Privacy Policy

At TouchMath Acquisitions LLC (TM),  or under the names of Curriculum Advantage, Inc. and/or Classworks (“CAI", sometimes referred to in this document as “We,” “Us” and “Our”, all of which are the property of TM and, along with TM, are included in this reference), we are committed to protecting the privacy and security of the student data we collect and use in providing our educational products and services. This summary outlines the key points of our privacy policy:

• We collect student data from schools and users of our products, including personal information, schoolwork, and device usage data.

• We use student data only to provide and improve our educational products and services, as authorized by schools or parents.

• We do not sell student data to third parties or use it for targeted advertising.

• We may share student data with our service providers who help us deliver our products, but they are obligated to protect the data in line with this policy.

• We maintain a comprehensive information security program to safeguard student data against unauthorized access or disclosure.

• Parents and guardians can contact their child's school to review, correct, or update the student data we hold.

• We retain student data only for as long as necessary to fulfill the purposes outlined in this policy and our agreements with schools.

For more detailed information, please refer to the full privacy policy below. If you have any questions or concerns, contact us at privacy@curriculumadvantage.com.

Introduction

Curriculum Advantage, Inc. (“CAI”) is leading the way in K-12 curriculum and assessment. Curriculum Advantage’s programs provide teachers with powerful tools that help them understand and respond to the needs of every student and use data in a way that is safe, secure, and effective. 

This Customer Privacy Policy (“Privacy Policy”) or (“Policy”) describes how CAI collects, uses, and discloses personal information and data through the provision of its education products and services (“Products”), including Classworks, Classbloom, and any other product or service that links to this Customer Privacy Policy, to its users (K-12 students, educators, staff and families) and School Customers (School Districts and State Agencies, as defined below). In the course of providing the Products to the Customer, CAI may collect or have access to “education records,” as defined by the federal Family Educational Rights and Privacy Act of 1974 (“FERPA”) and personal information that is directly related to an identifiable student (collectively, “Student Data”). This Policy does not apply to CAI’s company website; information collected from users of the website is governed by our website privacy policy.

We consider Student Data to be confidential and we collect and use Student Data solely for the purpose of providing our Products to, or on behalf of, our School Customer and for the purposes set out in this Privacy Policy and Customer Agreements. We take numerous measures to maintain the security and confidentiality of Student Data collected or stored by CAI on behalf of our School Customers, and we enable our School Customers to control the use, access, sharing and retention of the data. Our collection and use of Student Data is governed by our Agreements with our School Customers, including this Privacy Policy, and applicable laws including FERPA, the Children’s Online Privacy Protection Act (“COPPA”), as well as other applicable federal, state and local privacy laws and regulations (“Applicable Laws”). With respect to FERPA, CAI receives Student Data as a “school official” under Section 99.31 of FERPA for the purpose of providing its Products, and such Student Data is owned and controlled by the School Customer.

CAI is also an early adopter and proud signatory of the Student Privacy Pledge, an industry-wide pledge to safeguard privacy and security of student data. For more information on the pledge, see https://studentprivacypledge.org/.

There may be different contractual terms or privacy policies in place with some of our School Customers. Such other terms or policies may supersede this Policy for information collected or released under those terms. If you have any questions as to which legal agreement or privacy policy controls the collection and use of your information, please contact us using the information provided below.

Definitions

Capitalized terms not defined in this section or above will have the meaning set forth by Applicable Laws.

1. “Agreement” means the underlying contractual Agreement between CAI and the School Customer.

2. “Authorized Users” means K-12 students, educators, staff and families using CAI’s Products pursuant to an Agreement.

3. “School Customer” means the School District or State Agency that is the party to the Agreement to provide the CAI Products to the School Customer’s Authorized Users.

4. “School District” means a local education agency, school network, independent school, or other regional education system.

5. “State Agency” means the educational agency primarily responsible for the supervision of public elementary and secondary schools in any of the 50 states, the Commonwealth of Puerto Rico, the District of Columbia or other territories and possessions of the United States.

