Privacy Policy


Hello there, and thank you for visiting Storillo!

This Privacy Policy governs how we collect, protect, and manage your data. Terms not defined in this Privacy Policy are defined in our Terms of Service here. As used herein, “data” means all personally identifiable information, Student data, metadata, and user content.

We will not change this Privacy Policy without first notifying you at least seven (7) days in advance of any change.

SUMMARY OF YOUR RIGHTS

ALL USERS:

  • Receive notification in event of a breach
  • Receive notification when we update these terms
  • May have their data deleted or changed
  • Prevent disclosure of any information that could be used to personally identify you ("Personally Identifiable Information")

INSTRUCTORS: 

  • May request takedown of objectionable material posted by Students
  • May request transfer of account to another school/school district

STUDENTS:

  • May inspect, review, request amendment of their records/data
  • Retain control and access to their account even if their school/instructor stops using Storillo

PARENTS, GUARDIANS, AND STUDENTS OVER 18:

  • May revoke their consent at any time
  • May inspect, review, request amendment of their Student's records
  • Prevent disclosure of their Student’s Personally Identifiable Information
  • May request deletion of their Student’s data (not “education records”)
  • Receive notification in the event of a breach
  • Receive notification when we update these terms

INSTITUTION/SCHOOL/DISTRICT:

  • May access retained data upon request (may be de-identified if archived, with portions deleted if requested by Students/Parents)
  • May request deletion of educational records

WHAT INFORMATION WE COLLECT

  • School E-mail address (if this is a Google/Microsoft address, Google/Microsoft account I.D.), First Name, Last Name (collectively, “Account Data”)
  • Information entered into your Storillo projects
  • Coarse location information, IP addresses, demographic information, browser information, operating systems, mobile providers, mobile devices, and Internet Service Provider through Google Analytics.
  • Minimal data from cookies. - Only the data explicitly described in this Privacy Policy.

Other than the types of information described in this Privacy Policy, we will never collect other types of information without your prior approval.

In order to use Storillo you must provide a full name and an e-mail address. This is necessary so that we may contact you personally (see "When We Will Contact You" below). Most often, the e-mail address is a school-affiliated Google (“G-Suite for Education”) or Microsoft (“Office365 Education”) address, and in such case, we utilize the OAuth 2.0 token-based authentication API through Google (see here) or Microsoft (see here) to log you into Storillo. We store the unique openID tied to your account, which we use only to streamline future authentication, as well as your full name and email address for use in various functions of the site described herein.

We do not collect any information about you from Google or Microsoft. However, depending on your account and web browser settings, Google and Microsoft may collect information from you while you use Storillo. We do not have any control over Google’s or Microsoft’s privacy policy, but we strongly recommend that you read Google's here and Microsoft’s here.

If you prefer to not use a Google or Microsoft address, and/or would like to opt out of signing in using Google or Microsoft, you may create an account using a different e-mail address by following the steps here.

Other than the types of information described in this Privacy Policy, we will never collect other types of information without your prior approval.

INFORMATION COLLECTED USING COOKIES

Cookies are pieces of text that may be provided to your computer through your web browser when you access a website. We use cookies to enable our servers to recognize your web browser and tell us how and when you visit the Site and otherwise use the Services through the Internet.

We use Google Analytics only on our homepage to collect the above-listed commercial information about you and about our Site. We do not collect Personally Identifiable Information through Google Analytics, nor do we combine any information we receive from Google Analytics with Personally Identifiable Data.

Our cookies do not, by themselves, contain Personal Information, and we do not combine the general information collected through cookies with other Personal Identifiable Information to tell us who you are. Our cookies do not track your web usage beyond storillo.com

HOW WE USE YOUR PERSONALLY IDENTIFIABLE INFORMATION

  • We use your Personally Identifiable Information only to administer and improve our Services.
  • We will never sell or trade your Personally Identifiable Information, or use it for marketing, advertising, or any other commercial purpose.

WHAT INFORMATION WE SHARE WITH THIRD PARTIES

  • Storillo generally shares Student information only with parents, Instructors, and schools. We share data with third parties only in the very limited circumstances described below.

Storillo collects only the information necessary to provide the Service to Users and only to share any of that information with third parties in the following limited circumstances:

  • Storillo may share data that is not Student’s Personally Identifiable Data with third parties that Storillo may contract with to improve the Services (e.g., product development or research). In such cases, Storillo will only share de-identified data, and only as necessary to improve the Services.
  • Storillo will share Student’s Personally Identifiable Information only when necessary to:
    • comply with a court order, subpoena, or any applicable laws
    • protect the health or safety of a Student in an emergency
    • effect a Student’s transfer of schools
  • Your full name will be visible to other Students and Instructors in your Storillo class
  • When processing payment using Stripe. When processing payment with Stripe, we only share information required to effect the transaction. However, such payment is subject to Stripe’s Privacy Policy.

