A message from the Wibbu Team

Here at Wibbu, we create fun, exciting and engaging educational products that enhance students’ learning. Through these products, we build strong relationships with schools, teachers, and students. In order to maintain these relationships, we need to communicate what information we collect, and what we do with it so that you know you can trust us. We want you to know that Wibbu does the utmost to protect your privacy.

We believe in doing the right thing for our community. That means designing our products with a security and privacy first approach. Through our products, we may capture some information from you. We want to help you understand what information we collect from you, why we hold it, how we process it, and how you can access, modify, and delete it. After all, your data is yours.

This privacy policy is designed to be reader-friendly, and to be easily understood by everyone. It provides transparency of data practices.

  • We commit to capturing only the minimal amount of information from you as needed to provide our Services.
  • We will never sell or license your personal data to anyone.
  • We will delete your personal data as soon as possible after you finish using our products.

Privacy Policy

Overview

As it is to you, the security of your personal data is important to us. We employ technical, physical, and administrative security measures and processes to protect all information collected by our Services. Users may contact us at any time, as described in the Section of this Policy entitled “Contact Us”, to request that we provide for their review, or delete from our records, any personal data they have provided. We will handle these requests as set out in the Section entitled “How to Access, Change or Delete Your Information”.

COPPA

The Children’s Online Privacy Protection Act (COPPA) places certain requirements on operators of websites and online services directed to children under 13 years of age. School officials and teachers are authorized under COPPA to provide consent on behalf of parents, therefore Wibbu does not obtain parental consent directly. A teacher or school district official provides consent for a child under the age of 13 to use Wibbu products when they distribute a Wibbu Account to the child.

For more information about COPPA, you may visit the Federal Trade Commission website.

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the students’ “educational records” from unauthorized disclosure. Under the FERPA “school official” exception, Wibbu can be authorized by schools and districts to receive and use educational data to provide educational services. Some of the information schools disclose to Wibbu is “Directory Information” (such as student name and grade), and not an “Education Record”. None of Wibbu’s products or services require the collection of “Education Records”. We assist schools in complying with their FERPA obligations, ensuring no “education records” are shared with Wibbu or its authorized third-party service providers.

For more information about FERPA, you may visit the U.S. Department of Education website.

For more information about student data protection, you may visit the U.S. Department of Education’s Protecting Student Privacy website.

GDPR

The EU General Data Protection Regulation (GDPR) is a set of rules stating how companies should process users personal data. Companies are asked to process the personal data in a lawful, fair and transparent manner. This includes obtaining clear and explicit consent from the users. Limiting the collection, and processing of personal data, and not retaining personal data once the processing purpose is completed. Users have been assigned the right to request the company to provide them with the information it holds about them, and what the company does with this information. This privacy policy sets out how Wibbu complies with the latest EU regulations on data privacy.

For more information about GDPR, you may visit the EU GDPR website.

For more information about data protection and privacy in the EU, you may visit the Europa website.

Wibbu’s products. What information we collect, and how and why we collect it.

Wibbu Website Visitors

When you visit our website at wibbu.com or any other site which references this Privacy Policy, whether you use our Services or not, we collect information of the sort that web browsers typically make available, such as the browser type, language preference, referring site, operating system, device type, the page served, and the date and time of the visit. We also collect Internet Protocol (IP) addresses and mobile device ID. Our purpose in collecting such information is to understand better how you use our website in order to improve it for everyone.

We and our third-party service providers use a variety of technologies, such as cookies (small text files that the Services save on your computer or mobile device), to automatically collect and store the previously mentioned technical information on your computer or mobile device over time. We use both session cookies, which expire once you close your web browser, and persistent cookies, which remain on your computer or mobile device after you have closed your browser and may be used on subsequent visits to the website.

Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the website may not function properly if the ability to accept cookies is disabled.

We also work with Google Analytics, a third-party web analytics service provided by Google, LLC. Google Analytics may set cookies on your browser or mobile device or read cookies that are already there to collect information. Google Analytics may also receive information about you from apps you have downloaded that partner with Google. Google Analytics collects information such as how often you visit our website, which pages you visit on our website, and which other sites you visited prior to coming to our website. We use the information provided by Google Analytics to improve our website and Services.

For more information regarding how Google collects, uses, and shares your information please visit Google’s website. You can control the information provided to Google and opt out of certain ads provided by Google by using the methods set forth here.

We also use Hotjar to record user sessions and to collect other usage information. Hotjar honors generic “Do Not Track” headers. This means the browser can tell its script not to collect any of the User’s data. This is a setting that is available in all major browsers. Find Hotjar’s opt-out information here.

We work with Hubspot Inc, who provide us with CRM services for user database management. Personal data shared with Hubspot include the information you provide to us to enable us to keep in contact with you, name, email address, phone number, and location.

Cloudflare Inc provides us with a traffic optimization and distribution service. The way Cloudflare is integrated means that it filters all the traffic through this website. Meaning all communication between this website and the User’s browser, while also allowing analytical data from this website to be collected.