6. “Student Data” means any information that directly relates to an identifiable current or former student that CAI collects, receives, or generates in the course of providing the Products to or on behalf of a School Customer. Student Data may include personal information from a student’s “educational records,” as defined by FERPA.

Student Data Collected

CAI receives Student Data in two ways: (i) from our School Customers to implement the use of our Products and (ii) from Authorized Users.

1. Information provided by our School Customers

   • Most of CAI’s educational Products require some basic information about who is in a classroom and who teaches the class. This roster information, including name, email address, grade level, and school ID numbers, is provided to CAI by our School Customers either directly from the School Customer’s student information system or via a third party with whom the School Customer contracts to provide that information.

   • Our Customers may also choose to provide additional student demographic data (e.g. socio-economic status, race, national origin) and other school records (e.g. grades, attendance, assessment results) to CAI for tailoring individual learning programs or enabling additional reporting capabilities through CAI Products. For example, a School District may wish to analyze student reading assessment results based on English Language Learner status in order to better differentiate instruction, and in that case may provide that data along with other roster information.

2. Information collected through our Products.

   • Schoolwork and student generated content. We collect information contained in student assignments and assessments, including information in responses to instructional activities and participation in collaborative or interactive features of our Products. As part of the digital learning experience, some of our Products may enable students to write texts and create and upload images, video and audio recordings.

   • Teacher comments and feedback. Some of our Products may enable educators to provide scores, written comments, or other feedback about student responses or student course performance.

3. Other Personal Information Collected

   • School Customer Information. We collect personal information when a teacher, administrator or other authorized person associated with a School District or State Agency Customer creates an account or uses our Products or communicates with us. This could include contact information, such as a name, phone number, email address, as well as information about the individual’s school and location.

   • Parent and Guardian Information. From time to time, we may collect personal information from or about a Student’s parent or legal guardian. This information may be provided by a School Customer or directly by the parent or guardian who communicates with us or creates an account.

4. Device and Usage Data.

   • Depending on the Product, we may collect certain information about the device used to connect to our Product, such as device type and model, browser configurations and persistent identifiers, such as IP addresses and unique device identifiers. We may collect device diagnostic information, such as battery level, usage logs and error logs as well as usage, viewing and technical information, such as the number of requests a device makes, to ensure proper system capacity for all Authorized Users. We may collect geolocation information from a user’s device, or may approximate device location based on other metrics, like an IP address. Some of our Products use “cookies,” Web beacons, HTML5 local storage and other similar technologies to collect and store such data. We use this information to remember returning users and facilitate ease of login, to customize the function and appearance of the Products, and to improve the learning experience. This information also helps us to track product usage for various purposes including website optimization, to ensure proper system capacity, troubleshoot and fix errors, provide technical assistance and customer support, provide and monitor the effectiveness of our Products, monitor and address security concerns, and to compile analytics for product improvement and other internal purposes.

   • With respect to cookies, you may be able to reject cookies through your browser or device controls, but doing so may negatively impact your experience as some features may not work properly. To learn more about browser cookies, including how to manage or delete them, check the “Help,” “Tools” or similar section of your browser. If we link or combine device and usage information with personal information we have collected directly from users that relates to or identifies a particular individual, we will treat the combined information as personal information.

   • Third-party website tracking. CAI does not track students across third-party websites and does not respond to Do Not Track (DNT) signals. CAI does not permit third party advertising networks to collect information from or about Students using CAI educational Products for the purpose of serving targeted advertising across websites and over time and CAI will never use Student Data for targeted advertising.

Use of Student Data

CAI uses Student Data collected from, or on behalf of, a School Customer to support the learning experience, to provide the Products to the School Customer and to ensure secure and effective operation of our Products, including:

1. to provide and improve our educational Products and to support School Customers’ and Authorized Users’ activities;

2. for purposes requested or authorized by the School Customer or as otherwise permitted by Applicable Laws;

3. for adaptive or personalized learning purposes, provided that Student Data is not disclosed;

4. for customer support purposes, to respond to the inquiries and fulfill the requests of our School Customers and their Authorized Users;

5. to enforce product access and security controls; and

6. to conduct system audits and improve protections against the misuse of our Products, or to detect and prevent fraud and other harmful activities.

