Privacy Policy

Privacy Policy Statement

Overview

Note: References to "We", "Our" or "Us" is a reference to ESV Software, and "You" or "Yours" refers to you as a user of our software and services.

ESV Software is a provider of digital solutions for K-12 institutions. School districts and other users rely on our subscription services, including ESV Software's CMS solution, digital forms solutions, custom software development and apps (collectively, the "Provider Services").

Commitment to Your Privacy

We understand that privacy is extremely important to you, our users of Provider Services, your district, school and/or organization, and the students, their parents and other people whose information we may access on behalf of your organization. Our goal is to be transparent in our practices regarding collection and data usage. This policy covers all products and services delivered by us.

Data Covered and Written Agreements

In this Privacy Policy, "Personal Data" means any information about an identifiable individual or information that can be used to identify an individual, and includes "personal data" as that term is defined under the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"). This Privacy Policy explains how we collect, processes, use and disclose information from you and other users who access or use our Provider Services, including our treatment of Personal Data. This includes Personal Data (i) provided to us as a service provider by your District or Organization pursuant to standard and/or separate written agreements between us and your District (in either case, the "Agreement"); (ii) collected by us as a service provider at the direction of your District; or (iii) provided by an individual account user. This Privacy Policy along with the Agreement and applicable laws govern our handling of Personal Data gathered in our capacity as a service provider. If this policy expressly contradicts the Agreement as to the data privacy and security, the Agreement will govern to the extent of the contradiction.

This policy does not apply to websites, services or practices of companies that we does not own or control, even if they help us operate the Provider Services. Third party providers who help us operate the Provider Services must adhere to privacy and security obligations in a manner consistent with and at least as protective of Personal Data as are our policies and practices.

Please make sure that you read the our 'Terms of Service' to understand additional terms and conditions that apply to the use of the Provider Services and website.

Information We Collect

We collect three types of information: Personal Data that your District knowingly chooses to disclose that is collected on an individual basis; information you or your parent or legal guardian may knowingly enter on the Provider Services; and website usage information collected on an aggregate basis as you and others browse our website.

Information Your District May Provide to Us

We may collect information (including Personal Data) when your District requests integration to receive the Provider Services. We collect that information at the direction of your District, from your District’s Student Information/Management System ("SIS/SMS"), or other District systems such as payroll systems, nutrition systems, fee systems or similar systems through a District-requested integration. Information collected from District-provided data may include but is not limited to: name, ID number, title, phone number, email address, home/mailing address, group memberships, extracurricular activities, enrolled courses, classes, section, grade level, bus route, preferred communication language, emergency contact information, family relationships, school memberships and district memberships.

Information You Provide to Us

We receive and store any information you knowingly enter on the Provider Services, including information you may be able to upload, import, or sync to the Provider Services from your mobile device (for example, contact information from your address book). This information may include but is not limited to Personal Data such as your name, phone numbers, email addresses, photographs and, in certain circumstances, your school and/or district, class, group, grades and report card, attachments that may contain your voice and image, club, team or organization affiliation. This information may be used to validate your account or to provide you with notifications via the Provider Services from a teacher, school and/or district, class, group, club, team or affiliated organization, or any other information necessary for us to provide the Provider Services.

For certain Services, you may also choose to provide us with additional information about yourself in your user profile, such as your profession, talent, interests and abilities. All information you provide voluntarily may be made accessible to users in your District. You may choose not to provide us with certain information, but then you may not be able to take advantage of many of the features of the Provider Services.

