PRIVACY @ Branching Minds
Last Updated: April 5, 2023 / Last Reviewed: March 6, 2024
Branching Minds Corporate Privacy Policy
Our Corporate Privacy Policy (“Privacy Policy”) describes how Branching Minds, LLC (“Branching Minds,” “we,” “us,” or “our”) handles the personal information that we collect through our website and any other sites that link to this Privacy Policy (collectively, our “Services”).
Branching Minds Platform Privacy Notice
Our Platform Privacy Notice (“Privacy Notice”) describes how we collect, use, and share information about teachers, students, and other users in connection with providing services to school districts or other institutional customers (our “Districts”) through the Branching Minds platform (the “Platform”). We handle such data solely on behalf of our Districts as a service provider or processor, pursuant to our agreement with them. This Privacy Policy does not apply to that information.
Personal Information We Collect
How We Use Your Personal Information
How We Share Your Personal Information
California Online Privacy Protection Act (CalOPPA)
Other Sites, Mobile Applications, and Services
Changes to this Privacy Policy
Platform Data Rights, Disclosure and Access
Platform Data Retention and Management
Changes to Our Platform Notice
Corporate Privacy Policy
Last Updated: April 5, 2023
Personal Information We Collect
Information you provide to us
-
Contact information, such as your name, email address, mailing address, and professional title.
-
Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
-
Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit, and information you provide when you use any interactive features of the Services.
-
Marketing information, such as your preferences for receiving communications about our Services, and details about how you engage with our communications.
-
Other information that we may collect, or which you may choose to provide, which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
Information we obtain from third parties
-
Social media information. We may maintain pages on social media platforms, such as Facebook, LinkedIn, and other third-party platforms. When you visit or interact with our pages on those platforms, their privacy policy will apply to your interactions with them and their collection, use, and processing of your personal information. You or the platforms may provide us with information such as your biographical, educational, and professional experience, and we will treat such information in accordance with this Privacy Policy.
-
Other sources. We may obtain your personal information from other third parties, such as publicly available sources, and data providers.
Automatic data collection. We, our service providers, and our advertising partners may automatically log information about you, your computer or mobile device, and your interactions over time with our Services, our communications, and other online services, such as:
-
Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
-
Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
-
Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
-
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
-
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How We Use Your Personal Information
To operate our Services:
-
Provide, operate, maintain, secure, and improve our Services.
-
Provide you with customer service.
-
Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
-
Understand your needs and interests and personalize your experience with our Services and our communications.
-
Respond to your requests, questions, and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.
Marketing and advertising. We, our service providers, and our advertising partners may collect and use your personal information for marketing and advertising purposes, including:
-
Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers, and events via email. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below.
-
Interest-based advertising. We or our advertising partners, including third party advertising companies and social media companies, may use cookies and similar technologies to collect information about your interactions (including the data described in the “Automatic data collection” section above) over time across our Services, our communications, and other online services, and use that information to serve online ads that our advertising partners think will interest you. We may also share information about our users with these companies to facilitate interest-based advertising to them or similar users on other online services.
Compliance and protection:
-
Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
-
Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims).
-
Audit our internal processes for compliance with legal and contractual requirements and internal policies.
-
Enforce the terms and conditions that govern our Services.
-
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
How We Share Your Personal Information
Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate our Services (such as lawyers, bankers, auditors, insurers, customer support, hosting, analytics, email delivery, marketing, and database management).
Advertising partners. We may share your personal information with third-party advertising companies for the interest-based advertising purposes described above.
Authorities and others. We may disclose your personal information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Your Choices
Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Online tracking opt out. There are a number of ways to limit online tracking, which we have summarized below:
-
Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
-
Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
-
Using privacy plug-ins or browsers. You can block our Services from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
Platform opt outs. The following platforms offer opt out features that let you opt out of use of your information for interest-based advertising:
-
Facebook
-
Google
-
LinkedIn
-
Twitter
Advertising industry opt out tools. You can also use these opt out options to limit use of your information for interest-based advertising by participating companies:
-
Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices
-
Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
California Online Privacy Protection Act (CalOPPA)
CalOPPA requires commercial websites and online services to post a privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared. We comply with CalOPPA by: (i) placing a link to this Privacy Policy on our home page, which includes the word “Privacy” and can easily be found and (ii) prominently notifying users of any privacy policy changes on our Privacy Policy web page.
For more information about CalOPPA, you may visit the Consumer Federation of California.
Other Sites, Mobile Applications, and Services
Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Security
We use organizational, technical, and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of the personal information we maintain. Please be aware though that, despite our best efforts, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” When you provide us with any personal information, you do so at your own risk.
