was disclosed when the information was collected, we’ll notify those School Customers affected by the changes via the email contact information provided by the customer and address with the School Customer any concerns regarding our compliance with Applicable Laws or our Customer Agreement.
If you have questions about this Policy, please contact us at:
Email: [email protected].
Mail: Kognity AB, Linnégatan 87D, SE115 23 Stockholm, Sweden, Attn: Data Protection Officer
Please be aware that we may require you to verify your identity before processing any request under this Policy.
Supplemental Disclosures
California. This section applies to you if you’re a resident of the state of California and for purposes of this section the term “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”). For personal information that is Student Data provided to Kognity by a School Customer, we act as a “service provider” for our School Customers under the CCPA. If you have any questions or would like to exercise your California rights with respect to Student Data, please directly contact your School or School District. For additional information on Kognity’s commitment to comply with California law, please see our Supplemental Privacy Statement for California Residents.