Hello there, and thank you for visiting Storillo!
SUMMARY OF YOUR RIGHTS
- Receive notification in event of a breach
- Receive notification when we update these terms
- May have their data deleted or changed
- Prevent disclosure of any information that could be used to personally identify you ("Personally Identifiable Information")
- May request takedown of objectionable material posted by Students
- May request transfer of account to another school/school district
- May inspect, review, request amendment of their records/data
- Retain control and access to their account even if their school/instructor stops using Storillo
PARENTS, GUARDIANS, AND STUDENTS OVER 18:
- May revoke their consent at any time
- May inspect, review, request amendment of their Student's records
- Prevent disclosure of their Student’s Personally Identifiable Information
- May request deletion of their Student’s data (not “education records”)
- Receive notification in the event of a breach
- Receive notification when we update these terms
- May access retained data upon request (may be de-identified if archived, with portions deleted if requested by Students/Parents)
- May request deletion of educational records
WHAT INFORMATION WE COLLECT
- School E-mail address (if this is a Google/Microsoft address, Google/Microsoft account I.D.), First Name, Last Name (collectively, “Account Data”)
- Information entered into your Storillo projects
- Coarse location information, IP addresses, demographic information, browser information, operating systems, mobile providers, mobile devices, and Internet Service Provider through Google Analytics.
In order to use Storillo you must provide a full name and an e-mail address. This is necessary so that we may contact you personally (see "When We Will Contact You" below). Most often, the e-mail address is a school-affiliated Google (“G-Suite for Education”) or Microsoft (“Office365 Education”) address, and in such case, we utilize the OAuth 2.0 token-based authentication API through Google (see here) or Microsoft (see here) to log you into Storillo. We store the unique openID tied to your account, which we use only to streamline future authentication, as well as your full name and email address for use in various functions of the site described herein.
If you prefer to not use a Google or Microsoft address, and/or would like to opt out of signing in using Google or Microsoft, you may create an account using a different e-mail address by following the steps here.
INFORMATION COLLECTED USING COOKIES
We use Google Analytics only on our homepage to collect the above-listed commercial information about you and about our Site. We do not collect Personally Identifiable Information through Google Analytics, nor do we combine any information we receive from Google Analytics with Personally Identifiable Data.
Our cookies do not, by themselves, contain Personal Information, and we do not combine the general information collected through cookies with other Personal Identifiable Information to tell us who you are. Our cookies do not track your web usage beyond storillo.com
HOW WE USE YOUR PERSONALLY IDENTIFIABLE INFORMATION
- We use your Personally Identifiable Information only to administer and improve our Services.
- We will never sell or trade your Personally Identifiable Information, or use it for marketing, advertising, or any other commercial purpose.
WHAT INFORMATION WE SHARE WITH THIRD PARTIES
- Storillo generally shares Student information only with parents, Instructors, and schools. We share data with third parties only in the very limited circumstances described below.
Storillo collects only the information necessary to provide the Service to Users and only to share any of that information with third parties in the following limited circumstances:
- Storillo may share data that is not Student’s Personally Identifiable Data with third parties that Storillo may contract with to improve the Services (e.g., product development or research). In such cases, Storillo will only share de-identified data, and only as necessary to improve the Services.
- Storillo will share Student’s Personally Identifiable Information only when necessary to:
- comply with a court order, subpoena, or any applicable laws
- protect the health or safety of a Student in an emergency
- effect a Student’s transfer of schools
- Your full name will be visible to other Students and Instructors in your Storillo class
We will share a Student’s Personally Identifiable Information only with that Student's parent, guardian, or officials at the Student's school.
WHEN WE WILL CONTACT YOU
- In the event of a security breach, within 72 hours
- Service-related announcements
- Based on the settings of your Storillo class, which Instructors can manage
- Based on your user settings, which can be changed under My Account
- If and when we require approval of a parent or guardian
HOW WE PROTECT YOUR DATA
- LetsEncrypt Secure Socket Layer (SSL) encryption - “A+” score by Qualys SSL Labs (https://www.ssllabs.com/)
- We de-identify your data at regular intervals
- Cloud-hosting with Amazon Web Services.
