Privacy Policy
Firia Labs Privacy Policy
We take your privacy very seriously. This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. By visiting or using the Firia Labs Website or Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information.
If you are not of legal age to form a binding contract (in many jurisdictions, this age is 18), you may only use the Services and disclose information to us with your parent’s or legal guardian’s express consent. Review this Privacy Policy with your parent or legal guardian to make sure you understand it.
Which Firia Labs services are covered under this privacy policy?
The following services are covered under this policy:
Service | Description | Student-Facing |
firialabs.com | Web storefront | No. Admin, Teachers, Parents |
make.firialabs.com | CodeSpace Learning Platform | Yes. Students, Teachers |
More restrictive policies are enforced on the Student-facing services, as noted below.
What personal information do we collect from users of our application?
Each login to our web application is authenticated with the user’s Google account. We use Google’s basic account information (email address, user name) to provide individual progress tracking through the lessons. We also request authorization using the Google Drive API for the application to create files and access files it creates while the user is logged in.
When do we collect information?
We collect information from you when you login to our web application, place an order, fill out a form, or enter information on our site.
How do we use your information?
We may use the information we collect from you in the following ways:
- To personalize your experience.
- To improve our website.
- To respond to your customer service requests.
How do we protect your information?
Your personal information is held in secure data centers only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all information is transported over secure HTTPS network connections encrypted via Transport Layer Security (TLS).
We implement a variety of security measures when you place an order, and when you enter, submit, or access your information to maintain the safety of your personal information. All transactions are processed through a gateway provider (Shopify) and are not stored or processed on our servers.
Do we use 'cookies'?
Yes. Cookies are small files that a site transfers to your computer's hard drive through your Web browser, enabling the site to recognize your browser and retain certain information. The Google login service uses cookies to authenticate your session. This is known as a “3rd party cookie”, since it is managed by google.com rather than firialabs.com. We may from time to time use direct and 3rd party cookies from other trusted providers to offer better site experiences and tools in the future.
Do student-facing services allow third party behavioral tracking?
No.
Do non student-facing services allow third party behavioral tracking?
Yes. On the web storefront for example, via Google Analytics and Facebook pixel.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information.
GDPR
The EU General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the world approach data privacy. Firia Labs is committed to complying with all GDPR mandates. Any questions regarding compliance may be directed to Firia Labs’ Data Protection Officer at dpo@firialabs.com. This is your direct contact for help as an EU citizen in exercising your rights as a “Data Subject” under GDPR including, but not limited to the right to erase your personal data, and to access / export your data.
Under the definitions of GDPR, Firia Labs acts as a “Data Controller”, and will only use “Data Processors” that provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the GDPR. Firia Labs employs Google (Cloud Platform, gSuite) as the principle “Data Processor” entity. Other 3rd party data processors listed below are used to provide essential services such as user forums, managing support inquiries, and the online shop:
3rd Party Data Processor |
Role |
Google, LLC |
Saving user programs and progress |
Functional Software, Inc. |
Error diagnostic logging (sentry.io) |
Smartsupp.com, s.r.o. |
Online troubleshooting support |
Shopify, Inc. |
Online shop |
SOPIPA
This Application is compliant with California Student Online Personal Information Protection Act (SOPIPA), meeting the following requirements at minimum:
- do not use any data collected via the service to target ads
- do not create advertising profiles on students
- do not sell student information
- do not disclose information, unless required by law or as part of the maintenance and development of the service
- do use sound information security, including encryption of data and other industry-standard practices
- will delete data that we have collected from students in a school when the school or district requests it
- share information only with educational researchers or with educational agencies performing a function for the school
- innovate safely without compromising student privacy by only using de-identified and aggregated data to develop and improve the service
California Online Privacy Protection Act
CalOPPA is a California state law that requires commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. See more here: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf
In Accordance with CalOPPA: users can visit our site anonymously; we link to this Privacy Policy on the home page; and our Privacy Policy link includes the word 'Privacy', and can easily be found on the home page. Users will be notified of any privacy policy changes on our Privacy Policy Page. Users are able to change their personal information by logging into their account or by emailing us.
Use of G Suite “Google Apps for Education”
This Application uses G Suite and related Google Cloud Platform services to authenticate users and securely manage retained user information. We consider Google a trusted 3rd party provider, given widespread adoption by schools and given CETPA’s finding that the G Suite data privacy terms and conditions comply with FERPA and AB 1584, bolstered by findings of Ernst & Young, which held that G Suite privacy terms and conditions were consistent with the privacy standards established by the International Standards Organization for data privacy.
FERPA
Our collection, use, and disclosure of student data is governed by this privacy policy, any other agreement with an educational agency, the provisions of the Family Educational Rights and Privacy Act (FERPA), COPPA, and applicable state laws which relate to the collection of student data. See the rest of this privacy policy for other details on the limited ways in which we handle student data.
Fair Information Practices
The United States Federal Trade Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.
In accordance with FIPPs, should a data breach occur, we will notify the affected users via email within 7 business days.
AB 1584
Assembly Bill 1584 requires all school districts in California to enter into legal agreements with software and other vendors who follow strict rules concerning the disclosure of student information via electronic or other methods.
The Firia Labs Web Application (Application) is compliant with AB 1584. All pupil-generated content is stored on the pupil’s individual Google Drive account. Pupils retain possession and full access to their content at all times, and may transfer or delete content at any time. Pupils may also de-authorize the Application from their Google account, and retain access to any data previously created by the Application.
COPPA (Children Online Privacy Protection Act)
COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. The Federal Trade Commission enforces the COPPA Rule in the US, spelling out what operators of websites and online services must do to protect children's privacy and safety online.
We adhere to the following COPPA tenets:
- We will not require a child to disclose more information than is reasonably necessary to participate in our service.
- Teachers and parents can review, delete, and manage their students' information through account settings on our website or by emailing support@firialabs.com.
- We notify teachers and parents directly before collecting PII from their children. This includes what specific information will be collected and how it might be disclosed, a link to our online privacy policy, and how teachers and parents can give their consent.
- Parents can give consent by creating accounts for their children and providing the minimum necessary personal information needed during that account creation.
CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Authenticate your user account.
- Send information, respond to inquiries, and/or other requests or questions.
- Process orders and to send information and updates pertaining to orders.
- We may also send you additional information related to your product and/or service (optional).
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if used
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can change your email settings in your account preferences, email us, or follow the instructions at the bottom of each email, and we will promptly remove you from all correspondence.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us using the information below.
Firia Labs
1038 Research Blvd Suite 240
Madison, AL 35758
support@firialabs.com