Who are you?

Student or child

Teacher, parent or guardian

Your teacher (or tutor) must create your account.

Ask them to make you one, along with some challenges, and then start playing!

Log in to all our products

Privacy Policy – Troubadour

Note: An other privacy policy may apply to you if your membership is subject to a contract, agreement with a government or educational institution. Account creation will include specific documentation for your case.

Privacy Policy – Troubadour

Note: Another privacy policy may apply to you if your membership is subject to a contract or agreement with a government or educational institution. Account creation will include specific documentation for your case.

VERSION 3.0 – EFFECTIVE AS OF NOVEMBER, 2024


This Privacy Policy is designed to comply with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), Children's Internet Protection Act (CIPA), Protection of Pupil Rights Amendment (PPRA), New York Education Law 2-d and Quebec’s law 25.

INTRODUCTION

At Nanomonx, we believe in the privacy of our users and the protection of their data. We commit ourselves to protect the confidentiality of the data we collect from Students and Managers using Troubadour. We assure users of Troubadour that we only collect user data that is essential for educational purposes and the proper functioning of our service. We will at no time sell or share Personally Identifiable Information (PII) with third parties. Student data will never be used for marketing purposes.

PARENTS' BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY

In compliance with New York Education Law 2-d, we provide the following Parents' Bill of Rights:

  1. A student's personally identifiable information (PII) cannot and will not be sold or released for any commercial purpose

  2. Parents have the right to inspect and review the complete contents of their child's education record

  3. State and federal laws protect the confidentiality of personally identifiable information

  4. Safeguards associated with industry standards and best practices must be in place when data is stored or transferred

  5. Parents have the right to have complaints about possible breaches of student data addressed

  6. Parents can expect a complete list of all student data elements collected by the State available for public review

  7. Parents have the right to be notified of a data breach or unauthorized disclosure of student data

  8. Parents have the right to expect educational agency workers who handle student data receive annual training

DATA PROTECTION AND SECURITY

Data Protection Officer

Nanomonx has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this policy and various education privacy laws. Contact information for the DPO:

Name: Alex Gray

Email: alex.gray@nanomonx.com 


PLATFORM CONTENT AND SAFETY (CIPA)

Troubadour is an educational writing platform that provides a safe learning environment. While the Children's Internet Protection Act (CIPA) applies to schools and libraries providing internet access rather than to individual websites, we maintain high standards for appropriate educational content:

Content Standards

  1. All content on Troubadour is educational in nature and appropriate for classroom use

  2. Our platform is specifically designed for academic writing and learning activities

  3. User-generated content (such as student writing and teacher feedback) is managed within closed classroom environments under teacher supervision

Classroom Management

Teachers maintain control over their classroom environment through:

  • Monitoring student writing and interactions

  • Managing sharing permissions for student work

  • Controlling access to classroom features and content

  • Supervising bulletin board posts and interactions

Platform Security

We implement security measures to maintain a safe educational environment:

  • Secure user authentication

  • Closed classroom environments

  • Teacher-supervised sharing features

  • Protected communication channels between students and teachers


STUDENT PRIVACY AND RIGHTS  (PPRA)

While the Protection of Pupil Rights Amendment (PPRA) primarily applies to schools and educational agencies rather than individual educational websites, Troubadour maintains strong privacy protections for students:

Student Data Usage

  1. Our platform is used exclusively for educational writing activities

  2. We do not:

    • Conduct surveys collecting personal information from students

    • Engage in student marketing activities

    • Collect any sensitive information beyond what's required for basic platform functionality

    • Use student information for any purpose other than providing our educational service

Platform Limitations

Troubadour is strictly an educational writing platform that:

  • Allows students to write and submit assignments

  • Enables teachers to review and provide feedback

  • Facilitates classroom writing activities

  • Maintains academic records of student work

All features are directly related to our core educational purpose, and we do not engage in activities typically regulated by PPRA such as surveys, marketing research, or collection of non-educational information.


