Privacy Policy
At Gooru (“Gooru“, “our” “us” or “we” ), we believe that education is a human right. We are the owners of the website http://www.gooru.org (“Website”) and have developed an application (“App”) that provides a hybrid learning environment known as the “Learning Navigator”. The Website and App shall together be referred to as the platform (“Platform”). Learning Navigator helps conducting and availing online classrooms and training activities, creating and availing assessments, using navigated learning tools, managing and distributing content, including Gooru Content and accessing all related services that are offered by us on the Platform (“Services”).
We respect data privacy rights and are committed to protecting Personally Identifiable Information collected on the Platform. This privacy policy (“Privacy Policy”) sets forth how we collect, use and protect the Personally Identifiable Information collected on the Platform.
PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CLICKING “I AGREE” OR BY CONTINUING TO USE THE SERVICES, USER AGREES TO THIS PRIVACY POLICY. IF USER DOES NOT AGREE TO THIS PRIVACY POLICY, USER MAY NOT AVAIL THE SERVICES OR ACCESS THE PLATFORM.
IF YOU ARE USING THE SERVICES OR ACCESSING THE PLATFORM ON BEHALF OF A THIRD PARTY YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO USE AND AVAIL SERVICES OR ACCESS THE PLATFORM AND TO BIND SUCH THIRD-PARTY TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND, IN SUCH AN EVENT YOUR USE OF THE SERVICES OR THE PLATFORM SHALL REFER TO USE BY SUCH THIRD PARTY. IF YOU DO NOT HAVE SUCH AN AUTHORITY (TO PROVIDE ANY PERSONAL INFORMATION OF A THIRD PARTY) OR DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, THEN YOU SHOULD REFRAIN FROM USING THE SERVICES.
This Privacy Policy is an electronic record in the form of an electronic contract being compliant and construed in accordance with the data protection laws of various jurisdiction such as Indian Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Information Technology Act 2000 (“Privacy Rules”) that require publishing of privacy policy for collection, use, storage and transfer of sensitive personal data or information, European Union(“EU”), and General Data Protection Regulation (“the GDPR”).
By continuing to access the Platform, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you may not access the Platform.
Capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms of Use.
1. Definitions
A. “User(s)”, “you” or “your” or “instructor” or “learner” or “researcher” or “parents” or “guardians” or “mentors” “schools” or “organizations” or “individuals” or “administrator” – means any individual, instructor, teacher, learner, student, school, administrator of school district, organization or any permitted users that use the Platform to avail the Services and access the Gooru Content.
B. “User Content” – means all data and materials provided by the User to the Platform for creating e-learning courses, navigated learning, and used in connection with the Services, including, without limitation, learning modules, data files, audio files, video files, graphics, questions, resources, learning collections, assessments and courses, and associated metadata fields, which are descriptive and provide additional context on the use of such User content or other materials added by the User.
C. “Gooru Content” – means all the data and materials including but not limited to learning modules, data files, audio files, questions, resources, collections, assessments and courses, and associated metadata fields, belonging to us, which provide additional context on the use of such Gooru content which has been shared or uploaded on the Platform or has been provided to the User in furtherance of our Services, as the case may be.
2. Information and Data Collection and Use by Gooru
As a nonprofit education technology company, our goal is to collect only the information about our Users required for their use of our Platform and Services. The information obtained from Users includes Personally Identifiable Information, Non-Identifying Information, and system computed data.
A. Personally Identifiable Information
What is Personally Identifiable Information?
When you register to create an account on the Platform (“Account”), would like to get in touch with us through the contact us page or sign up for our newsletter, we will ask you for Personally Identifiable Information as those terms are defined under the Family Educational Rights and Privacy Act of 1974 (codified as 20 U.S.C. § 1232g) (“FERPA”), which includes your name, email address, username and password, and date of birth (“Personally Identifiable Information”). Basically, it means any information about you that can be used to contact or uniquely identify you in the system.
B. Social Media Platform
If you wish to subscribe to our blog, contact us through social media platforms such as LinkedIn, Facebook, Twitter etc. (“Social Media”), or share any content from our Platform using the Social Media widgets available on our Platform, we may get access to your personal information on such Social Media (such as your name, company name, email id, and phone). Rest assured that such information shall be used/ accessed/ maintained by us in accordance with the terms of this Privacy Policy.