DigitalOcean Inc provides us with a hosting service. The way DigitalOcean is integrated means all communication between this website and the User’s browser is routed through this service, while also allowing analytical data from this website to be collected.

Intercom Inc provides us with a user database management service. It is used as a medium for communications with the user, either through email or through messages within this website.

Email Marketing

If you subscribe to any of our mailing lists, we may utilize pixel tracking technology, which consists of transparent graphic images placed on the emails we send to you. They are used to track the actions you take in emails (opening the emails, clicking on links in the emails, etc.).

You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. We make efforts to promptly process all unsubscribe requests. You cannot opt out of Service-related communications (e.g. changes/updates to features of the Services, privacy changes, and technical and security notices).

MailChimp is an email address management and message sending service provided by The Rocket Science Group, LLC. When you sign up for our mailing list we store your name and email address with this service.

Wibbu Website Purchasers

When purchasing the Service: Users will be asked to provide payment card information. Payment card information is shared with our third-party provider, Stripe, for payment processing and we do not retain this information.

The information collected, name and email, are used to contact you to confirm the purchase of and deliver the product.

Mailgun is an email address management and message sending service provided by Mailgun Technologies, Inc. When you purchase through our website we deliver the product to you via email with this service.

Wibbu Accounts and Users

Wibbu accounts use anonymous usernames which schools and teachers can distribute amongst their students.

Accounts use User Identifiers to link users across multiple sessions and devices.

Ruby Rei School Suite

We automatically collect information from users of the Services during their use of the Services. For example, from School Users, we may collect information about patterns of usage, activity commencement and completion, length of usage, and the number of questions answered correctly or incorrectly in content. We may record all or any part of an activity performed or a game played by a Student User.

Our hosting and backend infrastructure is provided by Google App Engine of Google LLC and mLab of ObjectLabs Corporation. All data shared through the suite is routed through these services.

Our Services are not offered directly to students or parents. Schools and Teachers (School Admins) must first sign up for accounts, and then distribute these accounts to Student Users.

School Admins hereby consent to our collecting and using the Student User data described in this Privacy Policy by distributing Student Accounts to use the Services.

When School Admins distribute Accounts to Student Users, they are acting on behalf of parents to give Wibbu permission to collect the information described in this Privacy Policy, and we are acting as a service provider to the School Admin.

Ruby Rei Consumer Edition

We offer a consumer version of Ruby Rei distributed through Apple’s App Store and the Google Play Store. These versions are covered by a separate privacy policy located here.

How We Use The Information Collected

We and our third-party service providers may use the information collected from users for the purposes set forth below. Information collected about Student Users will not be used for marketing or advertising purposes. Information collected from School Admins may be for:

Marketing and Advertising

To serve you with relevant online advertisements of our products and to send you marketing, professional development, and training communications, or newsletters, from us, that we believe may be of interest to you and to measure the effectiveness of our marketing to potential users of our Services. We will not knowingly send any such communications to Student Users. If you believe a Student User may have received such a marketing communication, please contact us as described in the Section entitled “Contact Us” below and we will stop such communications.

Providing the Services

To permit you to register and use the Services, process your payment, provide you with customer service or tech support, respond to your inquiries, provide you with training and communicate with you about the Service including, for example, sending you communications about Student User progress or an Account.

How We Share Your Information

Service Providers

To third parties who perform certain services for us, such as to process card payments, conduct or evaluate research (such as on the educational efficacy of the Services) or administer marketing campaigns (which will not target Student Users), provided that the service providers we use, agree to keep the information confidential and to use it only for purposes that are permitted by this Privacy Policy.

Data Transfers

When transferring data to service providers, advisors, potential transactional partners, or in the event of a consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate or transfer all or a portion of our assets in bankruptcy or otherwise, Wibbu may transfer data to a third party provided that any such party agrees to adhere to the terms of this Privacy Policy.

How to Access, Change or Delete Your Information

Wibbu aims to provide you with easy access to any personal data we have collected about you. If that information is incorrect, we give you easy ways to update or delete it, unless we have to keep that information for legitimate business or legal purposes (e.g. we may require at least an email address for your account).

Accessing and Managing Your Information

If you find that your information is incorrect, or if you would like to access it, or you would like us to remove it, you may contact us as described in the Section entitled “Contact Us” below. You may have to verify your identity before we can perform your request. In some cases, we won’t be able to guarantee complete access due to legal restrictions – for example, you will not be allowed to access files that contain information about other users or information that is confidential to us. We will respond to your request within twenty-eight (28) days.

Account Cancellation and Reactivation: Data Retention

Account users can cancel their account at any time by contacting us as described in the Section entitled “Contact Us” below. We will remove all personal data associated with the Account from our live databases within seven (7) days after the cancellation. If an account is not canceled, we will remove all associated data ninety (90) days after license expiry. This period is provided so that you have the ability to reactivate your account and potentially recover previous information regarding your progress and performance. However, we provide no guarantee and shall have no liability or obligation to ensure that such information and platform-related progress will be available or accessible.

Cancellation, re-activation, and deletion of Account Information for a School Account is subject to the terms of the agreement between us and the Educational Institution.

