Your Privacy is Important.
- We believe that schools should maintain control over their student data.
- Our individual accounts enable schools to keep track of individual student learning. Schools can also choose to use BrainPOP® without sharing any personal student data.
- The school account administrator can purge student data at any time.
- We will never share identifiable data without your permission. We will never sell student data to a third party.
Our Individual Accounts are Safe
- BrainPOP uses industry standard SSL to ensure that student data is encrypted and transmitted securely from end to end.
- Teachers can monitor student accounts and student work.
- Students cannot communicate privately with other students outside of their own school.
- Parents can access their child's account at any time.
Data Collection Improves Learning
- If a school chooses to use the individual accounts, educators will gain valuable data to help tailor their teaching, and students will receive important feedback to help them achieve success.
- We also use anonymous and de-identified data to improve learning opportunities and continually make BrainPOP more effective.
COPPA and FERPA Compliance
- BrainPOP makes every effort to ensure consistency with the Family Educational Rights and Privacy Act (FERPA) policies. We also comply with the Children's Online Privacy Protection Act (COPPA).
- We have signed the K-12 School Service Provider Pledge to Safeguard Student Privacy.
- We encourage schools to use our privacy notice to inform parents/guardians of our products and practices.
- BrainPOP recognizes the users’ rights under the General Data Protection Regulation (GDPR) with respect to the personal data provided to BrainPOP.
- BrainPOP is self-certified under the E.U.-U.S. Privacy Shield.
- Please see the EU privacy notice for more information on GDPR compliance. Schools in the EU should use this notice for the parents/guardians of their students.
- BrainPOP recognizes the users’ rights under the California Consumer Privacy Act of 2018 (CCPA). Under CCPA, California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights.
- BrainPOP does not sell any of the personal information we collect about you.
The privacy of those who use this website(s) or app(s) is extremely important to us. We design and operate our technology and services with our users' protection and privacy in mind, and we make every effort to be transparent in our data collection and use practices.
A note to minors: If you are under the age of 13, please get permission from your parent/legal guardian before using this website(s) or app(s) or sending us any e-mail or letter. You must be 18 or older to order a subscription to any of the BrainPOP® websites or apps. We will not sell or market directly to minors, and we always seek authorization from a parent or legal guardian whenever we identify that a minor has attempted to purchase a BrainPOP product or service.
A note to schools and districts: Wherever we collect student identifiable information, we do so in support of the educational purposes for which BrainPOP is designed. Such information is collected only in conjunction with the use of our individual accounts system, an optional feature into which only schools (including homeschools) and districts can opt - schools and districts can choose whether to allow their teachers and students the use of this feature.
For purposes of this policy, we introduce the definitions of how we characterize users' information:
Personally identifiable information (PII) is information that can identify a user of this website(s), including his or her e-mail, name, and address. Anonymous information is information that does not enable identification of an individual user. De-identified information is information from which personally identifiable components have been removed. Aggregated or de-identified information is information that is no longer reasonably associated with an identified or identifiable natural person.
What Type of Information Do We Collect and Why?
We collect the following types of information:
Information collected during subscription process: During the registration process for any of our subscription types, we ask the subscriber to provide us with a name, email address, school or district affiliation (when applicable), phone number, and billing information. We use the contact information to send users service-related announcements. For instance, we may send emails about routine maintenance or new feature launches. We may also use this contact information to request feedback on our products and services, to inform future customer service and product improvements. All such communications include an opt-out feature.
Username and password: Subscribers may create a username and password during the registration process, or, if they prefer, we can assign these credentials. We use subscribers' usernames and passwords to authenticate log-ins; allow access to the paid content; and monitor subscription compliance. The username is also used to authenticate users when they request technical support. Passwords are all encrypted when stored. For more information on our security practices, see "How We Store and Process Your Information" below.
Information collected automatically: We automatically receive and record information on our server logs from a user’s browser, including the user’s IP address. We use IP addresses to maintain a user’s session, and we do not store them after the user’s session has ended. We also use the IP address to see whether a user is located outside of the United States, where a country-wide log-in option is activated. We do not store this information beyond the initial page load, and we do not otherwise combine this information with other PII.
