EFFECTIVE July 1, 2023 (Archived Version)
1.1 "Subprocessors" are companies we hire to process customer data to help us provide the Services.
1.2 "Subcontractors" are people that work for us as part of a project. We sometimes use subcontractors to perform technical support or training for Educators. Subcontractors do not have access to Student Data.
1.2 "Vendors" provide services we need to perform our business. Examples include tax reporting and payment processing. If a Vendor has access to customer data, we disclose them as a subprocessor. You may have vendors you use also.
2. Educator ("you") selected subprocessors
2.1 Authentication services vendors
You may chose to use third-party authentication services with Boom Learning. Examples include Canvas, Google, Microsoft, Clever, and ClassLink. Your authentication vendor determines what information they deliver to us. At any time, and for any reason, we may block use of any authentication service we determine is a security or privacy risk. Sometimes things go wrong with authentication services.
- We are responsible (liable) to you and your students if we fail to correctly implement an authentication method. Proper implementation means we followed the specifications of the authentication vendor.
- You are responsible (liable) to us and to your students and employees for any risk or claims arising from your implementation, management, or deployment practices of your selected authentication service.
- You are responsible (liable) for misconduct, design failures, or security risks—deliberate or inadvertent—by your authentication vendor. Choose wisely.
2.2 Data sharing vendors
You may select a vendor to exchange data with us, securely or in an insecure matter. Examples include Canvas, Google, and Microsoft. Your use of those vendors is subject to your agreement with the vendor.
You are liable for for misconduct, design failures, or security risks, deliberate or inadvertent, caused by your vendors. You are liable for failing to correctly configure the vendor's services. You are responsible for evaluating and selecting vendors that meet your legal obligations.
2.3 Video vendors
We may enable you to embed links to video from a variety of sources for use in decks delivered to your Students. Examples include ScreenPal, Vimeo, and YouTube (private decks only). You are liable for misconduct, design failures, or security risks, deliberate or inadvertent, by your selected video delivery vendor. You are responsible for evaluating and selecting video delivery vendors that meet your legal obligations. You may have legal obligations to students with respect to disclosure, consent, tracking for advertising purposes, and delivery of advertisements.
We use Zoom and Microsoft for video calls. We may add RingCentral. We may create send you personalized videos using Vidyard. Our YouTube videos are for marketing purposes. YouTube will track your viewing habits. Embedded videos provided by us are from our Vimeo account. Our Vimeo hosted videos have enhanced privacy settings.
3. Our data stores
3.1 The Boom Learning database
The Boom Learning database stores Student, Educator, and Public Author data. The Boom Learning database is encrypted in motion and at rest. This database is hosted by (and thus disclosed to) subprocessors MongoDB (see Section 6) hosted on Amazon Web Services (AWS) under obligations of confidentiality and with no right of use of personal data.
- Security measures for MongoDB Atlas are available here.
- Security measures for AWS are available here.
- Privacy statements from AWS are available here.
We replicate a subset of teacher and school information from the Boom Learning Database to Azure for performance reasons so we can analyze patterns for product improvement purposes (the "Azure database"). We do not replicate any student data in the Azure database. Learn more about security and privacy measures at the Microsoft Trust Center.
3.2 App Store Providers
If you download and install one of our Boom Cards native apps, you and your Students will be subject to the tracking and monitoring policies of the applicable applications store. We provide apps through the following applications stores:
3.3 Freshworks data stores
Communications sent to our Help Center, which may be from Educators, Public authors, parents, staff, the general public, and occasionally students are stored in the Freshworks ecosystem in the data store appropriate to the form of contact, including FreshDesk (Help tickets), Freshworks Contact Center (voicemail messages and calls), FreshChat (chat contacts), and FreshWorks CRM (purchasing contacts).
- Students who contact us are redirected to their Educator.
- Parents and legal guardians will be redirected to their Educator unless they are contacting us to request to use our Services directly.
- For all other users, we store your contact information to respond to your requests for information from us or to provide you with materials about using our products, system notices, and other opt in requested messages.
The Freshworks data stores may store your contact information, communications sent, device model, IP address, and usage patterns.
- You can see terms of our agreement with Freshworks here (Section 3 and the Data Processing Addendum).
- You can see Freshworks security measures here.
3.4 Sales Data Stores
If you contact us seeking to purchase Boom Learning, your information additionally will be stored and accessed using Salesloft and Salesforce. These data stores are used with adults only.
- You can see Salesloft security measures here. Salesloft terms are here.
- You can see Salesforce security measures here. Salesforce privacy terms are here.
Emails and calling services related to sales may be routed through Salesloft and Salesforce. Appointment scheduling uses Calendly.
3.5 Newsletters, transactional messages, and email
We send you newsletters, transactional messages, and email using one or more of these methods:
- ActiveCampaign (email education, newsletters, and announcements)
- SparkPost (aka MessageBird) (password resets, confirmations, and other transactional notices)
- Microsoft (emails, file shares, information collection and storage, and other secure document sharing).
Our email service providers may supply us with a range of information about your communications with us, including IP addresses, your country, state or province, history of reading or receiving newsletters, and your approximate location. The source of this information is your interactions with the email service and/or third-parties.
At your request, we may send you customized help information using your personal data generated with Scribe. Scribe custom tutorials are stored with Scribe.
3.6 Additional data stores
We use a variety of banking and payment processors. If you pay us money or receive money from us, your name, address, and contact data may be stored in one or more of these systems we use for payment and accounting purposes:
We may add NetSuite.
We may store documents received from you in one of these locations.
- Microsoft (emails, file shares, information collection and storage, and other secure document sharing)
- Atlassian (details of customer-requested features or bug requests)
- Adobe Cloud (agreements)
- Contractbook (agreements)
We store your contact information with The Hartford to provide you with Insurance certificates. Customer-requested features entered into Atlassian are shared with our development and test teams at A4 Technologies and Poeta Digital.
3.7 Additional data stores applicable only to Public Authors
For tax reporting and payment purposes, your data may be stored with Gusto or ADP (payment and 1099). We may occasionally communicate with you using the Google ecosystem (Forms, Drive, etc.). We may allow you to participate in our Pinterest or Tailwind sites.
3.8 External marketing services directed to adults