Woot Math is privileged and honored to have been entrusted by teachers, schools, and families to support some of their educational needs. We take our responsibilities to safeguard student privacy and to protect student data extremely seriously.

We adhere to, and have pledged to adhere to, all laws applicable to us as providers of services to schools and teachers. So, yes, to answer a frequent question, we specifically comply with COPPA, FERPA, and all other applicable federal laws and regulations, along with all applicable state laws and regulations (including California’s SOPIPA and New York’s Parents’ Bill of Rights).

But that is only the baseline, and our student data policies go beyond what is currently required by law, and we hope we exceed the expectations of all of our customers. We describe our policies and protections in detail below. We very much welcome ideas that could help us strengthen our student data protections, so please feel free to contact us with comments or questions.

We have pledged to carry out responsible stewardship and appropriate use of student personal information. We made these pledges by being one of the first providers to sign the K-12 School Service Provider Pledge to Safeguard Student Privacy, which is a legally-binding and irrevokable pledge.

We have publicly, and permanently, committed to:

• Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
• Not sell student personal information.
• Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
• Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
• Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
• Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
• Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
• Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
• Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
• Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information. You can read about the Woot Math Security Program here.
• Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
• Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.

Woot Math goes even further than what is required under the Student Privacy Pledge to limit and protect student data:

• By policy, we avoid collecting or storing any personally identifiable information about students.*
• Our login policies require that students access the site in association with teacher (or parent) accounts, not through an account that they create on their own.
• We do not collect the email addresses or the full names of students. We allow teachers and administrators to only enter the first names and last initials of their students (or they can choose student usernames that do not include any part of their names).*
• We encrypt all data about students and teachers (even what is not personally identifiable) when it is in transit over the Internet and when it is stored in our database files.
• All Woot Math user data and communicated site data is sent over secure HTTPS and SSL protocols that are designed to protect against eavesdropping, tampering, and message forgery.
• Teacher and administrator password credentials are securely encrypted using cryptographic hashes and protected with variable cryptographic salts.

Woot Math is also Dedicated to Making Sure Your Data Is There When You Need It.

---

*Schools and Districts can, if they wish, contract with us to store limited PII about their students on our systems, but we will not do this without a request from a school and a written agreement. This may happen, for example, when a district asks us to keep a student identifier in our systems that their administrators can use to better manage student accounts and to do things like easily move a student to a new teacher.