Select Page

Privacy policy

“Hapara” a division of Cordance Operations LLC. is CIPA, COPPA AND FERPA compliant.

Updated: May 9, 2023

“Hapara” a division of Cordance Operations LLC. (“Hāpara”, “we,” “us,” “our”) provides this Privacy Policy because we know that you care about how your information is collected, used, shared and retained. This privacy policy applies only to information collected when you access our website located at https://hapara.com/ (“Website,” “site”) and by using the Services accessed at app.hapara.com, teacherdashboard.com and mystudentdashboard.com. By visiting the Website or using the Services, you consent to this Privacy Policy.

Our Services enable educational institutions (“Schools” or “Customers”) to make better use of their chosen Cloud platform — Google Workspace or Microsoft Office 365. Our Website serves as a channel for us to share information about our Services with current and potential Customers.

How we protect your information

Hāpara takes very seriously the security and privacy of the personal information that it collects pursuant to this privacy policy. Accordingly, we will implement reasonable and appropriate security measures to protect such personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. We have also committed to comply with the Student Privacy Pledge (coordinated by FutureofPrivacy.org).

 

 

View Hāpara’s commitment to protecting student privacy

 

 

The type of information we collect, why we use it

We collect information for several purposes, including to provide services to our Customers and to communicate with and market to prospective customers.  The specific information and the purposes for collection are discussed below.

Service information

In the course of performing our Services, we collect several categories of information (collectively, “Service Information”).  Our Customers authorize the collection, processing and transfer of Service Information, and have the responsibility for providing notification to parents and guardians of students and for obtaining all consents as required under applicable laws and regulations.  Service Information is retained only as long as it’s necessary to provide the Services and support the particular Customer.

School information: Educational institutions who are Customers provide the following information about their schools: billing and IT contacts, timezone, class rosters – this includes class codes and titles, and teacher school email addresses. We track and collect the total number of student accounts processed for billing purposes.

School Information is only used to provide Services and support in a manner consistent with this privacy policy; to improve our Services; and to provide our Customers with additional information about our Services.

Teacher information: In addition to the class rosters information that the school provides, we also collect information from teachers about their area of responsibility, such as the grade level and subject that they teach or advise. This information is used to deliver services and  inform us in the development of new services, and is retained only as long as the teacher is a user of Hāpara services.

Student information:  Schools provide student school email addresses for students using Hāpara Services. For Customers that elect to have our Services handle the creation of student accounts, we also collect additional student information required by the Cloud Platform to create accounts, such as first and last name and school email address.

Student Information is used to provide our Services and support our customers.  As part of support and troubleshooting activities, select Hāpara employees may directly access Student Information, including information which resides on the School’s Cloud platform.

Student Information is retained by Hāpara only for the period of time required to process the information and to provide the Services to our Customers.

We do not solicit or collect information directly from students or their parents or guardians – student information can only be provided by their educational institution which is our Customer, and which retains the legal responsibility for collecting and sharing this information with service providers and Hāpara.

Student generated information: Students create significant amounts of content in their school’s Cloud platform – such as emails, documents, sites, or blog posts.  This information is controlled by their institutional policies through controls provided by Cloud platforms, and independently of Hāpara.  Student Generated Content and content metadata (for example document titles, creation dates) held in the School’s Cloud platform are essential for providing the Services, and we access and process it only for that purpose. We do not collect or maintain copies of the Student Generated Content held in the School’s Cloud platform.

Some Customers allow their students to create content that resides in Hāpara systems. Content creation requires a validated login with the School’s Cloud platform (SSO), and all interactions with such content are protected with SSL encryption. This Student Generated Content is held in Hāpara systems and associated with the Customer, and the student identifiers. We do not make such content publicly accessible except as directed by the Customer, and use it only to provide the required Services. This Student Generated Content is retained by Hāpara only for as long as necessary to provide the associated Services.

Application preferences information: Users (teachers, students and administrators) can specify their preferences of the application’s behavior during their usage of Hāpara systems. This includes information such as the default sort order of lists, hiding of classes that are rarely used, and regularly used Guide Browsing sessions. This information is stored within Hāpara systems to provide services for the user, and is retained by Hāpara only for as long as necessary to provide the associated Services.

Product usage information: Hāpara collects information about our user’s usage of Hāpara systems. Usage information from students are anonymized before they are recorded. Usage information is used to measure the performance of our services, to maintain and improve our services, and to help us develop new services.

Support information In the course of providing Services to our Customers, the diagnostic and troubleshooting processes may require additional information to be collected (troubleshooting a student account rename for example might require access to the student’s previous name).  This information is limited in scope to what is required to resolve the support request, and is not stored in or shared with other Hāpara systems.

Sales & marketing information

We collect information through our Website for Sales and Marketing Services from visitors who wish to learn more, purchase or participate in our Services or seek support for our product.  For example, we collect information when you request marketing information, register for a Webinar, apply to a Hāpara Certified Champion Program, apply for a job, interact with us via social media, take a survey, or otherwise communicate with us.  The types of information we collect may include your name, e-mail address, location, phone number, school/district affiliation, role, experience, certifications and relevant professional development, and any other information you choose to provide.  

