Permalink
Find file
9d0153b Dec 6, 2016
@santhonys @rileylark
201 lines (100 sloc) 19.6 KB

Pear Deck Privacy Policy

Last Modified: December 6, 2016 (changes to go into effect January 6, 2017)

Pear Deck is designed for use in schools, and we are committed to the highest standards of protection for student data and personally identifiable information (“PII”) at all times. In addition to this Privacy Policy, we also comply with the Family Educational Rights and Privacy Act (“FERPA”), and the Children’s Online Privacy Protection Act ("COPPA"), and applicable state laws. In addition, Pear Deck has signed the Student Privacy Pledge.

This Privacy Policy explains how Pear Deck, Inc., ("we" or “Pear Deck”) use, protect, and disclose the information we collect when you use the Pear Deck services (the “Services”) through our website www.PearDeck.com (“Site”), applications on Devices (“Apps”), through APIs, and through third parties. A “Device” is any computer used to access the Services, including without limitation a desktop, laptop, smartphone, tablet, or other consumer electronic device.

Changes to this Privacy Policy

We manage changes to this Privacy Policy via this public repository hosted on GitHub.com. If we make a material change to this Privacy Policy with respect to how we collect and use your personal information, we will provide at least 30 days’ prior written notice to you by email to the email address specified in your account, if you have one, so that you have sufficient time to evaluate the change, and you can choose to opt-out by revoking Google Permission to your Pear Deck account before the change takes effect. IF YOU DO NOT ACCEPT THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

THE INFORMATION WE COLLECT AND STORE

Pear Deck may collect and store the following information when running our Services.

Information You Provide

Pear Deck does not intentionally collect any personally identifiable information ("PII") from users identified as students. Depending on how you use the Services, you may be required to provide certain personally identifiable information ("Personal Information") through your Google Account, which may include, but is not limited to, your:

  • Google Account (Email address)

  • Name (if you include it in your Google Profile)

  • Your image and likeness if you include it in your Google profile or include in content that you create with our Services (these type of files are referred to as your "User Content")

  • User Content may include text images and media that you include in your Pear Deck presentation

You may choose not to provide your Personal Information; however, if you do not provide your Personal Information you may not be able to use all the functions offered by the Services.

For questions about your Personal Information on our Services, please contact privacy@PearDeck.com.

Usage Data

In addition, when you use our Services, the following types of information may all be logged automatically ("Usage Information"):

  • Your Device’s Internet Protocol ("IP") address,

  • Type of mobile device you use,

  • Operating system of your mobile device,

  • Browser type,

  • Non-precise geographic location (e.g. zip code and city)

  • Technical information about your device, system and App software, and peripherals,

  • Date and time stamps associated with transactions,

  • System configuration information, and

  • Metadata concerning your User Content, and other interactions with our Services.

HOW WE USE YOUR INFORMATION

We use your information:

  • to provide and improve our Services,

  • to administer your use of our Services,

  • to better understand your needs and interests,

  • to personalize and improve your experience

  • to provide or offer software updates and product announcements

  • to enhance current, and develop new, products and services

  • to determine general, non-identifying demographics like location (down to the city level), age range (e.g. 25-35), and equipment profiles (e.g. Chromebook with medium-size screen).

If you submit Personal Information to us, we will only use it for the purpose you requested or for which it is collected or for any purpose you subsequently authorize. Pear Deck will never sell your information or use it to build to marketing profile.

HOW WE COLLECT USAGE DATA

Pear Deck collects some information (ourselves or using third party services) using logging and cookies, such as IP address, which can be correlated with Personal Information. We use this information for the above purposes and to monitor and analyze use of our Services, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for our Services to process their requests. As of the date this policy went into effect, we use Google Analytics to track anonymous usage across all users and Intercom.io to track usage for users specifically identified as teachers. The Privacy Policy of Google Analytics are available online, and information on how to opt out of that service. The Intercom.io Privacy Policy is also available.

DATA OWNERSHIP

All data remains the property of and is solely owned, and thereby controlled, by you. You grant Pear Deck a non-exclusive, royalty free license, to use equipment, software, your data or other material of yours solely for the purpose of providing, maintaining, and supporting you and other licensees with Pear Deck Products and Services. However, Pear Deck may use and distribute the data for any lawful purpose outside the scope of the Agreement, provided always that such Data must be de-identified.

ACCESS & CORRECTING ERRONEOUS DATA

Under FERPA, a school must provide a parent with an opportunity to inspect and review his or her child’s education records within 45 days following its receipt of a request. A school is required to provide a parent with copies of education records, or make other arrangements, if a failure to do so would effectively prevent the parent from obtaining access to the records.

