Runestone Academy Privacy Policy
Plain English
Runestone Academy has an educational mission. In this paragraph we provide our
plain English view of your privacy and how we use your data when you visit our
website (https://runstone.academy, the “Website”) to register your school or
class as a user, when you register as a student of a school or class or access or
use our educational services. The books and course materials we provide (the
“Service”) are free-of-charge and in an open source format. They are for
educational purposes only. As part of the Service or the Website we do collect
usage data to help us better understand how you learn and how you use the Service
and the Website . Because the Services may be used as a part of your formal
education we need to collect some identifying information so that you can save
and retrieve your work, and so that your instructor can register for the Service
and assess your progress, grade, and give you feedback.
We may use the data we collect to make decisions about revisions to the Service,
for academic research and to publish academic papers. We would never publish
anything that knowingly revealed your identity. We may share this data with
fellow educational researchers, or other partners that help further the mission
of computer science education for everyone, but rest assured that any and all
personally identifying information will be anonymized before we do. Other than
that, we will take reasonable efforts to keep your data private and safe.
All of the code used for the Service is available for you to inspect on
GitHub. The rest of this
document is the detailed legal description of our policy. if you see something
below that you think is not in the educational spirit of Runestone Interactive,
please point it out so we can clarify it or change it.
Legal
Fair Information Practices
Fair information Practices
This privacy policy has been compiled to better serve those who are concerned
with how their 'Personally Identifiable Information' (PII) is being used. PII, is
information that can be used on its own or with other information to identify,
contact, or locate a single person, or to identify an individual in context.
Please read our privacy policy carefully to get a clear understanding of how we
collect, use, protect or otherwise handle your PII in accordance with our Website
or our Service.
What personal information do we collect from the people that visit our blog,
website or app?
When registering on our Website you may be asked to enter your name, email
address, user name or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, enter information
on our Website or use the Service.
How do we use your information?
We may use the information we collect from you when you register to use the
Service, sign up for our newsletter, respond to a survey or marketing
communication, surf the Website, use the Service or use certain other site
features in the following ways:
-
To personalize your experience and to allow us to deliver the type of content
and product offerings in which you are most interested.
- To improve our website in order to better serve you.
-
To allow us to better service you in responding to your customer service
requests.
- For educational research.
How do we protect your information?
Although total security does not exist on the Internet or through mobile
networks, we will take the following steps to protect your PII.
Your personal information is contained behind secured networks and is only
accessible by a limited number of persons who have special access rights to such
systems, and are required to keep the information confidential. In addition, all
sensitive/credit information you supply is encrypted via Secure Socket Layer
(SSL) technology.
An external PCI compliant payment gateway handles all payment transactions.
We do use periodic Malware Scanning.
We implement a variety of security measures when a user enters, submits, or
accesses their information to maintain the safety of your personal information.
Do we use 'cookies'?
Yes. Cookies are small files that a site or its service provider transfers to
your computer's hard drive through your Web browser (if you allow) that enables
the Website's or service provider's systems to recognize your browser and capture
and remember certain information. . They are also used to help us understand your
preferences based on previous or current Website activity, which enables us to
provide you with improved services. We also use cookies to help us compile
aggregate data about Website traffic and Website interaction so that we can offer
better site experiences and tools in the future.
You can choose to have your computer warn you each time a cookie is being sent,
or you can choose to turn off all cookies. You do this through your browser
settings. Since each browser is a little different, look at your browser's Help
Menu to learn the correct way to modify your cookies.
If you turn cookies off, some of the features that make your site experience more
efficient may not function properly.
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your PII unless
we provide users with advance notice. This does not include website hosting
partners and other parties who assist us in operating our website, conducting our
business, or serving our users, so long as those parties agree to keep this
information confidential. We may also release information when it's release is
appropriate to comply with the law, enforce our site policies, or protect ours or
others' rights, property or safety. It is also possible that we would sell our
business (though merger, sale, reorganization or otherwise), or sell all or
substantially all of our assets. In any transaction of this kind, customer
information, including your PII, may be among the assets that are transferred. If
we decide to so transfer your personally identifiable information, you will be
notified by email or by a post to the Website.
