Coming to ASU-GSV? Got data? We do. And it’s yours! Sign up now → Grab a Starbucks coffee on us!

See what you can do when we show you the power of your data — public (state-sourced) & private (dummy for now). Real insights. Real impact. Yours to explore.

Privacy Policy

Protecting Your Data, One Policy at a Time—Your Trust, Transparency, and Security Matter to Us.

1. Introduction

strived.io is a Software as a Service (SaaS) provider with a  mission  to empower educators and students by providing innovative tools while maintaining the highest standards of data privacy and security.

We recognize the sensitive nature of student data and the trust placed in us by educational institutions, parents, and students. This comprehensive privacy policy outlines our unwavering commitment to protecting personal information and ensuring compliance with all relevant educational and data protection regulations.

Our approach to privacy is guided by the following principles:

  • Transparency: We are open about our data practices and provide clear information to our users.
  • Purpose Limitation: We collect and use data only for specific, legitimate educational purposes.
  • Data Minimization: We limit data collection to what is necessary for our services.
  • Accuracy: We strive to maintain accurate and up-to-date information.
  • Storage Limitation: We retain data only for as long as necessary or required by law.
  • Integrity and Confidentiality: We implement robust security measures to protect data.
  • Accountability: We take responsibility for complying with these principles and can demonstrate this compliance.

2. Information We Collect

2.1 Types of Data Collected

We only collect the data that is provided to us and this data may include:

a) Personal Identifiers:

  • Full name
  • Date of birth
  • Student ID number
  • Social Security Number (last four digits only, if required by the educational institution)

b) Contact Information:

  • Email address
  • Phone number
  • Mailing address

c) Educational Records:

  • Grades and transcripts
  • Attendance records
  • Test scores and assessment results
  • Course enrollment information
  • Graduation status

d) Behavioral Data:

  • Disciplinary records
  • Special education status and related documentation
  • Extracurricular activities participation

e) Technical Data:

  • IP address
  • Browser type and version
  • Device information
  • Log data related to system usage

2.2 Methods of Data Collection

We obtain this information through various means:

a) Direct Collection from Educational Institutions:

  • Bulk data transfers from school information systems via data dumps
  • Manual input by authorized school personnel through CSV files or browser input

b) Integration with Other Authorized Educational Software:

  • API connections with learning management systems
  • Secure file transfers from partnered educational technology providers

c) Cookies and Similar Technologies:

  • We use cookies to enhance user experience and collect aggregated usage statistics. Users can control cookie settings through their browsers.

2.3 Legal Basis for Data Collection

We collect and process data based on the following legal grounds:

  • Contractual necessity: To fulfill our service agreements with educational institutions
  • Legitimate interests: To improve our services and support educational objectives
  • Legal compliance: To meet obligations under educational and data protection laws
  • Consent: Where required by law, we obtain appropriate consent for specific data processing activities

3. How We Use the Information

We are committed to using student data solely for educational purposes. Specifically, we use the collected information for:

3.1 Providing and Improving Educational Services

  • Delivering personalized recommendations 
  • Generating progress reports and performance analytics
  • Facilitating communication between teachers and administrators 
  • Conducting research to enhance our educational tools and methodologies

3.2 Analyzing Student Performance

  • Identifying areas where students may need additional support
  • Recognizing patterns in learning behaviors and outcomes
  • Providing insights to educators and adminstrators for instructional planning

3.3 Customizing Learning Experiences

  • Adapting content difficulty based on individual student progress
  • Recommending additional resources tailored to student needs
  • Personalizing user interfaces to enhance engagement

3.4 System Administration and Security

  • Audits as specified by compliance standards frameworks best practices. 

3.5 Communication

  • Sending notifications about student progress to authorized school personnel
  • Authenticating user access and maintaining account security
  • Monitoring system performance and troubleshooting technical issues
  • Detecting and preventing fraudulent or unauthorized use of our platform
  • Providing updates about system maintenance or new features
  • Responding to inquiries and support requests

3.6 Compliance and Reporting

  • Generating aggregated, de-identified reports for educational research
  • Complying with legal obligations and responding to lawful requests from public authorities
  • We strictly prohibit the use of student data for:
  • Marketing or advertising purposes unrelated to educational services
  • Creating student profiles for non-educational purposes
  • Selling or renting student information to third parties

4. Data Sharing and Disclosure

We recognize the importance of maintaining the confidentiality of student data. Our data sharing practices are designed to support educational objectives while protecting student privacy.

4.1 Authorized Recipients of Student Data

We may share student data with the following parties:

a) School Administrators and Authorized Teachers:

  • To support educational operations and decision-making
  • Access is role-based and limited to relevant data

b) Third-party Service Providers:

  • Essential to our operations (e.g., cloud storage, analytics tools)
  • Bound by strict confidentiality and data protection agreements

c) Researchers and Analysts:

  • Only with aggregated, de-identified data
  • For educational research purposes approved by participating institutions

d) Legal and Regulatory Authorities:

  • When required by law, court order, or regulatory requirements
  • To protect our legal rights or those of others

4.2 Data Sharing Safeguards

To ensure the security and proper use of shared data, we implement the following safeguards:

  • Data Minimization: We share only the minimum amount of data necessary for the intended purpose
  • Encryption: All data transfers are encrypted using industry-standard protocols
  • Access Controls: We maintain strict controls over who can access shared data and for what purposes
  • Contractual Protections: All third parties receiving data are bound by contracts that restrict data use and require appropriate security measures
  • Auditing: We regularly audit data access and sharing practices to ensure compliance with our policies

4.3 No Sale of Student Data

We want to emphasize that under no circumstances do we sell, rent, or trade student personal information to any third parties for commercial purposes. Our business model is based on providing valuable educational services, not monetizing student data.

