ClassLink is committed to ensuring that your information is secure and your privacy is protected. The information below outlines our privacy and security policies. Additional information is contained in our software license and service level agreements. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we store. Learn more about our security protocols.
ClassLink is a signatory to the Student Privacy Pledge and abides by the commitments therein as follows:
ClassLink is a member of the Student Data Privacy Consortium (SDPC).
The Student Data Privacy Consortium is:
A SOC 2 Type II audit provides evidence that a company has a strong commitment to deliver high quality services to its clients by demonstrating they have the necessary internal controls and processes in place.
ClassLink has successfully completed a SOC 2 Type II audit which was performed by the licensed CPA firm KirkpatrickPrice. The SOC 2 audit is based on the AICPA's Trust Services Criteria, and focuses on ClassLink's controls as they relate to security, availability, and confidentiality. A successful SOC 2 audit assures our customers of their reliance on ClassLink's controls to protect their data.
Nearly all countries have laws that protect personal data privacy. Some countries require that personal data be stored exclusively on servers located in-country. Further, some countries limit the transfer of personal data outside of their jurisdiction.
ClassLink software and systems are designed to comply with these various regulations as follows:
GDPR is the newest body of regulation regarding the handling of personal data for citizens of the European Union (EU). The primary objective of the GDPR is to give citizens control of their personal data. Select ClassLink products are compliant with the EU General Data Protection Regulation.
GDPR includes 11 chapters and nearly 100 articles. Below are some of the most relevant articles.
In July, 2016, the Privacy Shield framework was designed by the U.S. Department of Commerce, the European Commission, and the Swiss Administration to help companies comply with data protection requirements of the EU and Switzerland.
ClassLink participates in the EU Privacy Shield. A list of participating organizations is available at www.privacyshield.gov/list.
On July 16, 2020, the Court of Justice of the European Union, invalidated the privacy shield as a substitute for compliance with the General Data Protection Regulation (GDPR). Privacy Shield continues to be in effect for Switzerland. A key factor contributing to the invalidation was the permissible transfer of personal data from the EU to the US under certain circumstances. ClassLink customers are always in control over the storage and transmission of their personal data. ClassLink software and system processes can only transmit personal data with the express instruction of the customer.
ClassLink continues to participate in Privacy Shield and adhere to its guiding principles for the benefit of our customers in Switzerland.
ClassLink conforms to the Privacy Shield Principles as follows:
ClassLink provides contact information on its website for inquiries or complaints regarding compliance with the Privacy Shield. The ClassLink contact web page is classlink.com/contact.
ClassLink participates in the Independent Recourse Mechanism (IRM) provided by the European Union Dispute Resolution Procedures (EU DPAs) for Privacy Shield dispute resolution.
ClassLink is subject to the investigatory and enforcement powers of the Federal Trade Commission or the appropriate statutory body that will ensure compliance with the Privacy Shield Principles.
ClassLink recognizes the possibility for an individual to invoke binding arbitration pursuant to the Privacy Shield.
Web Content Accessibility Guidelines
ClassLink complies with the web content accessibility guidelines of WCAG 2.1 Level AA as accepted by Section 508 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA).
ClassLink is proud to hold the Cloud Security Alliance (CSA) STAR. CSA enables solution providers to validate their cloud security and offer proof to current and future customers of the controls in place. The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix. Certification certificates follow normal ISO/IEC27001 protocol and expire after three years unless updated.
The Children’s Internet Protection Act (CIPA) requires schools and libraries receiving certain e-Rate benefits from the Federal Communications Commission (FCC) to adhere to policies that provide safe internet experiences for minors. These include policies related to:
Although ClassLink does not itself prevent access to inappropriate websites, that burden belongs to the school or library, ClassLink can help create an intentional internet experience for young students by enabling instant access to positive online resources from any device.
ClassLink is compliant with the regulations put forth by the Children’s Online Privacy Protection Act (COPPA). ClassLink maintains and protects only that information which enables users to operate ClassLink services.