COPPA COMPLIANCE

In accordance with the Children's Online Privacy Protection Act (COPPA), Troubadour obtains necessary consent for collecting information from children under 13 years old through their schools and teachers.

Consent Process

COPPA allows schools and teachers to act as intermediaries and provide consent on behalf of parents when:

  • The collection of personal information is for the use and benefit of the school

  • The collection is for educational purposes only

  • The information is used solely for educational purposes

Following this provision, Troubadour:

  1. Obtains consent through teachers who:

    • Review and accept our Privacy Policy

    • Create or approve student accounts

    • Manage student access to the platform

  2. For students joining through Quick Access Codes:

    • Temporary access is granted for 72 hours

    • Teacher must validate the account within this period

    • Non-validated accounts are automatically anonymized after 72 hours

Access and Control

Through their teachers, students and parents can:

  1. Review the student's personal information

  2. Request deletion of information

  3. Refuse further collection of data

  4. Request account anonymization

Teachers are responsible for:

  1. Communicating our Privacy Policy to parents

  2. Ensuring they have authority to provide consent

  3. Responding to parent requests regarding student data

  4. Managing student accounts in their classroom

Data Limitations

To minimize data collection, we:

  1. Only collect information necessary for platform functionality

  2. Do not require students to provide personal information beyond basic account needs

  3. Allow teachers to use display names that protect student privacy

  4. Never use student information for marketing or non-educational purposes



FERPA COMPLIANCE STATEMENT

Nanomonx acknowledges that student data collected through Troubadour constitutes "education records" under FERPA.
We commit to:

  1. Maintaining the confidentiality of student education records

  2. Only collecting and using student information for legitimate educational purposes

  3. Following all FERPA requirements regarding the disclosure and protection of student information

  4. Acting as a "school official" with "legitimate educational interests" as defined by FERPA

  5. Providing parents and eligible students with all rights granted under FERPA


GLOSSARY

SERVICES

Troubadour Services consist of:

The Website:

EDUCATIONAL RECORDS

Under FERPA, educational records are defined as records that are:

  1. Directly related to a student; and

  2. Maintained by an educational agency or institution or by a party acting for the agency or institution.

In the context of Troubadour, this includes:

  1. Student-created content

  2. Assessment data

  3. Progress tracking information


USERS

Troubadour is used by the following types of users:

Parents, teachers, tutors or school administrators that can connect to any of the previously mentioned interfaces. In this document, we will use the term Manager for any adult managing subscription packages, a class or a group.

Students that connect to the Troubadour Website. In this document, we will use the term Student for any member of the classroom that is not a Manager. 

Note : 

Under FERPA, students who are 18 years or older or attending a postsecondary institution ("eligible students") have specific rights regarding their educational records.

Parents/Legal Guardians: Under FERPA, parents have specific rights regarding their child's  educational records until the student becomes an "eligible student."


THE CLASSROOM

Collectively, the Students of a class and the Manager who manages it.


DIRECTORY INFORMATION

Certain student information may be designated as "directory information" under FERPA. At Troubadour,  we consider the following information as potential directory information:

  1. Student's first name (as provided by Manager)

  2. Grade level

  3. Participation in officially recognized activities within the platform

Schools must inform parents/eligible students about directory information and allow them a reasonable amount of time to opt out of its release. Managers are responsible for ensuring compliance with their school's directory information policies when using Troubadour.


CLASSROOM GENERATED CONTENT (CGC)

The Services consist of a platform that (1) allows Students to write text later corrected by the classroom Manager, and which can be shared with other Students in the Classroom, and/or with any other person, if so allowed by the Manager, and (2) allows Managers to create challenges they can share with their Students or with other Managers. 

All such content is considered part of a student's educational record and is protected under FERPA. 

Nanomonx thus records these texts (CGCs) to ensure their availability for these purposes. The sharing of this CGC inside or outside of the Classroom is therefore also subject to the school administration's privacy policy and FERPA requirements, and Nanomonx cannot be held liable if confidential or sensitive information is shared in this context. Nevertheless, Nanomonx takes all necessary precautions to ensure that this GCC is not shared with people not authorized by the Manager and in compliance with FERPA, as described in this Privacy Policy.