5. Data Retention and Deletion

We are committed to retaining student data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.

5.1 Data Retention Periods

Our standard data retention periods are as follows:

  • Active Student Data: Retained for the duration of the student’s enrollment in the educational institution plus one academic year
  • Inactive Student Data: Retained for three years after the student’s last activity on our platform
  • Aggregated, De-identified Data: May be retained indefinitely for research and system improvement purposes

5.2 Data Deletion Process

Upon contract termination or authorized request, we initiate our data deletion process:

  • Identification: We identify all relevant data associated with the student or institution
  • Backup Removal: Data is removed from all active systems and regular backup cycles
  • Archival Deletion: Any archived data is securely deleted or de-identified
  • Third-party Notification: We notify any third-party service providers to delete relevant data
  • Confirmation: We provide confirmation of data deletion to the requesting party
  • This process is typically completed within 90 days of the deletion request or contract termination with backups within 180 days 

5.3 Data De-identification

In some cases, we may de-identify data rather than delete it entirely. Our de-identification process ensures that the data can no longer be associated with a particular student, directly or indirectly. This de-identified data may be used for research and system improvement purposes.

6. User Rights

We respect the rights of students, parents, and guardians regarding their personal data. In compliance with applicable laws, we provide the following rights:

6.1 Right to Access

Users have the right to request access to their personal information. We will provide:

  • Confirmation of whether we are processing their data
  • A copy of the personal data we hold
  • Additional information about the data processing

6.2 Right to Rectification

Users can request corrections to inaccurate or incomplete data. We will:

  • Update the information promptly
  • Notify any third parties with whom we’ve shared the data

6.3 Right to Erasure (Right to be Forgotten)

Users can request deletion of their data. We will comply unless:

  • We have a legal obligation to retain the data
  • The data is necessary for the completion of a contract
  • Retention is necessary for establishing, exercising, or defending legal claims

6.4 Right to Restrict Processing

Users can request that we limit the processing of their data in certain circumstances, such as:

  • When the accuracy of the data is contested
  • When the processing is unlawful, but the user opposes erasure

6.5 Right to Data Portability

Users have the right to receive their data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.

6.6 Right to Object

Users can object to the processing of their personal data in certain circumstances, particularly regarding processing for direct marketing purposes.

6.7 Rights Related to Automated Decision Making

We do not make any automated decisions that have a legal or similarly significant effect on users based solely on automated processing.

6.8 How to Exercise These Rights

To exercise these rights, users should:

  • Contact their educational institution, who will coordinate with strived.io to fulfill the request
  • Provide sufficient information for us to verify their identity
  • Clearly state which right they wish to exercise and provide any relevant details
  • We will respond to all legitimate requests within 30 days.

7. Data Protection Measures

Protecting the security and integrity of student data is our highest priority. We employ a multi-layered approach to data protection:

7.1 Technical Measures

  • Encryption: All data is encrypted in transit and at rest using industry-standard protocols (e.g., TLS 1.3, AES-256)
  • Access Controls: We use role-based access control (RBAC) and multi-factor authentication (MFA) for all system access
  • Network Security: Our infrastructure is protected by firewalls, intrusion detection and prevention systems, and regular vulnerability scans
  • Backup and Recovery: We maintain regular, encrypted backups and have robust disaster recovery procedures in place

7.2 Organizational Measures

  • Employee Training: All employees undergo regular security awareness training and sign confidentiality agreements
  • Background Checks: We conduct background checks on all employees who have access to student data
  • Access Monitoring: We log and monitor all access to sensitive data, with automated alerts for suspicious activity
  • Incident Response Team: We maintain a dedicated team ready to respond to any security incidents 24/7

7.3 Physical Security

  • Secure Data Centers: We use AWS and Google Cloud data centers that are SOC 2 and ISO 27001 certified
  • Access Restrictions: Physical access to any computers used in the processing of confidential data are strictly controlled and monitored. 

7.4 Third-party Assessments

  • Regular Audits: We will undergo annual SOC 2 Type II audits. We are in process of getting approved. 
  • Penetration Testing: We will  conduct regular third-party penetration tests to identify and address potential vulnerabilities

7.5 Compliance

We maintain compliance with relevant data protection laws and standards, including:

  • Family Educational Rights and Privacy Act (FERPA)
  • Children’s Online Privacy Protection Act (COPPA)
  • General Data Protection Regulation (GDPR) where applicable
  • State-specific student data privacy laws

8. Updates to the Privacy Policy

We may update this policy periodically to reflect changes in our practices, technologies, or regulatory requirements. Our update process includes:

8.1 Review and Approval

Regular policy reviews by our legal and privacy teams

Approval of changes by senior management

8.2 Notification of Changes

We will notify users of any material changes through:

  • Email notifications to school administrators
  • Prominent notices on our platform
  • Updated date on the policy itself

8.3 Grace Period

For significant changes, we will provide a 30-day grace period before the new policy takes effect, allowing users time to review the changes and raise any concerns.

8.4 Prior Versions

We maintain an archive of previous versions of the privacy policy, which users can request to access.

8.5 Consent

Where required by law, we will obtain renewed consent from users for material changes to our data processing practices.