ClassLink is iKeepSafe Certified: The iKeepSafe COPPA Safe Harbor Certification program ensures that practices surrounding collection, use, maintenance and disclosure of personal information from children under the age of 13 are consistent with principles and requirements of the Children’s Online Privacy Protection Act (COPPA). Companies that comply with the guidelines are awarded a badge, making it easy for parents and schools to identify products that are compliant with COPPA.
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA sets forth protocols for ensuring privacy and security of personally identifiable information of students. ClassLink adheres to the data protection protocols set forth in FERPA.
ClassLink is iKeepSafe Certified: The iKeepSafe FERPA Certification demonstrates compliance with the federal mandates as well as iKeepSafe’s rigorous guidelines through the published Product Profile.
The CSPC builds on iKeepSafe’s FERPA Assessment and COPPA Safe Harbor, which help educators and parents find products that meet the expectations of federal privacy laws. This certification is recommended for operators and providers of websites and online services that are, whole or in part, intended for use in and by schools. Earning the iKeepSafe CSPC asserts that your technology company is a leader in student privacy.
The certification assesses for federal and California laws governing student data privacy, including:
ClassLink provides contact information on its website for inquiries or complaints regarding compliance with the Privacy Shield. The ClassLink contact web page is classlink.com/contact.
In addition to the above guiding principles on personal data:
ClassLink is compliant with the regulations put forth by the Colorado Department of Education. Effective August 10, 2016, the Student Data Transparency and Security Act (PDF) (HB16-1423; C.R.S.22-16-101 et seq.), brought statewide attention to Student Data Privacy. The purpose of this Law is to increase the transparency and security of all Student Personally Identifiable Information (Student PII) that the Colorado Department of Education (CDE) and Local Education Providers (LEPs) collect and maintain. The Law aims to maximize trust in the use of student data in the elementary and secondary education system, by having vendors contracting with schools or educational agencies in Colorado contractually agree to comply with certain requirements if they are to collect information from students.
ClassLink is compliant with the regulations put forth by § 10-234aa through § 10-234dd, An Act Concerning Student Data Privacy.
In addition to the above guiding principles on personal data:
ClassLink is compliant with the regulations put forth by Fla. Stat. § 1002.22, Education records and reports of K-12 students; rights of parents and students; notification; penalty (§1002.22); and Fla. Stat. § 1002.222, Limitations on collection of information and disclosure of confidential and exempt student records (§1002.222).
In addition to the above guiding principles on personal data:
ClassLink is compliant with the regulations put forth by the Education Law §2-d and the Personal Privacy Protection Law (PPPL), Article 6-A of the Public Officers Law.
In addition to the above guiding principles on personal data:
ClassLink is compliant with the regulations put forth for third-party contractors by Title 53E-9-309. This legislation requires schools to include student data privacy provisions in all third-party agreements that receive student personally identifiable information (PII). ClassLink contracts with educational agencies in Utah are governed by and construed in accordance with the laws of the State of Utah. Additionally, educational agencies in the United States are serviced by ClassLink servers and database infrastructure that are based in the United States.
This program adds an extra layer of security to user accounts by utilizing SMS-based verification codes. Messages sent through our SMS program are limited to phone number verification codes, MFA verification codes and password recovery codes.
Our SMS verification program strictly prohibits the transmission of any promotional material. The individual enrolled in this program determines the frequency of SMS messages when they initiate actions such as MFA authentication, phone number verification, or password reset via SMS. Please note there will only be one message per request.
To learn more about the options available for ClassLink MFA, visit classlink.com/mfa.
If you have any questions regarding privacy, please read our privacy policy at classlink.com/privacy.
Our ClassLink system and company website contain links to other websites. Once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Cookies are small data files sent by a website’s server to a web browser, processor memory or hard drive and stored there. They can be used for a range of different purposes, such as customizing a website for a particular user, helping a user navigate a website, improving that user’s website experience, and storing that user’s preferences and login information.
Types of cookies we use:
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Please use our Privacy Manager to set your preferred cookie settings. This may prevent you from taking full advantage of the website.