C. Accuracy of Information
User undertakes that he shall be solely responsible for the accuracy, correctness, or truthfulness of the Personally Identifiable Information and User Content shared or uploaded on the Platform, whether of its own or any third party. In the event the User is sharing any Personally Identifiable Information or User Content on behalf of a third person, the User represents and warrants that he has the necessary authority to share or upload such Personally Identifiable Information or User Content on the Platform, We shall not be responsible for verifying the same.
As per the provisions of the GDPR we shall be considered as the controllers of the aforementioned Personally Identifiable Information provided on the Website by visitors through contact us, and the processors for Personally Identifiable Information including User Content provided by Users on the Platform to avail our Services.
D. How We Use Your Personally Identifiable Information:
We use your Personally Identifiable Information for the following purposes
-
- validate User’s eligibility to use our Services;
- to inform User about our Services and to respond to User’s requests;
- for creation or development of business intelligence or data analytics in relation to the Services provided by us (for this purpose we may share the Personally Identifiable Information with certain software or tools available online);
- contact User with notifications or newsletters that may be of interest to User, if the User wishes not to receive such communication from us, kindly email your request at support@gooru.org; if you are identified as a student we will not send newsletters;
- to improve the Platform, Services, features, and generate reports;
- administer User’s use;
- to maintain and manage User Accounts;
- to assist User in case of technical difficulties that may arise in relation to User’s use and access of the Platform or Services;
- to manage our relationship with User;
- for internal record keeping;
- to comply with our legal or statutory obligations.
Legal Basis (for people from the EU): We will not process your Personally Identifiable Information without a lawful basis to do so. We will process your Personally Identifiable Information only on the legal basis of consent [as provided in Art. 6 (1) (a) of the GDPR], contract [as provided in Art. 6 (1) (b) of the GDPR], or on the basis of our legitimate interests [as provided in Art. 6 (1) (f) of the GDPR], provided that such interests are not overridden by your privacy rights and interests.
E. Non-Identifying Information
What is Non-Identifying Information?
We collect information that you provide or is generated in connection with your use of the Platform and the Services (e.g., without limitation, search terms entered, pages viewed, and school network information) (“Non-Identifying Information“). Certain Non-Identifying Information might be considered a part of your Personally Identifiable Information if it were combined with other identifiers (for example, combining your IP address with your school network information) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences).
Google Analytics-This Website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, text files that are stored on your computer and enable analysis of your use of the Website. The information generated by the cookies about your use of this Website are usually transferred to a server of Google in the US and stored there. In case of activation of IP anonymization on this Website your IP address from Google will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the US and shortened there. You can refuse the use of cookies by selecting the appropriate settings on your browser software. You can also prevent the data generated by the cookie and related to your use of the website to Google and the processing of these data by Google, by selecting the in the following link (https(including your IP address) ://Download tools.google.com/dlpage/gaoptout/) available browser plug-in and install it.
How We Use Non-Identifying Information
We may combine your Non-Identifying Information including system computed data with Personally Identifiable Information and aggregate it with information collected from other Users to provide you with a better experience, to improve the quality and value of the Services and to analyze and understand how our Website Services are used. We may also share your Non-Identifying Information in the manner described in Section 3 below.
F. Data Collection
Gooru collects data, including Student Data, regarding each User’s usage and activities performed using the Services. The usage data that Gooru collects includes time spent studying the collection or resources, User reactions for each resource, and User’s performance on assessments. “Student Data” means information a student provides or generates through the student’s use of the Platform or Services including, but not limited to, number of views, time spent on a particular collection, student reactions to a resource and student attempts in answering questions in a collection.
How We Use Collected Data
Through the use of data analytics, the science of learning and AI/ML algorithms, we analyze data to generate reports from which Users can obtain real-time feedback on User activity and subject matter proficiency, as well as recommendations that will customize the User experience. The tools Gooru provides to Users allow students and their teachers with whom Student Data is shared to use the data to visualize student progress and personalize their learning. Data also may be shared in the manner discussed in Section 3 and 4 below.