Children
Our Services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through the Services from a child under 13 without the consent of the child’s parent or guardian as required by law, we will delete it.
Job Applicants
When you apply for a job with us, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to provide improved administration of the website, and as otherwise necessary (a) to comply with relevant laws or to respond to subpoenas or warrants served on us; (b) to protect and defend the rights or property of us or others; (c) in connection with a legal investigation; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service.
Changes to this Privacy Policy
We may modify this Privacy Policy from time to time in which case we will update the effective date at the top of this Privacy Policy. If we make material changes to the way in which we use information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on our website, or by other means consistent with applicable law) and will take additional steps as required by applicable law.
How to Contact Us
If you have any questions about this Privacy Policy or the Services, please contact us by email at support@branchingminds.com or by mail at Branching Minds, LLC, 157 Columbus Avenue, 4th Floor, New York, NY 10023.
PLATFORM PRIVACY NOTICE
Last Updated: April 5, 2023 Last Reviewed: March 6, 2024
This Privacy Notice applies to the information that we collect about teachers, students, and other authorized users in connection with providing services to school districts or other institutional customers (our “Districts”) through the Branching Minds platform (the “Platform”). We handle that information solely on behalf of our Districts as a service provider or processor, pursuant to our agreements with them.
Platform Data We Collect
When our Districts create an account for their users, certain information about teachers, students, and other users is electronically synced from the District’s information systems to the Platform. This information may include:
-
Log-in information;
-
First and last name;
-
E-mail address;
-
School and District name;
-
Student grade level;
-
Student language proficiency;
-
Student IEP status;
-
Student date of birth; and
-
Student ethnicity.
Depending on the features offered by the Platform, users may have the ability to provide additional information and content, including posts, communications, profile information, assessment scores, and survey responses, as well as to upload documents and files. We do not collect geolocation, biometric, or health data.
We and our service providers use cookies and other tracking technologies to automatically receive and record information on our server logs from a user’s browser or device, which may include:
-
IP address;
-
Cookie information;
-
Type of browser and/or device used to access the Platform; and
-
Pages or features the user requests.
Users may be able to change the preferences on their browser or device to prevent or limit their device's acceptance of cookies, but this may prevent them from taking advantage of some Platform features.
How We Use Platform Data
We use the data we collect through the Platform solely:
-
To provide contracted educational services to Districts. For example, the Platform collects information about a student’s English language proficiency in order to determine the best learning interventions to recommend for that student.
-
To conduct statistical research. Any data used for this purpose is de-identified (made anonymous by removing all personally identifiable information). This research helps us evaluate the effectiveness of the Platform and improve our product.
-
For compliance and protection reasons. We may need to use data to comply with applicable laws, our internal policies and to protect the legal rights of ourselves, our Districts and their users and others.
We also collect aggregated usage information that does not personally identify individual users. We use this aggregated data to improve our Platform and make the Platform valuable to as many users as possible. For example, this aggregated data can tell us how often users use a particular feature of the Platform. We do not use this data to:
-
Display traditional or contextual advertisements;
-
Provide promotional sweepstakes, contests, or surveys; or
-
Send marketing messages.
How We Share Platform Data
We do not sell any information we collect on the Platform, including student personal information, nor do we use or disclose any information we collect for (a) behavioral targeting of advertisements to students or (b) any other marketing purpose. We do not allow third-party advertising networks to collect information about Platform users. We do not facilitate the use or disclosure of any student personal information by any other party for any marketing purpose or permit another party to do so.
We may share Platform data with our Districts (to the extent that data pertains to individuals associated with that customer), service providers that perform services on our behalf, authorities (for compliance and protection purposes), and participants in a corporate transaction with Branching Minds. We may also allow users to share information with other users where relevant to the features offered by the Platform. For example, we may permit users to interact and share information with each other in community forums and other interactive spaces. Lastly, we may share information as instructed by our Districts or their users. We do not sell any Platform data, nor do we make this information available for behavioral targeting of advertisements to students or any other marketing purpose.
Platform Data Rights, Disclosure and Access
We acknowledge the right parents and legal guardians have under FERPA to review any educational data we collect pertaining to their children. Parents may submit a request as described in the “How to Contact Us” section below. Upon request, and after verifying identity, we will provide parents and legal guardians access to this data within 45 days. However, we recommend that parents or legal guardians first contact their District.
Personal information collected by Branching Minds is accessible only to a limited number of Branching Minds employees who need the data to perform their job, as well as in a few limited circumstances, described above. We do not rent or sell information for marketing purposes.
