Highfive Privacy Policy For K-12 Schools & Districts

Last Updated: May 13, 2020

Highfive partners with schools to provide video communications to support traditional, virtual, and hybrid classrooms, distance learning, educational office hours, guest lectures, and more. As part of the services we provide to K-12 schools, Highfive may be used by students, including students under the age of 16. We are particularly committed to protecting the privacy of K-12 users, and Highfive’s K-12 Schools & Districts Privacy Policy is designed to reflect our compliance with the requirements of the Children’s Online Privacy Protection Act (“COPPA”), the California Consumer Privacy Act (“CCPA”), the Federal Education Rights and Privacy Act (“FERPA”), and other applicable law.

Consent

Before collecting any personal information (“Personal Information”) from students under age 13, we require the “School Subscriber”—typically the students’ school, school district, or teacher—to contractually consent to our information practices on behalf of such students’ parents, as permitted by applicable law. We only collect students’ Personal Information to provide the Highfive for K-12 service to the School Subscriber, not for marketing or advertising, and, with the limited exception of our service providers, we do not share Personal Information about K-12 students with other parties except as directed by the School Subscriber or required or permitted by law, as set forth in this Privacy Policy and consistent with our agreements with our School Subscribers. 

Information Collection

We collect the following categories of data from K-12 students:

  • Information commonly used for identification, such as a user’s name and other similar identifiers;
  • Information about a student’s school, including its location;
  • Information about the student’s device, network, and internet connection, such as IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version;
  • Information about the student’s use of the Highfive platform, including actions taken, date and time, frequency, duration, quantity, quality, network connectivity, and performance information related to logins, clicks, messages, contacts, content viewed and shared, calls, use of video and screen sharing, meetings, cloud recording, and other feature usage information (“Usage Information”); and
  • Other information users – including teachers, school administrators, and students – upload, provide, or create while using the Service (“User-Generated Information”), as further detailed in the “User-Generated Information” section below.

We collect data in the following ways:

When students are set up for, invited to, or use Highfive services, by the very nature of the usage and the service, data is collected. We gather students’ Personal Information from the School Subscriber, directly from the student as they interact with educational content on the Highfive platform, directly from students’ devices, and directly from someone who invites users to communicate with them via Highfive (such as a meeting host). Some of this collection happens when a student or someone who wants to communicate with them via Highfive (e.g., a teacher or classmate) affirmatively submits that information. Some of our collection happens in the background – that is, it’s automatically collected when users interact with our Products.

Highfive and our third-party service providers also automatically collect some information using methods such as cookies and other tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referrer URL, exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this information to offer and improve our Services, and to troubleshoot for support. We do not use this information to deliver advertising or for any other purpose not related to the delivery and support of the Services.

We may collect Personal Information about K-12 students from the School Subscriber and authorized users of the district/school/teacher account, including Personal Information contained in “educational records,” as defined by FERPA. Highfive maintains this information on behalf and at the direction of the School Subscriber and does not use the information for other purposes.

Data Use

We use Personal Information collected from and about students only as needed to deliver the functionality of the Highfive platform, operate our business, and for use by School Subscribers at their direction as follows: 

 We may use all of the types of Personal Information that we collect for the following purposes, to the extent permitted by our agreements with our School Subscriber customers:

1) Providing, running, personalizing, improving, operating, and maintaining our Products.

  • Account configuration
  • Account maintenance
  • Enabling meetings and webinars between users and third-party participants
  • Hosting and storing personal data from meetings and webinars on behalf and at the direction of the meeting host/School Subscriber
  • Fulfilling requests made by users of the Service, including requests for access to Personal Information received from a School Subscriber
  • Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
  • Providing access to data and reports to School Subscribers based on information collected from students’ use of our Service
  • Providing support and assistance for our Products
  • Complying with our contractual and legal obligations, resolving disputes with users, enforcing our agreements

Some of this students’ Personal Information may be shared with other meeting participants. For example, messages and content shared by a student in a meeting, webinar, or interactive educational setting, including Personal Information, will be available to all other participants in that meeting. If the School Subscriber or a student shares a meeting link with another user who is not already in the meeting, when that user tries to join the meeting, he or she will be able to see the list of other users in the meeting, as well as other invitees joining the meeting.

In order to optimize provision of the Service, we may collect broad geographic location (city-level location) information about where users are located when using our Services. We use this information for service-related purposes (such as optimizing connections to our data center), supporting compliance, and customizing user experience with our Products (e.g., language preference).

We may also use third-party service providers to help us provide the Services, and they may have limited access to Personal Information in the process. We prohibit our service providers from selling Personal Information they receive from us or on our behalf and require them to only use that Personal Information in order to perform the services we have asked of them, unless otherwise required by law.  

2) Following the instructions of our School Subscriber.

Personal Information we collect, we collect on behalf of our School Subscribers. (To use the technical term, we are the “Processor” of that Personal Information, acting as a service provider on behalf and at the direction of our School Subscriber, and our School Subscriber is the “Controller” or decisionmaker.) For example, the School Subscriber may determine when meetings can be recorded, how long the recordings are retained, and the like. 

We are typically required to follow a School Subscriber’s instructions related to Personal Information we have collected on their behalf. On a School Subscriber’s instructions, we may provide reports to the School Subscriber containing Personal Information relating to the school’s account and students’ use of the educational setting controlled by the School Subscriber.

3) Complying with our legal obligations or the legal obligations of our subscribers.

This includes responding to a legally binding demand for information, such as a warrant issued by a law enforcement entity of competent jurisdiction, or as reasonably necessary to preserve Highfive’s legal rights.

Third Parties

Highfive does not share Personal Information with third parties other than the service providers described above, or as required by law, except at the direction and on behalf of a School Subscriber.

Security

Maintaining the confidentiality, security, and integrity of students’ Personal Information is a top priority. We use industry-standard security technologies, procedures, and organizational measures designed to help protect Personal Information from unauthorized access, use, or disclosure.

Individual Rights

If a student or his or her parent would like to request to access, review, refuse further collection of, or delete the student’s Personal Information (or to delete the students’ posts), please contact your school or school district with your request. (Please note that a request to delete posts does not ensure complete or comprehensive removal of the content, as, for example, some such content may have been reposted by other users.) Because Highfive is required to comply with contractual confidentiality obligations related to our customers’ data, we are not able to respond to parental or student requests directly.    

Contact Information
Highfive Technologies, Inc.
500 Arguello Blvd, Suite 300.
Redwood City, CA 94063
(844) 464-4445
legal@Highfive.com