Information We Collect
A MySchool iD account is created and managed by a school for use by students and school district employees. When creating this account, the school may provide Ident-A-Kid with certain personal information about its students and employees, including a user’s name, email address, photo, grade, student or employee ID number, job title, homeroom teacher, and password in most cases. It could also include parent contact names, parent contact email, and phone numbers if the school chooses to provide that information. Ident-A-Kid may also collect personal information directly from users of the Apps, such as photos for identification or geolocation from alerts if initiated by the user.
Ident-A-Kid also collects information based on the use of our services. This includes:
- Device information, such as the hardware model, operating system version, unique device identifiers, and mobile network information, including the phone number of the user;
- Log information, including details of how a user used our service, device event information, and the user’s Internet protocol (IP) address;
- Location information, as determined by various technologies including IP address, GPS, and other sensors;
- Unique application numbers, such as application version number; and
- Cookies or similar technologies are used to collect and store information about a browser or device, such as preferred language and other settings.
Data is not gathered outside of the application, and location information is only sent if initiated by the user.
We also collect event-specific information that is a correlation of the above data points. For example, in an emergency, we store the User, District/School, and Notes associated with the emergency. When a Student requests Help, we collect their User information in conjunction with the District/School and notes related to the request. If a school or district activates an emergency, school-specific information, the alert information released, and personnel information is shared with law enforcement.
Our Security Practices
Ident-A-Kid upholds industry-best security practices, including compliance with all applicable national privacy statutes, including the Family Educational Rights and Privacy Act (“FERPA”), Protection of Pupil Rights Amendment (“PPRA”), Children’s Online Privacy Protection Act (“COPPA”), and Student Online Personal Information Protection Act (“SOPIPA”). The data will be physically stored and backed up on servers either in secure Ident-A-Kid offices or on servers co-located at an Internet service provider (Amazon Web Services) secured site.
We use industry-standard Microsoft authorization to protect our service endpoints using OAuth 2.0 to authenticate users within our system. Passwords are stored encrypted, and access to our services is limited based on an access policy that contains a set of allowed origins. Images are only accessible with a valid OAuth 2.0 token, also based on a white-listed access policy.
We log user interactions with the application on a granular level for debugging purposes; please note that trace logging is enabled temporarily to enable our development team to diagnose and resolve any production-related issues accurately. We currently do not log any mobile device or computer-related information that isn’t connected to the Apps. However, we may occasionally add mobile device logging to help us resolve device-specific issues like crash reports, etc.
Ident-A-Kid provides regular, quarterly training on new or evolving security threats, changes to security protocols or practices, changes to software and/or hardware, identified vulnerabilities, etc., to employees with access to student data have signed confidentiality agreements regarding all student data. All employees of Ident-A-Kid have passed criminal background checks. At least once a year, Ident-A-Kid performs an internal audit and risk assessment of the security and privacy measures in place to ensure the protection of all PII. For any questions on our security practices or improvements, please email firstname.lastname@example.org.
Data Breach. If Student Data is accessed or obtained by an unauthorized individual, Ident-A-Kid shall notify the Customer as soon as practicable and no later than within three (3) business days of the incident. The security breach notification shall be written in plain language, will be titled “Notice of Data Breach,” and will present the information described for “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “Who to Contact.” This notice will be received by certified mail to the Customer as well as we will contact our primary liaison for the Customer by phone and email. Contact through phone and/or email should be expected within 24 hours of confirming the incident. Ident-A-Kid will provide the Customer with materials to notify any affected parent, legal guardian, or student.
Information users share
A school may allow students to access Ident-A-Kid services such as MySchool iD Mobile App, Ident-A-Kid documents, and websites, which include features where users can share information with others and Ident-A-Kid.
Information we share
Information we collect may be shared outside of Ident-A-Kid in limited circumstances. We do not share personal information with companies, organizations, and individuals outside of Ident-A-Kid unless one of the following circumstances applies:
- With user consent. We will share personal information with companies, organizations, or individuals outside of Ident-A-Kid when we have user consent or parents’ consent (as applicable).
- With MySchool iD administrators. MySchool iD administrators have access to information stored in the Ident-A-Kid Accounts of users in that school or domain.
- For legal reasons. We will share personal information with companies, organizations, or individuals outside of Ident-A-Kid if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process, or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security, or technical issues.
- protect against harm to the rights, property, or safety of Ident-A-Kid, our users, or the public as required or permitted by law.
Parental review and deletion of information
MySchool iD Mobile app was intended for use with accounts for children of all ages. MySchool iD Administrators monitor the account creation, use, and deletion of these accounts. The parents of MySchool iD users in Primary/Secondary (K-12) schools can access their child’s personal information or request that it be deleted through the school administrator. School administrators can provide for parental access and deletion of personal information consistent with the functionality of our services. If a parent wishes to stop any further collection or use of the child’s information, the parent can request that the school administrator use the service controls available to limit the child’s access to features or services or delete the child’s account entirely.
Your MySchool iD Administrative Account. To access and use the Apps, you must create an Ident-A-Kid account that is protected by a username and password (your “Account”) and have a valid software subscription license. You agree to provide Ident-A-Kid with accurate and complete information when You register for an Account. You agree to keep Your password and other Account details secret and not share them with anyone else in order to prevent unauthorized access to Your Account. If Your contact information or other Account information changes, You must update Your Account details promptly. After You create an Account, You may upload Your information, files, and folders which You have a legal right to copy, share, upload, download, or otherwise use to Your Account. If You obtained access to the Apps through a legal entity such as your School or through an Ident-A-Kid Agent, You acknowledge and agree that other users may have been designated to access, control or manage any information or content that is protected by Your Account. You, not Ident-A-Kid, are solely responsible for access to, content in or sharing, and use of Your Account. Ident-A-Kid is not liable for any loss or damage arising from any access to, content in, or sharing and use of Your Account. If You believe there has been unauthorized access to Your Account, You must notify info@Identakid.com immediately.
If you have questions about the management of MySchool iD accounts or the use of personal information by a school, please contact the MySchool iD account administrator. If you have questions about our practices, please email email@example.com. MySchool iD administrators can contact Ident-A-Kid about the information in this policy by emailing firstname.lastname@example.org. Parents can also contact Ident-A-Kid about the information in this policy.