At WeIntervene, we take seriously your trust in us to maintain the privacy of student and family information. We designed our platform with data security and privacy in mind.
If you have questions or concerns with anything in this policy, or about WeIntervene’s data practices generally, please contact us at info@WeIntervene.com.
What is WeIntervene?
- WeIntervene is an online referral management system with a database of academic and social services. We allow educators to search, share, manage and monitor resources. The monitoring aspect of WeIntervene uses the amount of referrals shared by educators to inform school leaders of the most requested services in their school community. We hope, that with this information in hand, school leaders will partner with organizations or create their own programs that will target the needs and dreams of all their students. (Collectively, “Services.”)
What information does WeIntervene collect?
- At all times, the company collects only the information it needs to deliver the contracted Services. No unnecessary information is collected.
- Information that is inadvertently collected as part of the raw data set but is not required in order to deliver the Services is removed and is not stored on the system.
- Information collected from schools and programs:
- WeIntervene collects a finite set of fields from schools and programs: student rosters (i.e., student names); names of parent and family contacts; mobile number and/or email of parents and family contacts (all of whom must be authorized by the parents to receive information about the student); teacher names; teacher emails; teacher mobile numbers; and student IDs (this is optional, at the discretion of the school).
- WeIntervene also captures certain information on shares sent on the platform, meaning the company may be privy to the following of each share sent: date, how it was shared, and the amount of shares by any user or specific schools.
- However, all data is de-identified so the company does not track specific messages or users.
- The team reviews school reports and information and recommends customized interventions based on the data we see, but only if the school consents to sharing this information.
- Within a school or program account, staff may only see data on the students whom they serve. Administrators have access to data for all students in their school.
- Information automatically collected through technology:
- When we collect the usage information described above, we only use this data in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services more effective.
- We use software tools such as Google Analytics to collect page interaction information such as clicks, drags, and hover-overs, response times, errors, and length of visits to certain pages.
- Why we collect information
- We collect certain limited information in order to deliver the contracted Services to schools and programs.
- We also collect usage data to diagnose problems and ensure that schools and programs are effectively using the features that will benefit them the most.
- We use aggregated and de-identified student data to create reports and recommendations that we believe will be effective in improving school and program academic and social goals.
- We do not collect superfluous data that is not directly relevant to the goals of the schools and programs that work with us. Nor do we build a personal profile on students other than as needed to support the authorized delivery of our Services.
Whom do we share data with?
- WeIntervene uses third party vendors that act as the company’s agents. We employ these vendors to perform tasks on our behalf and we need to share user information with them to provide products or services to you. For example, we may use Amazon Web Services to provide server space. These agents do not have any right to use information we share with them beyond what is necessary to assist us in providing the services. To see a list of the agents to whom we are sending this information, please email firstname.lastname@example.org.
- We will never share your information with any advertisers whatsoever.
- Data that WeIntervene collects will never be the source of targeted advertising based on behaviors.
- We do not use social plug-ins because social media often uses user information for targeted advertising.
- No data that WeIntervene collects is ever made public in any way.
Who owns the data that WeIntervene collects?
- For public schools, the district owns the data, and ownership is never transferred to WeIntervene.
- For charter schools and independent schools, the school owns the data, and ownership is never transferred to WeIntervene.
- For programs, the program or affiliated CBO owns the data, and ownership is never transferred to WeIntervene.
- In each case, ownership will be specified in the contract between the client and the company.
When is data deleted?
- If a school or program terminates their relationship with WeIntervene, the company will completely delete all data files from that school or program on the company’s system.
- Parents and families may opt out at any time and request that their child’s information not be collected by WeIntervene. Such a request must come in writing through the school or program, and the school or program must verify that it is in fact the parent who is making the request. Once the company receives the written request with authentication by the school or program, it will remove the student and delete all records of the student immediately.
- The company maintains a record of all requests to delete data.
How secure is the system?
- No method of transmission over the internet, or method of electronic storage, is 100% secure. WeIntervene follows best practices but the company cannot guarantee absolute security.
- The WeIntervene platform was designed with data security in mind. WeIntervene believes in implementing and maintaining best practices as early as possible, to foster a culture of integrity, accountability and responsibility as the company grows. Examples of the company’s best practices include:
- The company uses best practices with password encryption.
- No port is available to the general public, requiring an authorized system entrant to authenticate with security appliances before making further non-HTTP connections.
- The company uses Digital Ocean which is a secure cloud hosting service.
What is the company emergency plan in case of a breach?
- Although the company makes good faith efforts to maintain the security of the information we collect, no system is 100% secure. Outages, attacks, human error, system failure, unauthorized use or other factors may compromise the security of user information at any time.
- The company has a comprehensive security program in place that is designed to identify breaches as soon as they happen.
- As soon as the company learns of a security breach, we will attempt to notify you electronically (subject to any applicable laws) so that you can take appropriate protective steps. For example, we may post a notice on our homepage or elsewhere on the Service, and may also send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.
- Once on notice of a breach, WeIntervene acts quickly and decisively to fix them.
- Users can support our secure environment by regularly changing their password, and not sharing their password with anyone.
Is WeIntervene integrated with other systems?
- At this time, WeIntervene is integrated with no systems.
WeIntervene is compliant with the Family Educational Rights and Privacy Act (“FERPA”).
- Parents and families are informed by the school and by WeIntervene in writing each year that their students’ information will be collected by WeIntervene.
- Parents have the right to opt out of having their students’ information collected by WeIntervene.
- Parents may access their students’ records via a school personnel on WeIntervene, and they have the right to request amendment of their students’ records. For students who are 18, the right to access and amend records is held by the students.
Is WeIntervene compliant with the Children’s Online Privacy Protection Act (“COPPA”)?
- Because the company does not provide access to its application to children under 13, COPPA is not triggered.
Is WeIntervene compliant with Health Insurance Portability and Accountability Act (“HIPAA”)?
- Because schools are not Covered Entities under HIPAA, this law is not triggered.
How are users informed of changes to this policy?
- If we make significant changes, we will provide all users with prominent notice by posting a notice on the Service and/or notifying you by email (using the email address you provided).
Last Updated January 28, 2016