Branching Minds (“Branching Minds,” “we,” or “us”) empowers teachers, administrators and parents to more effectively identify a student's learning challenges and to identify the right learning interventions for those challenges. We know that privacy is tremendously important to our users.
The Children’s Online Privacy Protection Act (COPPA) protects children under the age of 13. School officials and teachers are authorized under COPPA to provide consent on behalf of parents; therefore, Branching Minds does not obtain parental consent directly. A teacher or school district official provides consent for a child under the age of 13 to use Branching Minds when they create a Branching Minds account for that child. Please contact us at firstname.lastname@example.org if you believe we have inadvertently collected personal information of a child under 13 without the proper consents.
For more information about COPPA, you may visit OnGuard Online.
California Online Privacy Protection Act Compliance
For more infoformation about CalOPPA, you may visit Consumer Federation of California
The Family Educational Rights and Privacy Act (FERPA) provides parameters for what is permissible when sharing student information. Branching Minds is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value; enabling teachers to teachers to identify students’ cognitive learning strengths and challenges, match them with research-backed learning supports, and tracks and reports data on student growth. This information is used only for academic purposes. We do not collect data for collection’s sake, and access is limited and appropriate. See Data Safeguarding for more information about how we use and protect data we collect.
This section provides information about Branching Minds’ data safeguarding practices and explains how we collect, use, and maintain student personal information.
When a school, district or teacher creates a teacher account, a student profile within a teacher account or a student account, Branching Minds begins to collect information about students. Some of the data stored is personally identifiable information (PII).
The following is a list of data fields that may be populated to create a student account:
- First name
- Last name
- Grade level
- English language proficiency
- Student number
- Student username
- Organization number
- SSO ID
As teachers and students use Branching Minds, additional data is collected, including assessment scores and teacher observations of student behaviors when performing a certain academic skill. For example, Branching Minds may ask a Teacher how frequently a Student mixes up the letters B and D.
Branching Minds also collects some personal information about teachers and administrators when a school or district creates accounts. This data potentially includes first and last name, e-mail address, and school or district name.
We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Service.
When we collect the usage information described above, we only use this data in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data can tell us how often users use a particular feature of Branching Minds, and we can use that knowledge to make Branching Minds valuable to as many users as possible.
We do not allow third party advertising networks to collect information about Branching Minds users.
Data we collect is used to provide educational services. For example, Branching Minds collects information about a student’s English language proficiency in order to determine the best learning interventions to recommend for that student.
Branching Minds tracks and assesses a student’s progress when performing a specific academic skill over time. This data is used to generate reports that allow teachers and administrators to identify students who need intervention, recommend appropriate interventions and evaluate student progress. Branching Minds does not sell student personal information, nor do we use or disclose the student information we collect for behavioral targeting of advertisements to students.
We retain some de-identified data (data we have made anonymous by removing all personally identifiable information) to conduct statistical research. This research helps us evaluate the effectiveness of Branching Minds and improve our product.
Data disclosure and access
Branching Minds acknowledges the right parents and legal guardians have under FERPA to review any educational data we collect pertaining to their children. Parents may submit a request to Branching Minds directly at email@example.com or by mail to Branching Minds, Inc., 1407 Broadway, 24th Floor, New York, NY 10018. Upon request, and after verifying identity, we will provide parents and legal guardians access to this data within 45 days. However, we recommend that parents or legal guardians first contact their child’s school or district.
If a parent or legal guardian has questions about modifying, or deleting educational data of a student, we will direct them to contact their school or district and will work with that school or district to properly resolve the matter.
PII data collected by Branching Minds is accessible only to a limited number of Branching Minds employees who need the data to perform their job.
Branching Minds only shares personal information in a few limited circumstances, described below. We do not rent or sell information for marketing purposes.
Who we may share information with:
- We may share information with those that provide us with technology services (e.g. web hosting and analytics services), but strictly for the purpose of carrying out their work for us.
- In the event of a change of control: If we sell, divest or transfer the business or a portion of our business, we may transfer information, provided that the new provider has agreed to data privacy standards no less stringent than our own. We may also transfer personal information – under the same conditions – in the course of mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of our business.
In addition to the actions described above, Branching Minds may facilitate the sharing of student data with third parties, though only when instructed and authorized to do so on behalf of a school or district.
Data retention and management
Data maintained by Branching Minds is protected in a secure environment. See Security Overview below for more information about Branching Minds’ security practices.
All PII provided to Branching Minds will be destroyed upon termination of our relationship with the school or district, or when it is no longer needed for the purpose for which it was provided.
Branching Minds employs United States Office of Education best practice recommendations for data destruction.
Branching Minds uses these processes for data destruction:
- Data is destroyed within 90 days of termination of a relationship with a school or district.
- Data is destroyed using National Institute of Standards and Technology (NIST) clear method sanitization that protects against non-invasive data recovery techniques.
- Sensitive data will not be disposed of using methods (e.g.; file deletion, disk formatting, and one-way encryption) that leaves the majority of data intact and vulnerable to being retrieved.
- The individual who performs the data destruction signs a certification form describing the destruction.
- Occasionally, non-electronic media used within Branching Minds may contain PII. When these documents are no longer required, the non-electronic media is destroyed in a secure manner (most typically using a shredder) that renders it safe for disposal or recycling.
At Branching Minds, we are serious about our data safeguarding responsibilities. We have implemented several security measures to protect PII from unauthorized disclosure.
Branching Minds has implemented privacy and security practices which are compliant with FERPA and COPPA; however, to achieve comprehensive protection of student PII, it is necessary for each school or district to use secure practices as well.
Data is encrypted in transit and at rest.
File Transfer Protocol
Data is securely transferred to Branching minds using File Transfer Protocol (FTP) over secure (SSL/TLS) cryptographic protocol.
Anti-virus software and firewalls are installed and configured to scan our system. The firewall is periodically updated and configured so users cannot disable the scans.
Data Storage Provider
We store all of our data and host Branching Minds at secure off-site facilities managed by industry-leading Amazon Web Services (AWS) at their secured data centers in the United States. These data centers are housed in nondescript facilities and physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or AWS. All physical access to data centers by AWS employees is logged and audited routinely.
All access to the information within Branching Minds stored on these servers is encrypted. User passwords are also encrypted and all data stored with AWS on their computers is secured behind a firewall.
Branching Minds conducts internal security audits and code reviews.
Secure programming practices
Branching Minds software developers are aware of secure programming practices and strive to avoid introducing errors in our application (like those identified by OWASP and SANS) that could lead to security breaches.
Each user of Branching Minds is required to create an account with a unique account name and password.
Branching Minds is located inside the continental United States. Physical access is protected by electronic access devices, with monitored security and fire/smoke alarm systems.
Links to Other Web Sites and Services
How to Contact Us