CAI may use de-identified data as described in Section 5 below.

Disclosure of Student Data

We share or disclose Student Data only as needed to provide the Products under the Agreement and as required by law, including but not limited to the following:

1. as directed or permitted by the School Customer;

2. to other Authorized Users of the School Customer entitled to access such data in connection with the Products;

3. to our service providers, subprocessors, or vendors who have a legitimate need to access such data in order to assist us in providing our Products, such as platform, infrastructure, and application software. We contractually bind such parties to protect Student Data in a manner consistent with those practices set forth in this Policy;

4. to comply with the law, respond to requests in legal or government enforcement proceedings (such as complying with a subpoena), protect our rights in a legal dispute, or seek assistance of law enforcement in the event of a threat to our rights, security or property or that of our affiliates, customers, Authorized Users or others;

5. in the event CAI or all or part of its assets are acquired or transferred to another party, including in connection with any bankruptcy or similar proceedings, provided that successor entity will be required to comply with the privacy protections in this Policy with respect to information collected under this Policy, or we will provide School Customers with notice and an opportunity to opt-out of the transfer of Student Data by deleting such data prior to the transfer; and

6. except as restricted by Applicable Laws or contracts with our School Customers, we may also share Student Data with CAI’s affiliated education companies, provided that such disclosure is solely for the purposes of providing Products and at all times is subject to this Policy.

De-Identified Data

CAI may use de-identified or aggregate data for purposes allowed under FERPA and other Applicable Laws, to research, develop and improve educational sites, services and applications and to demonstrate the effectiveness of the CAI Products. We may also share de-identified data with research partners to help us analyze the information for product improvement and development purposes.

Records and information are considered to be de-identified when all personally identifiable information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual. We de-identify Student Data in compliance with Applicable Laws and in accordance with the guidelines of NIST SP 800-122. CAI has implemented internal procedures and controls to protect against the re-identification of de-identified Student Data. CAI does not disclose de-identified data to its research partners unless that party has agreed in writing not to attempt to re-identify such data.

Responsible Artificial Intelligence (AI) Use 

We utilize artificial intelligence (AI) in a digital learning assistant to deliver and personalize the educational experience to students on the platform. We are committed to protecting student privacy and do not share any personally identifiable information with our third-party LLM (Large Language Model) provider used in the learning assistant.

What is the learning assistant, and what does it do?

The learning assistant is designed to empower students by providing personalized learning support and fostering a self-directed learning environment. This innovative tool leverages the Anthropic Claude LLM, a third-party AI model, to enhance the learning experience for each student.

This enables the learning assistant to:

• Offer personalized explanations: When students encounter a challenging instructional concept, the learning assistant can provide clear and concise explanations tailored to their learning style in their chosen language.

• Be available anytime: The learning assistant is available anytime during the student's Classworks instructional lessons, allowing students to seek guidance and practice whenever needed.

User Options and Ability to Opt-Out:

We respect your choices regarding AI usage. While the learning assistant is enabled by default, you have options:

• District Level Users: District Users can enable or disable the learning assistant support per school.

• Teachers: Teachers can disable the learning assistant for individual students.

• Full Transparency: District and teacher users have complete transparency in monitoring the learning assistant's responses to students.

Data and Privacy:

• Third-party Generative AI Model: We use the Anthropic Claude LLM, a third-party model.

• Data Sharing: We do not share any personally identifiable information with the Anthropic Claude, except for the student's first name and grade level, which is used for personalization.

• Data Source: The Claude LLM is trained on a dataset of anonymous data not from our platform. Anthropic also use data that they have permission to use. LLM separation from the platform ensures complete student privacy.

• Model Improvement: Prompts from students do not directly improve the Claude LLM. Instead, teachers, instructional content experts, and our engineers provide feedback to refine the prompts using advanced prompt engineering techniques for better student interaction.