We do not collect users' web search history across third party websites or search engines. However, if a user navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find us. Our website does not honor "do not track" signals transmitted by users' web browsers, so we encourage you to visit the following link if you would like to opt out of certain tracking: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. Note that if you wish to opt out, you will need to do so separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox®, Safari®).
Third parties: We may use a variety of third party service providers, such as analytics companies, to understand usage of our services. We may allow those providers to place and read their own cookies, electronic images known as web beacons or single-pixel gifs and similar technologies, to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties. If you wish to opt out of third party cookies, you may do so through your browser, as mentioned above in Information collected automatically.
Information collected when using the individual accounts: School, district, and homeschool subscriptions include the option of using the individual accounts, our individual accounts system, which allows students and their teachers to keep track of learning. Student and teacher accounts are organized into classrooms created by the teachers of the subscribing school. For these accounts, we ask teachers to enter their first and last name and their students'; their username; the class with which they are associated; and a security question for use if they need to reset their password. We also require the teachers' email for password recovery and for sending notifications or messaging about new features, product use recommendations, efficiency testing, backup schedules, survey and research participation invitations, and more (messaging may not be available in all jurisdictions). An opt-out link will be included at the bottom of messages that are not solely operational. The only Personally Identifiable Information collected about students is their name, class, graduation year, and work associated with the account (student records). If a student uses the Make-a-Movie™ feature, his or her recorded voice may also be collected as part of the movie file that will be saved. We do NOT collect students' emails or addresses. We store the data created in each student account ("Student Records"), such as the history of BrainPOP movies they've watched, the quizzes and activities they've completed, Snapshots they've taken on certain GameUp® games, movies they’ve created using Make-a-Movie, and feedback provided by the teacher to the student through the individual accounts. We do so for the purpose of enhancing teacher and student use of the website. Please see the Using Individual Accounts section below for additional privacy and security information pertaining to the individual accounts.
Contact information for newsletter and surveys: On BrainPOP Educators®, a section of our websites that is directed to adults, users may choose to sign up for newsletters, promotional offerings, or participation in surveys, all of which require contact information. Such messages may include pixel tags and link tracking. The submitted contact information will not be shared, sold, or used for any other purpose, and you may opt out at any time. An opt-out link will be included at the bottom of such messages. Registration for newsletters, promotional offerings, and surveys participation are not intended for minors under the age of 13. Please see BrainPOP Educators® below for further information.
Messages received from users: We may retain certain information from users when they send us messages through our system or by email or through other online platforms, including Twitter, Facebook etc. We only use such information for providing the services or support requested.
Feedback: Certain features we offer include an option to provide us with feedback. The feedback feature does not identify the user submitting it. The feedback option is voluntary and the information a user submits to us will only be used for improving these features. If we receive personally identifiable information through a feedback form we take steps to immediately delete that information.
Information collected when using a BrainPOP® mobile app: Your website subscription may also provide access to the Full Access level of our mobile apps. If you choose to download any such app and log into it with your website subscription username and password, we collect limited usage information in connection with user logins in order to monitor subscription compliance. This information is maintained in accordance to this policy. We do not collect Personally Identifiable Information from users of the various BrainPOP applications. If you have purchased your subscription in-app, we do not collect any user information.
Push notifications on mobile apps: We may send BrainPOP mobile app push notifications from time to time in order to update you on news, events, or promotions. You may turn these notifications off at the device level if you no longer wish to receive them. If you choose to receive push notifications, we will need to collect certain information about your device - such as operating system and user identification information - in order to ensure they are delivered properly. We also collect the user time zone, which is set on the device, to ensure that we send notifications at an appropriate time of the day. We do not combine this information with other PII.
Mobile analytics on mobile apps: We use mobile analytics software to allow us to better understand the functionality of our mobile apps' software on your phone. This software may record information such as how often you use the apps, events that occur within the apps, aggregated usage, performance data, and from where the apps were downloaded. We do not link this information to any PII you submit within the mobile apps.
