At Gooru (“Gooru“, “our” “us” or “we” ), we believe that education is a human right. We are the owners of the website http://www.gooru.org (“Website”) and have developed an application (“App”) that provides a hybrid learning environment known as the “Learning Navigator”. The Website and App shall together be referred to as the platform (“Platform”). Learning Navigator helps conducting and availing online classrooms and training activities, creating and availing assessments, using navigated learning tools, managing and distributing content, including Gooru Content and accessing all related services that are offered by us on the Platform (“Services”).
A. “User(s)”, “you” or “your” or “instructor” or “learner” or “researcher” or “parents” or “guardians” or “mentors” “schools” or “organizations” or “individuals” or “administrator” – means any individual, instructor, teacher, learner, student, school, administrator of school district, organization or any permitted users that use the Platform to avail the Services and access the Gooru Content.
B. “User Content” – means all data and materials provided by the User to the Platform for creating e-learning courses, navigated learning, and used in connection with the Services, including, without limitation, learning modules, data files, audio files, video files, graphics, questions, resources, learning collections, assessments and courses, and associated metadata fields, which are descriptive and provide additional context on the use of such User content or other materials added by the User.
C. “Gooru Content” – means all the data and materials including but not limited to learning modules, data files, audio files, questions, resources, collections, assessments and courses, and associated metadata fields, belonging to us, which provide additional context on the use of such Gooru content which has been shared or uploaded on the Platform or has been provided to the User in furtherance of our Services, as the case may be.
2. Information and Data Collection and Use by Gooru
As a nonprofit education technology company, our goal is to collect only the information about our Users required for their use of our Platform and Services. The information obtained from Users includes Personally Identifiable Information, Non-Identifying Information, and system computed data.
A. Personally Identifiable Information
What is Personally Identifiable Information?
When you register to create an account on the Platform (“Account”), would like to get in touch with us through the contact us page or sign up for our newsletter, we will ask you for Personally Identifiable Information as those terms are defined under the Family Educational Rights and Privacy Act of 1974 (codified as 20 U.S.C. § 1232g) (“FERPA”), which includes your name, email address, username and password, and date of birth (“Personally Identifiable Information”). Basically, it means any information about you that can be used to contact or uniquely identify you in the system.
B. Social Media Platform
C. Accuracy of Information
User undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personally Identifiable Information and User Content shared or uploaded on the Platform, whether of its own or any third party. In the event the User is sharing any Personally Identifiable Information or User Content on behalf of a third person, the User represents and warrants that he has the necessary authority to share or upload such Personally Identifiable Information or User Content on the Platform, We shall not be responsible for verifying the same.
As per the provisions of the GDPR we shall be considered as the controllers of the aforementioned Personally Identifiable Information provided on the Website by visitors through contact us, and the processors for Personally Identifiable Information including User Content provided by Users on the Platform to avail our Services.
D. How We Use Your Personally Identifiable Information:
We use your Personally Identifiable Information for the following purposes
- validate User’s eligibility to use our Services;
- to inform User about our Services and to respond to User’s requests;
- for creation or development of business intelligence or data analytics in relation to the Services provided by us (for this purpose we may share the Personally Identifiable Information with certain software or tools available online);
- contact User with notifications or newsletters that may be of interest to User, if the User wishes not to receive such communication from us, kindly email your request at firstname.lastname@example.org; if you are identified as a student we will not send newsletters;
- to improve the Platform, Services, features, and generate reports;
- administer User’s use;
- to maintain and manage User Accounts;
- to assist User in case of technical difficulties that may arise in relation to User’s use and access of the Platform or Services;
- to manage our relationship with User;
- for internal record keeping;
- to comply with our legal or statutory obligations.
Legal Basis (for people from the EU): We will not process your Personally Identifiable Information without a lawful basis to do so. We will process your Personally Identifiable Information only on the legal basis of consent [as provided in Art. 6 (1) (a) of the GDPR], contract [as provided in Art. 6 (1) (b) of the GDPR], or on the basis of our legitimate interests [as provided in Art. 6 (1) (f) of the GDPR], provided that such interests are not overridden by your privacy rights and interests.
E. Non-Identifying Information
What is Non-Identifying Information?
