BlueStreak Education’s Commitments to Privacy

This Privacy Policy explains how BlueStreak Education, Inc., (“BlueStreak”, “we”, “us” or

“our”) collects, uses, and protects certain personally identifiable information provided to

us or generated by us in connection with a student’s use of our BlueStreak Math

Platform.

What definitions apply to the Privacy Policy?

“BlueStreak Math Platform” means our digital learning platform for math fluency

known as BlueStreak Math.

“LEA" means the local education agency that contracts with us for use of and access

rights to the BlueStreak Math Platform.

“Student Data" means personally identifiable information or material or information that

is linked to personally identifiable information or material in any media or format that is

not publicly available and is: (1) created by or provided to us by a student or the

student's parent/legal guardian in the course of the student's, parent's, or legal

guardian's authorized use of the BlueStreak Math Platform; (2) created by or provided to

us by an employee or agent of a school or school district for school purposes; or (3)

gathered by us through the operation of the BlueStreak Math Platform for school

purposes and personally identifies a student, including, but not limited to, information in

the student's educational record or electronic mail, first and last name, home address,

telephone number, electronic mail address, or other information that allows physical or

online contact, discipline records, test results, special education data, juvenile

dependency records, grades, evaluations, criminal records, medical records, health

records, a social security number, biometric information, disabilities, socioeconomic

information, food purchases, political affiliations, religious information, text messages,

documents, student identifiers, search activity, photos, voice recordings, or geolocation

information.

What services does BlueStreak Math Platform provide?

The BlueStreak Math Platform provides digital and print solutions for numeracy and

fluency that sets the foundation for students in elementary or secondary education to

achieve higher level mathematics.

What Student Data does BlueStreak Education, Inc. collect

and what is it used for?

Generally, we use Student Data to provide educational services via the BlueStreak

Math Platform to children enrolled in a local school under the purview of an LEA. We

will also respond to requests for information and to questions from users, LEA’s and

possible customers.

We do not collect Student Data except when the information is given to us on a

voluntary basis (for example, requesting information by contacting us; signing up for a

BlueStreak in-person event; or setting up and using an account for the BlueStreak Math

Platform).

We do NOT collect a student’s home address, telephone number, electronic mail

address, or other information that allows physical or online contact, nor do we collect

information in the student's educational record or discipline records, special education

data, juvenile dependency records, grades, criminal records, medical records, health

records, social security numbers, biometric information, disabilities, socioeconomic

information, food purchases, political affiliations, religious information, text messages,

documents, search activity, photos, voice recordings, or geolocation information. We

also do NOT collect IP addresses of users or use cookies or engage in targeted

advertising based on information obtained or inferred from a user’s usage of the

BlueStreak Math Platform. As the BlueStreak Math Platform does not allow for online

communication, we also do NOT have access to or collect any student generated

content.

The limited Student Data we may collect and how we use it is provided below:

Category of Data

Elements

Use

Application Use Statistics

Meta data on user interaction

with the application

Track performance on BlueStreak Math for bug fixes.

Enrollment

Student School Enrollment

Assigns students to a school.

Enrollment

Student Grade Level

Assigns students to a grade level

Enrollment

Homeroom/Course

Assigns students to a homeroom/course

Parent/Guardian Contact

Information

Parent Email

Optional field used to send Parent Letters.

Schedule

Teacher names

Assigns a student to a teacher

Special Indicator

Accelerated Learning, Before or After

School Program, MTSS Tier 1,2,3 or

RTI.

Optional fields, used for data analytics

Student Identifiers

Student Name

May be used to login to BlueStreak Math.

Student In App

Performance

Program/ Application

Performance

We collect student in-game test scores, problem

mastery data, time spent and leaderboard data

(leaderboards do not reveal any Student Data,

except for First Name and Last Initial). Data is used

for analytics, rostering, student login or gameplay.

The total number of questions answered and

mastery level completion, for all users, across the

US, assists in evaluating performance within

BlueStreak Math Platform. Total number of

questions answered, active users and average

growth, for all users across the US, is used for

marketing.

Other

Additional data elements used, stored

or collected by our application

Problem answer attempt (which problem, right or

wrong, how long to answer), Sprint (Game/ Test /

Learning Round)

(Which problems in set, duration), single player game

scores,

multiplayer game scores and team info, level completion

certificates,

crash reports (automatic) (game version, error

code, steps and position in game, stack trace),

problem progress (% of mastery for particular

problems), student store purchases (which store item)

Does BlueStreak Education share Student Data?

We may share Student Data with the LEA, parents or guardians of users or with third-

party providers and consultants which perform service for us and need access to

information as part of their work in a manner consistent with this policy. We do not

otherwise sell, rent, license or share Student Data, unless permitted or required by law

or court order.

How does BlueStreak Education treat information about

children under 13 years old?

The Children's Online Privacy Protection Act (COPPA) protects the privacy of children

under the age of 13.

