Rating Questions

The following ratings a product could receive are described below:

Pass Rating

Meets our minimum requirements for privacy and security practices.

Applications and services that receive a Pass rating have met our minimum criteria for transparency and qualitatively better practices in their policies. Products that earn a Pass rating have made a privacy commitment not to use or disclose personal information from any user for commerical purposes. Before using an application or service with this rating, parents, teachers, schools, and districts are strongly advised to read the privacy policy as a starting point for the process of vetting the application or service. In addition, a more detailed review should happen before any child or student data is shared with a service.

Warning Rating

Does not meet our recommendations for privacy and security practices.

Applications and services that receive a Warning rating have risks narrowly focused around data use related to selling data, third-party marketing, creating profiles that are not associated with any educational purpose, and/or using data to target advertisements. We include data use from both the first party (i.e., the company that builds the service) and third parties (any other company given access to data by the product). Using data to profile children or students for advertising purposes can potentially violate multiple state laws and in some cases federal law. An application or service can be given a Warning rating for either a lack of transparency around data use—which creates the potential for profiling and behavioral targeting—or for clearly stating the service uses data to target advertisements and/or create profiles. As with any application being considered for use within schools, school and/or district staff should review the privacy policies and terms of service to ensure that they meet the legal and practical requirements of their state laws and school policies. Unclear or "worse" responses to the questions listed below trigger inclusion in the Warning rating:

1. Sell Data Evaluation Question

The Sell Data evaluation question indicates whether the policies disclose that a user's personal information is sold or rented to third parties for monetary or other valuable consideration. Selling users' data is an important issue to disclose in the policy because users want to know if their data is shared with third parties in exchange for use of the product and the answer may impact whether they decide to use the product or service. A “better” response to this evaluation question indicates the product does not sell a user's data to third parties. A “worse” response indicates the product does sell a user's data to third parties. “Unclear” indicates that no relevant disclosure is made available in the policies.

2. Third-party Marketing Evaluation Question

The Third‐Party Marketing evaluation question indicates whether marketing communications that could include emails, text messages, or other notifications are sent to users are from an application or service that a user does not have a direct relationship with and therefore has different expectations, because it communicates unrelated or unsolicited products and features from third‐party companies. A “better” response to this evaluation question indicates the product does not send third-party marketing communications to users. A “worse” response indicates the product does send third-party marketing communications to users. “Unclear” indicates that no relevant disclosure is made available in the policies.

3. Personalized Advertising Evaluation Question

The Personalized Advertising evaluation question indicates whether advertisements are displayed to any users based on collected personal information or behavioral information on how users use the product also known as behavioral or targeted advertisements. Personalised advertisements take targeted advertisements one step further, collecting specific information about users typically through the use of cookies, beacons, tracking pixels, persistent identifiers, or other tracking technologies that provide more specific information about the user. This information is then shared with advertisers, who display even more targeted products and services than targeted advertisements to the user based on the specific information they received from the user's activities on the product. A “better” response to this evaluation question indicates the product does not display pesonalized or targeted advertising to users. A “worse” response indicates the product does display pesonalized or targeted advertising to users. “Unclear” indicates that no relevant disclosure is made available in the policies.

4. Third-Party Tracking Evaluation Question

The Third-Party Tracking evaluation question indicates whether the company allows third-party companies to use cookies or other tracking technologies on its product, enabling those third-party companies to collect and use a user's personal information for their own purposes. A company should not permit third-party advertising services or tracking technologies to collect any information from a user who is using the service. A user's personal information provided to a product should not also be used by a third party to persistently track that user's behavioral actions on the product to influence what content they see in the product and elsewhere online. Third-party tracking can influence a user's decisionmaking without their knowledge, which may cause unintended harm. A “better” response to this evaluation question indicates that the company does not allow third-party companies to use cookies or other tracking technologies on its product for commercial purposes. A “worse” response indicates that the company does allow third-party companies to use cookies or other tracking technologies on its product for commercial purposes. “Unclear” indicates that no relevant disclosure is made available in the policies.

5. Track Users Evaluation Question

The Track Users evaluation question indicates whether the product allows a third-party company to use cookies or other tracking technologies, or whether it otherwise enables a third party to display advertisements to the product's users on other apps and services across the Internet. A company should not track users to target them with advertisements on other third-party websites or services. In addition, a user's personal information provided to a product should not be used by a third party to persistently track that user's behavioral actions over time and across the Internet on other apps and services for commercial purposes. A “better” response to this evaluation question indicates that the company does not allow third-party companies to track users over time and across the Internet on other apps and services. A “worse” response indicates that the company does allow third-party companies to track users over time and across the Internet on other apps and services. An “unclear” response indicates that no relevant disclosure is made available in the policies.

6. Ad Profile Evaluation Question

The Ad Profile evaluation question indicates whether or not a product creates an advertising profile or allows third-party companies to use cookies or other tracking technologies on the product that would enable those third-party companies to create a behavioral profile or audience segmentation about a user based on the user's personal information, preferences, or characteristics for advertising or marketing purposes across the Internet. A company should not create advertising profiles or allow third parties to use a user's data to create a profile, engage in data enhancement or social advertising, or target advertising based on that profile. Automated decision making, including the creation of ad profiles for tracking or advertising purposes, can lead to an increased risk of harmful outcomes that may disproportionately and significantly affect children or students. A “better” response to this evaluation question indicates that the company does not allow third-party companies to create or use a behavioral profile of any user. A “worse” response indicates that the company does allow third-party companies to create or use a behavioral profile of any user. An “unclear” response indicates that no relevant disclosure is made available in the policies.

Fail Rating

Does not have a privacy policy and should not be used

Applications and services that received a Fail rating have issues narrowly focused on whether a detailed privacy policy is available for evaluation prior to login or account creation in order to protect child and student data.

The criteria for Fail measures whether or not a company has done the bare minimum to provide users with a rudimentary understanding of how the product protects user privacy. The single criteria listed above is a basic privacy requirement for all products. Applications and services that do not meet this basic requirement can potentially run afoul of federal and state privacy laws. Among the applications or services we evaluate, only a small number do not have a privacy policy and/or terms of service available on their website at the time of our evaluation. Nonetheless, as with the Warning criteria described above, a Fail rating is not a sign that a company is necessarily doing anything illegal or unethical, but it could mean, based on how the application or service is used, that it could be violating either federal or state laws. It is a sign that, based on publicly available policies their services do not provide adequate guarantees that personal information stored in their information systems will be protected.