Full privacy evaluation | See all
Thumbnail
Updated December 19, 2018

Neo

  • Privacy policies do not indicate a version or effective date.
  • Unclear whether data are sold or rented to third parties.
  • Unclear whether data are shared for advertising and/or marketing.
  • Unclear whether this product displays behavioral or contextual advertising.
  • Unclear whether this product allows data collection by third-party advertising or tracking services.
  • Unclear whether this product uses data to track and target advertisements on other third-party websites or services.
  • Unclear whether this product allows third parties to use data to create ad profiles, data enhancement, and/or targeted advertisements.
The criteria for "Use with Caution" are narrowly focused around data uses related to creating profiles that aren't related to any educational purpose, and using data to target ads. We include both first party (ie, the vendor that builds the service) and third party (any company given access by the vendor) data use. It's worth highlighting that using data to profile students violates multiple state laws, and in some cases also violates federal law.

A service can be designated "Use with Caution" for either a lack of transparency around data use -- which creates the potential for profiling and behavioral targeting -- or for clearly stating that they use data to target advertisements and/or create profiles. As with any application being considered for use within schools, school and/or district staff should review the privacy policies and terms of service to ensure that they meet the legal and practical requirements of their state laws and school policies.

As with the "Not Recommended" criteria, a "Use with Caution" designation is NOT a sign that a vendor is necessarily doing anything unethical or illegal. It is a sign that, based on publicly available policies,  we do not have adequate guarantees that data will not be used by first or third parties to create non-educational profiles or to target behavioral ads.
Use with Caution
Full evaluation
40
Overall Scoreinfo-bubble

This overall score represents how the service addressed all our evaluation questions. A higher score (up to 100) means the service provides more transparent and comprehensive policies.

Overview

NEO is a learning management system (LMS) for managing classroom activities. The service description on their site states that NEO focuses on delivering a great learning experience, while incorporating all the essential tools schools need to support efficient teaching and learning. NEO does not disclose in its policies whether a user can interact with other trusted users or whether a user's personal information can be displayed publicly in any way. However, NEO's terms do state that they may review, screen, or monitor user-created content and can delete it if the content violates its policies. NEO does not display a version or effective date of the polices. A version or effective date provides notice to consumers of exactly what terms they actually provide their consent to and, more importantly, gives notice in the event any changes are made to the policies, requiring a new effective date.

In addition, NEO's terms state they use industry best practices to protect the privacy and security of users' data. Lastly, NEO's terms state that because they provide a LMS platform, schools and districts are fully responsible for the data hosted on the platform and how they use it. The terms of NEO state that schools and districts are the "data collector" and NEO is the "data processor".

NEO can be accessed through its website, and is available for download at the iOS App Store, the Google Play Store, and Microsoft Appstore. The Privacy Policy and Terms of Use used for this evaluation can be found on NEO’s website, iOS App Store, the Google Play Store, and Microsoft Appstore. Additionally, other policies used for this evaluation include: EU General Data Protection Regulation. This evaluation only considers policies that have been made publicly available prior to an individual using the application or service.

Read the Common Sense standard privacy report (SPR)arrow
The standard privacy report (SPR) displays the most important privacy practices from a product’s polices in a single easy-to-read outline. The report displays an alert when a particular privacy practice is risky, unclear, or not evaluated. This alert indicates more time should be focused on these particular details prior to use.
SafetyPromoting responsible use
arrow
Evaluating safety takes into consideration best practices that protect a user's physical and emotional health. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to safety.
18

NEO does not disclose in its policies whether a user can interact with other trusted users or whether a user's personal information can be displayed publicly in any way. However, NEO's terms do state they may review, screen, or monitor user-created content and can delete it if the content violates its policies.

PrivacyProtecting collected information
arrow
Evaluating privacy takes into consideration best practices that protect the disclosure of a user's personal information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to privacy.
37

NEO does not display a version or effective date of the polices. A version or effective date provides notice to consumers of exactly what terms they actually provide their consent to and, more importantly, give notice in the event any changes are made to the policies, requiring a new effective date. The terms state that any personal information shard with third-parties would also subject those third parties to the same privacy protections of user data as NEO. The terms state NEO may engage in first-party marketing campaigns that might be suited for users such as invitations to webinars and events, content marketing campaigns, campaigns related to NEO's platforms and blogs, research campaigns related to its platforms, blogs, and industry. However, overall the terms are not transparent about several important privacy practices. For example, the terms do not disclose information about whether user data is sold, or whether personal information is used for behavioral advertising or tracking purposes.

SecurityProtecting against unauthorized access
arrow
Evaluating security takes into consideration best practices that protect the integrity and confidentiality of a user's data. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to security.
65

NEO's terms state they use industry best practices to protect the privacy and security of users' data. In addition, the terms specify they use a rate limiter to prevent script kiddies or malicious attackers from overwhelming their system, and their Amazon servers are hosted in their own VPC (virtual private cloud), and all remote ssh logins are protected using public/private keys. The terms further disclose that all communications are encrypted over HTTPS, and they use secure storage with all personal passwords encrypted with individual SALT values on secure servers. Lastly, the terms of NEO state they follow industry best practices to ensure the security of our system and prevent breaches. If NEO detects a security breach, the terms state they will immediately work to fix the issue as well as alert our users if there is a threat to their content or passwords so that they can take appropriate action such as resetting their passwords.

ComplianceFollowing statutory laws and regulations
arrow
Evaluating compliance takes into consideration best practices of companies that collect personal information from children or students and the legal obligations for the privacy and security of that information. A higher score (up to 100) means the service provides more transparent and comprehensive responses related to compliance.
23

NEO's terms state that because they provide a LMS platform, schools and districts are fully responsible for the data hosted on the platform and how they use it. The terms of NEO state that schools and districts are the "data collector" and NEO is the "data processor". NEO's terms further specify that they only collect the data that schools or districts use when registering for its platforms, which is usually the administrator account of the platform. The terms further specify that NEO's LMS platform can only be used by schools for children and accredited universities/colleges that award degrees. The terms also state users can access, review and delete their information and all related data. In addition, the terms state NEO is FERPA compliant, but the terms do not provide any additional detail about FERPA compliance, and do not discuss whether parental consent should be obtained, or whether NEO will delete information from children under the age of 13 if collected without parental consent. Lastly, NEO's terms state that they comply with the EU-US Privacy Shield.

About Privacy Evaluations

The privacy evaluations have been designed with the help and support of a consortium of schools and districts across the United States. These evaluations are designed to streamline making an informed decision about the potential privacy implications of educational technology used to support teaching and learning.

Our core evaluation criteria are freely available and will remain freely available. People are encouraged to read the questions we use and the information security primer we released. Vendors are encouraged to use our questions and the information security primer to self-evaluate. You can also learn more about our evaluation process.

Please be in touch with any questions or feedback.