The only information received directly from a user under the age of 13 is the answers to

the math questions within the BlueStreak Math Platform. We do not ask children under

13 to provide Student Data. We do not intentionally contact or collect Student Data from

children under 13.

What is BlueStreak Education's commitment to data

security?

To reduce the risk of unauthorized access, maintain data accuracy, and secure the

correct use of information, we use commercially reasonable physical, electronic, and

managerial procedures, which meet or exceed industry standards, to protect the

information we collect. We also use Secure Sockets Layer (SSL) protocol on student

information. No security system for data is completely secure. Therefore, BlueStreak

Education cannot promise that Student Data will not be intercepted by others.

We committed to providing the BlueStreak Math Platform in an easy to use, secure and

reliable manner and are a Clever,Inc. a certified partner.

What is BlueStreak Education’s policy for deleting Student

Data?

At the termination of the LEA contract with us, all Student Data will be deleted from

BlueStreak Math within 90 days.

Where are BlueStreak Education's servers located?

All servers are located within the United States.

What happens in the event of a Security Breach?

In case of any unauthorized acquisition of computerized data that compromises the

security, confidentiality, or integrity of Student Data maintained by us (“Security

Breach”), we will, within the most expedient time possible and without unreasonable

delay, but no later than 30 calendar days after the determination that a Security Breach

has occurred, notify the LEA of such breach. "Security Breach" does not include the

good faith acquisition of personal information by an employee or agent of a BlueStreak

Education or a school for a legitimate purpose of BlueStreak Math or the school if the

Student Data is not used for a purpose prohibited by applicable law, including, but not

limited to the Illinois Student Online Privacy Protection Act, or subject to further

unauthorized disclosure.

Except for any costs and expenses incurred by the LEA in investigating and remediating

a Security Breach arising solely from BlueStreak Education's breach of any

representation or warranty under this Privacy Policy or BlueStreak Education’s gross

negligence, any and all any costs and expenses incurred by the LEA in investigating

and remediating a Security Breach attributable to BlueStreak Education will be the

LEA’s sole and absolute responsibility and shall indemnify and hold BlueStreak

harmless from the same, including but not limited to costs and expenses arising out of

or related to (1) providing notification to parent of those students whose covered

information was compromised and to regulatory agencies or other entities as required

by law or contract, (2) providing credit monitoring to those students whose covered

information was exposed in a manner during the breach that a reasonable person would

believe that it could impact his or her credit or financial security, (3) legal fees, audit

costs, fines, and any other fees or damages imposed against the school as a result of

the security breach; and (4) providing any other notifications or fulfilling any other

requirements adopted by the IL. State Board of Education or of any other State or

federal laws.

Family Education Rights and Privacy Act (“FERPA”)

Pursuant to the requirements of FERPA: BlueStreak Education acknowledges that in

connection with any contract between BlueStreak Education and an LEA for use of the

BlueStreak Math Platform, that it (i) is acting as a school official with a legitimate educational

interest; (ii) is performing an institutional service or function for which the school would

otherwise use employees; (iii) is under the direct control of the school, with respect to the use

and maintenance of covered information; (iv) is using the covered information only for an

authorized purpose, and (v) and may not re-disclose it to third parties or affiliates, without

permission from the LEA or pursuant to law or a court order.

Third Parties or Subcontractors

Districts are adopting cloud infrastructure instead of on-premise models for security purposes.

Most education software providers also have adopted cloud services to host their products for

districts, as have healthcare providers, financial institutions, and government agencies. While

on-premise systems need to be maintained, updated, configured, and secured individually,

cloud services typically offer key benefits that provide stronger data security management and

practices.

• Cloud service providers have greater security expertise running servers in the cloud

across thousands of customers over many years.

• Cloud service providers are experienced in navigating and managing a broad array of

security requirements, including most stringent security standards, such as HIPAA,

COPPA, GDPR, and SOC.

• Cloud service providers have a much more substantial investment in both network and

physical security than on-premise systems could typically provide.

BlueStreak Math’s infrastructure runs on Digital Ocean, Aiven and Amazon Web Services

(AWS), which are industry leaders in cloud services and data security. Ernst & Young LLP

performs the AWS System and Organization Controls audit and issues reports that demonstrate

how AWS achieves these key compliance controls and objectives. AWS SOC 2 and other

reports are available on the AWS compliance site. Digital Ocean’s SOC 2 and other reports are

available on the Digital Ocean Trust Certifications site. Aiven’s SOC 2 and other reports are

available on the Aiven Security & Compliance site.

The following is a list of subcontractors to whom student data may be disclosed: Mitchell Meyer,

Erica Brownfield, Hattie King, Jan Letts, James Gilliat, Lopa Shah, Laura LeNoir and Marilyn

Hagler.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time. Any changes will be effective

immediately, unless otherwise noted. If we make any changes to this Policy, we will

change the Last Revised date below.