LiveSchool Data Security and Privacy Overview
LiveSchool is a secure web-based application that helps schools create a more positive, fun, and fair environment for student learning. LiveSchool allows teachers to instantly document positive behavior “points”, negative behavior choices, and comments. Using the LiveSchool apps for students and parents, families can access feedback about how students are improving. Students can redeem their “points” for rewards offered by the school, and school administrators can track data on behavior trends across their building.
LiveSchool takes the security and privacy of our schools exceptionally seriously. In the sections below, we explain our policies around specific security and privacy questions.
Use of Student Data
LiveSchool complies with all applicable federal laws, including FERPA and COPPA.
LiveSchool never sells student data to 3rd parties for any reason, including marketing. We do not engage in any targeted advertising to students.
LiveSchool deletes all student records at the end of each school year, unless otherwise requested by school personnel. We provide schools the option to download and retain this information, but no permanent record is maintained on our servers. We also delete student data within sixty days of receiving a request.
Parents and legal guardians have the right to request the following:
A description of the type of personal information about your child that is collected through the Service
A review and copies of that personal information
Modifications of and deletions to that personal information
The prevention of further use or collection of your child's personal information
If parents or legal guardians wish to make any of these requests, they should contact the school administrator.
Application Use Data
Our team collects usage statistics to help us measure the efficacy of our application and identify future improvements. Application usage statics never include identifiable student information or PII. We record when school staff interact with key features like “recording a point”, “purchasing a reward”, or “viewing a report”. Application usage statistics can be summarized at the user, school, and district levels. For access to a district-level dashboard summarizing user interaction, please contact email@example.com.
Transmittance of Data
LiveSchool operates on Amazon Web Services, a cloud computing provider that maintains multiple levels of physical and technical security layers and has achieved ISO 27001 certification.
All data exchanged between the LiveSchool platform and web/app clients of users is sent via 256-bit Advanced Encryption Standard (AES) Secure Sockets Layer (SSL) technology.
LiveSchool uses security groups to limit inbound and outbound network traffic to or from each Amazon EC2 and RDS instance. Traffic that is not explicitly allowed to or from an instance is automatically denied.
If your school syncs data directly from your SIS, all SIS data comes via an intermediary API (getclever.com) and is sent over HTTP POST via 256-bit Advanced Encryption Standard (AES) Secure Sockets Layer (SSL) technology.
An overview of the security systems maintained by Clever can be found here: http://assets.getclever.com/documents/clever-security.pdf.
Data Security and PI
LiveSchool tightly controls personnel with access to data on LiveSchool servers, which are all based in the United States.
All passwords stored on the LiveSchool platform are hashed and salted.
All data in the LiveSchool service is stored using industry best practices and technologies, including:
A Virtual Private Cloud compartmentalizes all machine-to-machine communication and services within the cloud.
AWS RDS database servers are firewalled from all external machines on the internet.
Operational intelligence monitoring scripts for proactive monitoring of system service levels.
Verbose logging of application and database access activity.
LiveSchool databases are configured to store information encrypted at rest
“Security Breach” means any act or omission that compromises (1) the security, confidentiality, or integrity of student information; (2) the physical, technical, administrative, or organizational safeguards put in place by LiveSchool that relate to the protection of the security, confidentiality or integrity of student data.
LiveSchool shall take reasonable steps, in accordance with industry standards and applicable laws to immediately remedy any security breach and prevent any further security breach, at its own expense.
LiveSchool shall notify the District in writing within two business days of becoming aware of a security breach. LiveSchool’s notification of a security breach will include the following information:
The name and contact information of the LiveSchool employee responsible for the notice
A list of the types of Data that were or are reasonably believed to have been subject of a breach
The date of the breach, the estimated date of the breach, or the date range within which the breach occurred
The nature of the breach, its cause(s), and any identified actors
The steps taken to remedy the breach and secure all data, and remediation steps being taken to prevent similar occurrences in the future
LiveSchool will coordinate with the District to provide any notices to persons or organizations affected by the security breach as required by law.
LiveSchool will ensure that all procedures implemented to address a Security Breach shall be in compliance with all applicable state and federal laws.
LiveSchool maintains multiple systems and processes to protect your data and maintain high uptime:
At any given time, customer data is stored on two or more instances in different geographic areas of the country, with a latency of fewer than 10 seconds for newly posted data.
LiveSchool executes automated nightly backups of the platform’s database and retains snapshots on a rolling basis for 7 days.
LiveSchool executes automated weekly full database backups which are retained for one month.
LiveSchool maintains a disaster recovery system capable of restoring production data within 24 hours of a service disruption.
LiveSchool partners selectively with the following subcontractors to provide a high-quality service to our school and district partners:
Processes Student PII?
About the Service
Amazon Web Services
Cloud computing resources.
Securely processing CSV uploads. This does not apply to customers using Clever.com.
Securely syncs students, staff, and rosters to LiveSchool based on district-set permissions.
Google Cloud Platform
Cloud computing resources.
Securely routing product usage to support and communication tools
Uploading staff “profile pictures”.
Analyzing product usage and improvement ideas.
Live help chat for school staff.