G. Log Data
What is Log Data?
When you visit the Website or use the Service, whether you have signed-in or are just browsing the Website, our servers automatically record information that your browser sends whenever you visit a website (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol (“IP“) address, browser type or the webpage you were visiting before you came to our Website, pages of our Website and Services that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
How We Use Log Data
We use Log Data to monitor and analyze use of the Website and Services, technical administration of Website and Services, to increase our Website Service functionality and user-friendliness, and to better tailor it to our Users needs. We do not treat Log Data as Personally Identifiable Information or use it in association with other Personal Identifiable Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other Non-Identifying Information.
H. Cookies
What are Cookies?
Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes.
What do we use Cookies for?
We use cookies for two purposes. First, we utilize persistent cookies to save your registration ID for future logins to the Website. Second, we utilize session ID cookies to enable certain features of the Website, to better understand how you interact with the Website and to monitor aggregate usage and web traffic routing on the Website. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Website and then close your browser. Third parties providing services on Gooru’s behalf may also place or read cookies on your browser.
I. How Does Gooru Respond to Do-Not-Track Signals
Many web browsers such as Chrome, Mozilla Firefox and Internet Explorer give users the ability to disable, reject, or turn off cookies and other tracking technologies. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Website or all functionality of the Services.
J. Phishing
Identity theft and the practice currently known as “phishing” are of great concern to Gooru. Safeguarding information to help protect you from identity theft is a top priority. We do not and will not, at any time, request your identification in a non-secure or unsolicited e-mail or telephone communication. For more information about phishing, visit the Federal Trade Commission’s website.
3. Information Sharing and Disclosure
A. Aggregate Information and Non-Identifying Information
We may share aggregated information that does not include Personally Identifiable Information and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis and other purposes. Any aggregated information shared in these contexts will not contain your Personally Identifiable Information. If you access the Platform or the Services via a third party, that third party may have provided us with Personally Identifiable Information about you. In such instances we may share Non-Identifying Information that we collect about you with the third party.
B. Affiliates
We may provide your Personally Identifiable Information to our affiliates to enable them to promote and develop the Services and respond to User’s requests for information or the Services.
C. Administrators
We may provide access to your Personally Identifiable Information to any of our authorized administrators for an internal business purpose, who shall be under confidentiality obligations towards the same.
D. Service Providers
We may employ third party companies and individuals to facilitate and host the Services on our behalf, to perform Platform-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website’s/App features) or to assist us in analyzing how our Website/App and the Services are used. These third parties have access to your Personally Identifiable Information only to perform these tasks on our behalf. Gooru will endeavor to ensure all third party service providers are obligated not to disclose or use your Personally Identifiable Information for any other purpose.
E. Business Transfers
Gooru may transfer, assign or otherwise share some or all of your Personally Identifiable Information in connection with a merger, acquisition, or reorganization, in which the new owners intend to operate the Service as a going concern, and will use its reasonable efforts to ensure that the new owner handles Personally Identifiable Information with privacy standards no less stringent than employed by Gooru.
4. Anonymized data
We may also use Non-Identifying Information collected to create aggregate anonymized data. We shall ensure that such anonymized data will not be directly identifiable to you or to the Personally Identifiable Information shared with us. We may use this anonymized data for any purpose including but not limited to conduct research, analytical purposes, and to improve our Services. By using the Privacy Policy, you provide us the right to use Non-Identifying Information to create anonymized data and use it for the purposes mentioned herein.
5. Changing or Deleting Your Information and Data
All Users may delete the Personally Identifiable Information the User has provided by contacting us. If you would like us to rectify or modify any such Personally Identifiable Information, delete your Account in our system, please contact us at support@gooru.org with a request that we delete, rectify or modify your Personally Identifiable Information from our database. Gooru also allows its Users to delete comments and collections created, upon request. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records and Personally Identifiable Information as required by law or for legitimate business purposes, including the resolution of disputes. Generally, it may take up to six (6) months to delete your Personally Identifiable Data after we receive a request. Please note that there might be some latency in erasing Data from our servers, including archival or backed-up recovery copies.
