Skip to main content

Bring the Science of Reading to life in your classroom.

Shop Now

Private Policy

Private Policy

Updated 11/16/2022

Really Great Reading (“RGR,” “we” or “us”) Company® is a school service provider to schools and other education agencies. We provide educational materials and related services to schools via a set of online learning platforms and digital applications (our “Products”). This Privacy Policy (this “Policy”) governs our privacy practices for each Product that links to this Policy. Where capitalized terms are used in this Policy without definition, their definitions may be found in Section 21.


1. Our Customers, Users and our Commitment to Privacy
We have created our Products to assist our school/school district customers (each, a “Customer”) in providing personalized and rewarding online educational experiences to their students. We believe that transparent and strong privacy practices foster these experiences, and we provide this Policy in that spirit. The privacy of our Customers, and their employees, students, and students’ parents or guardians’ (collectively, “Users”) is a serious matter for us and we are committed to protecting any Personal Information.

By using our Products, the Customer agrees to this Policy and any updates, on behalf of its Users, and agrees that Customer and its Users will comply with RGR’s Terms of Service. Our Customer is responsible for collecting appropriate User consents that may be required in order to share their Users’ Personal Information with us.


2. Updates to this Privacy Policy
The date on which this Policy was last revised is identified at the top of this page. We will post any updates we make to this Policy from time to time on this page. If we make material changes to how we treat our Users’ Personal Information, we will notify our Customer by email or through a notice on the Products’ home page. Any changes will become effective when we post the revised Policy or, in the case of any material changes, provide the revised Policy to our Customer. The Customer is responsible for ensuring we have an up-to-date active and deliverable email address on file, and for periodically visiting the Products’ home page (www.reallygreatreading.com) and this Policy to check for any updates.
 

3. Our Compliance With COPPA and FERPA
We recognize the sensitive nature of Personal Information concerning students, particularly students under age 13 and PreK-12 students, where the information is contained in a student's educational records. This Personal Information is protected under various federal and state statutes and regulations. Our privacy practices comply with both COPPA and FERPA, as well as other state and federal law.


4. The Scope of Our Privacy Policy
This Policy governs our privacy practices with respect to all Personal Information that Users submit, or that we collect in connection with the use of our Products by the Customer and its Users. This Policy governs not only our practices with respect to students' Personal Information, but also with respect to the Personal Information of the Customer’s employees who use our Products.


5. Consent from Schools Regarding Students' PersonalInformation
COPPA permits a school, acting in the role of “parent,” to provide required consents regarding Personal Information of students who are under the age of 13. Where a school is the subscriber to our Products, we rely on this form of COPPA consent. We provide the school with this Policy, to ensure that the school, in providing its COPPA consent, has full information and assurance that our Personal Information co election practices comply with COPPA.

FERPA permits a school to provide educational records (including those that contain students' Personal Information) to certain service providers without requiring the school to obtain specific parental consent. FERPA permits this where the service provider acts as a type of “school official” by performing services, for example, that would otherwise be performed by the school's own employees. We fulfill FERPA requirements for qualifying as a school official by, among other steps, giving the school direct control with respect to the use and maintenance of the education records at issue (including associated Personal Information), and refraining from re-disclosing or using this Personal Information except for purposes of providing our Products to the school.

In the event any consent is required by other state or federal law, Customer is responsible for collecting said appropriate User consent required to share Customer’s Users’ Personal Information with us. If Customer suspects that any of its students’ Personal Information has been submitted to RGR without the required consent, or if consent has been revoked, Customer shall immediately notify its RGR representative.


6. Access and Control of Personal Information
The Customer will have access to all Personal Information of its students that RGR collects through the Customer’s (or its Users’) use of our Products, and the Customer is able to update this information in the manner permitted by our Products. Employee Users are able to access and update their own Personal Information. Users should contact their schools if they have questions about their data, including third parties with whom their data may be shared, and/or how to receive a copy of their data. The parents of a student can obtain access to and review— through their child's school —information concerning their child that is available on our Products. Parents can also request that their child’s Personal Information be deleted or corrected or not be collected. For any requests to access, review, delete, correct or prevent further collection of a student’s Personal Information, parents should contact the school and follow the school's procedures for such r quests. We cooperate with and facilitate the school's response to these access requests. We limit access to Personal Information to only our employees and Our Service Providers (i) who have a need to know such information, and (ii) who use the information only for the ed cational purposes of operating, maintaining and supporting our Products and delivering our services.
 