Information We Collect from You

We receive and store certain types of information whenever you use the Provider Services. For example:

Website Activity Information: We monitor some of the actions you perform on the Provider Services. For example, if you make a comment on a post, we both log the fact that you added a comment as well as store the actual comment itself.
Notification Activity Information: We monitor email delivery, text delivery, app downloads, and engagement through clicks in order to understand your interaction with the Provider Services and improve your experience with us. We may include clear gifs in the HTML-based emails we send to your District in order to track which emails are being opened and which links are being clicked on by recipients.
Access Device and Browser Information: When you access the Provider Services from a computer, mobile phone or other device, we collect information from that device such as your browser type, operating system, unique device identifier, Internet Protocol (IP) address, the date and time of visits, and the time spent at our websites.
Cookie Information: We may send one or more cookies to be stored on your computer, mobile phone or other device in order to personalize your experience with us and make the Provider Services easier to use. A cookie is a small text file containing a string of alphanumeric characters that allows us to uniquely identify your browser and allows you to log in automatically whenever you return to us. We also uses cookies to identify and maintain your logged in status as well as enhance your navigation through the website. You can remove or block cookies using the technical settings of your browser though you may not be able to do so on certain browsers or mobile devices. Note that disabling cookies may impact your ability to use the Provider Services fully, so we recommend that you leave them enabled for the quality of your experience.

How is Children’s Personal Data Treated?

We comply fully with the Children’s Online Privacy Protection Act ("COPPA").

Pursuant to COPPA, we typically rely on your District’s consent on behalf of parents in order to allow those under 13 years of age to use the Provider Services.

For users of software and services, pursuant to COPPA, we may collect an under-13 user’s name (first and last name), date of birth, email address and/or telephone number in order to operate and provide the Subscription Services, and we may collect the under-13 user’s parent’s (or legal guardian’s) email address in order to provide notice to the child’s parent or guardian that we may contact the under-13 user for the purpose of allowing access to and use of the Provider Services.

If we do not receive the parent’s email address within a reasonable time period, the under-13 Remind Chat user will not be able to send or receive any messages and their Personal Data will be deleted. If an under-13 user’s account has not sent or received a message through the Provider Services for at least twelve months, our policy is to delete the Personal Data.

In order for an under-13 user to gain access to additional features or products, we may employ one or more methods approved by the Federal Trade Commission for verifying parental consent.

If we learn that we have collected Personal Data from a child under age 13 other than pursuant to the above, or if we learn that a child under 13 has provided it Personal Data beyond what was requested from them, we will delete that information as quickly as possible after it has been notified internally or by impacted customers.

If you have questions about modifying or deleting Personal Data of a student on our platform, please contact your District directly.

How We Use Information

Your privacy and your child’s privacy is extremely important to us. We use the Personal Data we receive about you to provide you with the Provider Services and also for purposes such as:

To Manage the Service

We use the information we collects to provide the Provider Services and features to you and provide you with customer support. In addition, we use the information we collect to analyze how you use the Provider Services and features so that it can measure and improve the Provider Services and features.

To Contact You

We may contact you with Provider Services-related announcements from time to time. This includes contacting you for any school or district related activities. We may include content you see on the Provider Services in the emails we send to you. We may also contact you in order to notify you about important changes to the Provider Services.

To Provide Relevant Information To Your District

We use the information we collect to report usage levels to your District. This allows your District to monitor how successful their communications are so that they can improve their use of the Provider Services.

And most importantly, authenticating your identity, protecting our users, and working toward making sure the Provider Services are safer and more secure.

Email and Text Message Communications

If we have your email address or phone number, we may send you administrative messages (such as updates, notifications, newsletters and other news) relating to the Provider Services or to respond to communications from you. We may also send you urgent messages when it is directed to do so by a teacher, school, district or government agency.

By maintaining an account and/or not opting out of receiving information from us, you acknowledge and agree that you may receive e-mail or SMS text messages on your phone or mobile device from other ESV Software system users, from us and/or our third-party service providers and other individuals or companies if you choose to use applicable services or products that they offer. Receiving these messages may cause you to incur usage charges or other fees or costs in accordance with your wireless or data service plan. Any and all such charges, fees or costs are your sole responsibility. You should consult with your wireless carrier to determine what rates, charges, fees or costs may apply. We may receive a confirmation when you open an email from us if your computer supports this type of program. Communications of this type are also sent to under-13 users and the parental consent to use this service also covers these messages. If you no longer wish to receive administrative email messages from us you may opt-out by following the unsubscribe link located at the bottom of each message or by contacting us at support@esvsoftware.com.

