Today We Learned Privacy & Security Policy
Transition Ed Pty Ltd is the owner and operator of Today We Learned and all it's variations. Today We Learned and all it's variations will continue to be referred to as "Today We Learned' in this document.
Today We Learned is a system used by schools and their staff (“schools”) to send information to parents and carers in their community (“parents”). Both parents and schools are considered “users” of Today We Learned. Today We Learned collects information to register it's users to the app, as well as contact details of users to perform business management functions. Further to that, schools may also use tools that Today We Learned provides to share information with parents, and to collect information and responses from parents.
Type of project and stage of development
Today We Learned is a live, in use system. There are no future developments planned at this stage that will affect privacy, collection of information or use of information. The app will receive updates from time to time. If these will affect this privacy and security policy, 14 days notice will be given to all users before the change takes place.
The collection and storage of information
Today We Learned collects information from:
Users on the app: Users submit their information directly to Today We Learned, via the app registration screens. We collect and store First Name, Surname, Title, Email Address, Password and which schools they are associated with. Anonymous usage data is also collected about how each user interacts with the app.
Schools: We collect and store information about each school, including Organisation Name, Website, Phone Number, Location and Contact Person, as well as information about which users are associated with which schools. Schools can also enter information about students and parents to assist parents in creating accounts.
Parents: We collect and store information from parents about their children, including their First Name, Surname, year group, and classes which they are enrolled in.
Today We Learned stores, not collects, the following information on behalf of Schools:.
Information for schools about the behaviour of parents using the app, for example information about which updates they have viewed and interacted with.
Content generated by schools that is sent out to their parents.
Information about students, their age (or year group), gender, the classes they are enrolled in, and the parents who have access to updates concerning that child.
Disclosure of information
Users (Parents and School Staff):
Email address, a unique user ID, and a password hash are collected to authenticate users when logging in. The password is not stored in a retrievable, plain text format. Usage data describing how users interact with the app is also collected and stored to help us improve the service. This includes actions taken by the user but does not include specific content intended to be private. For example we will record that a teacher sent an update to a certain class and that it was emailed to a set of parents, but the content of the update will remain private. When a User on the app unsubscribes from a school, club or organization, their personal information (First Name and Surname) is removed from our database. An email address may be retained to prevent further emails from being sent in future.
The First Name and Surname of parents, and the details of the relationships they have with their students is recorded, stored and made available to schools that the parent has subscribed to. Information about which parents have viewed updates, and their interactions with them, is also made available to the school. The email address of the parent is also made available to school staff who wish to initiate further contact. These details may be seen by Today We Learned staff in the process of providing technical support and maintenance. No other information that Today We Learned collects or stores is shared, published or disclosed in any other way, or with any other party.
Parents of School Staff may enter details of students, including First Name, Surname, Year Group, details of which parents have a relationship with that student, and which classes that student is enrolled in. This is visible to parents of that student, and to all school staff. These details may be seen by Today We Learned staff in the process of providing technical support and maintenance. No other information that Today We Learned collects or stores is shared, published or disclosed in any other way, or with any other party.
The First Name, Surname and Title of school staff is made available to parents and other school staff. This is also shared with Today We Learned staff for the purpose of customer support and maintenance. Details of the classes they teach is disclosed to new users (usually parents) during the registration process. Staff email addresses are not shared publicly with parents. Information about staff interactions with the app are shared with Today We Learned staff.
The classes that the user has subscribed to. When a User on the app deletes their account, their personal information is removed from our database. An email address may be retained to prevent further emails from being sent in future.
The name, website, phone number and location of schools is treated as public information and is available to all users and visitors. Any other information collected about schools is not shared with or disclosed to anyone. Account holder details are only seen and used by trusted employees and contractors within our company. These employees have working with children police checks.
User generated content:
Content shared by schools and users is treated by Today We Learned as private to the school and stored by Today We Learned securely. It is shared only with the parents who have access to the relevant classes or groups, and with other staff at the school. The type of information collected and shared by the school is the responsibility of the school, and users should address privacy requirements with this school directly to understand how this school will be sharing and collecting information about students and parents.. Today We Learned staff and contractors do not view content shared by any school except for the purpose of providing support, training and system maintenance.
Why we collect and store this information
The email address, user ID and password are collected to allow us to verify a user when logging in. The user ID is used throughout the app to identify users and give appropriate permissions. The email address is also used to assist in the password reset process. Usage data is collected to provide Today We Learned with information to assist in the development of the app, and to provide appropriate information and content to users of the app.
The email address of parents is used to send content updates to parents and to contact parents with information about Today We Learned. Names of parents and students are used for school staff members to identify users. Information about how parents interact with the app is used to help teachers understand how parents are interacting with their updates, and to help Today We Learned staff provide relevant support and content.
The names of students are used to identify students to relevant staff and parents. The year group is used to provide age appropriate content to parents and staff.
The email address of school staff is used to send account updates and information about Today We Learned. Names of teachers are used to identify teachers to parents, and may be seen during the signup process by people who are not verified to be parents at the school. Information about how teachers interact with the app is shared with Today We Learned staff for the purpose of providing appropriate support and content.
The details of the school are collected to enable users to search for, identify and differentiate between different schools, especially if different schools have similar names. Account holder details are used to provide customer support.
User Generated Content:
The user generated content, generally created by school staff members to be shared with parents, is stored on our servers so that it can be retrieved and shared as required.
Access to correction and deletion of information
To make changes to any details provided to Today We Learned the user can use our “account” menu in the Today We Learned app. Email addresses can be changed by requesting assistance from the Today We Learned customer service team.
A user can delete their account at any time by contacting the Today We Learned customer service team. All record of that user is removed from the Today We Learned database. An email address may be retained to prevent further emails from being sent in future.
If a school does not want their information to be kept on Today We Learned records, they may request all information to be removed and deleted. This will be completed within 7 working days.
If the account holder finds they require assistance administering the account, or requires account configuration changes, they will be required to provide Today We Learned with their username and permission to access their account and all their content so that help can be provided.
User generated content:
Content submitted by users of the app is stored in the condition it was originally submitted in. Schools are able to modify or delete existing content, but if this content has been distributed to users it will not be able to be retracted.
Deleting the stored information is the responsibility of the account holder.
How secure is your information, and where is it stored?
All data transferred via the mobile application or website is encrypted using HTTPS and SSL keys signed by Geotrust.
The Today We Learned servers are managed by Rackspace Hosting Australia, which is where your information is stored.
Established in 1998 and located in Texas, United States, Rackspace offer hosting and cloud services on 4 continents and power websites and apps for more than 300,000 customers.
Today We Learned uses Rackspace’s “Managed Cloud” service where Rackspace technicians pro-actively monitor our services and provide security updates. Rackspace offers contracts under New South Wales law, including any applicable Australian privacy laws. Physical access to Rackspace’s Australian data centre space is limited only to Rackspace DCOps technicians, who are onsite 24x7x365. Rackspace does not own, control or voluntarily share customers’ data.
Today We Learned systems are not PCI compliant as we do not collect or store any financial information.