Privacy Evaluation for Socrative
Socrative provides a classroom tool and resource that teachers can use as part of their classroom activities to identify levels of student understanding of instruction on a real-time basis. The terms state that users can interact with both trusted and untrusted users, and that personal profiles and teacher newsfeeds are set to be public by default. The terms state that personal information is collected about teachers and parents, with limited information collected about students, and personal information is shared with third parties only for the purposes of providing the vendor's services; there are no third-party ads, and users can upload user content. The terms state that teachers are required to create accounts to use the service, but students are not. The terms state that it is the responsibility of schools/teachers to obtain parental consent for the vendor to collect personal information from students. In addition, the terms describe methods for users to access, modify, or delete their data or their child's personal information.
The terms state that users can interact with trusted users, such as relevant students, parents, and other teachers, and untrusted users, such as via forums where any information shared can be publicly viewable. Personal profile data and teacher newsfeeds are made public by default, though newsfeed privacy settings are configurable. The terms state that the vendor does not monitor user-submitted content. The terms do not state whether or not interactions are moderated.
The terms are clear about the purposes and context of data sharing, and third parties must only use this data to provide the services to the vendor. Anonymous analytical data is also collected and may be shared with third parties to improve the service, but any non-personally identifying information that is mixed with personally identifiable information is treated as personally identifiable. The terms state that no personal data is shared with third parties for third party marketing, and no personal information is sold. The service allows users to connect their accounts with Facebook to retrieve a profile photo, and users can, in some cases, sign into their account using a Google ID or Clever ID, from whom the vendor receives some information. Users may upload learning content to their account. Users receive service-related messages from the vendor; teachers and parents may also receive marketing emails from the vendor, but they can opt out of marketing but not service messages. Lastly, the terms state that the vendor does not host any third-party ads, but are unclear on whether there are first-party/their own ads on their services, and they do not track users across third-party apps or sites.
The terms state that teachers are required to create accounts to use the service, but that students are not so required. The vendor uses reasonable security measures, including encryption in transit, but more security specifics are not included in the terms.
What data does it collect?
- Personally identifiable information (PII) is collected.
- The categories of collected personally identifiable information are indicated.
- Collection or use of data is limited to product requirements.
- Unclear whether this product collects geolocation data.
- Unclear whether this product collects biometric or health data.
- Behavioral data are collected.
- Unclear whether this product collects sensitive data.
- Non-personally identifiable information is collected.
- Unclear whether opt-in consent is requested from users at the time personal information is collected.
- Personal information of users is not collected by a third party.
What data does it share?
- Collected information is shared with third parties.
- The categories of information shared with third parties are indicated.
- The purpose for sharing a user's personal information with third parties is indicated.
- Unclear whether the categories of third parties that receive personal information are indicated.
- Data are shared for analytics.
- Data are shared for research and/or product improvement.
- Data are shared with third-party service providers.
- The roles of third-party service providers are indicated.
- Social or federated login is supported.
- Contractual limits are placed on third-party data use.
How does it secure data?
- A user's identity is verified with additional personal information.
- Account creation is not required.
- Parental controls or managed accounts are available.
- Unclear whether two-factor account protection is available.
- Third-party contractual security protections are required.
- Industry best practices are used to protect data.
- Unclear whether this product limits employee or physical access to user information.
- All data in transit are encrypted.
- Unclear whether this product encrypts all data at rest.
- Unclear whether this product provides notice in the event of a data breach.
What rights do I have to the data?
- Users can create or upload content.
- Users retain ownership of their data.
- Processes to access and review user data are available.
- Processes to modify inaccurate data are available.
- Unclear whether the product provides a data-retention policy.
- Processes for the school, parents, or students to delete data are available.
- Unclear whether a user's data are deleted upon account cancellation or termination.
- Unclear whether this product deletes data when no longer necessary.
- Permissions, roles, or access controls are available to restrict who has access to data.
- Unclear whether this product provides users the ability to download their data.
Is the data sold?
- Data are not sold or rented to third parties.
- Users can opt out from the disclosure or sale of their data to a third party.
- User information can be transferred to a third party.
- Users are notified if their information is transferred to a third party.
- Unclear whether user information can be deleted prior to its transfer to a third party.
- Unclear whether third-party transfers are contractually required to use the same privacy practices.
- User information is shared in an anonymous or deidentified format.
- The vendor describes their deidentification process of user information.
- Data are shared for research and/or product improvement.
- Contractual limits prohibit third parties from reidentifying deidentified information.
How safe is this product?
- Users can interact with trusted users and/or students.
- Users can interact with untrusted users, including strangers and/or adults.
- Profile information is shared for social interactions.
- Personal information is displayed publicly.
- Users can control how their data are displayed.
- User-created content is not reviewed, screened, or monitored by the vendor.
- User-created content is not filtered for personal information before being made publicly visible.
- Social interactions between users are not moderated.
- Unclear whether social interactions of users are logged.
- Unclear whether users can report abuse or cyberbullying.
Ads & Tracking
Are there advertisements or tracking?
- Data are not shared for third-party advertising and/or marketing.
- Unclear whether this product displays traditional or contextual advertisements.
- Unclear whether this product displays behavioral or targeted advertising.
- Data are not collected by third-party advertising or tracking services.
- Data are not used to track and target advertisements on other third-party websites or services.
- Data profiles are not created and used for data enhancement, and/or targeted advertisements.
- The vendor can send marketing messages.
- Unclear whether this vendor provides promotional sweepstakes, contests, or surveys.
- Users can opt out of traditional, contextual, or behavioral advertising.
- Users can opt out or unsubscribe from marketing communications.
Can I provide parental consent?
- Intended for children under 13.
- Personal information from children under 13 years of age is collected online.
- Unclear whether intended for parents or guardians.
- Vendor does have actual knowledge that personal information from users under 13 years of age is collected.
- Children's privacy is applicable.
- Parental consent is required.
- Parental consent is not limited with respect to third parties.
- Parents can withdraw consent for the further collection of their child's information.
- Unclear whether this product deletes children's personal information if collected without parental consent.
- Parental consent notice and method for submission are provided.
Is the product intended for school?
- Intended for students.
- Personal information or education records are collected from preK-12 students.
- Intended for teachers.
- Product is primarily used by, designed for, and marketed toward students in grades preK–12.
- Product does create education records.
- Unclear whether this product provides notification of a contract or additional rights.
- Vendor is not designated as a school official.
- Parental consent obligations are transferred to the school or district.
- Unclear whether the vendor indicates FERPA parental consent exceptions.
- Unclear whether this product discloses directory information.