The advent of Large Languange Models (LLMs) brings some unique opportunities for improving learning, and providing personalized tutoring to our readers. To do this we reserve the right to enter into an agreement with any company with the resources to train such an LLM, whereby we would provide them a random sample of anonymized answers to the questions contained in the text books on Runestone Academy. Any data privacy agreement that we have in place with a school, that stipulates the school owns the data will be honored and students from such schools would be excluded from the random sample.
Blogs and Message Areas
The Website may include access to and use of blogs or other message areas that
allow users to post information to the Website. When you post messages, other
site visitors can also view them. We urge you to exercise caution when providing
personally identifiable information in the blogs or other message areas. Remember
that any information you disclose in these areas becomes public information.
YouTube Videos -- We use YouTube to host the videos contained in
our textbooks because it is economical and the most reliable way to ensure that
we can serve videos on as many browsers on as many platforms as possible. When we
use YouTube for videos then you should understand that YouTube's
Terms of Service apply.
Third-party links
Occasionally, at our discretion, we may include or offer third-party products or
services on our website. These third-party sites have separate and independent
privacy policies. We therefore have no responsibility or liability for the
content and activities of these linked sites. Nonetheless, we seek to protect the
integrity of our site and welcome any feedback about these sites.
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising
when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
The Service shall not be made available to anyone under the age of 13 without our
prior written consent.
The General Data Protection Regulation (GDPR)
The GDPR is a regulation in EU law on data protection and privacy for all
individuals within the European Union. It also addresses the export of personal
data outside the EU. The GDPR aims primarily to give control to citizens and
residents over their personal data and to simplify the regulatory environment for
international business by unifying the regulation within the EU. To the best of
our knowledge we are in compliance with the GDPR. We collect minimal personally
identifiable information, (email, first name, last name) and we do not share that
information with any third parties. All users have the ability to delete their
account and all associated data. We do not use any personal information for
marketing purposes. We do not use any personal information for any purpose other
than making it easier for instructors to run a course on Runestone Academy.
How to Access, Correct or Delete Your Information
You can access, correct or delete your personally identifiable information on
your “User Profile” page. To protect your privacy and security, we require a user
ID and password to verify your identity before granting access or making
corrections. Please be advised that certain personal information may not be
corrected or deleted if we must by law retain such information as submitted.
If at any time you would like to unsubscribe from receiving future emails, you
can email us at runestoneinteractive@gmail.com and we will promptly remove you
from ALL correspondence.
Parental options to Access, Correct or Delete a Student's Information
Parents may request corrections, access or deletion of student information by
submitting a request through the verified instructor for the course in which
their child is enrolled. Runestone has no way to independently verify the
identity of a parent without working through the instructor for the course so if
you are a parent please do not email us directly.
Data Retention
In general we keep all data for two years. This is largely so that students can access their work as they continue their studies. After two years data is deleted from our production system. There are several exceptions to this policy.
- Any student can fully delete their account and all associated data from the profile page. This deletion is permanent and non-reversable.
- If we have a Data Privacy Agreement in place with a school that calls for data to be deleted earlier than two years we are happy to comply.
Advertising
Runestone derives revenue from the use of Ethical Ads. Registered users, enrolled
in a course through their institution, will not be shown ads.
EthicalAds does not use cookies or any other
form of tracking.
Information Security Policy
We have an information security policy (WISP) that we will update from time to
time. Keeping in mind that as a small organization we do not need a lot of
written policies. You are welcome to read our
WISP. We welcome your feedback and
suggestions for how to improve.
Breach Response
In the event of a data breach, we will notify the instructor(s) of all affected courses by email as soon as we are able, within at least 48 hours of us becoming aware of said breach. We will rely on the instructors to relay that information to their school administration. In the event that we have a Data Privacy Agreement in place with a school where we have other contact information we will use that as well.
Contacting Us
If there are any questions regarding this privacy policy, you may contact us
using the information below.
https://blog.runestone.academy
2161 Maier Court
Luck, WI 54853
USA
runestoneinteractive@gmail.com
Last Edited on 2019-08-19