If you are located in Canada, you may opt out of receiving marketing messages (including text messages and emails); however, you may still receive text message and email communications that are necessary for the Provider Services or otherwise exempt from anti-spam laws.

Mobile Application

When users use our mobile applications, it automatically collects the IP address, device ID, device type, and what operating system (OS) the user is running.

We collect users' IP addresses whenever they use our mobile applications, which provides us with a coarse approximation of the user's location at the city level in order for us to, for example:

provide organizers with a Geo-specific long-code (i.e., generic phone number with a local area code),
support features such as school selection,
and enable other internal measurement and Provider Services features.

We also may, with your express consent, request more specific location information in order to provide you with more relevant information (such as nearby classes or relevant groups that you may subscribe to). We will not store or track your device location on an ongoing basis or without your permission. We may also collect location-based information from users as part of providing the Provider Services, or in order to comply with applicable laws and regulations for the user’s jurisdiction.

If the under-13 user has signed up for the Provider Services through SMS and then downloaded a mobile application, we will have and may use the under-13 user’s phone number:

to merge the under-13 user’s accounts,
to continue SMS delivery services,
and/or as a back-up method of notification.

Push Notifications

We can send notices to you for various reasons directly relating to your use of the Provider Services or at the request of your District, for example when an organizer of your class or group has posted something new to your class or group, you are sent a message, or when we need to inform you of something. If you no longer wish to receive such communications, you may turn them off at the device level for applicable services or contact your District. If you are a parent of an under-13 app user, you always have the choice to no longer allow your child to receive such communications by contacting us at support@esvsoftware.com.

How We Share Information

We use the data received from your District for the sole purpose of delivering products and services to your District. We do not rent, trade, sell or otherwise distribute your information to any third parties, and will only disclose information when allowed by the Family Educational Rights and Privacy Act ("FERPA") and required: a) by applicable laws or government orders, such as a law enforcement or court order; b) to maintain and operate the Subscription Services; c) to enforce or apply our Terms of Use and other agreements; d) to protect the rights, property or safety of ourselves, our employees, our users or others; or e) when authorized by your District.

How Do We Work with Third Party Service Providers?

We work with a number of third party service providers and contractors to maintain and operate the Provider Services. For example, but not limited to, we use third party service providers:

For secure credit card transaction processing for supporting payments.
To provide customer support communication to users.
To analyze use of the website and app.
For our blog and to facilitate social sharing on its blog.
To send emails, texts, phone calls, and push notifications.
For hosting the Provider Services and databases.
To provide additional services to your District such as mailing services, background checks for volunteers, lesson plans, newsletters and other optional features.
To provide solutions for logging into the Subscription Services using Google, Clever, SIS/SMS or a district-managed single sign-on ("SSO") integration.

Before we engage with a third party where we may share Personal Data, it ensures that their privacy policy is at least as protective of your Personal Data as is ours.

We will not provide any Personal Data to any person, party or organization ineligible to receive student records or student record data and information protected by FERPA, federal regulation, state law or regulation, or who is otherwise prohibited from receiving District data.

We also may provide to our third-party partners aggregated information derived from automatically collected information about how users, collectively, use the Provider Services. We may share this type of non-personally identifiable, aggregated statistical data so that its partners also understand how often people use their services as well as ours.

A list of the third-party partners' services we currently use, the data that is shared, as well as links to their privacy policies, can be requested by emailing support@esvsoftware.com.

No Advertising

We do not use student or user records or data collected for purposes of targeted advertising, and no student profile is built by us for reasons other than for the District's purposes.

We provide links to external websites for purposes which are intended solely to support your District’s day-to-day operations.

Your District or its users may post links within our systems to external websites for which we have no control. Before interacting with those third-party websites and their owners’ services or features, we recommends you familiarize yourself with their owners’ privacy policies and practices as we cannot control the data practices of these third parties.

