- We believe that schools, acting with parent permission, should determine whether any student data is collected and maintain control over that data.
- Schools can use BrainPOP® without sharing any personal student data. Or, schools can choose to enable My BrainPOP™ to keep track of individual student learning.
- The school account administrator can purge student data at any time.
- We will never share identifiable data without your permission. We will never sell student data to a third party.
- BrainPOP uses industry standard SSL to ensure that student data is encrypted and transmitted securely from end to end.
- Teachers can monitor student accounts and student work.
- Students cannot privately communicate with each other.
- Parents can access their child's account at anytime.
- If a school chooses to use My BrainPOP, teachers will gain valuable data on student performance and students will receive feedback on how to improve.
- We also use anonymous and de-identified data to improve learning opportunities and continually make BrainPOP more effective.
- BrainPOP makes every effort to ensure consistency with the Family Educational Rights and Privacy Act (FERPA) policies. We also comply with Children's Online Privacy Protection Act (COPPA).
- We have signed the K-12 School Service Provider Pledge to Safeguard Student Privacy.
We do NOT collect or use information as follows:
The privacy of those who use this website or app is extremely important to us. We design and operate our technology and services with our users' protection and privacy in mind, and make every effort to be transparent in our data collection and use practices.
We comply with the FTC's Children's Online Privacy Protection Act (COPPA), and support the goals and guidelines set forth by industry self-regulatory bodies and experts such as the Center for Media Education (CME), the Children's Advertising Review Unit (CARU) of the Council of Better Business Bureaus and other organizations devoted to providing online safety and privacy for children, households, parents and schools. We also support districts and schools that are subject to compliance with the Family Educational Rights and Privacy Act (FERPA).
A note to minors: If you are under the age of 13, please get permission from your parent/legal guardian before using this website or app or sending any e-mail to us. You must be 18 or older to order a subscription to any of the BrainPOP® websites or apps. We will not sell or market directly to minors and always seek parental or legal guardian's authorization whenever we identify that a minor attempts to purchase a BrainPOP product or service.
A note to schools and districts: Wherever we collect student identifiable information, we do so in support of the educational purposes for which BrainPOP is designed. Such information is only collected in conjunction with the use of My BrainPOP™ (our individual accounts system), an optional feature that only schools and districts can opt into. Schools and districts can choose whether to allow their teachers and students the use of this feature.
For purposes of this Policy, we introduce the definitions of how we characterize user's information:
"Personally Identifiable Information" or "PII" is information that can identify a user of this website, including e-mail, name and address. "Anonymous Information" is information that does not enable identification of an individual user. "De-Identified Information" is information from which all personally identifiable components have been removed. Unlike Anonymous Information, De-Identified information is initially collected as Personally Identifiable Information, after which we remove any identifying component to make the information anonymous.
We collect the following types of information:
Information collected when subscribing: In the registration process of any of our subscription types, we ask our subscriber to provide us with name, email address, affiliation with a school or district (if applicable), phone number and billing information. We use this contact information to send users service-related announcements on rare occasions when it is necessary or advisable to do so. For instance, if we perform routine maintenance, we might send an informational email.
Username and password: Subscribers create a username and password in the registration process, or, if they prefer, we may assign these for them. We use usernames and passwords of subscribers' accounts to authenticate logins, allow access to the paid content and monitor subscription compliance. The username is also used to authenticate users when requesting technical support. The passwords are all encrypted when stored. For more information on our security practices, see "How We Store and Process Your Information" below.
Information collected automatically: We automatically receive and record information on our server logs from a user’s browser, including the user’s IP address. In addition, we use IP addresses to maintain a user’s session and we do not store them after the user’s session is over. We also do not otherwise combine this information with other PII.
We do not collect a user’s web search history across third party websites or search engines. However, if a user navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find our website. Our website does not honor "do not track" signals transmitted by users' web browsers, so we encourage you to visit these links if you would like to opt out of certain tracking: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox® or Safari®) on each device.