TERMS AND CONDITIONS

Nanomonx complies with the requirements of US and Canadian privacy laws, including:

  1. Family Educational Rights and Privacy Act (FERPA)

  2. Children's Online Privacy Protection Act (COPPA)

  3. Personal Information Protection and Electronic Documents Act (PIPEDA)

Under FERPA, educational institutions must:

  1. Obtain written permission from parents or eligible students before disclosing educational records

  2. Disclose records without consent only under specific FERPA exceptions

  3. Notify parents and eligible students of their FERPA rights annually

 As a service provider to educational institutions, Troubadour:

  1. Acts as a "school official" under FERPA when handling student data

  2. Only uses student data for legitimate educational purposes

  3. Remains under the direct control of the educational institution regarding student data

  4. Does not redisclose student information without proper authorization


Since regulations such as COPPA authorize the teacher to act on behalf of the parent to provide consent to the collection of children's personal information, Nanomonx requires that either the teacher or the parent accepts the terms of this Privacy Policy before collecting any information on his or her Students and keeping them for a period longer than 24 hours. If the teacher consents, he or she is responsible for communicating the contents of this Privacy Policy to the parents of the students and must be assured of their consent.

If you do not agree to the terms and conditions of this Privacy Policy, you should not submit information to or register an account with us, or use the Services.

CONSENT

As mentioned above, consent to the collection of private information can be given either by the teacher or the parent. If the Student Account is created by a parent or teacher, accepting our User Terms will count as Consent.

We also have a system where students are able to join a Classroom through a Quick Access Code. A Student Account created this way will need to be validated within 72 hours by the Classroom's Manager (parent or teacher) or it will be anonymized automatically since consent will not have been provided.

FERPA-Specific Consent Requirements:

Under FERPA, schools must have written permission from parents or eligible students to release educational records to any third party outside of specific exceptions.


COLLECTED DATA

All data collection and storage practices comply with both FERPA and COPPA requirements. 

Under FERPA, parents and eligible students have the right to:

  1. Inspect and review educational records

  2. Request amendment of records they believe to be inaccurate

  3. Consent to disclosures of personally identifiable information

  4. File a complaint with the U.S. Department of Education


Managers:

In order to provide the Services, Nanomonx collects personal information from Managers for the purposes of:

  • Logging in a user to the Services

  • Sales and billing

  • Services functionality

  • Managers submitting challenges to Students

  • Students submitting creations to Managers

  • Completing challenges as would a Student

  • Ensure service availability and reliability

The following information, relative to the Manager, can be collected:

  • Email address

  • Billing and shipping address

  • Browser and device used

  • Name of the school, school level

  • Payment information

  • Services data

  • Content created by the Manager (challenges, Student work corrections, comments to Students, etc.)

  • Service Usage Data (connections, subscription packages purchased or transferred, etc.)

  • Data related to errors and exceptions

Students:

In order to provide the Services, Nanomonx collects information about Students for the purposes of:

  • Logging in a user to the Services

  • Services functionality

  • Students submitting creations to Managers or correcting their work

The following information, relative to the Student, can be collected or inferred:

  • Username, can be an email address

  • Display name, selected, entered and/or approved by the Manager

  • School level, Manager's name

  • Services data (usage time, number of words written, etc.)

  • Content created by the Student

  • Data related to errors and exceptions

Note that the only personally identifiable information (PII) we might collect for a Student are:

  • Display name: This can be anything and Nanomonx does not require real names to be used. Since it is often useful for Managers to use real names, they are often used in this case.

  • Username: Again, the username does not have to be personally identifiable. Using a Student's email as a username is very efficient and this information is sometimes collected.

Apart from the above, we never directly ask the Student for any personally identifiable data.

In order to provide the Services, Nanomonx does not collect the following information:

  • Physiological and biometric data

  • Geolocation data

  • Contacts or friends list of the user

  • Any data about other applications' usage on the device

  • Internet navigation history

THIRD PARTIES

In order to provide the Services, Nanomonx works with third parties. The collected Student data is only shared with third parties that have privacy policies that are consistent with our own Policy. Nanomonx shares data with the following third parties:

For non-student data

For Managers, we use a more diverse set of tools to maintain the business relationship:

  • Customer support and relationship tools

  • Newsletter subscriptions

  • Business analysis

  • Billing and Invoicing

  • Online payment of subscriptions

While they are not restricted to a single vendor and geographical location, those tools and suppliers have proper privacy policies and terms of service that we can provide.


For student data

Bugsnag

Bugsnag is a platform generating automated error reports. These errors (bugs) can occur when interacting with the Troubadour Website. Error reports are provided to Nanomonx only and are deleted after 60 days. These reports are solely used by Nanomonx to identify the causes of the errors in order to fix them and provide a better experience with the Services.

The data that can be captured by Bugsnag consists of:

  • The username (email address of the Teacher or username of the Student)

  • The list of actions performed by the Teacher in the Nanomonx Product Websites prior to the error (stacktrace)

  • The request made on our servers

  • The data included in this request (this may contain CGC)

  • The Teacher's or Student's browser if the error occurred in the Troubadour Services

  • Language defined by the Teacher for the use of the Services

  • The Teacher's or Student's operating system if the error occurred in the Troubadour Services

Bugsnag neither uses nor consults the data collected, and only transfers it to us in the error reports.

Link to Bugsnag's privacy policy: https://smartbear.com/privacy/

GOOGLE

If you choose to connect using your Google account, either a personal account, or one provided by your Employer/Education Institution by Google Workspace, Nanomonx will use that account to access sensitive data. Below is an exhaustive list of data we collect and how we use it:

Teacher's email addresses and names:

  • Create accounts and sign-in.

  • It can be used to occasionally communicate with teachers. Those communications are not for marketing purposes but for proper functioning of the platform.

Teachers can also decide to use our Google Classroom integration. This integration allows Google Classroom users to import their classrooms and configurations into Nanomonx, and allow for simple authentication and authorization.

If a teacher chooses to import students from a Google Classroom course, we will also access the names, email addresses and profile pictures of the students.

  • Student's emails are used purely as a unique username. We will never communicate with them through that address.

  • Their names and profile pictures are only used to allow teachers and students to identify members of their classes.

Both integrations are completely optional.

Nanomonx will never sell data collected through any means, including Google.

Our use of the Google APIs fully adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Privacy Policy: https://policies.google.com/privacy?hl=en-US

WHERE DO WE KEEP THE DATA

All student data is stored through a central provider known as Amazon Web Services in secure environments across Canada. These devices are only accessible by our own technical staff. This also applies to backups. When you use our services, you always use a secure connection between your browser and our private environment on Amazon Web Service.

COOKIES

Cookies are small data files that can be saved on your device when you use web pages or other online services. They are frequently used to improve web sites' functionality. Other types of technologies can also save small amounts of data on your devices, we will integrate them to the concept of Cookies for the purpose of this document.

In order to provide the Services, Nanomonx only uses the following type of Cookies:

Performance and functionality: These cookies are not essential but they help us personalize and optimize the user experience. For example, they can save a user's preferences so they do not have to enter them more than once. They may also remember a user's username and password so they do not have to enter them each time they access a web page.

Our Services do not use cookies for advertising purposes.

WHAT DOES NANOMONX DO WITH THE COLLECTED DATA?

Nanomonx's business model is based on the sale of subscription packages to Teachers, educational institutions (schools, school boards or districts, etc) or parents. Nanomonx will never generate revenue by selling or using its users' data outside the scope of subscription packages sales. The information gathered is used for the following purposes:

  • Allowing Managers to manage the Services

  • Allowing Students to use the Services

  • Billing Managers or school administrations

  • Communicating Services updates or important information about the Services

  • Discovering bugs and fixing them

Nanomonx does not share any personal information outside the Classroom except for the above cases, without the written consent of the Manager.

Anonymized data, where individual users are not identifiable, is collected and is used for the purposes of:

  • Statistics

  • Research and development

  • Customer support

In accordance with FERPA:

1. Use Limitations:

    - Data is used solely for legitimate educational purposes

    - No sale or unauthorized disclosure of educational records

    - No use of educational records for marketing or advertising to students

 

 2. Access Controls:

    - Educational records are only accessible to authorized school officials

    - Access is limited to legitimate educational interests

    - All access is logged and monitored

 

 3. Redisclosure Restrictions:

    - Information from educational records may not be redisclosed without proper authorization

    - All redisclosures must be tracked and logged

    - Parents/eligible students have the right to know who has accessed the records


ADVERTISEMENTS AND MARKETING

The Services do not show Students any advertisements, whether for other Nanomonx products or other companies' products.

DATA DELETION

Personal information can be deleted by written request from the Manager or parent or by the Students themselves if they are 14 years old or older.

Student information

Otherwise, student's personal information will be deleted in the following scenarios:

Scenario 1: The Student does not have a Manager linked to their account with a valid email or a personal confirmed email and the student has not signed in for 23 months. Result: The student account is automatically anonymized.

Scenario 2: The Student has a Manager linked to their account with a valid email address or a personal confirmed email but has not signed in for 23 months. Result: An email is sent to the email addresses linked to the account, mentioning the upcoming deletion of the account. The email contains a link to prevent the deletion, thus resetting the 23-month period. If the link is not clicked, the student account is automatically anonymized.

Scenario 3: The student creates an account via the fast access link (usually used in class) and no consent is given by the teacher or a tutor within 72 hours. Result: The student account is automatically anonymized.

Manager information

When the teacher, parent, tutor, school staff or any other adult has not signed in for 22 months and has no valid subscription, we will send an email to warn of the upcoming account anonymization.

If the link to prevent the anonymization is not clicked, we will send a second email later.

If the link in the second email is not clicked, the account will be anonymized a month later for a total of 24 months of inactivity.

Both warning emails also contain a link to anonymize the account right away.


Under FERPA requirements:

Parents/eligible students may request deletion of records where no retention requirement exists.

Schools must evaluate deletion requests in accordance with their policies and legal obligations.

Troubadour will assist schools in implementing approved deletion requests.


SECURITY POLICY

Nanomonx uses industry standards of protection to prevent users' data from being accessed, used, modified or destroyed by third parties. The methods used include, but may not be limited to:

  • Containment of database(s) inside a Virtual Private Cloud (VPC), access to which is extremely restricted

  • Encryption of database data in transit and at rest

  • Use of SSL / HTTPS for all data transmission over the Internet

  • Multi-factor authentication on administrator-level access to third-party tools

  • Code reviews track security vulnerabilities

  • Firewalls, private keys, anti-virus protection, and encrypted local hard drives

Note that data security cannot be 100% guaranteed due to constant advances in hacking methods and technologies. Nanomonx cannot be held responsible in the event of lost or altered user data. If any data breach occurs, concerned Manager users will be notified by email as soon as possible, and measures will be taken at the earliest opportunity to mitigate the risks associated with this data breach.

CLASSROOM GENERATED CONTENT

In their use of the Services, Teachers and Students generate a lot of content (CGC). 

Under FERPA, while student work is generally considered part of educational records, schools may designate certain student work for display or sharing purposes with appropriate permissions. 

The Troubadour bulletin board feature operates under this framework.


Bulletin Board and Content Sharing:

1. Teacher Authorization:

    - Teachers act as authorized school officials in determining what content to share

    - Teachers must ensure shared content complies with school policies

    - Teachers are responsible for obtaining any necessary permissions per school policy


2. Content Types and Sharing:

    - Student work displayed on bulletin boards may be considered directory information if designated by the school

    - Schools should include "student work selected for display" in their directory information policies

    - Even when shared, students retain ownership of their creative content


3. Sharing Safeguards:

    - Teachers can control visibility of bulletin board content

    - Students/parents can request removal of shared content

    - Schools maintain ability to set sharing policies


The sharing of CGC inside or outside of the Classroom through the bulletin board feature is subject to the school administration's privacy policy and content sharing guidelines. While Nanomonx provides the sharing functionality, it is the Teacher's responsibility to ensure appropriate use of the bulletin board feature according to their school's policies.


ACCESS TO PERSONAL DATA

If they forget their information and cannot login, Students cannot access their own private data. They can obtain this data (display name and username) only by asking their Teacher, who can access it through the Nanomonx Products Websites. Neither the Students or their Teacher have access to the Students' passwords, except of course at the time of its creation or reinitialization. Even though the information collected on a Student is available to the Teacher, Nanomonx can also provide this data to the Students' parents or the Students themselves if they are 14 years old or older, upon written request.

Under FERPA, the following rights and procedures apply:

 

1. Right to Inspect and Review:

    - Parents/eligible students have the right to inspect and review educational records

    - Schools must provide access within 45 days of request

    - Schools must respond to reasonable requests for explanation

 

2. Access Procedures:

    - Schools must verify the identity of requestors

    - Schools may not destroy records if there is an outstanding request

    - Schools must provide copies if circumstances prevent in-person review

 

3. Record Amendment:

    - Parents/eligible students may request correction of inaccurate records

    - Schools must respond to amendment requests promptly

    - Schools must provide opportunity for a hearing if amendment is denied


4. Access Restrictions:

    - Schools may not destroy records if there is an outstanding request

    - Access must be provided even if the student has outstanding fees

    - Schools may redact information about other students


CHANGE IN OWNERSHIP

In the event where some or all of Nanomonx and its assets are purchased or merged with a third party, users' personal information would be part of the transferred assets. 

FERPA Obligations During Ownership Changes:

1. Prior to Transfer:

    - Educational institutions must be notified of pending transfers

    - Schools must have opportunity to retrieve or delete their data

    - Written assurances of continued FERPA compliance must be provided

 

2. During Transfer:

    - Educational records must maintain FERPA protections

    - Access controls must remain in effect

    - All FERPA obligations transfer to new owner

 

3. Post-Transfer:

    - New owner must maintain FERPA compliance

    - Schools must be notified of any changes in data handling

    - Schools retain right to terminate service and retrieve data


This Privacy Policy would continue to apply and the new owner would only be allowed to manage users' data in accordance with this Policy (unless the user agrees to a new privacy policy). Nanomonx will notify the Teacher users of such transactions in the 30 days following the transaction, either by updating its website or by email. If you do not accept the information transfer to the third party, you can request that the information be deleted and we will comply.

In the unlikely event that Nanomonx should cease its operations, all personal data will be deleted in the 12 months following the end of its operations.

DISCLOSURE OF INFORMATION TO COMPLY WITH LEGAL OBLIGATIONS

FERPA permits disclosure without consent in specific circumstances:

1. Legal Requirements:

    - Compliance with judicial order or lawfully issued subpoena

    - Schools must make reasonable attempt to notify parent/eligible student in advance

    - Exception for federal grand jury and law enforcement subpoenas where notification is prohibited

 

2. Health and Safety Emergencies:

    - Disclosure necessary to protect health or safety of student or others

    - Determination must be made on case-by-case basis

    - Record of disclosure must be maintained

 

3. Audit and Evaluation:

    - Federal, state, and local education authorities

    - Organizations conducting studies on behalf of educational institutions

    - Accrediting organizations


Nanomonx can disclose certain user personal information if it believes, in good faith, that this is mandatory to comply with certain legal obligations such as a subpoena or any other legal process. We could have the obligation to disclose personal information if it is needed in order to protect the rights, property and security of Nanomonx, its employees, its community or other, or to prevent the violation of our current contractual agreements. This includes, without restricting itself to, the sharing of information with other companies or organizations for fraud protection or to comply with governmental requirements.

