EFFECTIVE July 1, 2021


TABLE OF CONTENTS

1. Definitions

1.1 "Subprocessors" are data processing entities engaged by Boom Learning to fulfill our obligations with respect to providing the Services. We disclose our subprocessors in this document.


1.2 "Subcontractors" are entities or persons that carry out work for Boom Learning as part of a larger project. Boom Learning uses subcontractors to perform some technical support for Educators. Subcontractors do not have access to Student Data.


1.2 "Vendors" provide Boom Learning with a variety of Services we need to perform our business, such as tax collection and reporting, payment processing, software development, and testing. Some vendors are subprocessors. We disclose our vendors who are subprocessors in this document.

2. Educator selected subprocessors

2.1 Authentication services

Educators may use certain third-party authentication services with Boom Learning, including Google Classroom rostering, Microsoft Teams rostering, Clever rostering, and more. The information delivered to us is determined by the third-party authentication service. At any time, and in our sole discretion, we may decommission any third-party authentication method we deem to be a security or privacy risk. We are liable to you for any privacy risk to you or your students arising from our failure to correctly implement an authentication method in accordance with the specifications of the third-party authentication service. We are not liable for any risk or claims arising from your implementation, management, or deployment practices from your selected authentication service. We are not liable to you for misconduct, design failures, or security risks—deliberate or inadvertent—by your selected third-party authentication service.

2.2 Data sharing subprocessors

In addition to third-party authentication services, you may select a subprocessor to exchange data with us, securely or in an insecure matter. Your use of those third-party subprocessors is subject to your agreement with the third party, especially regarding advertising, tracking, and marketing to your users based on their use of the third-party service.

 

We are not liable to you for misconduct, design failures, or security risks, deliberate or inadvertent, by your selected third-party subprocessor or your failure to correctly configure the subprocessor's services. You are responsible for evaluating and selecting third-party subprocessors that meet your legal obligations.

2.3 Video delivery subprocessors

We may enable you to embed links to video from a variety of sources for use in decks delivered solely to your Students.  

We are not liable to you for misconduct, design failures, or security risks, deliberate or inadvertent, by your selected third-party subprocessor or your failure to correctly configure the subprocessor's services. You are responsible for evaluating and selecting third-party subprocessors that meet your legal obligation, including disclosure, consent, tracking for advertising purposes, and delivery of advertisement.

3. Our data stores

3.1 The Boom Learning database

The Boom Learning database stores Student, Educator, and Public Author data. The Boom Learning database is encrypted in motion and at rest. This database is hosted by (and thus disclosed to) subprocessors MongoDB (see Section 6) hosted on Amazon Web Services (AWS) under obligations of confidentiality and with no right of use of personal data. 

  • Security measures for MongoDB Atlas are available here.
  • Security measures for AWS are available here.
  • Privacy statements from AWS are available here.

3.2 App Store Providers

If you download and install one of our Boom Cards native apps, you and your Students will be subject to the tracking and monitoring policies of the applicable applications store. We provide apps through the following applications stores:

  1. The Apple App Store
  2. The Google Play Store
  3. The Kindle Fire Store

3.3 Freshworks data stores

Communications sent to our Help Center, which may be from Educators, Public authors, parents, entity personnel, general members of the public, and occasionally students are stored in the Freshworks ecosystem in the data store appropriate to the form of contact, including FreshDesk (Help tickets), FreshCaller (voicemail messages), FreshChat (chat contacts), and FreshSales (purchasing contacts). 

  • Students who contact us are redirected to their Educator. 
  • Parents and legal guardians will be redirected to their Educator unless they are contacting us to request to use our Services directly.
  • For all other users, we store your contact information to respond to your requests for information from us or to provide you with educator materials about using our products, system notices, and other opt in requested messages.

The Freshworks data stores may store your contact information, communications sent, device model, IP address and usage patterns. 

3.4 Newsletters, transactional messages, and email

We communicate with Educators and other adults using newsletters, transactional messages, and email. You may be contacted by us using one or more of these methods:

  • ActiveCampaign (email education, newsletters, and announcements)
  • SparkPost (password resets, confirmations, and other transactional notices)
  • Microsoft (emails, file shares, information collection and storage, and other secure document sharing)

Our email service providers may supply us with a range of information about your communications with us, including IP addresses, your country, state or province, history of reading or receiving newsletters, and your approximate location. The source of this information is your interactions with the email service and/or third-parties.

3.5 Additional data stores for Educators and entities

We use a variety of banking and payment processors. If you pay us money or receive money from us, your data may be stored in one or more of these systems we use for payment and accounting purposes:

We may store documents received from you in one of these locations.

  • Microsoft (emails, file shares, information collection and storage, and other secure document sharing)
  • Atlassian (details of customer-requested features or bug requests)
  • Adobe Cloud (agreements)
  • A to be determined Contracts Management cloud (will be added here when selected)

Customer-requested features entered into Atlassian are shared with our development and test teams at A4 Technologies and Poeta Digital.

3.6 Additional data stores applicable only to Public Authors 

For tax reporting and payment purposes, your data may be stored with Gusto (payment and 1099). We may occasionally communicate with you using the Google ecosystem (Forms, Drive, etc.). We may allow you to participate in our Pinterest or Tailwind sites.

3.7 External marketing services directed to adults

We maintain a presence on several social media sites for marketing and community-building purposes. Your interactions with us on those social media sites are subject to the terms and conditions of the sites. These include, but are not limited to, Instagram, Facebook, Twitter, Pinterest, TikTok, Bit.ly, and more. We do not upload data from the Boom Learning database to those services for remarketing, retargeting, or any other advertising or marketing purposes. For adult customers who opt in through a data store other than the Boom Learning data store to receive marketing messages from us, we may upload lists to those services for remarketing or retargeting purposes.

4. Google Analytics

We will be adding Google Analytics to our system using an event-based method, which allows us to control when Google analytics collects data (as opposed to letting it collect indiscriminately). We have GDPR controls turned on. You can see Google's privacy policy here - https://policies.google.com/privacy?hl=en-US.