Requests to review may be directed to privacy@peardeck.com. In the even there is any erroneous data contained in the student record, Pear Deck will advise parents, legal guardians, and eligible students to contact the school to update their information in their Google user profile.

DATA TRANSFER

User Content may be transferred from Pear Deck by sharing files or folders from your Google Drive. Google also provides a tool called Takeout that allows you to export and transfer all data at one time (see: https://takeout.google.com/settings/takeout).

PAYMENT INFORMATION

If you provide credit card or debit card information to complete a purchase, it is our policy to use third-party payment processing systems that comply with the Payment Card Industry Data Security Standard (PCI-DSS), which is an industry wide security standard designed to protect the confidentiality and security of your credit card information, by encryption using secure socket layer technology (SSL) and storage with AES-256 encryption.

Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Your credit card information will also be subject to our payment processor’s privacy policy in addition to ours. As of the date this policy went into effect, Pear Deck uses Stripe Privacty Policy for payment processing.

If you wish to dispute a charge by mail or telephone please contact us at hello@PearDeck.com. Pear Deck complies with all legal requirements of your State’s applicable laws regarding providing refunds for unauthorized charges. When you make a charge, we shall display a completed charge screen. This is your electronic receipt. You should print or save this electronic receipt for your records. YOU REPRESENT AND WARRANT THAT YOU HAVE THE LEGAL RIGHT TO USE ANY CREDIT CARDS, DEBIT CARDS OR OTHER PAYMENT MEANS USED TO INITIATE ANY TRANSACTION.

INFORMATION SHARING AND DISCLOSURE

Further, you agree that Pear Deck may transfer the anonymous information we collect in the event of any corporate restructuring or any sale, assignment or transfer of substantially all of its rights in the Apps.

We may disclose information about you if we become subject to a subpoena or court order, or if we are otherwise legally required to disclose information. We may also use and disclose information about you to establish or exercise our legal rights, to enforce the Terms of Use, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any person. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email and/or a prominent notice on our website) of any change in control or use of your Personal Information or User Content, or if either become subject to a different Privacy Policy. We will also notify you of choices you may have regarding the information.

Pear Deck will display your Personal Information in your profile page and elsewhere on our Services according to the preferences you set in your account. Any information you choose to provide should reflect how much you want others to know about you. Please consider carefully what information you disclose in your profile page and your desired level of anonymity. You can review and revise your profile information at any time. We do not sell your personal information to third parties. We may also share or disclose your information with your consent, for example if you use a third party application to access your account. Through certain features of our Services, you may also have the ability to make some of your information public. Public information may be broadly and quickly disseminated.

Service Providers, Business Partners and Others. Pear Deck may use certain trusted third party companies and individuals to help us provide, analyze, and improve our Services (including but not limited to data storage, maintenance services, database management, web analytics, email communication, payment processing, and improvement of the Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. As of the date this policy went into effect, we use:

Service Providers used for business functions:

  • MailChimp’s marketing platform to perform personalized email communication

  • Salesforce CRM’s customer relationship software to manage contact information, history, and usage data shared securely from Intercom.io

  • Google Analytics and Intercom.io to collect and report usage data

  • Stripe and ChartMogul to collect and report subscription data for premium users

Service Providers used for the technical infrastructure of our application:

  • Amazon’s Web Services (AWS) to store some of your information (for example, your User Content)

  • Google's Cloud Platform and Google Drive to store some of your information (for example, your User Content. Teachers may also export student responses to a a Google Spreadsheet)

  • Firebase.io to store some of your information (for example, real time student responses)

  • Compose.io to store some of your information (for example, user profiles)

  • ConvertAPI processing service to convert existing PowerPoint files to Pear Deck format

Third-Party Applications. Pear Deck may share your Information with a third party application with your consent, for example when you choose to access our Services through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you.

Non-private or Non-Personal Information. Pear Deck may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Services. However, in such cases, your usage data is aggregated with the usage data of others and does not identify you individually.

DELETING YOUR INFORMATION

To delete your account, please remove the Pear Deck application from your Google Drive Permissions and delete your Pear Deck user content from your Google Drive.

Pear Deck ENTERPRISE ACCOUNT

If you have a Pear Deck Enterprise from your school or organization account, your Administrator may be able to:

  • access information in and about your Pear Deck Enterprise account;

  • disclose, restrict, or access information that you have provided or that is made available to you when using your Pear Deck Enterprise account; and

  • control how your Pear Deck Enterprise account may be accessed or deleted.

Please refer to your organization's policies if you have questions about your Administrator's rights.

LINKED SITES

Our Services may contain links to other Web sites whose privacy practices may differ from those of Pear Deck. If you submit personal Information to any of those sites, your Information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any Web site you visit.

SECURITY

Pear Deck takes reasonable steps to help protect Information against loss, misuse, unauthorized access or disclosure. Pear Deck expressly disclaims any representation or warranty, whether express or implied, with respect to offering any definitive promise of security in connection with The anonymous information we collect.