For additional information regarding control and access to Personal Information, please refer to Sections 17 through 19 below. 


7. Consents from Other Users Who are Not Students
In addition to our Customers’ obtaining consents regarding Personal Information of Users other than students (such as teachers and school administrators) on our behalf, we may also obtain User consents regarding such Personal Information. To obtain these consents we (a) notify the Users of our privacy practices by including links to this Policy within our Products, and (b) rely on their continued use of our Products to indicate their consent to this Policy.


8. The Types of Information We Collect
We limit our collection of Personal Information to no more than is reasonably necessary for the User at issue to experience our Products. Specifically, we collect the following types of information:

  • 8.1. School Administrator Information: we collect registration information from a school administrator when the school administrator activates the school's subscription account, which may include the school administrator's own first and last name, business address, phone number, and email address.
  • 8.2. Teacher Information: we collect registration information from a teacher or school administrator when the teacher (or school administrator) activates the teacher's account, which may include the teacher's first and last name, business address, phone number, and email address.
  • 8.3. Student Information: we collect registration information from a teacher or school administrator when the teacher (or school administrator) activates the account of an individual student, which may include the student's first and last name, student ID numbers, learning level, and performance data. We may combine information about a student with information about his or her school, such as its location;
  • 8.4. Schoolwork Information: we collect information contained in student homework, assignments, reports, tests, test results, and other exchanges over our Products;
  • 8.5. School Administrator or Teacher Submitted Information: we collect information and content submitted by a school administrator or teacher, such as observations and notes;
  • 8.6. User-Generated Content: we collect information that students and other Users provide in connection with submitting user-generated content, and participating in collaborative features of our Products (where applicable). Examples of user-generated content that might contain Personal Information include notes, stories, responses to questions, and teacher assignments (either in text, image, audio, or video format), responses to student’s submissions (either in text, image, audio, or video format), drawings that allow text or free-hand entry of information, activities, game play, assessments, and other information provided in open-text and open-form fields or posted to a bulletin board viewable by others.
  • 8.7. Usage Information: we collect usage, viewing, analytics, and technical data, including device identifiers and IP addresses, relating to Users of our Products;
  • 8.7.1. For certain of our Products, the name and email address of an individual to whom a User wishes to send content from the Products.
    We use the information only to send the message, and we do not retain it.
  • 8.7.2. Information about how, where, in a general sense (based on IP address), when, and for how long a User accesses and uses our Products, as well as what content they view, what actions they take (including, for example, clicks, touches, and hovers using a mouse), and how they navigate through our Products. We may use cookies, pixel tags, and other technologies to collect this information, as further explained in Section 10.
  • 8.7.3. Information from and about the User’s device, such as mobile device type, browser type and version, operating system name and version, IP address, and referring URL. We collect this information automatically when a User accesses our services, to help us under stand usage, diagnose problems, administer our Products, and provide support.

If we discover that we have collected information in a manner inconsistent with the requirements of COPPA or FERPA, we will either (a) delete the information or (b) promptly seek requisite consents before taking further action concerning the information.


9. How We Collect Personal Information
Our Products collect Personal Information in several ways. School administrators and teachers provide Personal Information during the registration process. Teachers and students also submit Personal Information during the normal operation and support of our Products. They submit this information, for example, when creating and responding to teaching assignments and student submissions, and otherwise engaging in educational and other activities available on our Products. RGR also collects usage information when using our Products through technology, such as cookies, as further explained in Section 10 below.


10. Cookies
RGR collects usage information through technology, such as cookies, pixel tags, flash cookies, browser analysis tools, server logs, web beacons, and persistent identifiers. We use cookies, IP addresses, and other persistent identifiers to authenticate Users, and so that we can understand how a User engages with our Products, such as identifying what links are clicked and what content is accessed and for how long. This information allows us to improve our User interface and create a better product, such as by making commonly accessed content easier to reach or by more prominently displaying content that has been less frequently accessed.