We collect information that you provide or is generated in connection with your use of the Platform and the Services (e.g., without limitation, search terms entered, pages viewed, and school network information) (“Non-Identifying Information“). Certain Non-Identifying Information might be considered a part of your Personally Identifiable Information if it were combined with other identifiers (for example, combining your IP address with your school network information) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences).
How We Use Non-Identifying Information
We may combine your Non-Identifying Information including system computed data with Personally Identifiable Information and aggregate it with information collected from other Users to provide you with a better experience, to improve the quality and value of the Services and to analyze and understand how our Website Services are used. We may also share your Non-Identifying Information in the manner described in Section 3 below.
F. Data Collection
Gooru collects data, including Student Data, regarding each User’s usage and activities performed using the Services. The usage data that Gooru collects includes time spent studying the collection or resources, User reactions for each resource, and User’s performance on assessments. “Student Data” means information a student provides or generates through the student’s use of the Platform or Services including, but not limited to, number of views, time spent on a particular collection, student reactions to a resource and student attempts in answering questions in a collection.
How We Use Collected Data
Through the use of data analytics, the science of learning and AI/ML algorithms, we analyze data to generate reports from which Users can obtain real-time feedback on User activity and subject matter proficiency, as well as recommendations that will customize the User experience. The tools Gooru provides to Users allow students and their teachers with whom Student Data is shared to use the data to visualize student progress and personalize their learning. Data also may be shared in the manner discussed in Section 3 and 4 below.
G. Log Data
What is Log Data?
When you visit the Website or use the Service, whether you have signed-in or are just browsing the Website, our servers automatically record information that your browser sends whenever you visit a website (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol (“IP“) address, browser type or the webpage you were visiting before you came to our Website, pages of our Website and Services that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
How We Use Log Data
We use Log Data to monitor and analyze use of the Website and Services, technical administration of Website and Services, to increase our Website Service functionality and user-friendliness, and to better tailor it to our Users needs. We do not treat Log Data as Personally Identifiable Information or use it in association with other Personal Identifiable Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other Non-Identifying Information.
What are Cookies?
Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes.
I. How Does Gooru Respond to Do-Not-Track Signals
Many web browsers such as Chrome, Mozilla Firefox and Internet Explorer give users the ability to disable, reject, or turn off cookies and other tracking technologies. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Website or all functionality of the Services.
Identity theft and the practice currently known as “phishing” are of great concern to Gooru. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your identification in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
3. Information Sharing and Disclosure
A. Aggregate Information and Non-Identifying Information
We may share aggregated information that does not include Personally Identifiable Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis and other purposes. Any aggregated information shared in these contexts will not contain your Personally Identifiable Information. If you access the Platform or the Services via a third party, that third party may have provided us with Personally Identifiable Information about you. In such instances we may share Non-Identifying Information that we collect about you with the third party.
We may provide your Personally Identifiable Information to our affiliates to enable them to promote and develop the Services and respond to User’s requests for information or the Services.
We may provide access to your Personally Identifiable Information to any of our authorized administrators for an internal business purpose, who shall be under confidentiality obligations towards the same.
D. Service Providers
We may employ third party companies and individuals to facilitate and host the Services on our behalf, to perform Platform-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website’s/App features) or to assist us in analyzing how our Website/App and the Services are used. These third parties have access to your Personally Identifiable Information only to perform these tasks on our behalf. Gooru will endeavor to ensure all third party service providers are obligated not to disclose or use your Personally Identifiable Information for any other purpose.
E. Business Transfers
Gooru may transfer, assign or otherwise share some or all of your Personally Identifiable Information in connection with a merger, acquisition, or reorganization, in which the new owners intend to operate the Service as a going concern, and will use its reasonable efforts to ensure that the new owner handles Personally Identifiable Information with privacy standards no less stringent than employed by Gooru.
4. Anonymized data
5. Changing or Deleting Your Information and Data
All Users may delete the Personally Identifiable Information the User has provided by contacting us. If you would like us to rectify or modify any such Personally Identifiable Information, delete your Account in our system, please contact us at email@example.com with a request that we delete, rectify or modify your Personally Identifiable Information from our database. Gooru also allows its Users to delete comments and collections created, upon request. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records and Personally Identifiable Information as required by law or for legitimate business purposes, including the resolution of disputes. Generally, it may take up to six (6) months to delete your Personally Identifiable Data after we receive a request. Please note that there might be some latency in erasing Data from our servers, including archival or backed-up recovery copies.
