Privacy Policy


Hapara, Inc.

Last Updated: June 22, 2016

Hapara, Inc. (“Hapara”, “we,” “us,” “our”) provides this Privacy Policy because we know that you care about how your information is collected, used, shared and retained. This privacy policy explains how we handle personal data collected through our website (“Website,” “site”) and through our services (“services,”). Our Website serves as a channel for Hapara to share information about our services, and to gather information about current and potential customers of our services. Our services enable educational institutions to make better use of their chosen Cloud Platform  – Google Apps for Education or Microsoft Office 365 Education.


This privacy policy covers:

  • What Information We Collect
  • How We Collect and Use Information
  • Student-Generated Content
  • Third Parties
  • Acquisition / change of ownership
  • Other disclosure
  • How we Protect your Information
  • Links to External Websites
  • Accessing and Modifying Information
  • Important Notice to Non-U.S. Residents/Safe Harbor Certification
  • Changes to this Privacy Policy
  • How to Learn More


What Information We Collect

Contact Information: Our Website serves as a channel for Hapara to share information about our services. We collect information on our website from visitors who may wish to purchase our services or seek support. A visitor to our Website may elect to leave contact information if they’d like us to get in touch.

Service Information: in the course of providing our services to an education institution, we ask school officials to provide additional information about the institution (billing contacts, time zone, and system configuration information) and basic information about the educators and classes that are needed to provide Hapara services. This information includes class codes and names, and student information (see below). As part of their regular operation, Hapara services also collect a variety of information about how users interact with our systems, service health diagnostics, and technical logging information.

Student information: all Hapara services require access to a student identifier in the cloud platform(s) used by the educational institution; this is most commonly the student’s school-assigned email address (i.e. not their personal email address). Additionally, we may also need access to the student’s roster, i.e. the list of classes the student is enrolled in, and an identifier for the school they are attending. For schools that elect to have our services handle the setup of student accounts, the underlying cloud platform requires that we also collect a first and last name for those accounts.

Student Generated Information: in the course of their interactions with the school’s Cloud Platform students create significant amounts of content held by the Cloud Platform including emails, docs, sites, blog posts and other content specific to Cloud Platform.   Additionally, some Hapara services may allow students to create and manage content outside of the school’s Cloud Platform.

Other Information: Like most organizations, we rely on automatic data collection technology (Google Analytics) when you visit our Website or use the services. We may collect information such as your IP address, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data.

How We Collect and Use Information

Contact Information: our Website allows visitors to leave contact details via browser forms. These use Secure Socket Layer (SSL) encryption technology to provide an industry standard safeguard against access by other users of the Internet. Visitors volunteer the information they wish to share.  Contact details provided by the Website are used by our sales, support and product teams to contact visitors who requested it.

When possible we also identify and record the referring source (other Internet location) that directed a visitor to our Website. We collect the referring website address from the HTTP “referrer header” provided by your browser. We use this information to better serve our current and potential clients, and to identify where we might find future customers.

We also use cookies to compile aggregate data about our Website’s traffic so that we can offer better experiences and tools in the future. Cookies are small text files that help us to personalize the content of our website. If you prefer, you can choose to turn off all cookies via your browser settings. However, if you turn your cookies off, some features of our Website may not function properly. We do not behaviorally target advertising.

We do not knowingly collect any personal information from visitors to our site who are under the age of thirteen. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our privacy policy by instructing their children to never provide personal information through the Internet without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Contact information is retained for a period required to support our business purposes, i.e. sales, forecasting, and analytics.

Service Information: to enable our services to schools, we ask school officials to provide us information required to provide such services. The service information is volunteered by school officials, and is only used in providing our services to users in a manner consistent with this privacy policy. The information is transferred to Hapara servers through a secure Web site, or secure file transfer protocol based on industry-standard encryption technology, permissions granted to the Hapara Marketplace app or via customer’s Cloud Platform infrastructure. This information is used to provide Hapara services, to provide support, to improve our services, and provide our customers with additional information about Hapara services.

Service information is retained for the period of time required to provide the service.

Student information: this information consists of school-assigned student email address, and is provided by school officials through a secure Web site, secure file transfer, permissions granted to the Hapara Marketplace app or through customers’ Cloud Platform infrastructure. This information is used to provide Hapara services required, and to provide support. As part of support and troubleshooting activities, select Hapara employees may directly access this data. Total number of accounts processed is tracked for billing purposes.