Third Parties: We may use a variety of third-party service providers, such as analytics companies, to understand usage of our services. We may allow those providers to place and read their own cookies, electronic images known as web beacons or single-pixel gifs and similar technologies, to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties. If you want to opt out or third party cookies, you may do so through your browser, as mentioned above in Information collected automatically.
Information collected when using My BrainPOP™: As part of certain subscriptions, we offer schools and districts the option to use the individual accounts system, called My BrainPOP, which allows students and their teachers to keep track of learning. Student and teacher accounts are organized by classrooms created by the teachers of the subscribing school. For these accounts, we ask the teachers to enter the first and last name of students and teachers, their username, the class they are associated with and a security question for resetting their password. We also require the teachers' email for password recovery. The only Personally Identifiable Information collected about students is their name, class and student records. We do NOT collect students' emails or addresses. We store the data created in each student account ("Student Records"), such as the history of the movies they've watched, the quizzes and activities they've completed, snapshots they've taken on certain GameUp® games and feedback provided by the teacher to the student through My BrainPOP, to enhance teachers and students use of the website. Please see the Using My BrainPOP™ section below for additional privacy and security information for users of My BrainPOP.
Contact information for newsletter and surveys: On BrainPOP Educators™, a section of this website that is directed to adults, you may choose to register to receive newsletters, promotional offerings or surveys, which requires your contact information. Such messages may include pixel tags and link tracking. The contact information you submit will not be shared, sold or used for any other purpose and you may opt out at any time. An opt out link will be included in the bottom of such messages. Registration to newsletters, promotional offering and surveys are not intended for minors under the age of 13. Please see BrainPOP Educators™ below for further information.
Emails received from users: We may retain certain information from users when they send us messages through our system or by email. We only use such information for providing the services or support requested.
Feedback: Certain features we offer include an option to provide us with feedback on your experience. The feedback feature does not identify the user submitting it. The feedback option is voluntary and the information a user submits to us will only be used for improving these features. If we receive personally identifiable information through a feedback form we take steps to immediately delete that information.
Information collected when using a BrainPOP® mobile app: Your website subscription also provides access to the Full Access level of our mobile apps. If you chose to download any such app and log into it with your website subscription username and password, we collect limited usage information in connection with user logins in order to monitor subscription compliance. This information is maintained in accordance to this policy. We do not collect Personally Identifiable Information from users of the various BrainPOP applications. If you subscribe to a BrainPOP app with an in-app purchase subscription, we do not collect any user information.
Using My BrainPOP™
Schools or districts using My BrainPOP maintain ownership of their Student Records.
Each school or district has access to a user-friendly administrator dashboard that allows direct control over the Student Records at all times. The administrator can create, update, review, modify and delete individual accounts, and monitor logins in the individual accounts. "Administrators" are only those individuals explicitly designated by the school or the district. Schools and districts are required to appoint an administrator that will be responsible for the Student Records, and keep us informed of any changes of such appointment. Districts and schools are urged to safeguard the administrator's access information and keep it in strict confidence, and notify us of any unauthorized use of password or account registered under their subscription.
The teachers using My BrainPOP will only be able to access or use My BrainPOP with an Educator Code provided by their school. Students will only be able to access their accounts with a Class Code provided by their teachers. Students will be able to store their activities, quizzes and their correspondences with their teachers on their individual accounts. Students can only interact with teachers who created the My BrainPOP class. Students cannot privately communicate with other students through My BrainPOP.
We encourage schools and districts using My BrainPOP to notify parents that the product is used in their school. Parents can log into their children's accounts and access their records. If you are a parent or guardian of a student using My BrainPOP with his or her school, you can request the login information from your child or their teacher. You are encouraged to use the student's login information and view all their activities and progress on the account at any time. Parents have a right to request the student's Personally Identifiable Information be deleted or request changes in his or her records if it is inaccurate or misleading.