We do NOT collect or use information as follows:
- Certain activity pages and quizzes allow users to enter their names prior to printing or emailing (to a teacher, for example). We do not collect or store this information. A user may enter his or her name when taking a quiz on an app, but we do not collect it. That information is only stored on the user’s device.
- Other than in the places and for the purposes explicitly disclosed in this policy, we do not knowingly collect Personally Identifiable Information directly from users under the age of 13. If we learn that we have inadvertently collected any Personally Identifiable Information from a user under 13, we will take steps to promptly delete it. If you believe we have inadvertently collected personally identifiable information from a user under 13, please contact us at firstname.lastname@example.org.
- In no event shall we use, share or sell any student Personally Identifiable Information for advertising or marketing purposes.
Parents and legal guardians of children under 13 who use any of the BrainPOP products have certain rights under the Children's Online Privacy Protection Act (COPPA), and BrainPOP recognizes those rights. Parents/guardians can consent to collection and use of a child's personally-identifying information without consenting to the disclosure of information to third parties.
A child's participation or access to an activity on BrainPOP cannot be conditioned on him or her providing more information than is reasonably necessary for that activity, or any personally identifying information. BrainPOP does not collect personally identifying information from children under 13, without a parent or guardian's consent, or that of a school if applicable.
Using Individual Accounts
Schools or districts using the individual accounts system maintain ownership of their Student Records (as defined in the Family Educational Rights and Privacy Act (FERPA)).
Each school or district has access to a user-friendly administrator dashboard that allows direct control over the Student Records at all times. The administrator can create, update, review, modify, and delete individual accounts, and monitor logins within the individual accounts. "Administrators" are only those individuals explicitly designated by the school or the district. Schools and districts are required to appoint an administrator who will be responsible for the Student Records, and keep us informed about any changes regarding that appointment. Districts and schools are urged to safeguard the administrator's access information, keep it in strict confidence, and notify us of any unauthorized use of a password or account registered under their subscription.
Teachers using individual accounts will only be able to access or use the individual accounts with an educator code provided by their school. Students will only be able to create or access their accounts with a class code provided by their teachers. Students will be able to store their activities, quizzes, movies they’ve created with Make-a-Movie, and correspondences with their teachers within their individual accounts. Students can only interact with teachers who created a class in the individual accounts system. Certain games allow students to play with other students in the same school. The individual accounts do not allow students to communicate privately with other students outside of their schools.
We encourage schools and districts to notify parents if they use the individual accounts. Parents can log into their children's accounts and access their records. If you are the parent or guardian of a student using the individual accounts with his or her school, you can request the log in information from your child or his or her teacher. You are encouraged to use the student's log in information and view his or her activities and progress at any time. Parents have the right to request that we delete the student's personally identifiable information or make changes to records if they are inaccurate or misleading. In the case of an unauthorized disclosure, we will cooperate with the school to promptly notify parents (and students, if relevant, depending on their age). We will notify privacy regulators where that is required under applicable laws
FERPA ComplianceWe understand the obligation educational agencies, districts and school systems have to comply with the Family Educational Rights and Privacy Act (FERPA). We support schools in their compliance efforts and facilitate their alignment with FERPA.
Under the terms of our contracts with schools, we agree to act as a "School Official" as defined by FERPA, meaning that we:
- Perform an institutional service or function for which the school or district would otherwise use its own employees;
- Have been determined to meet the criteria set forth in the school's or district's annual notification of FERPA rights for being a School Official with a legitimate educational interest in the education records;
- Are under the direct control of the school or district with regard to the use and maintenance of education records; and
- Use education records only for authorized purposes and will not re-disclose Personally Identifiable Information from education records to other parties (unless we have specific authorization from the school or district to do so and it is otherwise permitted by FERPA).
How Long We Retain Student Data Information
Districts and schools are able to delete information at any time and in real time using the administrator dashboard as mentioned above. Once information is deleted, we do not retain any copies. If information was not deleted by the school or the district before the subscription expired, we retain such information for a limited period of two years. Student accounts within classrooms in the individual accounts system that have not been active for a period of two years are automatically deleted as well. After such a period, all information is automatically disposed of and deleted - first from our server and then, two weeks later, from any back-up server. At that point it cannot be restored. If your jurisdiction requires the deletion of student data within a shorter time period, or upon immediate termination of the subscription, you are required to delete such data using the administrator dashboard as mentioned above or contact us for assistance. Districts and schools may request copies of any raw data from the database, which shall be provided within four (4) weeks of the request.