Districts retain all ownership rights to any personal information that we collect through the Platform. As a result, our Districts may:
-
Request that we (i) delete, (ii) export, or (iii) modify any inaccurate data collected by us, at any time.
-
Access and review the data we have collected at any time, by either logging in to our platform or requesting an export.
Users may also change some of the personal information which is stored on the Platform by logging in to their Branching Minds account or by contacting their District’s administrator directly. If a parent or legal guardian has questions about modifying, or deleting educational data of a student, we will direct them to contact their District and will work with the District to properly resolve the matter.
COPPA
We do not gather any information directly from students under the age of 13, unless we believe we have legal permission to do so, as indicated by our Districts acting on behalf of parents or guardians. We require our Districts to obtain any necessary parental consent or provide any required disclosures to parents or guardians as required by law.
FERPA
The Platform is authorized by our Districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value: enabling teachers to identify students’ cognitive learning strengths and challenges, match them with research-backed learning supports, and tracks and reports data on student growth. Student personal information is only used for the purposes set forth in this Platform Policy.
Platform Data Retention and Management
We describe how we protect data maintained on our Platform in the “Security Overview” section below.
We employ the United States Office of Education best practice recommendations for data destruction. Unless otherwise requested by the District LEA, all personal information provided to us will be destroyed upon termination of our relationship with the District (typically during September of the school year following the school year in which the District LEA opts to terminate our relationship), or when it is no longer needed for the purpose for which it was provided.
Platform Security Overview
We take steps designed to secure personal information collected on the Platform against unauthorized access and use. If we learn of a systems security breach by an unauthorized party or that any of the personal information stored on the Platform was used for an unauthorized purpose, we will immediately notify the relevant Districts electronically so that the District and its users can take appropriate protective steps.
-
Software Security: We implement privacy and security practices which are compliant with FERPA and COPPA. Our Districts and their users, however, must use secure practices to help achieve comprehensive protection of student personal information as well.
-
NIST CSF Alignment: We regularly align our security practices with the NIST Cybersecurity Framework.
-
Data encryption: We encrypt personal information in transit and at rest.
-
File transfer protocol: We use File Transfer Protocol (FTP) over secure (SSL/TLS) cryptographic protocol to transfer personal information.
-
Firewalls: We utilize stateful firewalls, network access control lists, subnetting and virtual private cloud networks to segment and protect our information resources.
-
Proactive Defense: We utilize antivirus software, intelligent threat detection, and enhanced detection and response software to protect our systems. Policies prevent users from disabling antivirus and enhanced detection & response software on company computers.
-
Data storage provider: We store all our data and host the Platform at off-site facilities which are managed by Amazon Web Services (AWS) at their United States data centers. AWS secures our data using a variety of measures, including: (a) housing the data centers in nondescript facilities; (b) strictly controlling physical access both at the perimeter and at building ingress points by professional security staff utilizing video surveillance; intrusion detection systems, and other electronic means; (c) requiring authorized staff to pass two-factor authentication a minimum of two times to access data center floors; (d) requiring all visitors and contractors to present identification, sign in, and be continually escorted by authorized staff; (e) limiting access and information to employees and contractors who have a legitimate business need for such privileges; (f) revoking access privilege when an employee no longer has a business need for these privileges; (g) logging and routinely auditing all physical access to data centers by AWS employees; (h) encrypting all access to the information within the Platform stored on these servers; (i) encrypting user passwords; and (j) securing all data stored with AWS behind a firewall.
-
Security audits: We conduct internal and third party security audits and code reviews.
-
Secure programming practices: Our software developers are aware of secure programming practices and strive to avoid introducing errors in our application (like those identified by OWASP and SANS) that could lead to security breaches.
-
Account protection and identity verification: We support account authentication and identity verification exclusively through single sign-on technologies and protocols, such as SAML.
-
Facility security: Our facilities are located in the continental United States. Physical access to our facilities is protected by electronic access devices, with monitored security and fire/smoke alarm systems.
Changes to Our Platform Notice
This Privacy Notice may be updated from time to time. If we modify this Privacy Notice, we will post notice of the modification on www.branchingminds.com or provide Districts with such notice by email directly. We will also update the “Last updated” at the top of this Privacy Notice. We advise users and Districts to consult this policy regularly for any changes and to contact us with any questions.
How to Contact Us
Please contact us by email at support@branchingminds.com or by mail at Branching Minds, LLC, 157 Columbus Avenue, 4th Floor, New York, NY 10023.