Why did we choose Anthropic’s Claude AI Model for our learning assistant?

Imagine you're training a super smart computer program to help you learn. There are different ways to do this, and one exciting approach pioneered by Anthropic is called Constitutional AI. Think of it like giving the program a set of rules, similar to a classroom code of conduct, to help it learn and behave safely and helpfully.

Here's why Constitutional AI is interesting for education:

• Safer learning: Constitutional AI helps the AI model avoid generating harmful or biased information, making it a more trustworthy learning companion.

• Clearer explanations: Constitutional AI encourages the AI model to explain its reasoning and thought process, helping you understand where the information comes from and how to think critically.

• Fair and inclusive learning: By following guidelines like fairness and respect, Constitutional AI helps the AI model avoid biases and create a more inclusive learning environment for everyone.

It's important to remember that Constitutional AI is still under development and therefore may make mistakes, but it shows promise for creating safe and responsible AI tools for education and other fields. While Anthropic’s AI model isn't the only AI model, its focus on safety, transparency, and fairness through Constitutional AI makes it a strong choice for learning environments.

We are committed to transparency and will update this policy as our AI practices evolve.

Prohibitions; Advertising; Advertising limitations

CAI will not:

• sell Student Data to third parties;

• use or disclose Student Data to inform, influence, or enable targeted advertising to a student based on Student Data or information or data inferred over time from the student’s usage of the Products;

• use Student Data to develop a profile of a student for any purpose other than providing the Products to a School Customer, or as authorized by a parent or legal guardian;

• use Student Data for any commercial purpose other than provide the Products to the School Customer, as authorized by the School Customer or the parent or guardian, or as permitted by Applicable Laws.

CAI may, from time to time, provide customized content, advertising, and commercial messages to School Customers, teachers, school administrators or other non-student users, provided that such advertisements shall not be based on Student Data. CAI may use Student Data to recommend educational products or services to users, or to notify users about new educational product updates, features, or services.

External Third-Party Services

1. This Privacy Policy applies solely to CAI’s Products and practices. CAI School Customers and Authorized Users may choose to connect or use our Products in conjunction with third party services and Products. Additionally, our sites and Products may contain links to third party websites or services. This Policy does not address, and CAI is not responsible for, the privacy, information, or other practices of such third parties. Customers should carefully consider which third party applications to include among the Products and services they provide to students and vet the privacy and data security standards of those providers.

2. Users may be able to log in to our Products using third-party sign-in services such as Classlink or Google. These services authenticate your identity and provide you with the option to share certain personal information with us, including your name and email address, to pre-populate the user account information. If you choose to enable a third party to share your third-party account credentials with CAI, we may obtain personal information via that mechanism. You may configure your accounts on these third party platform services to control what information they share.

Security

1. CAI maintains a comprehensive information security program and uses industry standard administrative, technical, operational and physical measures to safeguard Student Data in its possession against loss, theft and unauthorized use, disclosure or modification. CAI performs periodic risk assessments of its information security program and prioritizes the remediation of identified security vulnerabilities.

2. In the event CAI discovers or is notified that Student Data within our possession or control was disclosed to, or acquired by, an unauthorized party, we will investigate the incident, take steps to mitigate the potential impact, and notify the School Customer in accordance with Applicable Laws.

3. CAI’s servers are hosted in and managed and controlled by us from the United States and are not intended to subject CAI to the laws or jurisdiction of any jurisdiction other than that of the United States. If you are a user located outside the United States, you understand and consent to having Student Data collected and maintained by CAI processed in the United States. United States data protection and other relevant laws may not be the same as those in your jurisdiction. This includes the use of cookies and other tracking technologies as described above.

4. Data encryption is an important element of our protection of sensitive data at rest and in transit, and is reviewed and updated as appropriate annually, based on the latest standards and guidelines published by OWASP and NIST.

   • In transit: CAI encrypts all student data in transit over public connections, using Transport Layer Security (TLS), commonly known as SSL, using industry-standard protocols, ciphers, algorithms, and key sizes.

