Scrible

Modern research platform for school and work

Privacy

PRIVACY POLICY


Scrible, Inc. (“Scrible”, “we”, “us”, “our”) has created this privacy policy (“Privacy Policy”) to disclose our use and protection of data collected about you related to your use of our Services (“Data”). If you access or use our Services, you consent to this Privacy Policy. If you do not consent to this Privacy Policy, please do not access or use our Services. Any questions regarding this policy should be directed by email to privacy@scrible.com.

 

This Privacy Policy should be read in conjunction with our Terms of Service (“Terms”) as certain terms used in this Privacy Policy are defined in there.

 

If you access, use or obtain our Services for or on behalf of a group of individuals (“Group”), you agree to this Privacy Policy for that Group and represent that you have the legal authority to consent to this Privacy Policy on behalf of that Group and have its permission to do so. If you do not, please do not access, use or obtain our Services for the Group. If the Group is an organization such as, but not limited to, a business, nonprofit, school, school district, college, university or local, state or federal government agency (“Organization”), our use and protection of data collected about the Organization and its members may be governed by this Privacy Policy in conjunction with a separate agreement between us and the Organization (“Other Agreement”). In the event of a conflict between this Privacy Policy and such Other Agreement, the terms of the Other Agreement shall prevail.

 

 

1. DATA PROCESSING AND STORAGE

 

1.1 Processor. We are a processor of Data (“Processor”) provided to us by you or collected by us from you or a third party you have authorized.

 

1.2 Subprocessors. We use third party service providers to help operate, support and improve our Services (“Subprocessors”). In the course of providing their services, they may access or process (e.g., collect, store, etc.) Data. We only utilize Subprocessors that meet industry standard data privacy and security requirements and best practices. We only share PII with Subprocessors to the minimum extent necessary. Subprocessors must treat your PII in accordance with this Privacy Policy and state and federal privacy regulations. However, we are not liable for damages that may result from the misuse of your Data by them.

 

1.3 Direct Control. We may store your Data in locations outside of our direct control (e.g., on servers or databases co-located with hosting providers).

 

1.4 United States. Our Services are hosted and operated entirely in the United States and are subject to United States law. Data we collect from you is stored and processed in the United States. By accessing or using our Services outside of the U.S., you consent to the transfer of your Data to the United States. Please be advised that United States law may not offer the same privacy protections as the law in your jurisdiction.

 

1.5 International Transfer. Data may be processed and/or stored in the United States, European Union Member Nations, Canada or any other country in which our Subprocessors and we operate. We may transfer Data to them across borders and from your country or jurisdiction of domicile to other countries or jurisdictions. If you are located in the European Union or other regions with laws restricting data transfer, please note that we will comply with laws applicable to us.

 

 

2. LAWFUL BASIS

We only collect and process your Data where we have lawful basis. Our lawful basis includes consent (where you have given it), where necessary for us to operate our Services, and for our legitimate interests, including (i) complying with applicable law, (ii) protecting against security or other threats, (iii) improving our Services, and (iv) addressing customer relationship issues.

 

 

3. DATA USE

 

We may use your Data to:

  • operate our Services;
  • deliver our Services to you;
  • manage our relationship with you (e.g., provide you with help and support);
  • perform analysis of your use of our Services;
  • communicate with you about your Plan options;
  • enforce our Terms and any applicable Other Agreements;
  • tailor your experience on our Services (e.g., showing you content we believe may be relevant to you and displaying Content according to your preferences).
  • respond to investigation, court orders, legal process, or to investigate prevent or take action regarding illegal activities, suspected fraud or situations involving potential threats to the physical safety of any person or potential emotional or physiological abuse (e.g., bullying) of any person, or as otherwise required by law; and
  • perform functions as otherwise described to you at the time of Data collection.

 

4. PERSONALLY IDENTIFIABLE INFORMATION

 

4.1 Definition. Data includes personally identifiable information about you such as your username, name and email address (“PII”).

 

4.2 Accessing and Using Services. You can choose what information to share with us. If you choose to withhold PII requested by us, it may not be possible to access or use our Services or portions thereof.

 

4.3 Collecting PII. We may collect PII from you:

  • when we correspond with you;
  • when you register for an Account;
  • when you complete a survey;
  • when you contact us for help; and
  • when our Services send us error or application data reports.

 

4.4 Sensitive Information. We do not require you to provide sensitive information such as racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or genetic, biometric or health data (“Sensitive Information”).

 

4.5 Managing PII. You may access, correct, update, change or delete your PII at any time via Your Account settings.

 

 

5. DATA RETENTION

We may retain records of Data related to your use of our Services, including usage and activity logs. We retain PII you give us only for (i) as long as your account is open or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which it was collected, unless otherwise required by law.

 

 

6. DATA REMOVAL

You may request that we delete your Data. To do so, please email us at privacy@scrible.com. Complying with your request may require termination of your Account. Selective or partial deletion of your Data may not be possible without hindering your ability to access or use our Services and may require we suspend, limit access to or terminate your Account. Note that we may not be able to delete any de-identified PII about you.

 

 

7. DATA SHARING

 

7.1 Selling PII. We will not sell your PII to any third party without your permission.

 

7.2 Disclosure by You. Any Data you choose to make publicly available via our Services (such as posting comments, reviewing items, etc.) will be available to others.

 

7.3 Third Party Disclosure. We may partner with other organizations based, for example, on the interests of our users. We will not share your PII with them without your permission. We may communicate with you about them. However, you may opt-out of any such communications via Your Account settings. If necessary, Data will be shared with third parties (a) only on an aggregate basis such that it does not identify you or (b) in a way in which your PII is de-identified. In such cases, we prohibit them from re-identifying de-identified Data.