Contact information is used by our sales, support, marketing and product teams to contact visitors for the purpose of providing the requested information or services support.

Information we collect from other sources: If you interact with us through a social media site, we may have access to publicly available information from that site, such as follows and likes, in accordance with the policies determined by the social media site.  If you attend an event or a conference we sponsor or support, your contact details may be directly or indirectly shared with us.

Web analytics: Like most organizations, we rely on automatic data collection technologies when you visit our Website or use the Services. We may collect information such as your IP address, internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data.

Operational information: We also collect Website and Service health diagnostics, and technical logging data used for troubleshooting and performance management.

Referral source: We may identify and record the referring source (other internet location) that directed a visitor to our Website. We collect the referring Website address from the HTTP “referer header” provided by your browser. We use this information to better serve our current and potential clients, measure our marketing services and to identify where we might find future Customers.

Cookies: Cookies are small text files that help us to personalize the content of our Website.  We use cookies to recognize repeat visitors, and manage the user experience on our Website and Services. If you prefer, you can choose to turn off all cookies via your browser settings. However, some features of our Website require cookies to function, and if you turn your cookies off then your experience of our Website may be sub-optimal.

How we disclose information

We do not sell student, teacher, or any other information in any form.

Third-party service providers: Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: mail services (hard copy and email); hosting services; database management/back-up services; real-time messaging services; monitoring services; product review sites; and payment processors. If Student Information is required, we encrypt it prior to transfer whenever possible. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by Hāpara.

The list of third-party service providers with whom we share personal information to can be found here.

Business transfers: In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this privacy policy.

Disclosure to public authorities, other third parties: We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas. We also may disclose your information when we have reason to believe someone is intending to or is causing harm to other users, or anyone else that could be harmed by such activities, or our rights or property.

Data breach response plan: Hāpara maintains and updates a detailed data breach response plan.

Your choices and rights

Opt-out for direct marketing. We do not take part in any form of marketing to students or children.

If you are a teacher or school administrator and have provided us with your information, we may send you product marketing communications. You may opt out of these communications at any time by clicking ‘unsubscribe’ in the email sent to you, or by replying ‘unsubscribe’ to the email. Please allow us a reasonable amount of time to process your request.

Access to personal information. Hāpara acknowledges the right of individuals to access their personal information. If you are a parent or guardian and wish to delete your child’s records from our database, please contact the appropriate School official and ask them to carry out this action in collaboration with our team.  Upon request to privacy@hapara.com, we will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable amount of time.

Retention of customer personal informationIf you are a Customer or someone who has expressed interest in our Services, we will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this privacy policy, or subsequently authorized. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

If you have requested us not to contact you, we will retain your contact details on the do-not-contact list.

Data Protection Officer. Martin Roberts (martin.roberts@hapara.com) is the company’s data protection officer (“DPO”).

Links to external websites

The Website may contain links to third party websites (“External Sites”). Hāpara has no control over the privacy practices of these External Sites. As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third party privacy policy and terms of service when visiting any External Sites, and before providing any personal information to such External Sites.  Hāpara disclaims any responsibility for any activity or omission that occurs on an External Site.

Important notice to all non-U.S. residents

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the U.S. Except in the case of data transfers under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, your decision to provide such data to us, or allow us to collect such data through our Website or the Services, constitutes your consent to this data transfer.

Residents of the state of California, the European Economic Area or the United Kingdom

If you are a resident of California, the European Economic Area (“EEA”), the United Kingdom or the country of Brazil, you have certain rights and protections under the law regarding the processing of your personal data.  In circumstances where “Hapara” a division of Cordance Operations LLC. acts as a data processor, you must contact your data controller (your educational institution) to avail yourself of these rights and protections. We will verify that you are the person about whom we collect personal information, or an authorized representative, before we act on any privacy requests.

Legal basis for processing: If you are a resident of California, the EEA, the United Kingdom or the country of Brazil, if and when we process your personal data as a data controller, we will only do so in the following situations:

  • We need to use your personal data to perform our responsibilities under our agreement with you or our customer with whom you have a relationship (e.g., for processing payments for or for providing the “Hapara” a division of Cordance Operations LLC. services you or our Customers have requested).
  • We have a legitimate interest in processing your personal data. For example, we may process your personal data to communicate with you about changes to our Services or to provide, secure, and improve our Services.
  • We have your consent to do so. For example, we may seek your consent to send you marketing communications.

Data subject requests: If you are a resident of California, the EEA, the United Kingdom or the country of Brazil, you have the right to know what categories of personal data we hold about you, to access any such personal data, and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may email us at privacy@hapara.com. Alternatively, you may contact us as indicated below.

Questions or complaints: If you are a resident of the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Changes to this privacy policy

We may change this privacy policy from time to time. When material changes are made to this privacy policy, Customers will be notified through the contact email given to us at least two weeks prior to modification taking effect. In that time, the primary administrative contact for a Customer may request that we delete the Service Information from our systems if it does not wish to be bound by the new policy. Please allow us a reasonable amount of time to comply with your request.

How to contact us

Hāpara’s principal headquarters are located at 16 W Martin Street, Raleigh, NC 27601. If you have any privacy related requests, or would like to learn more about our privacy policy, you can reach us via the following:

Pin It on Pinterest