   • At rest: CAI encrypts student data at rest using the industry-standard AES-256 encryption algorithm.

5. CAI Products recommend strong password at sign-up and account creation. CAI recommend usage of Single Sign-on (SSO) methods to ensure secure access to CAI Products based on the School Customer privacy and security policies. 

6. CAI’s access control principles dictate that all student data we store on behalf of customers is accessible to district-authorized users and to a limited set of internal CAI users, with 2-factor authentication, who may only access the data for purposes authorized by the district. Districts maintain control over their internal users and may grant or revoke access.

Review and correction

1. FERPA requires schools to provide parents with access to their children’s education records, and parents may request that the school correct records that they believe to be inaccurate or misleading.

2. If you are a parent or guardian and would like to review, correct or update your child’s data stored in our Products, contact your School District. CAI will work with your School District to enable your access to and, if applicable, correction of your child’s education records.

3. If you have any questions about whom to contact or other questions about your child’s data, you may contact us using the information provided below.

Student Data retention

We will retain Student Data for the period necessary to fulfill the purposes outlined in this Policy and our agreement with that School Customer. We do not knowingly retain Student Data beyond the time period required to support a School Customer’s educational purpose, unless authorized by the School Customer. Upon notice from our School Customers, CAI will return, delete, or destroy Student Data stored by CAI in accordance with applicable law and customer requirements. We may not be able to fully delete all data in all circumstances, such as information retained in technical support records, customer service records, back-ups and similar business records. Unless otherwise notified by our School Customer, we will delete or de-identify Student Data after termination of our Agreement with the School Customer.

COPPA

We do not knowingly collect personal information from a child under 13 unless and until a School Customer has authorized us to collect such information through the provision of Products on the School Customer’s behalf. We comply with all applicable provisions of the Children’s Online Privacy Protection Act (“COPPA”). To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering School District or State Agency and on the basis of educational institutional consent. Upon request, we provide the School Customer the opportunity to review and delete the personal information collected from students. If you are a parent or guardian and have questions about your child’s use of the Products and any personal information collected, please direct these questions to your child’s school.

Updates to this policy

We may change this Policy in the future. For example, we may update it to comply with new laws or regulations, to conform to industry best practices, or to reflect changes in our product offerings. When these changes do not reflect material changes in our practices with respect to use and/or disclosure of Student Data, such changes to the Policy will become effective when we post the revised Policy on our website. In the event there are material changes in our practices that would result in Student Data being used in a materially different manner than was disclosed when the information was collected, we will notify School Customers affected by the changes via the email contact information provided by the customer and provide an opportunity to opt out before such changes take effect.

Contact us

If you have questions about this Policy, please contact us at:

• Email: privacy@curriculumadvantage.com

• Mail: Curriculum Advantage, Inc.

PO Box 3243

Duluth, GA 30096

Attn: General Counsel

To report a security vulnerability, email us at security@curriculumadvantage.com.

Supplemental Disclosures

Nevada. This section applies if you are a resident of the state of Nevada.  While CAI does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personally identifiable information to privacy@curriculumadvantage.com.  

California.  This section applies to you if you are a resident of the state of California and for purposes of this section the term “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”). Residents of California may be entitled to certain rights with respect to personal information that we collect about them under the CCPA: the Right to Know, the Right to Request Deletion and the Right to Opt-Out of Personal Information Sales. You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you the Products or engage with you in the same manner. To request to exercise your California consumer rights, please contact us at privacy@curriculumadvantage.com with the subject line “California Rights Request.” 

Note for students and other users who engage with CAI in connection with a School Customer’s use of CAI: Because CAI provides the Products to School Customers as a “School Official,” we collect, retain, use and disclose Student Data only for or on behalf of our School Customers for the purpose of providing the Products specified in our agreement with the Customer and for no other commercial purpose.  Accordingly, we act as a “service provider” for our School Customers under the CCPA.  If you have any questions or would like to exercise your California rights, please contact your School directly.