Certain features (or all features) of our Products may be hosted on Our Service Providers' sites, and in those instances the collection activities described above may be undertaken by Our Service Providers’, under our direction and control and consistent with this Policy. Most I formation we collect using technological means is collected only in a non-identifiable way where no information that could be linked to an individual User is used, such as for website optimization and tracking website traffic patterns. If Personal Information is collected, this Policy governs how we use Personal Information.


11. How We Use Personal Information
In addition to the uses described above, and subject to any restrictions imposed by applicable laws or our agreement with our Customer, we may use and disclose the Personal Information we collect for the following purposes:

  •  11.1. To provide our Customer and their authorized Users with the content and features available through our Products and to tailor and optimize the use of any of our Products to the needs of a particular school, classroom or student;
  • 11.2. To permit school administrators and teachers to review students’ work, monitor students’ performance and progress, plan lessons, and otherwise support instruction;
  • 11.3. To permit parents and guardians to review their children’s work and monitor their performance and progress via the Customer’s protocols.
  • 11.4. To offer students immediate feedback and continuous support, permit them to access information shared by their teachers, suggest other content or activities for them, help them track their own progress, and adjust instruction to meet their needs;
  • 11.5. To offer teachers and administrators immediate feedback, Product optimization recommendations, and continuous support, permit them to access information shared by other teachers or administrators such as video playback of classroom recordings for purposes of professional development, and suggest other content or activities for their lesson plans or professionaldevelopment;
  • 11.6. To communicate with school administrators and teachers about the applicable subscription account or transactions with us, and to send information about our Product's content, features and usage;
  • 11.7. To permit school administrators and teachers to use our Products’ profile, social networking, and professional development features. These features permit the sharing of the User’s username and other profile information with other Users. They also allow Users to communicate and share content with one another and, in some cases, with the public. School administrator and teacher users of our social networking features are solely responsible for the types of information shared through these features;
  • 11.8. To provide our Customer, as well as their administrators and teachers with various types of reports, such as reports detailing the performance and progress of a particular school district, school, classroom, or student;
  • 11.9. To communicate with school administrators and teachers, subject to any communications preferences they express;
  • 11.10. To ensure that our Products run properly and are presented optimally, and for Product improvement;
  • 11.11. To diagnose Product problems, troubleshoot issues, and provide maintenance and support;
  • 11.12. To personalize a Product’s content and experiences for students, teachers, and other Users of the platform, such as by using the appropriate language, displaying their name on the user dashboard or permitting a student to view a profile picture of his or her teacher; and
  • 11.13. To detect, investigate and prevent activities that may violate our policies or be illegal.


12. How We Use De-Identified Information

  •  12.1. We do not allow Our Service Providers to collect Personal Information through persistent identifiers on our Products for any purpose other than the internal operations, support and maintenance of our Products. Further, we do not use, or permit Our Service Providers to use, Personal Information collected through our Products for the purpose of targeted advertising.
  • 12.2. We may use aggregate information that does not permit the identification of any individual User or Customer for analytics purposes, to understand how our Products are accessed and used, and how they perform, so that we may improve upon their design and functionality and otherwise develop and improve upon our products and services, and to develop analytics studies. We may disclose the aggregated information in these studies to third parties, including to demonstrate product efficacy;
  • 12.3. Finally, we de-identify usage information in accordance with COPPA and FERPA, and use this De-Identified Information in order to develop, evaluate, and provide improved educational products and services, as permitted under COPPA and FERPA. 
     

13. We Do Not Share Personal Information Except In Specific, Limited Circumstances 

  • We use Personal Information for our internal purposes only, with the following limited exceptions. We disclose Personal Information:
  • In response to the lawful request of a law enforcement agency, governmental authority or other authorized public agency, including a request by a children's services agency or by the school at issue;
  • To protect the security or integrity of our Products and associated applications and technology, as well as the technology of Our ServiceProviders;
  • To the extent we believe necessary or appropriate to protect our rights, safety, or property and/or that of our affiliates, our customers, our users orothers;
  • To enable us to take precautions against liability, enforce legal rights, and to detect, investigate and prevent activities that violate our policies or that are illegal;
  • If we are directed to do so by a subscribing school in connection with an investigation related to public safety, the safety of a student, or the violation of a school policy;
  • If we are directed to do so by a subscribing school in connection with a student or parent/guardian request, as appropriate;
  • To Our Service Providers, to permit them to provide the contracted services to us in accordance with this Policy;
  • In the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case the transferred information will remain subject to the terms of this Policy; and
  • In other cases, if we believe in good faith that disclosure is required by law.