We will share a Student’s Personally Identifiable Information only with that Student's parent, guardian, or officials at the Student's school.

WHEN WE WILL CONTACT YOU

  • In the event of a security breach, within 72 hours
  • Service-related announcements
  • When we update this Privacy Policy or our Terms of Service
  • Based on the settings of your Storillo class, which Instructors can manage
  • Based on your user settings, which can be changed under My Account
  • If and when we require approval of a parent or guardian

HOW WE PROTECT YOUR DATA

  • LetsEncrypt Secure Socket Layer (SSL) encryption - “A+” score by Qualys SSL Labs (https://www.ssllabs.com/)
  • We de-identify your data at regular intervals
  • Cloud-hosting with Amazon Web Services.
  • Encrypted database with daily backups

Storillo is an HTTPS-only site that utilizes Secure Socket Layer (SSL) encryption provided by LetsEncrypt (https://letsencrypt.org/). The Site was given an “A+” score by Qualys SSL Labs (https://www.ssllabs.com/).

The Site is cloud-hosted using Amazon Web Services. Amazon secures the cloud via security measures described here. Security within the cloud is managed by Storillo. Storillo’s database server is encrypted with keys managed by Amazon Web Service Key Management Service, which is described here. Additionally, Storillo’s database is snapshotted daily, and User projects are encrypted via Amazon S3 security and archived to PDF which are only accessible through Storillo.

Storillo annually, and upon individual request, de-identifies User data (including Student projects).

Annual De-identification: Upon the close of each classes school year, Storillo delivers to such classes Students, Instructor, school, school district, and/or institution, as the case may be, a PDF record of such classes User projects. Thereafter, Storillo de-identifies and archives such classes User projects.

Upon Request: Upon request from a Student and/or that Student’s parent or guardian, Storillo will transmit record of that Student’s data to the Student’s school, school district, or institution, as the case may be, and thereafter de-identify all of Storillo’s data on that Student, with the exception of the Account Data. Storillo will delete Account Data if the Student and/or that Student’s parent or guardian also requests deletion of the Student’s account.

HOW TO MANAGE YOUR DATA/ACCOUNT

  • You may delete your account by following the steps provided here
  • You may request that we delete your Storillo project information, de-identify your data, or transfer your account by contacting us at here
  • You may change your account information under My Account
  • You may request that we export your data

In the process of using the Services, Users may provide additional personal information. This could occur in messaging forums or threads as well as in the content created for a project. It is the User’s responsibility to be aware of what they are sharing and with whom they are sharing it. Please use caution whenever messaging or posting content for it may be visible by others.

With the exception of any data that falls within your school’s and/or your school district’s definition of “educational records” within the meaning of the Family Educational Rights and Privacy Act and 34 CFR §99, your User-created data (e.g., data entered into your projects, and data disclosed to Storillo) belongs to you. Students and their Parents/Guardians may request that we delete a Student’s project information, de-identify Student data, correct errors in Student data, or transfer a Student account to another institution, school, or school district by contacting us here. However, we will delete project information completely only if all of its contributors have either deleted their accounts or submitted a deletion request. For any data that falls within your institution, school, and/or school district’s definition of “educational records” within the meaning of the Family Educational Rights and Privacy Act and 34 CFR §99, we will distribute copies of such data to that institution, school, and/or school district before de-identifying or deleting it.

Upon request from a Student and/or that Student’s Parent or Guardian, we will export your data, generally in PDF format. To do so, you may contact us here.

In the event that your institution, school, or school district discontinues using Storillo, we will delete your information in accordance with the above, and preserve only your Account Information. We preserve your Account Information only for the purpose of re-activating your account, at your request, in the future. However, we will delete your Account Information if you delete your account by following the steps provided here.

OTHER THIRD PARTY SERVICES THAT WE USE

  • Storillo uses Hubspot forms and Meetings for collecting and storing information regarding inquiries and other questions/issues in relation to using the site. Hubspot's Privacy Policy is here.

NOTICES FOR PARENTS AND GUARDIANS OF CHILDREN UNDER 13 The Children’s Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”) require us to inform parents, legal guardians, teachers, administrators, schools, and school about our practices for collecting, using and disclosing personal information from children under the age of 13 (“children” or “child”). It also requires us to obtain verifiable consent from a child’s parent or guardian for certain collection, use and disclosure of the child’s personal information, or consent from that child’s institution, school, or school district. (Note: an institution, school, or school district can provide consent in lieu of a parent or guardian’s pursuant to FTC guidance, available here.)

Storillo does not differentiate its Service for Users that are under the age of 13, and this Privacy Policy applies equally to Students both under and at least 13 years of age. However, pursuant to our Terms of Service here, any Student under 13 must receive parental or school consent in compliance with COPPA.

Updated June 5, 2019 

Download