Corporate Restructuring

In the case of a corporate event such as a sale of assets, an acquisition, or a merger of us with another organization, we may transfer your Personal Data. However, we will provide you with notice and an opportunity to opt-out of the transfer of Personal Data.

With Your Consent

You will be notified when your Personal Data may be shared with agents or companies other than us, and you will be given the option to prevent the sharing of this information unless we determine that not disclosing this to you prior to your information being shared is necessary to comply with applicable laws or legal processes or we are prohibited by law or legal processes from informing you in advance.

What Can Other Users See

You are responsible for any content you provide in connection with the Provider Services. We cannot control the actions of anyone with whom you or any other users may choose to share information. Therefore, we cannot and do not guarantee that content you or any user posts on the Provider Services will not be viewed by unauthorized persons. Although we may allow our users to set privacy options that limit access to certain parts of the Provider Services, please be aware that no security measures are perfect or impenetrable and that we are not responsible for circumvention of any security measures contained on the Provider Services. We do not encourage you to make any Personal Data public other than what is necessary for you to use the Provider Services. You understand and acknowledge that, even after removal, copies of content may remain viewable in cached pages, archives and storage backups or if other users have received, copied or stored your content. We will make efforts to remove the content under our control that is not part of another user’s account.

Notwithstanding the foregoing, your District may choose to share some posts and associated pictures on social websites, such as but not necessarily limited to Facebook, Reddit, TikTok, YouTube, X, etc. If done via an integration, we will require your District to confirm that it has prior permission before doing so. Sharing posts and pictures on social websites will make the posts and pictures viewable by users outside of us, and our Privacy Policy will no longer apply to those posts and pictures.

Your District's administrators may have access to user accounts via methods such as, but not limited to, SSO options, integrations with their SIS/SMS, or our product enhancements. These options allow verified administrators or employees to access and utilize the accounts of members of their school or district communities. Administrators may do this to remediate account issues, or to implement quality or safety controls. If your District chooses to use those login features, we require administration to give notice to all users in your District in advance, collect evidence of their consent, and have in place an acceptable use policy for technologies used within your District.

Your contact information, i.e., your email, phone and home/mailing address, may be made available to other registered parents at your district or school as part of an online school directory according to your District’s discretion.

How ESV Software Protects Information

We comply with, or work with your District to jointly ensure compliance with, FERPA and all other applicable confidentiality and privacy laws and rules, and requires its employees, consultants, and subcontractors to similarly comply. Each user plays an important role in securing their account.

Security

We take great measures in keeping your Personal Data safe and secure. We encrypt Personal Data during transfer and at rest. We store and protect your account information on a secured server behind a firewall. We utilize encryption/security software to safeguard the confidentiality of Personal Data we collect.

Data Breach Policy

If we become aware of a data breach of our users' Personal Data, we will comply with applicable law, the Agreement, and notify your District as well as the affected users if asked to do so by your District or as required by applicable laws.

In the event of a data breach, as that term is defined in law or by the Agreement, the goal is to provide notice to your District within 72 hours (or sooner if required by law or the Agreement) after we have confirmed the data breach.

If there are actions required on the part of your District related to the breach, we will provide detailed instructions and assist in remediation.

Managing Your Account

You may review, update and correct the information in your account by logging into our systems or, in many cases, from your SIS/SMS portal. Your District may not allow you to update your account information directly in our systems. In such an event, an alternate District contact or instructions will be provided for you to update your contact information or you may be able to update in the SIS/SMS portal. You are able to adjust your notification settings within our systems so that you receive instant or digest notifications for app notifications, emails and texts, or you may opt out of our communications and receive no notifications at all. If you choose not to receive notifications from us this will not stop you from receiving urgent notifications, for example those regarding school closure, threats, etc.

Deleting Your Account

If you or your child graduates from your District or leaves your District and you are no longer associated with your District, your District may delete your account, i.e., you will no longer be able to access your information on our systems and no other user will be able to access your Personal Data either, including your District, unless for legal reasons. We will retain and use your information as necessary in order to comply with its legal obligations, resolve disputes, prevent abuse and enforce its agreements. In case of accidental deletion, we will be able to restore the account on request if a request is made within thirty (30) days of deletion.