- Encrypted database with daily backups
Storillo is an HTTPS-only site that utilizes Secure Socket Layer (SSL) encryption provided by LetsEncrypt (https://letsencrypt.org/). The Site was given an “A+” score by Qualys SSL Labs (https://www.ssllabs.com/).
The Site is cloud-hosted using Amazon Web Services. Amazon secures the cloud via security measures described here. Security within the cloud is managed by Storillo. Storillo’s database server is encrypted with keys managed by Amazon Web Service Key Management Service, which is described here. Additionally, Storillo’s database is snapshotted daily, and User projects are encrypted via Amazon S3 security and archived to PDF which are only accessible through Storillo.
Storillo annually, and upon individual request, de-identifies User data (including Student projects).
Annual De-identification: Upon the close of each classes school year, Storillo delivers to such classes Students, Instructor, school, school district, and/or institution, as the case may be, a PDF record of such classes User projects. Thereafter, Storillo de-identifies and archives such classes User projects.
Upon Request: Upon request from a Student and/or that Student’s parent or guardian, Storillo will transmit record of that Student’s data to the Student’s school, school district, or institution, as the case may be, and thereafter de-identify all of Storillo’s data on that Student, with the exception of the Account Data. Storillo will delete Account Data if the Student and/or that Student’s parent or guardian also requests deletion of the Student’s account.
HOW TO MANAGE YOUR DATA/ACCOUNT
- You may delete your account by following the steps provided here
- You may request that we delete your Storillo project information, de-identify your data, or transfer your account by contacting us at here
- You may change your account information under My Account
- You may request that we export your data
In the process of using the Services, Users may provide additional personal information. This could occur in messaging forums or threads as well as in the content created for a project. It is the User’s responsibility to be aware of what they are sharing and with whom they are sharing it. Please use caution whenever messaging or posting content for it may be visible by others.
With the exception of any data that falls within your school’s and/or your school district’s definition of “educational records” within the meaning of the Family Educational Rights and Privacy Act and 34 CFR §99, your User-created data (e.g., data entered into your projects, and data disclosed to Storillo) belongs to you. Students and their Parents/Guardians may request that we delete a Student’s project information, de-identify Student data, correct errors in Student data, or transfer a Student account to another institution, school, or school district by contacting us here. However, we will delete project information completely only if all of its contributors have either deleted their accounts or submitted a deletion request. For any data that falls within your institution, school, and/or school district’s definition of “educational records” within the meaning of the Family Educational Rights and Privacy Act and 34 CFR §99, we will distribute copies of such data to that institution, school, and/or school district before de-identifying or deleting it.
Upon request from a Student and/or that Student’s Parent or Guardian, we will export your data, generally in PDF format. To do so, you may contact us here.
In the event that your institution, school, or school district discontinues using Storillo, we will delete your information in accordance with the above, and preserve only your Account Information. We preserve your Account Information only for the purpose of re-activating your account, at your request, in the future. However, we will delete your Account Information if you delete your account by following the steps provided here.
OTHER THIRD PARTY SERVICES THAT WE USE
NOTICES FOR PARENTS AND GUARDIANS OF CHILDREN UNDER 13 The Children’s Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”) require us to inform parents, legal guardians, teachers, administrators, schools, and school about our practices for collecting, using and disclosing personal information from children under the age of 13 (“children” or “child”). It also requires us to obtain verifiable consent from a child’s parent or guardian for certain collection, use and disclosure of the child’s personal information, or consent from that child’s institution, school, or school district. (Note: an institution, school, or school district can provide consent in lieu of a parent or guardian’s pursuant to FTC guidance, available here.)
Updated June 5, 2019