14. Third Party Services
We require Our Service Providers to agree in writing to terms that are no less restrictive regarding Personal Information that we share with them than the terms contained in this Policy. Upon written request, we will provide a list of Our Service Providers to our Customer. This Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties other than Our Service Providers, including any third party operating any site or service to which our Products may link. The inclusion of a link in any of our Products does not imply our endorsement of the linked site or service. We are not responsible for the privacy, information or other practices of other organizations, such as Apple, Google, Microsoft, RIM, or any other device manufacturer, app developer, or provider of an app, social media platform, operating system, or wireless service.


15. How We Protect Personal Information
We have implemented and maintain commercially reasonable organizational, technical, administrative and physical security controls that are designed to protect the security, confidentiality and integrity of Personal Information collected through our Products from unauthorized access, disclosure, use, loss or modification. Our information security controls comply with reasonable and accepted industry practice, as well as requirements under COPPA and FERPA. We diligently follow these information security controls and periodically review and test our information security controls to keep them current.

15.1. Information Security Procedures. Except as noted elsewhere in this Policy, we take the following steps and procedures to keep Personal Information secure:

  • Standard of Care. Keep and maintain all Personal Information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, modification, or disclosure;
  • Use for School Purposes Only. Collect, use, and disclose Personal Information solely and exclusively for the purposes for which Users provided to us the Personal Information, or access to it, and not use, sell, rent, transfer, distribute, modify, data mine, or otherwise disclose or make available Personal Information for our own purposes or for the benefit of anyone other than the Customer, without the Customer's prior written consent or as permitted by this Policy;
  • Non-Disclosure. Prohibit disclosure, either directly or indirectly, of Personal Information to any person other than our employees and Our Service Providers who have a need to know, without express written consent from the Customer;
  • Employee Training. Provide appropriate privacy and information security training to our employees;
  • Transport Security. Use Transport Layer Security (TLS) for our transmission of all User data to and from our Products; and
  • Secure Storage. Use industry standard file encryption for User data that is subject to protection under either COPPA, FERPA, or both. Where file encryption is not reasonably feasible, we employ other industry standard safeguards, protections, and countermeasures to protect such data, including authentication and access controls within media, applications, operating systems and equipment.
     
  • 15.2. Data Location and Security. We use third party cloud service providers (“Cloud Service Providers”) in the delivery and operation of our Product(s), and data (including Personal Information) is stored on the servers of our Cloud Service Providers. In addition to containing the standard provisions required in all of our contracts with Our Service Providers, our contracts with our Cloud Service Providers require them to implement reasonable and appropriate measures designed to secure content against accidental or unlawful loss, access, or discl sure. Our Cloud Service Providers have at least the following security measures in place for their networks and systems: (i) secure HTTP access (HTTPS) points for customer access, (ii) built-in firewalls, (iii) tested incident response program, (iv) resilient infrastructure and computing environments, (v) ITIL based patch management system, (vi) high physical security based on SSAE-16 standards, and (vii) documented change control processes. To the extent we store personal information internally on our servers, we comply with the
    information security controls set out in Section15.1.
  • 15.3. Data Breach Response. In the event of a security breach involving Personal Information, we will take prompt steps to mitigate the breach, evaluate and respond to the intrusion, and cooperate and assist our Customer in their efforts with respect to (i) responding to the breach, including the provision of notices to data subjects; and (ii) engaging mutually agreeable auditors or examiners in connection with the security breach, subject to reasonable notice, access and confidentiality limitations.


