Math Facts Pro Data Security and Privacy Plan

1. Introduction

This Data Security and Privacy Plan outlines how Math Facts Pro safeguards student data and ensures compliance with relevant privacy regulations as we provide targeted math fact fluency practice. We are committed to maintaining a secure and confidential environment for all users, especially students

2. Some of the laws and regulations with which we comply

• The Family Educational Rights and Privacy Act (FERPA)
• The Children’s Online Privacy Protection Act (COPPA)
• The Protection of Pupil Rights Act (PPRA)
• Relevant state student privacy laws (e.g., California’s SOPIPA and AB-1584)

3. Data collection, use, and disclosure

• Data Minimization: Math Facts Pro collects and stores only the PII (Personally Identifiable Information) necessary for the functionality of our program, user security, and for teacher monitoring. All identifiable data is used solely for educational purposes. We do NOT handle or store any financial information (credit card processing is handled externally by PayPal), addresses, phone numbers, school/government issued student identification numbers, or other Sensitive PII.
  • For teachers (or schools), we store
    • Username
    • Password
    • Email address
    • Report name, correspondence name
    • Time zone.
  • For students we store
    • First and last name
    • Password
    • Grade
    • Class
    • Teacher/school username.
• Data Ownership: Account owners (Educational institutions, teachers, or parents) retain ownership of all student data shared with Math Facts Pro and associated with the respective accounts. Account owners can modify and delete student data at any time via their dashboard. If parents who are not the account owners want to change or delete student information, they need to contact the teacher or school (the account owner).
• Prohibited Uses: Math Facts Pro will not use or disclose student/teacher/parent personally identifiable information (PII) for purposes other than the specified educational services, and then only to employees and trusted third parties with whom we contract to assist us in the operation of MathFactsPro.com. We will not monetize or sell student data to third parties or allow targeted advertising. In fact, we do not allow advertising of any kind. We will not share any personally identifiable data for commercial purposes.
• In app performance data: When your students log-in under your account and practice, we monitor their performance and store that data in order to best help them with becoming fluent in their basic math facts. Additionally, we sometimes use this data in a de-identified or aggregated form for marketing purposes.
• Cookies/Tokens: We use cookies/tokens as a part of the authentication process. We also use Google Analytics for tracking de-identified usage. Google Analytics Remarketing and Advertising features (‘Signals’), are disabled.
• Server Logs: Our web servers automatically record standard access log data, including IP addresses, browser type, operating system, pages visited, and timestamps. This information is used solely for security monitoring and site performance analysis, and is not associated with any student, teacher, or parent account.

4. Data security practices

• Encryption: Student data is protected through encryption both at rest and in transit, utilizing industry accepted standard encryption methods.
• Access Controls: Access to student data is strictly limited to authorized personnel with clearly defined user roles and permissions.
• Security Audits: Math Facts Pro conducts regular security audits to identify and address potential weaknesses in our systems.
• Framework: Math Facts Pro utilizes the NIST Cyber Security Framework to help us protect our data, detect security incidents, respond appropriately, and improve our systems, all in accordance with industry standards.
• Continuous Monitoring Systems: Monitoring systems track user activity and system performance so that we can detect and respond to potential security incidents.
• Employee Training: Employees train on and adhere to data security and privacy industry best practices.

5. Incident response

• Incident Response Plan: Math Facts Pro has an Incident Response Plan that outlines procedures for addressing security incidents, including data breaches. In the case of a data breach our incident response plan will be put into action to minimize its effects.
• Notification: In the event of a security incident or data breach, account holders, including educational institutions, will be notified as soon as possible, no later than within 72 hours, concerning specifically what happened.

6. Data retention and destruction

• Retention Policy: Student data is retained only as long as necessary for the purpose for which it was collected, as agreed upon with the educational institution. It will be deleted within 6 months after the contract expires, and it will be removed from backups within 10 days of deletion.
• Deletion: Educational institutions have the right to request the deletion of student data at the conclusion of the contract term or when it is no longer needed.
• Secure Destruction: When Math Facts Pro servers are replaced, AWS will securely destroy all data storage media per AWS policy.

7. Vendor accountability

• Data Processing Agreements (DPAs): Math Facts Pro enters into Data Processing Agreements (DPAs) or similar contracts with educational institutions outlining data privacy and security obligations.
• Subcontractor Management: Math Facts Pro ensures that any subcontractors or third parties with access to student data adhere to the same stringent privacy and security standards outlined in this plan.
• List of subcontractors: CrewRed OÜ in Estonia

If there are any questions regarding this privacy policy you may contact us via our contact page.

Please also see our Terms of Service.