6. International Transfer
The Personally Identifiable Information we collect (of EU residents) might be processed outside the EU at a secure center located in N California and N Virginia in USA. We collect and transfer Personally Identifiable Information outside the EU in accordance with EU data protection laws. We will ensure that any such transfers of Personally Identifiable Information (outside the EU) will be in accordance with the GDPR. If you have questions, please contact at firstname.lastname@example.org.
7. Links to Other Sites
Our Website contains links to other websites. If you choose to click on a third party link, you will be directed to that third party’s website. The fact the link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer or collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
8. Children’s Privacy
We understand how important privacy is to you, which is why we are committed to creating a safe and secure environment that children of all ages can enjoy when learning.
A. Collection of Children’s Personal Information
We do not collect information about children unless they successfully register for an Account. When registering for an Account, the child will be directly asked for his or her date of birth (to determine age). Children under the age of 13 (“Child User”) are not allowed to create an Account with Gooru or share any other information. To create an Account, a child needs to be over 13 years old, and register with their first and last names and their email address. Notwithstanding the foregoing if you are a student of a school district, an Account can be created by your parents or by school district which is the User of the Platform, an Account can be created by your parents or by the school district with your parents’ consent. Any information pertaining to children including their Personally Identifiable Information received by Gooru from the school district or parents shall be used for providing the Services and not for any commercial use.
B. Parental Notification and Consent
If a parent or guardian learns that their child is using Gooru without their consent, or a parent or guardian consents to their child’s use of the Gooru Service and later decides to revoke his or her consent, the child’s information and Account can be deleted or deactivated by emailing a request to email@example.com.
9. Limitation of liability
11. Ongoing Privacy Compliance Efforts
Privacy is a top priority at Gooru. We stay updated with privacy laws and best practices within education. For example, we continually review the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) which is the “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of Student Data.
School districts are authorized to share student data including education records (“Students Records”) with Gooru through the Family Educational Rights and Privacy Act (FERPA) School Official exception which enables school districts to share education records with a third party provider when performing a service or function for the District which it would otherwise use its own employees. Gooru may access Students Records to provide the Services, School districts owns such Students Records and shall be responsible for sharing Students Records with Gooru. For more information on student privacy and FERPA, please visit Privacy Technical Assistance Center at ptac.ed.gov.
To the extent student data containing Personally Identifiable Information is provided or created by an employee or agent of a school, school district, local education agency, or county office of education, Gooru will comply with any request by the school, school district, local education agency, or county office of education, to delete the Student Records, to the extent required by applicable law.
We do not disclose Student Records for targeted advertising purposes.
We maintain a comprehensive data security program designed to protect the types of Student Records.
We will not knowingly retain Student Records beyond the time period required to provide the Services or unless authorized by a school, student or parent.
12. Compliance with Laws and Law Enforcement
13. Security Measures
Gooru values your Personally Identifiable Information and data, and protects it against loss, misuse or alteration by developing and implementing security measures, that include internal policies, processes and technological solutions.
A. Technology Solutions: Gooru uses Secure Socket Layer (SSL) encryption, a standard security technology to establish an encrypted link between our servers and our Users. SSL allows Users to securely transmit sensitive information like login credentials. Data is also replicated, to ensure that in the event of hardware failures, data can be restored. We update these measures as new technology becomes available.
B. Processes: Gooru requires password protected access as the first layer of security. It is important that Users select strong passwords, and not share their password with others. In the event your password is lost or forgotten, we use identification verification procedures to ensure that you and only you have renewed access to your Account.
C. Policies: Gooru restricts the access of employees to its data servers. Access authorization is tracked and regulated to ensure only currently authorized personnel can access its servers. Those authorized to access the servers are trained on security measures and to identify breaches of security or vulnerabilities in Gooru’s security measures. Training is refreshed every year.
D. In the Event of Breach: No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personally Identifiable Information, we cannot guarantee its absolute security. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Although Gooru provides appropriate firewalls, procedures and protections, Gooru cannot warrant the security of any Personally Identifiable Information transmitted as our systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, and technical issues possible and we assume no liability or responsibility for data breaches or loss as a result of such actions.
14. Governing Laws and Dispute Resolution
16. Contacting Us
Gooru C/o: Prasad Ram
350 Twin Dolphin Drive, Suite 115
Redwood City, CA 94065