We understand the obligation educational agencies, districts and school systems have to comply with the Family Educational Rights and Privacy Act (FERPA) and we support schools in their compliance efforts and facilitate their alignment with FERPA.
Under the terms of our contracts with schools, we agree to act as a "School Official" as defined by FERPA, meaning that we:
Districts and schools are able to delete information at any time and in real time using the Administrator Dashboard as mentioned above. Once information is deleted, we do not retain any copies. Teachers may also choose to archive the classroom they created. My BrainPOP classrooms that have been archived are retained for a period of two years. After such period, all information is automatically disposed and deleted; first it is deleted from the server and two weeks thereafter it is deleted from any backup server and cannot be restored. Districts and schools may request copies of any raw data from the database, which shall be provided within four (4) weeks of the request.
How We Share Your Information
We may provide Personally Identifiable Information to our partners, business affiliates and third party service providers who work for BrainPOP and operate some of its functionalities, such as hosting services, streaming services and credit card processing. These third parties are well-known, established service providers, who are bound contractually to practice adequate security measures and only use your information for the sole purpose of providing the services. These third parties do not have independent right to share your Personally Identifiable Information. We share Anonymous Information or De-Identified Information about our users for tracking analytical information when using third party web analytical tools. We may use or share Anonymous Information or De-Identified Information for educational research purposes, to evaluate the educational benefit of using our services or to improve our services.
We will NOT share any information for marketing or advertising purposes.
We reserve the right to disclose Personally Identifiable Information if we are required to do so by law or if we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order or legal process.
How We Store and Process Your Information
We strive to maintain security policies and procedures that are designed to protect your information.
Our servers are located in a secured, locked and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, US based, offsite data center.
We take extra measures to ensure the safety of PII and Student Records and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted.
Governance policies and access controls are in place to ensure that the information of each district or school or other subscriber is separated and they are only able to access their own data.
Only limited BrainPOP personnel have access to the database, and they only access the database when necessary to provide services. Personnel with access to Student Records pass criminal background checks.
We follow standardized and documented procedures for coding, configuration management, patch installation and change management for all applicable servers and we audit our practices at least once a year.
While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. In the event we learn of an actual data breach, loss or disaster, we have established a Disaster Recovery Plan, which includes notifying the affected subscriber, and as appropriate, coordinating with the subscriber to support its notification of affected individuals, students and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.
Links to Third-Party Sites
We carefully choose our business partners and associate only with reliable partners who demonstrate a commitment to users' privacy and who share our commitment to education.
Links to Social Plugins
Using BrainPOP® Outside the US
If you are using this website or app outside the United States, you consent to having your information and data transferred to the United States. If you are from any jurisdiction with laws or regulations governing the use of the Internet, including collection, use and disclosure of personal data, different from those of the United States, you may only use this website or app in a manner lawful in your jurisdiction. If your use of this website or app may be unlawful in your jurisdiction, please do not use this website or app. If your use of My BrainPOP may be unlawful in your jurisdiction, please do not use My BrainPOP.
Using BrainPOP from the EU
EU-US Privacy Shield
BrainPOP LLC participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. BrainPOP is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list
BrainPOP is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. BrainPOP complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, BrainPOP is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BrainPOP may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Upon request BrainPOP will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us at email@example.com. We will respond to your request within a reasonable timeframe.
We constantly strive to provide the best services. Changes to this policy may be required to keep pace with changing technology and threats, and as new or changed services are released. We expect most such changes to be minor, but there may be cases where changes may be more significant. In such cases we will first provide prominent notice to users who are affected.
If you wish to report a security breach, please contact us at firstname.lastname@example.org.
This policy was last updated on January 9th, 2015, and Using BrainPOP from the EU was added and in effect as of September 30th, 2016.
We do NOT collect or use information as follows:
We do NOT collect or use information as follows: