Peoples Education Inc. dba Mastery Education (“ME”), the makers of the website Measuring Up
Live 2.0 (“MUL2”) and the Measuring Up Programs, is committed to assuring the privacy of
student users (“Students”) of our educational products and services (“Services”), the Teachers,
Administrators, and other applicable Faculty of educational institutions that subscribe to our
Services (“Faculty”), and visitors to MUL2.
This Data Handling and Privacy Policy sets forth our information handling practices and
obligations with respect to data we gather and use in delivering Services to Students and Faculty
through subscribing schools, school districts, and other educational institutions (collectively,
“Service Data”).
This Data Handling and Privacy Policy also separately describes the information (other than
Service Data) that we gather from users of MUL2, how we use that information, and what we do
to protect it. By visiting or using MUL2, you expressly consent to the information handling
practices described in this Data Handling and Privacy Policy. Your use of MUL2 and any
information you provide via MUL2 are subject to the terms of this Data Handling and Privacy
Policy.
ME provides Services solely to and through subscribing schools, school districts, and other
educational institutions (“Schools”). Identity information for Students and Faculty for Service
delivery is provided to ME by Schools and is not separately solicited by ME. The information
provided to us by Schools may include certain individually identifiable information, including
Students’ names and grade levels and Faculty names, titles, and email addresses. We also collect
and record data identifiable to individual Students and Faculty regarding their use or
administration of, and interaction with, our Services. At the request of a School, we may also
accept and include in reports we provide to the School additional Student data, including class
name, room number, race/ethnicity, socioeconomic status, disability, and other information.
Collectively, the information we receive regarding Students and Faculty that is generated through
their interaction with our Services constitutes Service Data as defined above.
ME uses Service Data solely to deliver the Services to and through associated Schools, provide
Students with individualized content within those Services, and provide Faculty with reports on
Students’ academic progress in using the Services. ME does not collect any more individually
identifiable information about Students and Faculty than is reasonably necessary to administer
and provide our Services and individualized content to Students and their Schools, or to generate
School-requested reports on individual Student academic progress.
Except as directed by the responsible subscribing School, ME does not disclose Student or
Faculty information or other Service Data that is identifiable to an individual to third parties.
Students and Faculty are provided private usernames and passwords to access applicable
Services and associated Service Data by ME. These identification credentials allow Students to
gain access to the Services to which their Schools subscribe and allow Faculty to create
assignments and track Student progress and assignment completion. ME Services and associated
Service Data are not made accessible to anyone other than our employees, contractors, and
agents involved in Service development, delivery, and administration and those accessing the
Services or associated Service Data using assigned usernames and passwords.
If the parent or legal guardian of a Student wants to review the information that ME has collected
through MUL2 about the Student or learn more about the Service(s) the Student is participating
in, he or she should contact the Student’s School.
ME makes reasonable efforts to secure Service Data against unauthorized access. These efforts
include employment of physical, administrative, and technical safeguards based on currently
available technology and practices to promote the integrity and security of the Services and
Service Data.
ME does not require MUL2 visitors to register and does not solicit personal information as a
condition to visitor access to general information on our website. For Students and Faculty who
access our Services through MUL2, specific terms applicable to collection and use of Service Data
are described above, but the following terms also apply to your use of the MUL2, including
access to Services through the Website.
Like most websites we may send one or more cookies – small text files containing a string
of alphanumeric characters – to the device by which you access MUL2. Cookies collect
about user activities on a website. Their use enables us to provide a more personalized
experience to visitors, including Students and Faculty who access Services through MUL2.
When a user logs out of MUL2, his/her data is wiped out from the session. As well, if he/she
closes the browser the data is wiped out after session timeout. The session time out is 20
minutes. ME guides and instructs users to always use the log out function when finished.
ME does use Google Analytics™, a third-party service provider, to track visitors coming to
the MUL2 login page. However, this third-party service provider is unable to pass the MUL2
login screen and therefore is unable to access any information on Students or Faculty.
Users of the MUL2 may submit comments, questions, and other correspondence and make
requests for information about our Services via the website. Personal information
submitted in connection with such correspondence and requests is treated consistent with
this Privacy Policy. If you submit an item of correspondence that includes a testimonial
about our Services, we may publish applicable portions of the correspondence for
informational or marketing purposes. However, we will not identify the author of such
correspondence using personal information provided unless we obtain the author’s
consent to do so. For correspondence received from children we believe are under the age
of 18, we will not identify them using provided personal information without their parent’s
or guardian’s consent.
ME permits access to information about MUL2 visitors only to those of its employees who
have a legitimate operational reason for such access.
ME does not rent or sell personal information that we collect to third parties.
In certain instances, ME may work with business partners to improve our services or
offerings. We may disclose aggregated anonymized statistical data to authorized business
partners to conduct research on online education or assist in understanding the usage,
viewing, and demographic patterns for certain Services and/or functionality on MUL2.
ME may also disclose MUL2 usage information if required to do so by law, or if we have a
good-faith belief that such action is necessary to comply with local, state, federal,
international, or other applicable laws (such as U.S. Copyright law) or respond to a court
order, judicial or other government subpoena or warrant, or administrative request. In
some cases, we may make such disclosures without first providing notice to applicable
MUL2 users.
ME takes the protection of our customers’ data and information, especially student users,
very seriously.
ME handles all Service Data in a manner consistent with applicable laws and regulations,
including, without limitation, the Federal Family Educational Rights and Privacy Act
(FERPA), California Student Online Personal Information Protection Act (SOPIPA), Children
Online Privacy Protection Act (COPPA), and other state student data privacy protection
laws.
| Educator data collected (District Administrators, School Administrators, Teachers) for schools to implement |
|
|---|---|
| Required Data | Optional Data |
| First and last name | Middle name |
| Email Address | Title |
| Username | Phone |
| Password | |
| Class* | |
| Student data collected for schools to implement | ||
|---|---|---|
| Required Data | Optional Data | |
| First and last name | Middle name | ESL |
| Student ID number | Email Address | Gifted Talented |
| Grade level | Gender | LEP |
| Username | Date-of-birth | Risk Type |
| Password | Ethnicity | At Risk Status |
| Class* | Migrant | Special Education |
| Bilingual | Title 1 | |
| Disadvantaged | Title 1 Details | |
| Status | ||
Employees
Access to MUL2 data is limited to only a few ME authorized personnel. All authorized
personnel go through a stringent training process in best practices and procedures when
handling the data and/or making modifications to MUL2 system. All ME authorized
personnel sign an information security agreement.
Authorized Third-Party Entities
All Authorized Third-Party Entities have limited access to the MUL2 data for the purpose of
developing, implementing, or supporting clients go through the same stringent training
process in best practices and procedures when handling the data and/or making
modifications to MUL2 system. Third-Party Entities are required to sign an information and
security non-disclosure agreement.
MUL2 is Software as a Service (SaaS) and only requires a web browser and internet
connection to access it. See MUL2 system requirements for supported browsers and
devices information.
MUL2 is implemented using the following Microsoft based technologies.
Microsoft Azure Cloud guarantees service availability 99.7% on a yearly basis. ME
guarantees 24/7 support team to address any inquiry.
ME makes reasonable efforts to secure MUL2 and the information users send to us against
unauthorized access and corruption. These efforts include employment of physical,
administrative, and technical safeguards based on currently available technology and
practices to promote the integrity and security of Website user information we collect. ME
implements the best in cybersecurity and data management practices to protect customer
connection, data access, and availability.
Azure Portal Access: The Azure portal is accessible by authorized
administrative users with multi-factor authentication (MFA).
RDP Servers Access: The MUL2 servers can be accessed only by a couple and
authorized administrative users. It is required VPN authentication and
connection. Remote desktop connection by public internet IP's is denied
excepted the whitelisted.
VPN: ME utilizes Fortinet Firewall and VPN connection to access MUL2 servers
and databases.
Firewall: VPN firewall, Azure Firewall, and Virtual Machine firewall layers with
restricted inbound and outbound policies are set up to filter and limit access.
Antivirus: All server (VMs) endpoints are protected with Webroot
SecureAnywhere with restricted policies to protect the MUL2 environment. All
administrative user endpoints are protected with Avast CloudCare with restricted
policies.
Azure Virtual Machine (VM) Encryption: All VM and VM snapshot backups
are stored in Azure Storage Accounts with private access and protected with
Azure Vault Keys.
Azure Virtual Hard Drive (VHD) Encryption: All operation systems and data
VHDs are encrypted with BitLocker, stored in Azure Storage Accounts with
Private access, and protected with Azure Vault Keys.
Transportation Level: The data are encrypted with an SSL certificate by
ComodoCA©, renewed every two years.
Rest Level: The data are encrypted with Microsoft SQL Server 2014 Enterprise
Edition SP3 utilizing Transparent Data Encryption (TDE) with AES 128-bit.
Database Backup and Transaction Log Backup: Following the backup policy,
the database backups and transaction log backups are backed-up and stored on
Azure Storage Accounts protected with security keys. All the backups are
encrypted with the master key and asymmetric keys for restoration protection.
VM Servers Snapshot: A VM server snapshot backup policy is applied with
daily virtual machine snapshot backups with 30 days retention for virtual
machine snapshots stored at Azure Recovery Services Vault.
Database Backups: A Database backup policy is applied with weekly full
database backups, with three times daily differential backups, followed by every
five (5) minutes, transaction log backups with 60 days retention period.
Backups Reliabilities and Tests All backups are configured to be verified after
the conclusion, and a CHEKSUM is performed before saving them to Azure
Storage Account.
The backup files are stored in an account with Azure Geo-Replication on East US
(Primary) and West US (Secondary). The MUL2 solution uses the Azure locally
redundant storage (LRS) method.
The Faculty is retained in the MUL2 databases while there is a valid purchased order.
After expiration, the District or School has thirty (30) days to export the student data or
open a data extraction request to ME team.
The data is exported in .csv file format, and after 30 days of the purchased order
expiration data, all faculty data will be deleted entirely from the database. The data
exported in .csv cannot be imported and restored at the state before data, and it is
managed and stored by the customer's responsibility.
A DRP that is composed of alerts, procedures, documentation, software, data, and
allocated human resources to address and tackle any critical issue to prevent disasters.
If an emergency incident arises that involves the security of MUL2 data, ME will
immediately alert the main administrator on the MUL2 account via email.
ME may modify or revise this Privacy Policy from time to time. Changes to our Privacy
Policy will become effective when posted, with an updated date of revision, on our
Website.
Please contact ME with any questions or comments about this Privacy Policy by email at
support@masteryeducation.com or by mail at: Peoples Education dba Mastery Education,
25 Philips Parkway, Montvale NJ 07645.