OUR POLICY TOWARD CHILDREN

We are required under the Children’s Online Privacy Protection Act (COPPA), with limited exceptions, to obtain verifiable parental consent in order to collect, use, or disclose personal information from Children. COPPA allows the Child’s School to obtain consent for the online collection of personal information from Children who are students of the School.

If a Child wants to use our Service, he/she must first obtain an Account from his/her School. Before an Account is provided to a School, we require that the School (on behalf of the Parent) (a) consent to the collection, use and disclosure of personal information of the Child, through the Service, in accordance with this Children’s Privacy Policy, and (b) agree that the Child’s online activities are subject to the Terms of Service.

As required under COPPA, we allow Parents certain choices regarding the personal information submitted by their Children Parents should make any permitted requests with the School and have the School, as the Parent’s agent, pass on those requests to Pear Deck. We may rely on the instructions that we receive from the School that we reasonably believe are given by a Child’s Parent to the School. For example, if a representative from the Child’s School contacts us and provides the Account information we request, we may assume that the person calling is acting on behalf of the Child’s Parent.

We provide Parents the following choices with respect to the collection, use, retention and disclosure of Personal Information. A Child’s registration information is always accessible to him/her. A Parent has the right to review her Child’s Personal Information, which the Parent can obtain by contacting her Child’s School. After reviewing the Child’s Personal Information, the Parent may ask us to update or delete the Child’s Personal Information by requesting such changes through the Child’s School. A Parent may prohibit us from sharing a Child’s Personal Information with a third party by requesting such prohibition through the Child’s School. Notwithstanding any such requests, we may continue to share a Child’s Personal Information with third parties for the Internal Purposes and Enforcement Purposes (each as described above).

If a Parent chooses to prohibit any future collection, use or disclosure of the Child’s Personal Information, the Parent may do so by terminating the Child’s Account through the School, and requesting the deletion of the Child’s Personal Information through the School. Upon receiving such request from the Child’s School, we will delete the Child’s Account information from our live databases and all the information and data stored for such Account. Company will not have any liability whatsoever for any termination of the Account or related deletion of the Child’s Personal Information. When we delete Personal Information, it will be deleted from our active databases but may remain in our archives.

DATA LOCATION

If you reside outside the U.S., the information we collect will be transferred to the U.S. and processed and stored there under U.S. privacy standards. By using the Services and providing Information to Pear Deck, you consent to the use, transfer and processing of the anonymous information we collect as set forth in this Privacy Policy, all of which activities will take place in the U.S.

CONTACTING US

If you have any questions about this Privacy Policy, please contact us at privacy@PearDeck.com.

SPECIAL CONSIDERATIONS BY STATE

California – Pear Deck will not use your data for any purpose beyond the indicated purposes in the Terms of Use, which includes this Privacy Policy. This includes, but is not limited to, Pear Deck’s policy to never use PII from a Pupil’s Records to engage in targeted advertising. All terms herein are defined in accordance with SB-1177 SOPIPA.

Colorado – Pear Deck will not use your data for any purpose beyond the indicated purposes in the Terms of Use, which includes this Privacy Policy. Only the Pear Deck employees that have a legitimate interest in accessing your data, will be granted authorization by Pear Deck. Colorado law shall govern this agreement between you and Pear Deck. All terms herein are defined in accordance with Colorado Open Records Act (“Act”), C.R.S. 24-72- 101.

Connecticut – Pear Deck will not use your data for any purpose beyond the indicated purposes in the Terms of Use, which includes this Privacy Policy. This includes, but is not limited to, Pear Deck’s policy to never use any student’s PII to engage in targeted advertising. Pear Deck will utilize industry standard security, or better, to ensure the protection of said student PII. Connecticut law shall govern this agreement between you and Pear Deck. All terms herein are defined in accordance with Public Act No. 16-189, and in case of any ambiguity or conflict between the terms herein and Public Act No. 16-189, then Public Act No. 16-189 will govern.

Florida – Pear Deck will provide notification of a security breach pursuant to requirements as mandated in the Florida Information Protection Act of 2014.

Maine - All terms herein are defined in accordance with SP0183, Maine's Student Information Privacy Act.

Maryland – Pear Deck will not use Covered Information to engage in targeted advertising.

New York – In accordance with New York Education Law § 2-d, Pear Deck will comply with and attach to your contract the Parents’ Bill of Rights for Data Privacy and Security, as applicable.

Pennsylvania – Pear Deck will provide notification of a security breach pursuant to the requirements of Pennsylvania’s Breach of Personal Information Notification Act.

Washington – Pear Deck will provide notice before making material changes to this Privacy Policy.