Student Data Policy

Last Updated: March 12, 2024

This Student Data Policy supplements our Privacy Policy with regard to Student Data that we process under a student data privacy agreement with an Educational Institution. Terms used but not defined in this Student Data Policy have the meaning set out in the Privacy Policy.

1. When an Educational Institution customer makes our MagicStudent Services available to students for an educational purpose, Magic School may process personal information that is directly related to an identifiable student that is: (i) provided to Magic School by an Educational Institution, or (ii) collected or generated by Magic School during the provision of Services to the Educational Institution (“Student Data”). Student Data may include information defined as “educational records” by the Family Educational Rights and Privacy Act (“FERPA”) or “covered information” under California’s Student Online Personal Data Protection Act (“SOPIPA”), or other information protected by similar student data privacy laws.

2. We consider Student Data to be confidential and do not use Student Data for any purpose other than to provide our Services on the Educational Institution’s behalf, in accordance with contractual agreements with the Educational Institution. To help Educational Institutions address their obligations to protect their students’ data privacy, we have implemented additional controls and procedures for Educational Institutions when they enter into a contract with Magic School to make our Services available to students for an educational purpose such as our Student Data Privacy Addendum.

3. As between us and the Educational Institution, Student Data are owned and controlled by the Educational Institution. Our collection and use of Student Data is governed by our contracts with the Educational Institutions and by applicable privacy laws. For example, we provide our Services to Educational Institutions as a “School Official” under FERPA and we work with Educational Institutions to help protect personal data from the Student’s educational record, as required by FERPA.

   • We collect, maintain, use and share StudentData only for an authorized educational purpose and as described in our Agreement with the Educational Institution, or as directed by the Educational Institution or by the Student’s parent or legal guardian (each, a “Parent”).
     
   • We do not use or disclose Student Data for targeted advertising purposes.
     
   • We do not build a personal profile of a Student other than in furtherance of an educational purpose.
     
   • We maintain a comprehensive data security program designed to protect the types of Student Data maintained by the Service.
     
   • We will clearly and transparently disclose our data policies and practices to our users.
     
   • We will never sell Student Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honor the terms provided in this Student Data Policy or we will provide the Educational Institution with notice and an opportunity to opt-out of the transfer of Student Data by deleting the Student Data before the transfer occurs.
     
   • We will not make any material changes to our Student Data Policy or contractual agreements that relate to the collection or use of Student Data without first giving notice to the Educational Institution and providing a choice before the Student Data are used in a materially different manner than was disclosed when the information was collected.
     

4. How We Share and Disclose Student Data
   ‍
   We disclose Student Data solely as needed to provide our Services on behalf of specific Educational Institutions in accordance with our contractual agreements with those Educational Institutions or with the consent of the Educational Institution or Parent. For example, Student Data and account usage data may be disclosed to or accessible by users who are authorized to use the Service on behalf of the Educational Institution, such as the student’s teacher or other administrative professional. We also disclose Student Data to our trusted service providers who have a legitimate need to access such information on our behalf, subject to appropriate contractual terms to protect such data. Furthermore, we may disclose Student Data in connection with a business transaction or to support our legal rights and obligations, as described in our Information Sharing and Disclosure section of the Privacy Policy.

5. How We Use De-Identified Data
   ‍
   We may also generate, use, and disclose de-identified information for adaptive learning purposes or customized student learning purposes, to recommend content or services relating to Educational Institution purposes or other educational or employment purposes, to develop, research and improve our Services, or to demonstrate the effectiveness of our Services. In addition, we may use de-identified information for the development and improvement of other educational sites, services and applications or technologies more generally to the extent permitted under applicable law. “De-identified information” means data from which all personally identifiable information has been removed or obscured so that the remaining information does not reasonably identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual.

6. How We Retain Student Data
   
   We will not knowingly retain Student Data beyond the time period required to support an educational purpose, unless authorized by the Educational Institution.
   
   Educational Institutions are responsible for maintaining current class rosters, and for managing Student Data which they no longer need for an educational purpose by submitting a deletion request. Please note: even in the absence of instruction by the Educational Institution, we may delete or de-identify data after a period of user inactivity in accordance with our standard data retention policies.  
   
   If you are using our Services on behalf of an Educational Institution and wish to access Student Data, delete Student Data or close your account, please contact us (security@magicschool.ai). If you are a Parent or Student and wish to access Student Data, delete Student Data or close your account, please direct your request to your Educational Institution.

7. Questions About Student Data
   
   If you are a Parent or Student and have questions about specific practices relating to Student Data provided to Magic School by an Educational Institution, please direct your questions to your Educational Institution.