CHANGES AND UPDATES TO THIS PRIVACY POLICY

This Privacy Policy takes effect in November 2024 and the current version is 3.0. Nanomonx may, on rare occasions and at its sole discretion and without prior notice, update, revise, modify or add to the content of this Privacy Policy.

If Nanomonx changes this Policy in any way, a notice will be sent to the Managers subscribing to the Services with a link giving access to the new privacy policy. The new version of the policy will also be made available on Nanomonx's website.

During a Manager's first connection to one of the Nanomonx Website products following a material change to this privacy policy, Nanomonx will request the Manager to review and confirm acceptance of this new Privacy Policy by clicking on an "I agree" button before continuing to use the Services.

As we do not collect any information that would enable us to directly communicate with the Students or their parents, and since regulations such as COPPA allow the Teacher to act on behalf of the parent to provide consent to the collection of children's personal information, Nanomonx requires that the Teacher accepts the terms of this new Privacy Policy before collecting any information on his or her Students. It is the responsibility of the Teacher to communicate to the Students' parents the contents of this new Privacy Policy, and to make sure they consent to them.

FERPA-Related Policy Updates:

1. Notification Requirements:

    - Schools must be notified of any changes affecting FERPA compliance

    - Changes affecting FERPA rights require explicit school approval

    - Schools must be given time to review and respond to changes

 

2. Implementation of Changes:

    - Changes affecting FERPA compliance require school confirmation

    - Schools must have opportunity to terminate service if changes are unacceptable

    - Records of policy changes must be maintained


INCIDENT HANDLING

At Nanomonx, we take incident handling and disclosure very seriously. A Nanomonx Security Committee ensures that the data security program and the data breach action plan are updated at all times. Those documents can be provided upon request.

Here is a brief summary of our action plan in case of a data breach:

Once the breach has been contained, the Communications Manager will be able to communicate with affected 3rd parties.

  • If the affected parties are internal to Nanomonx, the Product Manager will handle communications with employees.

  • We must communicate the following information:

    • Which users were affected

    • What types of data was accessed

      • E.g. Passwords, usernames, other personally identifiable information (PII)

    • How long the data breach has been exposed

    • If child data was breached

    • If the breach has been dealt with

Ideally, this will be done simultaneously with all affected parties. If a serious breach occurs, we will also notify users through social media.

There are also certain situations where we are legally required to report breaches to the government and to affected parties.

There may be other regulations that apply based on the localities of the affected users. Part of this step is working out if other notifications need to be sent out.

The Quebec and Canada regulations require notification only if there is a "real risk of significant harm (RROSH) to an individual." At the time of writing this document, this is a standard that we will not follow as we do not retain this sensitive information on our users.

Education Law 2-d Breach Reporting

In addition to our existing incident handling procedures, for New York educational institutions:

  1. Immediate notification to the Chief Privacy Officer of the NY State Education Department

  2. Notification to affected parties within 7 days

  3. Implementation of required corrective actions

  4. Documentation of all steps taken to address the breach


CONSENT FOR DATA COLLECTION AND INFORMATION MANAGEMENT

By accepting the terms of the Teacher Terms of Use Agreement, users expressly accept that Nanomonx will collect and use personal information in accordance with this Privacy Policy. Teacher users also declare that they have been informed of Nanomonx's objectives when it collects, manages and uses this information, and understand how the confidentiality of this information will be protected. Teacher users also state that they understand that they are entitled to withdraw their consent to this Privacy Policy.

CONTACT

FERPA-Related Inquiries:

For specific FERPA-related inquiries or concerns:

- Parents/eligible students should first contact their educational institution

- Schools may contact Nanomonx's compliance team at info@nanomonx.com

- FERPA complaints may be filed with the U.S. Department of Education's Family Policy Compliance Office


For Education Law 2-d Compliance:

Data Protection Officer: alex.gray@nanomonx.com

NY State Education Department's Chief Privacy Officer:

Email: Privacy@nysed.gov


For general Privacy Policy inquiries

For any information concerning this Privacy Policy, contact Nanomonx at info@nanomonx.com.