If you are a member of our school or district and cease to agree with our Terms of Use and Privacy Policy at some point in the future or if you no longer desire the Subscription Services, please contact your District directly to delete your account.

Note, if you are a member of a school or district and you request to delete your account, we may notify the organization and the organizer(s) of the classes and/or groups you are affiliated with of your deletion request.

Please note that certain information may remain in our records, server logs and archives after deletion of your account. We retain this information for purposes such as diagnosing problems with the Provider Services, to comply with various states’ open records laws or similar contractual commitments to a District, and for auditing legal investigations. We reserve the right to delete this information in accordance with its standard business practices in effect from time to time. Information and other content you have provided, however, may remain visible elsewhere to the extent such content was copied or stored by other users.

If your or your child’s Personal Data changes, you no longer desire to use the Provider Services, or you would like to rescind permission for our services to further contact your child, you may review, correct, update, delete inaccuracies, request deletion of your child’s information, or amend it by logging into your account and making those changes or contact support@esvsoftware.com.

HIPAA

We are not a healthcare organization and is not certified as compliant with the Health Information Portability and Accountability Act ("HIPAA").

European Union Residents

Our computer systems are currently based in the United States, so your Personal Data entered in the Provider Services or related to your use of the Provider Services will be stored in the United States. By using the Provider Services you: (a) agree to and accept the terms stated in this Privacy Policy, and, (b) expressly consent to the processing of your Personal Data on equipment and by service providers outside the European Economic Area. If you reside in the European Union and we do not seek your explicit consent to process your Personal Data, we are relying on the legitimate commercial interest of our organization in providing the Provider Services to you and other customers and the need to process your Personal Data as previously described in order to accomplish that legitimate interest. You also have the right to withdraw consent and request that we halt processing of your Personal Data at any time. This withdrawal of consent does not invalidate the consent-based processing that occurred prior to withdrawal. As an EU resident, you also have the following rights under the General Data Protection Regulation:

Right to access your Personal Data
Right to rectification of Personal Data held where it is incorrect or incomplete
Right to erasure of Personal Data ("right to be forgotten") if certain grounds are met
Right to restrict/suspend processing of Personal Data
Right to complain to a supervisory authority
Right to object to processing
Right to object to processing of Personal Data for direct marketing purposes
Right to receive your Personal Data in a standard electronic format (data portability)

Our systems comply with all applicable laws regarding your privacy. Individuals from the European Union ("EU"), European Economic Area ("EEA") or United Kingdom ("UK") may only use the Provider Services after providing your freely given, informed consent for us to collect, transfer, store, and share your Personal Data, as that term is defined in the EU’s General Data Protection Regulation. EU, EEA or UK residents may grant that consent directly to us.

You may withdraw this consent or exercise any of the foregoing rights applicable to you by contacting the Privacy Officer at the address below or notifying us at support@esvsoftware.com.

In compliance with the EU-US Data Privacy Framework Principles, we commit to resolve complaints about your privacy and its collection or use of your Personal Data transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact us.

Changes to Privacy Policy

We reserve the right to change, modify, add or remove portions of this Privacy Policy. We will notify District administrators in writing or via email of material changes to this Privacy Policy, including practices around new or additional data collection, or practices that may lessen the previously noted protections around student data privacy.

If you have any questions or would like further clarification about us or this Privacy Notice, please e-mail us at support@esvsoftware.com.

Contact Us

If you have questions or concerns pertaining to your information, your registration, your account, or unsubscribing from us and our software, please contact your District directly. Otherwise, if you have questions about this Privacy Policy or us you may contact us at support@esvsoftware.com.

You can also direct inquiries via phone at 888-683-2514 or in writing to:
ESV Software Privacy Officer
c/o ESV Software dba GAW Holdings, LLC
350 E. 1st Ave
Columbus, OH 43201