6. International Transfer
Your Personally Identifiable Information may be transferred and maintained on computers located outside of the state, province, country or other governmental jurisdiction where you reside, and where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide Personally Identifiable Information to us, this serves as notice that Gooru transfers your Personally Identifiable Information to the United States and processes it there. Your use of the Services constitutes your consent to Gooru’s Privacy Policy and your agreement to the transfer of your Personally Identifiable Information to the United States and the application of its privacy laws.
The Personally Identifiable Information we collect (of EU residents) might be processed outside the EU at a secure center located in N California and N Virginia in USA. We collect and transfer Personally Identifiable Information outside the EU in accordance with EU data protection laws. We will ensure that any such transfers of Personally Identifiable Information (outside the EU) will be in accordance with the GDPR. If you have questions, please contact at legal@gooru.org.
7. Links to Other Sites
Our Website contains links to other websites. If you choose to click on a third party link, you will be directed to that third party’s website. The fact the link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer or collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
8. Children’s Privacy
We understand how important privacy is to you, which is why we are committed to creating a safe and secure environment that children of all ages can enjoy when learning.
A. Collection of Children’s Personal Information
We do not collect information about children unless they successfully register for an Account. When registering for an Account, the child will be directly asked for his or her date of birth (to determine age). Children under the age of 13 (“Child User”) are not allowed to create an Account with Gooru or share any other information. To create an Account, a child needs to be over 13 years old, and register with their first and last names and their email address. Notwithstanding the foregoing if you are a student of a school district, an Account can be created by your parents or by school district which is the User of the Platform, an Account can be created by your parents or by the school district with your parents’ consent. Any information pertaining to children including their Personally Identifiable Information received by Gooru from the school district or parents shall be used for providing the Services and not for any commercial use.
B. Parental Notification and Consent
If a parent or guardian learns that their child is using Gooru without their consent, or a parent or guardian consents to their child’s use of the Gooru Service and later decides to revoke his or her consent, the child’s information and Account can be deleted or deactivated by emailing a request to support@gooru.org.
9. Limitation of liability
YOU EXPRESSLY UNDERSTAND AND AGREE THAT THE WE SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, INFORMATION, DETAILS OR OTHER INTANGIBLE LOSSES (EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), ARISING OUT OF OR IN CONNECTION WITH THIS PRIVACY POLICY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GOORU ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY BREACH OF THIS PRIVACY POLICY. THE DISCLAIMERS, EXCLUSIONS, AND LIMITATIONS OF LIABILITY UNDER THIS PRIVACY POLICY WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW. THE FOREGOING LIMITATION OF LIABILITY SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY HEREIN.NOTHING IN THIS PRIVACY POLICY SHALL LIMIT OR EXTEND OUR LIABILITY THAT CANNOT BE EXCLUDED OR LIMITED BY LAW.
10. Indemnification
You agree to indemnify us, our subsidiaries, affiliates, officers, agents and employees (each, an “Indemnified Party”) and hold the Indemnified Party harmless from and against any claims and demand, including reasonable attorneys’ fees, made by any third party due to or arising out of or relating to: (i) accuracy and correctness of Personally Identifiable Information and User Content that you submit or share through the Platform; (ii) your violation of this Privacy Policy and applicable laws including but not limited to COPPA or FERPA, (iii) or your violation of rights of another User.
11. Ongoing Privacy Compliance Efforts
Privacy is a top priority at Gooru. We stay updated with privacy laws and best practices within education. For example, we continually review the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) which is the “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of Student Data.
School districts are authorized to share student data including education records (“Students Records”) with Gooru through the Family Educational Rights and Privacy Act (FERPA) School Official exception which enables school districts to share education records with a third party provider when performing a service or function for the District which it would otherwise use its own employees. Gooru may access Students Records to provide the Services, School districts owns such Students Records and shall be responsible for sharing Students Records with Gooru. For more information on student privacy and FERPA, please visit Privacy Technical Assistance Center at ptac.ed.gov.
