Compliance

Recent Updates – June 2023:

  • We are WCAG2.1 Level AA compliant and continually strive to exceed these standards. See the Accessibility section below for more information.
  • We have completed our second round of VAPT Audit in May 2023
  • We are SOC2 compliant and are currently engaged with an auditor to complete an external SOC2 Type 2 audit by the end of December 2023
Learn more about Navigator

Gooru Navigator Compliance

Gooru Navigator is compliant with important federal and state regulations designed to safeguard data. We are committed to being a trusted partner to help schools, institutions, and learning providers meet their compliance obligations under applicable laws. 

Our mission is based on the belief that education is a human right. This core belief translates to an incredibly high bar that we set when it comes to privacy, security, accessibility, ownership of data, and interoperability of systems. 

In these endeavors, our aim is not compliance for its own sake, but rather to further our mission to provide the best education to anyone, no matter who the learners are, where they live, what technology they have available, and what differing abilities they may have. All the while ensuring that the rich data that is required to support a truly personalized learning experience is kept private and safe.

IMS Global Certificate
GDPR Compliant Image

Privacy

Overview

Learning is highly personal, and adaptive learning applications require an ever-deeper understanding of the learner to provide the required personalization. These same tools and data that can personalize learning can be nefariously used in other applications too, most easily within advertising, where a knowledge of the best way to introduce new ideas to an individual is highly sought after. At Gooru we recognize these risks and have chosen to address them by setting an incredibly high bar when it comes to data privacy and ownership. In short, you, as a learner, own and have full control of your data.

The Bar We Have Set

  1. You own your data
  2. You have full control over what data you choose to share, for how long, and with whom.
  3. You have the right to be forgotten

Detailed Compliance Information

  • Learners and Institutions own their data. All data that is generated in the tenancy of an institution is owned by the institution. Learners’ proficiency, portfolio, preferences, and their metrics such as grit, perseverance, motivation, etc. are owned by the learners
  • Users and Institutions grant permission to Gooru to use the data generated by the users in their tenancy  to curate content and to personalize pathways and make reroute recommendations for the learners
  • Gooru adheres to GDPR compliance requirements. 
  • Gooru Navigator provides the users the ability to determine how their data is managed within Navigator, determine who has access to their data, and request deletion of data (“right to be forgotten”).
  • Gooru adheres to privacy requirements defined under FERPA and COPPA. As per FERPA School Official exception, school districts are authorized to share student data with Gooru
  • Gooru Navigator requires minimal data about learners that are deemed Personally Identifiable Information. Navigator requires only First Name, Last Name, Email id, and Year of birth at the time of sign-in, and only First Name, Last Name and a reference id for the user via roster sync with institutions’ SIS
  • We do not use or disclose learner data collected through Gooru Navigator for behavioral targeting of advertisements to learners.
  • We require that our vendors and service providers are bound through a written contract to maintain the same level of privacy protections as we do in our agreements
  • Gooru is IMS Global’s TrustEd certified.

Read Goorus privacy policy here: https://gooru.org/about/privacy-policy/

Security

Overview

Gooru implements robust access control, authentication, data integrity, and content protection both in the hosting infrastructure of its applications and also within the application. Gooru adheres to the highest industry standards in maintaining the security of data both at rest and in transit.

The Bar We Have Set

  1. We will follow best practices to ensure security 
  2. We will adhere to the highest industry standards
  3. We will design and develop with security in mind

Detailed Information

  • Gooru is SOC2 compliant for its data security. SOC2 Type 2 external audit will be completed by December 2023
  • Confidentiality—only individuals with authorization can access data and information assets.
  • Integrity—data systems are kept intact, accurate, and complete, IT systems are kept operational.
  • Gooru Navigator supports 99.9% availability.

Accessibility

Overview

Gooru’s mission is to support the human right to education. With that mission, Gooru Navigator is designed to support life-long learning for all types of learners including users with various accessibility needs. Our goal is to develop a tool that anyone, no matter their ability, to be able to locate themselves and find a path to any learning destination. While we don’t have control of the content being used, we do track the accessibility of content so that if a learner does require it we are able to provide the most suitable content that is available.  

The Bar We Have Set

  1. Provide a WCAG2.1 level AA / Section 508 compliant Navigator tool
  2. Assess content for accessibility and always promote the most suitable content
  3. To create incentive mechanisms for content creators to generate accessible content.

Detailed Information

Gooru Navigator, as a platform currently is WCAG Level A and Level AA compliant. Here are the specific compliance measures we meet: 

  • 1.1.1 – Non-text Content
 Level A
  • 1.3.1 – Info and Relationships
 Level A
  • 1.3.2 – Meaningful Sequence
 Level A
  • 1.3.3 – Sensory Characteristics
 Level A
Level A
Level A
Level A
Level A
  • 2.2.1 – Timing Adjustable
 Level A
  • 2.2.2 – Pause, Stop, Hide
 Level A
  • 2.3.1 – Three Flashes or Below Threshold
 Level A
  • 2.4.1 – Bypass Blocks
 Level A
Level A
Level A
  • 2.4.4 – Link Purpose (In Context)
 Level A
Level A
Level A
Level A
  • 3.2.2 – On Input
 Level A
  • 3.3.1 – Error Identification
 Level A
  • 3.3.2 – Labels or Instructions
 Level A
Level A
  • 4.1.2 – Name, Role, Value
 Level A
Level AA
  • 1.3.5 – Identify Input Purpose
 Level AA
  • 1.4.3 – Contrast (Minimum)
 Level AA
  • 1.4.4 – Resize Text
 Level AA
Level AA
Level AA
  • 1.4.11 – Non-Text Contrast
 Level AA
  • 1.4.12 – Text Spacing
 Level AA
  • 1.4.13 – Content on Hover or Focus
 Level AA
Level AA
  • 2.4.6 – Headings and Labels
 Level AA
  • 3.1.2 – Language of Parts
 Level AA
  • 3.2.3 – Consistent Navigation
 Level AA
  • 3.2.4 – Consistent Identification
 Level AA
  • 3.3.3 – Error Suggestion
 Level AA
  • 3.3.4- Error Prevention (Legal, Financial, Data)
 Level AA
  • 1.4.6 – Contrast (Enhanced)
 Level AAA

 

Content Accessibility

Gooru does not create content itself, but Gooru Navigator includes tools to support any content that addresses accessibility needs

Data Ownership

Overview

Learners and Institutions own their data. Gooru Navigator aggregates data from the tools that schools, districts, and institutions already use to build a Data Lake. The data in Data Lake is owned by the school or district.

The Bar We Have Set

  1. You own your data
  2. You have full control over what data you choose to share, for how long, and to whom.
  3. You have the right to be forgotten

Detailed Information

  • All data that is generated in the tenancy of an institution is owned by the institution. Learners’ proficiency, portfolio, preferences, and metrics such as grit, perseverance, motivation, etc. are owned by the learners. 
  • Users and Institutions grant permission to Gooru to use the data generated by the users in their tenancy  to curate content and to personalize pathways and make reroute recommendations for the learners

Learn more about Navigator