Student information is retained for the period of time required to load the information into the cloud platform, our Apps, and in some instances, to accommodate support / troubleshooting activities. We do not sell student information, and is retained only for as long as necessary to provide the Hapara services.

Student Generated Content

Student content and content metadata (for example document titles, creation dates) held in the Cloud Platform are essential to most of Hapara services and this data is processed by Hapara.  This content resides in the school’s Cloud Platform and is accessed only in a transient manner:  we do not collect or maintain copies of the Cloud Platform held content.  

Some of our services allow students to create content outside of the school’s Cloud Platform.  This content is collected when students interact with Hapara services Websites.  Content creation requires a validated login with the school’s Cloud Platform, and all interactions with such content are protected with SSL encryption.  The student-generated content is held in Hapara systems and associated with the customer, the class, and the student identifiers.  We do not make such content publically accessible, and use it only to provide the required service.  Student generated content is retained only for as long as necessary to provide the associated Hapara services (for example display the Workspace the student created).    

Other information: this information is collected automatically and anonymized by our Web analytics services provider (Google Analytics). The information is retained for the period of time required to provide the analytics services.

Third Parties

Like many businesses, we hire other companies to perform certain business-related functions. Examples include mailing information, hosting services, monitoring services or processing payments. When we employ another company to perform a function of this nature, we provide them with the information that they need to perform their specific function, which may include student information. When student information is required, the information is encrypted where possible to provide the service; otherwise, we require the vendors to implement the same commitments to safeguarding student and personal information that we do.

Acquisition / change of ownership

If all or substantially all of our assets are acquired, we expect that the information that we have collected, including personal information, would be transferred along with our other business assets. We will allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.

Other disclosure

We may disclose your information to government authorities, and to other third parties when compelled to do so by government authorities or required by law, including but not limited to in response to court orders and subpoenas. We also may disclose your information when we have reason to believe someone is intending to or is causing harm to other users, or anyone else that could be harmed by such activities, or our rights or property.


How we protect your Information

Hapara takes very seriously the security and privacy of the data of the students in the schools we serve. Hapara complies with applicable laws and regulations, which govern or apply to the provision of our services. Hapara has also committed to comply with the Student Privacy Pledge, coordinated by

Hapara has strict procedures and controls to protect information stored in our servers. Access to information is limited to those employees who require it to perform their job functions. We use two-factor authentication, SSL (Secure Socket Layer) encryption, physical access controls to files and buildings, and other industry-standard best practices.

Links to External Websites

The website may contain links to third party websites. Hapara has no control over the privacy practices of these websites. As such, we are not responsible for the privacy policies of those third party websites. You should check the applicable third party privacy policy and terms of use when visiting any other websites, and before providing any personal information to other websites.

Accessing and Modifying Information

Upon request, we will grant you reasonable access to personal information that our agents and we have about you for the purpose of reviewing and/or requesting changes. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our databases.

Parents have the right to ask that the online records of their children under the age of 13 be removed from the storage of any online service provider. If you wish to request that Hapara remove your child’s records from our database, please contact the appropriate official at your child’s school and ask them to carry out this action in collaboration with the Hapara team.

Important Notice to Non-U.S. Residents/Safe Harbor Certification

We comply with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework, as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit

However, it is important to note that the servers that store the personal information are operated in the United States. If you are located outside of the United States, please be aware that any information provided to us may be transferred to the United States. Except in the case of data transfers from the European Union member countries and Switzerland, which are covered under the Safe Harbor Frameworks, by providing us with such information through the website, or the services, you consent to this transfer.

In compliance with the US-EU and US-Swiss Safe Harbor Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss citizens with inquiries or complaints regarding this Privacy Policy should first contact us at We have further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit the BBB EU SAFE HARBOR web site at for more information and to file a complaint.

We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the Safe Harbor program, and to view our certification page, please visit

Changes to this Privacy Policy

We may change this privacy policy from time to time. When material changes are made to this privacy policy, Hapara customers will be notified through the contact email given to us at least two weeks prior to modification taking effect.  In that time, the primary administrative contact for a Hapara customer can request that we delete the school’s data from our systems (see above) if that school does not wish to be bound by the new policy.

How to Learn More

Hapara’s principal headquarters are located at 585 Broadway St. Redwood City, California. We can be reached by telephone at 650 847-1371. To learn more about our privacy policy, you can email us at