 

7.4 Permitted Disclosure. We reserve the right to disclose Data when required by law, such as by a subpoena or other legal proceedings. We may also disclose Data if we reasonably believe it necessary to (i) comply with requests of law enforcement or other applicable law; (ii) to enforce any agreement between you and us; (iii) to protect the security and integrity of our Services; and/or (iv) to protect us and our users.

 

7.5 Change of Control. If our business is ever acquired, merged or divested of assets, Data may be sold or transferred to a new organization. We may sell, assign or otherwise transfer Data in connection with a sale of all or substantially all of our business or assets. You will be notified via email or a message in an interface of our Services of any resulting change in protection or use of your Data.

 

 

8. ADVERTISING

We do not display advertising in our Services.

 

 

9. COOKIES

“Cookies” are small pieces of information stored by your browser. Cookies, by themselves, do not provide us with PII. However, if you register an Account with us, your PII may be linked to the data stored in a cookie used by us. We use cookies to provide our Services, understand their usage and improve them. You may block or delete cookies in your browser. However, if you do so, it may not be possible to access or use our Services or portions thereof.

 

 

10. PRIVACY OF CHILDREN AND COPPA

We respect the privacy of children. Our Services are compliant with the Children’s Online Privacy Protection Act (“COPPA”). We do not knowingly or directly collect PII from anyone who we know to be under the age of 13. We do not email any such person. We do not share Data about any such person with Subprocessors or third parties. If we discover that a person under the age of 13 has provided us with any PII, we will use commercially reasonable efforts to remove it from our Services.

 

 

11. STUDENT DATA PRIVACY

We are concerned about student data privacy and make privacy and security safeguards and commitments specifically to protect student Data.

 

11.1 Authorized Use. We do not collect or use student Data for any purpose other than to operate and provide our Services to students as described herein and in our Terms.

 

11.2 FERPA. Our Services are compliant with the Federal Educational and Privacy rights Act (“FERPA”).

 

11.3 Data Ownership. Consistent with our Terms, we do not claim ownership of student Data. If a student Account is on an individual Plan, the associated student Data is owned by the student. If a student Account is on a Group Plan, the student Data is owned by the Group Plan Owner, which may be the student’s teacher or educational institution (e.g. school, school district, college or university). If allowed by the Group Plan, the student may associate a personal email address with their Account in order to continue accessing and using their Account and Content if and when their Account is no longer on the Group Plan. Once that occurs, the student Data is owned by the student and the student Account becomes a separate, personal account (“Personal Account”).

 

11.4 Parent Access. The parent or legal guardian of a student may access, correct, update, change or delete the student’s PII at any time via the student’s Account settings.

 

11.5 Third Party Disclosure . Unless legally prohibited, if law enforcement contacts us with a request for student Data, we will redirect them to request the data directly from the owner of the student Data, which may be the student (or their parent or legal guardian) or their educational institution, depending on which Plan the student’s Account is on.

 

 

12. DATA SECURITY AND PROTECTION

 

We are concerned about protecting your Data.

 

12.1 Secure Service. Our Services have security measures in place designed to prevent the loss and unauthorized use or disclosure of your Data. We make best efforts to secure usernames, passwords and other means of gaining access to our Services via your Account .

 

12.2 Internal Access. We only provide access to Data to employees or contractors who need it in order for us to operate and provide our Services to you. Such employees and contractors sign confidentiality agreements and receive training regarding this Privacy Policy, Data privacy and security and student data privacy. All employees and contractors with access to Data shall pass criminal background checks.

 

12.3 Secure Transmission. We use industry-standard technologies when transferring and receiving Data exchanged between us and Subprocessors. When our Services are accessed or used via a supported Web browser, we use Secure Socket Layer (“SSL”), including server authentication and data encryption to help secure Data transmission.

 

12.4 Back Up and Hosting. Our servers are backed up regularly and protected from virtual and physical compromise. We host our Services and your Data in an enterprise-class hosting facility in an environment using a firewall that is periodically updated according to industry standards.

 

12.5 Breach. Despite our best efforts to secure and protect Data, we cannot guarantee that your Data may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards. In the event of such a breach, unless prevented by law enforcement, we will notify you via email and/or a message in an interface of our Services within 2 business days of our discovering the breach. The notification will provide what we know at the time regarding the nature of the breach, when it occurred and what, if any, of your Data may have been compromised.

 

 

13. CALIFORNIA PRIVACY RIGHTS

 

13.1 Third Party Tracking. Third parties often collect information about Internet users over time and across websites. As may be the case when you visit other websites and online services, third parties may be able to collect information about you when you access or use our Services, which do not currently respond to browser “Do Not Track” (DNT) mechanisms.

 

13.2 Removal of Public Posting. If you are a California resident under the age of 18, and a registered user of our Services, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, e-mail us with a detailed description of the specific content or information to privacy@scrible.com. Note that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

 

14. REVISIONS

We may revise this Privacy Policy posted at our Website at any time. We will make a reasonable effort to notify you of such revision via email or a message in an interface of our Services. You are bound by any such revision and should therefore periodically review the current version of this Privacy Policy. You acknowledge and agree that by continuing to access or use our Services after such revision is posted, you accept such revision.

 

15. OPT-OUT

You may opt-out of receiving email communications from us, except transactional correspondence and messages related to privacy, data security, negative Account or payment status and interruption or disruption of our Services. You may set or change your email communication preferences via Your Account settings.

 

 

16. SUCCESSORS AND ASSIGNS

This Privacy Policy inures to the benefit of successors and assigns of Scrible.




Date: 2019-04-18
Facebook Twitter LinkedIn YouTube