16. Our Retention and Deletion of Personal Information
We retain Personal Information of Users of our Products for so long as reasonably necessary to: (i) to permit the User to participate with the Products, (ii) to ensure the security of our Users and our services, or (ii) as required by law or contractual commitment. After this per od has expired, upon written instruction by the Customer, we will delete the Personal Information from our systems. Please understand that these deletion periods apply only to Personal Information and do not apply to De-identified Information. We retain De-Identified information in accordance with our standard practices for similar information, and do not retain or delete such information in accordance with this Policy.

In addition, if requested by a Customer, we will delete from our Products the Personal Information of the Customer’s Users as the Customer directs. Deleting this information will prevent the User from engaging in some or all features of our Products. Where required by applicable law, we will delete such information and provide a certification of such deletion.


17. NY Parents' Bill of Rights for Data Privacy and Security
The New York Parents' Bill of Rights for Data Privacy and Security (the “NY Privacy Bill of Rights”) addresses the relationship between schools and their third party contractors in addition to the schools' relationships with parents. The only elements of the NY Privacy Bill of Rights that are incorporated herein are those provisions directed to third party contractors (“Contractor Privacy Provisions”). RGR agrees to comply with the Contractor Privacy Provisions for Customers in the State of New York. In the event of a direct conflict between this Policy and the NY Privacy Bill of Rights, the NY Privacy Bill of Rights will control. The full text of the NY Privacy Bill of Rights is available here.


18. Protections for CA Consumers 
In addition to other safeguards established under this Policy, RGR recognized that the California Consumer Protection Act (“CCPA”) provides unique protections for consumer information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. In such cases, California consumers whose information is collected by RGR have a right in most circumstances to request access to information about the consumer or RGR’s use of information; the right to require deletion of information; and the right to be free from discrimination or retaliation as a result of the exercise of rights protected by the CCPA. 

To request access to, or the deletion of, Personal Information collected or maintained by RGR, California consumers may contact RGR toll-free at 1.866.401.READ (7323) or by emailing info@reallygreatreading.com

After receiving your request, an RGR customer service representative will contact you to verify your identity using information that you previously provided to RGR. We may request additional information or documentation, which will only be used for verification purposes. Once RGR verifies your identity, it will exert it best efforts to provide access or delete your Personal Information within 45 days of your request. 


19. Protections for European Consumers 
It is RGR’s intent to be fully compliant with the European Union General Data Protection Regulation (“GDPR”), and this Privacy Policy is consistent with the requirements of the GDPR. In addition, European consumers should be aware of their rights under the GDPR, including the following: 

  • The right to access – You have the right to request RGR for copies of your personal data.
  • The right to rectification – You have the right to request that RGR correct any information you believe is inaccurate. You also have the right to request RGR to complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that RGR erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that RGR restrict the processing of your personal data, under certain conditions. • The right to object to processing – You have the right to object to RGR’s processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that RGR transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us the toll free number or email address listed in Section 18 above.

In addition, please note that RGR uses certain cookies in a variety of ways to improve consumer experiences with our website and other services. Cookies are text files placed on your computer to collect standard login information and certain behavioral information relating to your visit to our website or use of other internet sites. When you visit our website, we may collect such information from consumers automatically. 


20. Do Not Track
Our Products do not change their behavior when receiving the “Do Not Track” signal from browser software.


21. Definitions

“COPPA” means the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, including the rules and regulations promulgated thereunder, in each case as amended.

“De-Identified Information” means information from which all Personal Information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual, whether through single or multiple releases, and taking into account other reasonably available information.

“FERPA” means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, including the Protection of Pupil Rights Amendment, including the rules and regulations promulgated thereunder, in each case as amended.

“Our Service Provider” means a third party that provides content and/or functionality for our Products, or services such as website hosting and customer service, and that has executed a written agreement containing terms regarding Personal Information that we share with them that are no less restrictive than the terms contained in this Policy.

“Parent” means a parent or legal guardian of a student.

“Personal Information” or “Personally Identifiable Information” means information that identifies a natural person, or that can be reasonably linked to such information, as defined under FERPA, COPPA, the California Student Online Personal Information Protection Act, Ch. 22.2, §§ 22584 et seq. of the California Business and Professions Code, and Section 49073.1 of the California Education Code.


22. Contact Us
You may contact us with questions or concerns regarding this Policy at the following address: info@reallygreatreading.com