To the extent student data containing Personally Identifiable Information is provided or created by an employee or agent of a school, school district, local education agency, or county office of education, Gooru will comply with any request by the school, school district, local education agency, or county office of education, to delete the Student Records, to the extent required by applicable law.
We do not disclose Student Records for targeted advertising purposes.
We maintain a comprehensive data security program designed to protect the types of Student Records.
We will never sell Student Records unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honour the terms provided in this Privacy Policy or we will provide the school with notice and an opportunity to opt-out of the transfer of Student Records by deleting the Student Records before the transfer occurs.
We will not make any material changes to our Privacy Policy or contractual agreements that relate to the collection or use of Student Records without first giving notice to the school and providing a choice before the Student Records are used in a materially different manner than was disclosed when the information was collected.
We will not knowingly retain Student Records beyond the time period required to provide the Services or unless authorized by a school, student or parent.
12. Compliance with Laws and Law Enforcement
Gooru cooperates with government and law enforcement officials and private parties to enforce and comply with the law. Notwithstanding Gooru’s Privacy Policy and commitment to its data security principles, Gooru reserves the right to disclose any information about you, including your Personally Identifiable Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Gooru, other users, or third parties, to protect the safety of the public or any person, or to prevent or stop activity we consider to be, or to pose a risk of being, illegal, unethical or legally actionable, including without limitation violation of US Copyright Laws. In some instances, Gooru may share your Personally Identifiable Information in response to legal or judicial process, including warrants and subpoenas that Gooru in good faith believes to be validly issued and enforceable, without prior notice to you.
13. Security Measures
Gooru values your Personally Identifiable Information and data, and protects it against loss, misuse or alteration by developing and implementing security measures, that include internal policies, processes and technological solutions.
A. Technology Solutions: Gooru uses Secure Socket Layer (SSL) encryption, a standard security technology to establish an encrypted link between our servers and our Users. SSL allows Users to securely transmit sensitive information like login credentials. Data is also replicated, to ensure that in the event of hardware failures, data can be restored. We update these measures as new technology becomes available.
B. Processes: Gooru requires password protected access as the first layer of security. It is important that Users select strong passwords, and not share their password with others. In the event your password is lost or forgotten, we use identification verification procedures to ensure that you and only you have renewed access to your Account.
C. Policies: Gooru restricts the access of employees to its data servers. Access authorization is tracked and regulated to ensure only currently authorized personnel can access its servers. Those authorized to access the servers are trained on security measures and to identify breaches of security or vulnerabilities in Gooru’s security measures. Training is refreshed every year.
D. In the Event of Breach: No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personally Identifiable Information, we cannot guarantee its absolute security. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement, or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Although Gooru provides appropriate firewalls, procedures and protections, Gooru cannot warrant the security of any Personally Identifiable Information transmitted as our systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, and technical issues possible and we assume no liability or responsibility for data breaches or loss as a result of such actions.
14. Governing Laws and Dispute Resolution
This Privacy Policy shall be construed and governed by the laws of the State of California, without respect to its conflict of laws principles. The application of the United Nations Convention on Contracts for the International Sale of Goods does not apply. You agree to submit to the personal jurisdiction of the federal and state courts located in San Mateo County, California for any actions related to this Privacy Policy. Any dispute arising between you and us shall be settled by and through an arbitration proceeding to be administered by the American Arbitration Association in the state of California, in accordance with the American Arbitration Association’s Commercial Arbitration Rules.
For any EU residents, this Privacy Policy shall be governed by the provisions of the GDPR.
15. Changes to the Privacy Policy
Gooru may modify or update this Privacy Policy from time to time so you should review this page periodically. If we change the policy in a material manner, for example if we seek to use personal information in a materially different way than we had previously, we will provide at least 30 days notice to the Schools so that you have sufficient time to evaluate the change in practice. Of course, you can always opt-out by deleting your account before the changes take effect.
This privacy policy was last modified on April 2, 2020. Effective Date: April 3, 2020
16. Contacting Us
If you have any questions, concerns, grievances, about the Gooru Privacy Policy, please contact us at:
Gooru C/o: Prasad Ram
350 Twin Dolphin Drive, Suite 115
Redwood City, CA 94065
650-331-0219