Skip to main content
search
0

Our Commitment to Data Privacy and Security

At Savvas, we take protecting our customer information extremely seriously. It is one of our greatest priorities. We are deeply committed to earning and maintaining the trust of all the educational institutions, teachers, students, and parents who use our products and services.

Our Guiding Principles

  • We recognize that your personal data is just that: yours.
  • We value the privacy and sensitivity of your personal information.
  • With Savvas, data privacy and security is not an afterthought. It is by design.
  • We respect the integrity of the online learning experience, and we are committed to delivering a secure digital experience.
  • We are dedicated to providing the greatest overall security and privacy of your data

The Savvas DIFFERENCE

Ensuring our customers’ data remains protected is a 24/7 job. That is why Savvas has a fully dedicated Data Privacy and Security team whose sole job is to keep our customers’ data secure and our policies and practices in full regulatory compliance. The cross-functional team is composed of licensed and credentialed data privacy and security professionals, headed by both our Chief Information Security Officer and our Chief Privacy Officer. Our comprehensive data governance framework is frequently reviewed by a specially appointed Data Privacy and Security Steering Committee. We also partner with world-class security experts to provide additional safeguards.

How We Keep Your Data Secure

WHAT WE DO

  • We adhere to worldwide industry-recognized best practices and standards for data privacy and security to ensure student data remains safe.
  • We utilize the most advanced technical safeguards to ensure our customer data is secured and protected from unauthorized disclosure, access, and use.
  • We regularly monitor compliance and routinely perform periodic risk assessments of our security program to identify and eliminate any security vulnerabilities.
  • We remove students’ personally identifiable information so that the remaining information cannot be linked to an individual student.
  • We follow specific protocols for the deletion and retention of student data.
  • We utilize an infrastructure that runs on Amazon Web Services (AWS), an industry leader in cloud services and data security.

WHAT WE DON’T DO

  • We will NEVER sell your student data to third parties for any reason.
  • We will NEVER perform targeted advertising of your student users.
  • We will NEVER build marketing profiles of your student users.
  • We will NEVER claim ownership of your student data.

How We Safeguard Student Data Privacy

Savvas Is a Proud Signer of the Student Privacy Pledge

By signing on to the Student Privacy Pledge, Savvas commits to carrying out responsible stewardship and appropriate use of student personal information according to the commitments below and in adherence to all laws applicable to us as school service providers.

Savvas is a Proud Member of the Student Data Privacy Consortium

The Student Data Privacy Consortium (SDPC), a non-profit collaboration of schools, districts, government entities, and industry providers, is designed to address the real-world, multifaceted issues faced each day by privacy stewards in the protection of learner information.

Savvas is Proud to be Certified by Leading Organizations

Savvas is committed to advancing the privacy and security of student data and works hard to meet or exceed legal compliance requirements. Our compliance with the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the California Student Privacy Certification (CSPC) law has been demonstrated to and certified by the Internet Keep Safe Coalition (iKeepSafe), a leading organization trusted internationally that works to support the protection of student privacy while advancing learning in a digital culture. Savvas products are also certified by the TrustEd Apps Seal of Data Privacy program of the 1EdTech Consortium (formerly the IMS Global Learning Consortium), a non-profit community partnership of leading educational providers, government organizations, and edtech suppliers working together to enable better digital teaching and learning.

Savvas is Proud to be SOC 2 Certified for our Savvas Realize Platform

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 (System and Organization Controls 2) is a voluntary compliance standard for service organizations that specifies how organizations should manage customer data. The standard is based on the AICPA’s Trust Services Principles and Criteria for security, availability, processing integrity, confidentiality, and privacy.

Our Comprehensive Data Privacy and Security Program

We utilize a comprehensive data governance model that encompasses appropriate security and privacy principles to address all applicable statutory, regulatory, and contractual obligations based on industry standard security and privacy frameworks, chiefly ISO 27001 and National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our policies are reviewed and updated annually.

Security, Identity, and Compliance

Savvas performs due diligence on the information security practices and data privacy compliance of all sub-processors and requires each to commit to contractual requirements equivalent to those set forth in our own Privacy Policy, including, but not limited to, prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program. For a current list of authorized sub-processors we utilize in the delivery of our online services, view our list of sub-processors.

Supporting Our International Customers

Our products are designed and available for use by customers worldwide and comply with international data protection laws, including but not limited to, the General Data Protection Regulation (GDPR) and the Personal Information Protection and Electronic Documents Act (PIPEDA). Our customers’ data is stored and processed in secure data centers located in the continental United States and will be accessible by authorized employees, agents and contractors of the Company and its subsidiaries and authorized vendors. For those international customers whose data is governed by GDPR, you can learn more about our commitment to protecting your data and privacy by reviewing our GDPR Data Processing Agreement (DPA). If you are a customer or partner of Savvas and would like to have a signed copy of the Savvas GDPR DPA, please email us.