Even if you request to close your account, keep in mind that deletion may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time (but will not be available to others).

Security Overview

The security of your personal data is important to us. Therefore we employ physical, technical, and administrative security measures to safeguard the information collected by the Services. For example, all personal data collected by us is transferred over https and stored by us or by a third-party provider for us on a server in a secure environment. We provide access to such information only to our employees, our partners and any sub-contractors who need the information to perform a specific service. To process your credit card information, we use a PCI DSS certified provider. Please be aware, however, that no information system can be guaranteed to be one hundred percent (100%) secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the Internet and wireless networks. If you have reason to believe that your interaction with us is not secure, please contact us as described in the Section entitled “Contact Us” below.

At Wibbu, we are serious about our data stewardship responsibilities. We have implemented several security measures to protect personal data from unauthorized disclosure.

Software Security

Wibbu has implemented privacy and security practices which are compliant with FERPA and COPPA; however, to achieve comprehensive protection of student personal data, it is necessary for each school or district to use secure practices as well.

Data Encryption and Secure File Transfer

Data is encrypted in transit and at rest. Data is securely transferred to the Wibbu system using encrypted SSL/TLS Protocol.

Firewalls

Anti-virus software and firewalls are installed and configured to scan our system. Firewalls are periodically updated and configured so that users cannot disable the scans.

Location of Information Processing

The Services are located inside the continental United States and EU. They are controlled and operated by us exclusively from the United Kingdom. By using our website or the Service, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States, United Kingdom, and EU, and to those third parties with whom we share it as described in this Privacy Policy. Any personal data transferred from the EU to the US is performed utilizing Privacy Shield Framework compliant methods.

Data Usage

Data we collect is used to provide educational services. Wibbu tracks and assesses a student’s development as they progress through the curriculum. This data is used to generate reports that allow teachers to evaluate student progress, identify students who need intervention, and discover students that can be taught together as a group. Wibbu does not sell students’ personal data, nor do we use or disclose the student information we collect for behavioral targeting of advertisements to students. We retain some de-identified data (data we have made anonymous by removing all personal data) to conduct statistical research. This research helps us evaluate the effectiveness of the Wibbu system and improve our product.

Data Disclosure and Access

Wibbu acknowledges the right parents and legal guardians have under FERPA to review any educational data we collect pertaining to their children. Upon request, and after verifying identity, we will provide parents and legal guardians access to this data within forty-five (45) days. However, we recommend that parents first contact their child’s school. Personal data collected by Wibbu is accessible only to a limited number of Wibbu employees who need the data to perform their specific tasks.

Data Retention and Management

Data maintained by Wibbu is protected in a secure environment. All personal data provided to Wibbu will be destroyed upon termination of our relationship with the school or district, or when it is no longer needed for the purpose for which it was provided.

Data Destruction

Wibbu employs best practice recommendations for data destruction.

Wibbu uses the following processes for data destruction:

  • Data is destroyed within ninety (90) days of termination of a relationship with a school or district.
  • Data is destroyed using National Institute of Standards and Technology (NIST) guidelines for media sanitization that protects against non-invasive data recovery techniques.
  • Sensitive data will not be disposed of using methods that leave the majority of data intact and vulnerable to being retrieved (e.g. file deletion, disk formatting, and one-way encryption).

Security Audits

Wibbu conducts security audits and code reviews, both by outside providers and by an executive summary.

Secure programming practices

Wibbu software developers are aware of secure programming practices and strive to avoid introducing errors in our application that could lead to security breaches.

Account Protection

Each user of Wibbu is required to create an account with a unique account name and password. Single Sign-On (SSO) users are authenticated with secure tokens.

Facility Security

Wibbu is located inside the United Kingdom. Physical access is protected by electronic access devices, with monitored security, CCTV and fire/smoke alarm systems.

Employee Compliance With Security Procedures

Wibbu has designated a Data Protection Officer who oversees employee security training and compliance. The data protection officer also oversees the storage and destruction of sensitive data. To speak with our Data Protection Officer please contact us as described in the Section entitled “Contact Us” section below.

Changes To Our Privacy Policies

Wibbu periodically reviews the processes and procedures described in this document to verify that we act in compliance with this Privacy Policy. If we determine that a change is necessary to improve our privacy practices, we may amend this Privacy Policy. If we change this Privacy Policy in ways that affect how we use your personal data, we will advise you of the choices you may have as a result of those changes.

Privacy Policy effective: April 1st, 2018

Last updated: September 5th, 2018

Contact Us

If you would like to contact us about your data, you may email us at [email protected] or use the form on this website. We always welcome questions, complaints, hearing your concerns and listening to your feedback.

If you are a resident of the EEA and have an unresolved concern relating to privacy or the collection, use or disclosure of personal data that we have not addressed satisfactorily, please contact your local Data Protection Authority.

Data Protection Officer Contact Info:

Address: DPO, Wibbu Ltd, 1st Floor, Lumiere, Elstree Way, Borehamwood, Hertfordshire, WD6 1JH

Phone: (+44) 333 014 5628

Email: [email protected]