How We Share Your Information
We may provide Personally Identifiable Information to our partners, business affiliates, and third party service providers who work for BrainPOP and operate some of its functionalities - these may include hosting, streaming, and credit card processing services. A current list of these third parties service providers is available upon request through email@example.com. These third parties service providers are well-known, established and/or vetted providers, who are bound contractually to practice adequate security measures and to use your information solely as it pertains to the provision of their services. They do not have the independent right to share your personally identifiable information. We share anonymous or de-identified information about our users when they are using third party web analytical tools, for tracking analytical information. We may use or share anonymous or aggregate and de-identified information for educational research purposes, to evaluate, inform, or show the efficacy of our services.
We will NOT share any personally identifiable information for marketing or advertising purposes.
We reserve the right to disclose personally identifiable information if we are required to do so by law, or if we believe that disclosure is necessary to protect our rights, protect your safety or others' safety, investigate fraud, and/or comply with a judicial proceeding, court order, subpoena, or legal process.
How We Store and Process Your Information
We strive to maintain security policies and procedures that are designed to protect your information.
Our servers are located in a secured, locked, and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, U.S.-based, off-site data center.
We take extra measures to ensure the safety of PII and Student Records and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted.
Governance policies and access controls are in place to ensure that the information of each district, school, or other subscriber is separated, and all subscribers can only access their own data.
Only limited BrainPOP personnel have access to the database, and personnel only access it when necessary to provide services. Personnel with access to Student Records pass criminal background checks and undergo periodic privacy training.
We follow standardized and documented procedures for coding, configuration management, patch installation, and change management for all applicable servers, and we audit our practices at least once a year.
While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. We have established a Disaster Recovery Plan for use in an actual data breach, loss, or disaster. This includes notifying the affected subscriber(s), and as appropriate, coordinating with the subscriber to support notification of affected individuals, students, and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.
Links to Third Party Sites
We carefully choose our business partners and associate only with reliable companies and organizations who demonstrate a similar commitment to users' privacy and education.
BrainPOP Educators® and the About BrainPOP Page
Using BrainPOP® Outside the US
If you are using this website(s) or app(s) outside the United States, you consent to having your information and data transferred to the United States. If you are in any jurisdiction with laws or regulations governing internet use, including collection, use, and disclosure of personal data, different from those of the United States, you may only use this website(s) or app(s) in a manner that is lawful in your jurisdiction. If your use of this website(s) or app(s) may be unlawful in your jurisdiction, please do not use them. If your use of the individual accounts may be unlawful in your jurisdiction, please do not use it.
Using BrainPOP® From the EU
Please see the EU privacy notice for further details on using BrainPOP from the European Union.
EU-US Privacy Shield
BrainPOP LLC participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. BrainPOP is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list
BrainPOP is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers it to a third party acting as an agent on its behalf. BrainPOP complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, BrainPOP is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BrainPOP may be required to disclose personal data in response to lawful requests by public authorities, including requests to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Upon request, BrainPOP will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us at firstname.lastname@example.org. We will respond to your request within a reasonable time frame.
Using BrainPOP® from Australia
We encourage schools in Australia to use our privacy notice (https://www.brainpop.com/about/australia_notice) to inform parents/guardians of our products and practices.
We constantly strive to provide the best services. Changes to this policy or any of the pages linked in this policy may be required in order to address changing technology and threats, changing laws, or we release new or amended services. We expect that most such changes will be minor, but there may be cases where significant adjustments are necessary. In those cases ,we will first provide prominent notice to the users who are affected.
If we make material changes pertaining to the ways we collect and use personal information from children under the age of 13, we will notify the school, parent, or legal guardian, as applicable, by email, in order to obtain verifiable consent for the new use of the child’s personal information.
If you wish to report a security breach, please contact us at email@example.com.
This policy was last updated on May 14, 2018, which entered into effect on June 1, 2018.