Privacy Policy of Polyup

Polyup collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Google Analytics

        Personal Data: Cookies; Usage Data

    • Contacting the User

      • Mailing list or newsletter

        Personal Data: email address

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets, Twitter Tweet button and social widgets and Pinterest “Pin it” button and social widgets

        Personal Data: Cookies; Usage Data

      • YouTube button and social widgets

        Personal Data: Usage Data

    • Interaction with support and feedback platforms

      • Zendesk Widget

        Personal Data: email address

    • Managing support and contact requests

      • Zendesk

        Personal Data: various types of Data as specified in the privacy policy of the service

Further information about Personal Data

    • Google Classroom

      Polyup does not collect, store, or request any Personal Data made available through Google Classroom integration including but not limited to class rosters.

    • COPPA Safe Harbor program

      Polyup is proud to work with iKeepSafe to ensure its data practices are in compliance with federal and California student data privacy requirements. For questions about COPPA compliance, please contact the iKeepSafe Safe Harbor program dedicated consumer complaint email address at COPPAPrivacy@ikeepsafe.org.

    • Business transfer

      In the event of merger or acquisition by another entity, Personal Data may be considered a business asset and as such is subject to transferral. By continuing to use Polyup you acknowledge that such a transfer may occur. Polyup pledges that any Personal Data we have collected from Users would be safeguarded by the acquiring organization under the same level of safety and privacy as set forth in this policy.

    • What kind of data do we collect?

      Users over 13

      Polyup requests that users create an account with an email. This is the only personally identifiable information that we collect.

      Users under 13

      Polyup does not collect, maintain, or request any personally identifiable information from users under 13.

      Data usage for internal operations

      Polyup collects aggregate anonymized data and de-identified data to personalize the User learning experience and for internal operations including the improvement of services.

    • What do we do with your data?

      Users over 13 that consent to receive email updates will be added to our mailing list. If you forget your password and signed up with an email address, Polyup may send messages to that address for the purpose of password recovery.

      Internal data usage

      Polyup collects aggregate anonymized data and de-identified data to personalize the User learning experience and for internal operations including the improvement of services.

    • How do we protect your information?

      Polyup does not share your information with third parties without your express consent.

      Privacy breach protocol
      Should despite our security measures, a security breach occur that is likely to result in a risk to the data privacy of Users, we will inform the relevant Users, schools, districts, and other affected parties, as well as relevant authorities when required by applicable data protection law, about the security breach as soon as reasonably possible.

      All employees with access to User Data have passed a background check.

    • Data retention policy

      We do not retain any personally identifiable data beyond what is necessary for education and legal purposes. Polyup guarantees the secure deletion of data if so requested by a parent, teacher, or school administrator within a reasonable time frame. We do not retain information from inactive accounts. Personally identifiable information (if applicable) from an account that has not been accessed for more than two years will be automatically deleted. Machines, presentations, and other user-generated content become the property of Polyup and will be retained after the deletion of the Users account.

      Partnerships with schools

      Polyup acknowledges that the school and/or district has control of students' personally identifiable information for the duration of a partnership. At such time as the partnership is terminated, Polyup will comply with the partner's demands regarding the internal use and storage of student data. Polyup will ensure the secure destruction of student data if so requested.

    • For Users Accessing Polyup from EU and EEA areas: Compliance with GDPR

      Our collection, processing and protecting of Personal Data of those who access Polyup from a European county, is compliant with European General Data Protection Regulation (GDPR).

      You have the following rights with regard to information about you:
      a. the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us; therefore, we have compiled this Privacy Policy for you;
      b. the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
      c. the right to rectify (amend/correct) any Personal Data about you that is inaccurate;
      d. the right to erasure (some conditions apply, see Section Data Retention below);
      e. the right to restrict processing your personal information, however, if you restrict us from processing a part of your Personal Data that is essential to our provision of Polyup, you may be asked to stop using Polyup;
      f. the right to data portability; the right to data portability allows users of Polyup to obtain and reuse their Personal Data for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so where it is technically feasible;
      g. the right to object (for example, you have an absolute right to stop us from using your Personal Data for direct marketing - read our opt-out instructions above); you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your Personal Data if we are able to show that we have a compelling reason for doing so;
      h. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

      If you would like to exercise any of the above rights, please send an email to: poly@polyup.com.

      We represent and warrant that your Personal Data is:
      1. processed lawfully, fairly and transparently;
      2. collected only for specific legitimate purposes;
      3. collection of personal data is adequate, relevant and limited to what is necessary;
      4. accurate and kept up to date (with your help);
      5. stored only as long as is necessary; and
      6. is secure and kept confidence.

      Date Retention: Generally, your Personal Data will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your Personal Data and you object to our processing of your personal information, or (iv) erasure of your Personal Data is required in order to fulfill a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your Personal Data verbally or in writing and we have a month to respond to any such request.

      Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it.

