At Savvas, we take protecting our customer information extremely seriously. It is one of our greatest priorities. We are deeply committed to earning and maintaining the trust of all the educational institutions, teachers, students, and parents who use our products and services.
Ensuring our customers’ data remains protected is a 24/7 job. That is why Savvas has a fully dedicated Data Privacy and Security team whose sole job is to keep our customers’ data secure and our policies and practices in full regulatory compliance. The cross-functional team is composed of licensed and credentialed data privacy and security professionals, headed by both our Chief Information Security Officer and our Chief Privacy Officer. Our comprehensive data governance framework is frequently reviewed by a specially appointed Data Privacy and Security Steering Committee. We also partner with world-class security experts to provide additional safeguards.
By signing on to the Student Privacy Pledge, Savvas commits to carrying out responsible stewardship and appropriate use of student personal information according to the commitments below and in adherence to all laws applicable to us as school service providers.
The Student Data Privacy Consortium (SDPC), a non-profit collaboration of schools, districts, government entities, and industry providers, is designed to address the real-world, multifaceted issues faced each day by privacy stewards in the protection of learner information.
Savvas is committed to advancing the privacy and security of student data and works hard to meet or exceed legal compliance requirements. Our compliance with the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the California Student Privacy Certification (CSPC) law has been demonstrated to and certified by the Internet Keep Safe Coalition (iKeepSafe), a leading organization trusted internationally that works to support the protection of student privacy while advancing learning in a digital culture. Savvas products are also certified by the TrustEd Apps Seal of Data Privacy program of the 1EdTech Consortium (formerly the IMS Global Learning Consortium), a non-profit community partnership of leading educational providers, government organizations, and edtech suppliers working together to enable better digital teaching and learning.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (System and Organization Controls 2) is a voluntary compliance standard for service organizations that specifies how organizations should manage customer data. The standard is based on the AICPA’s Trust Services Principles and Criteria for security, availability, processing integrity, confidentiality, and privacy.
We utilize a comprehensive data governance model that encompasses appropriate security and privacy principles to address all applicable statutory, regulatory, and contractual obligations based on industry standard security and privacy frameworks, chiefly ISO 27001 and National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our policies are reviewed and updated annually.
Savvas performs due diligence on the information security practices and data privacy compliance of all sub-processors and requires each to commit to contractual requirements equivalent to those set forth in our own Privacy Policy, including, but not limited to, prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program. For a current list of authorized sub-processors we utilize in the delivery of our online services, view our list of sub-processors.
Our products are designed and available for use by customers worldwide and comply with international data protection laws, including but not limited to, the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA). Our customers’ data is stored and processed in secure data centers located in the continental United States and will be accessible by authorized employees, agents and contractors of the Company and its subsidiaries and authorized vendors. For those international customers whose data is governed by GDPR, you can learn more about our commitment to protecting your data and privacy by reviewing our GDPR Data Processing Agreement (DPA). If you are a customer or partner of Savvas and would like to have a signed copy of the Savvas GDPR DPA, please email us.