    • FERPA Compliance

      Student records are protected by the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and its implementing regulations (“FERPA”), federal regulations which assign rights to students and responsibilities to educational institutions regarding students' education records. The Act governs the maintenance and release of information from those records. Polyup has been and is in compliance in all material respects with FERPA. If you have any questions regarding your privacy rights, contact Polyup.

      What are students’ rights under this Act?

      - the right to inspect and review their education records
      - the right to amend inaccurate or misleading information in their education records and the right to a hearing if the request for amendment is unsatisfactory
      - the right of consent to disclosure of personally identifiable information
      - the right to file a complaint with the U.S. Department of Education concerning alleged failure to comply with FERPA requirements (Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue, SW, Washington, DC 20202-4605)

      Public Information:

      Unless a request to restrict release of public directory information is submitted by the student, the following may be released without prior consent:

      - Student’s name
      - Local address
      - Telephone number
      - E-mail address
      - Major field of study
      - Classification (B.A., M.A., or Certificate)
      - Enrollment status (graduate, undergraduate, part-time, full-time)
      - Dates of attendance
      - Expected graduation date
      - Thesis title
      - Degrees, honors, and awards received
      - Photograph

      A student wanting to restrict directory information must contact Polyup.

    • PPRA Compliance

      The Protection of Pupil Rights Amendment (or "PPRA") (20 USC § 1 232h; 34 CFR Part 98) applies to education agencies and institutions that receive funding from the U.S. Department of Education. PPRA is intended to protect the rights of parents and students in the following two ways:

      • It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with a Department of Education-funded survey, analysis, or evaluation in which their children participate.
      • It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any Department of Education-funded survey, analysis, or evaluation that reveals information concerning:

      o political affiliations;
      o mental and psychological problems potentially embarrassing to the student and his/her family;
      o sexual behavior and attitudes;
      o illegal, antisocial, self-incriminating, and demeaning behavior;
      o critical appraisals of other individuals with whom respondents have close family relationships;
      o legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers;
      o religious practices, affiliations, or beliefs of the student or student’s parent; and
      o income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program).

      For surveys not funded by the Department of Education, schools must notify parents and provide them with an opportunity to review the survey and opt their child out of participation. In addition, schools must work with parents to develop local policies regarding arrangements to protect student privacy relative to surveys, the administration of physical examinations or screenings, and the collection, disclosure, or use of personal information collected from students for marketing purposes.

      Parents or students who believe their rights under PPRA may have been violated may file a complaint with the Department of Education by writing the Family Policy Compliance Office. Complaints must contain specific allegations of fact giving reasonable cause to believe that a violation of PPRA occurred.

      Polyup does not receive funding from the the U.S. Department of Education, however, if at some point it will, Polyup will comply with PPRA regulations.

    • SOPIPA Compliance

      California Student Online Personal Information Protection Act (or "SOPIPA") prohibits operators of from sharing student data and using that data for targeted advertising on students for a non-educational purpose. It requires operators to implement and maintain reasonable security procedures and practices to protect student data. It also requires operators to delete a student’s information at the request of the school or district.

      Polyup complies with SOPIPA and does not share or use Personal Data for targeted advertising for non-educational purposes.

    • CCPA compliance

      The California Consumer Privacy Act (“CCPA”) provides California residents with five core rights to data privacy and an effective way to control their personal information. California consumers have the following five rights pursuant to CCPA:
      (1) the right to know what personal information is being collected about them.

      (2) the right to know whether their personal information is sold or disclosed and to whom.

      (3) the right to say no to the sale of personal information (“the right to opt out”).
      Sale is defined broadly in the CCPA to include “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration”.
      Moreover, a business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age , unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information. A business shall provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information,” to an Internet Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. For a consumer who has opted out of the sale of the consumer’s personal information, respect the consumer’s decision to opt out for at least 12 months before requesting that the consumer authorize the sale of the consumer’s personal information.
      (4) the right to access their personal information. A business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period.
      (5) the right to equal service and price, even if they exercise their privacy rights.

      Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:
      (1) Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
      (2) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
      (3) Debug to identify and repair errors that impair existing intended functionality.
      (4) Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
      (5) Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
      (6) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
      (7) To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
      (8) Comply with a legal obligation.
      (9) Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

      Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business.

      Polyup fully complies with CCPA. Contact us should you need to exercise any of your rights under CCPA.

    • The Service is directed to children under the age of 13

      Polyup is directed to children under the age of 13. It doesn't require the child to disclose any more information than is reasonably necessary to participate in its activity.
      Parents may review the personal information about their child collected by Polyup - if any - outlined in the rest of this policy, ask for its deletion and request any further collection or use to be omitted by contacting the Owner. Parents may also agree to the collection and use of their child’s information, but still not allow disclosure to third parties, unless disclosure is integral to the Service.

Contact information

    • Owner and Data Controller

      Polyup Inc.
      (408) 524-1400
      440 North Wolf Rd.
      Sunnyvale, CA 94085

      Owner contact email: poly@polyup.com