General Privacy Notice : Boom Learning Support

EFFECTIVE May 8, 2024 for Google Add-On Additions, July 1, 2024 for all other changes ( see archived version)

1. Our Guiding Principles

Practice makes progress.
It is okay to make mistakes.
Mistakes made as a child should not haunt you.
It is okay to say: “I don’t want everyone to know I’m online.”
You should know how companies use what they know about you.

2. Who Does This Notice Apply To?

This notice applies to personally identifiable data processed by the Boom App, Boom Google Add-on, and the Boom Apps released for iOS, Android, and Kindle Fire (the "Boom App"). It is part of our Terms of Service. It includes all these supplemental notices. Read them.

We made these separate documents to allow you to link to them from your website or to include them in parent notices. You can access our Cookie Notices from our cookie consent dialogue boxes.

You agree that you have the legal right to agree to these notices, which tell you your roles and obligations, for your entity. Additional privacy information that applies solely to Public Authors is found in the Public Author Terms of Service

3. Other Ways to Have Your Privacy Protected

We must have binding privacy agreements in place. We cannot accept any Purchase Order with terms that effectively asks us to proceed without a privacy agreement. If we have a direct privacy agreement with your district, state, or purchasing entity, those terms will win where they conflict with the terms in this notice.

Government Entities may sign and return our Government Entity Master Agreement or our Government Entity Master Agreement – Canada to change our Terms of Service and Privacy Notices. Contact us if you want an alternate agreement.

4. We Are Service Providers

4.1. We Work for You

Our business purposes in providing the Boom App are

To act as your service provider to enable you, an Educator, to make, share, buy, sell, and assign digital educational resources (Boom Cards) that mostly grade themselves;
To act as your service provider to enable you, an Educator, to get rapid student performance reports so you have more time to teach and can intervene and accelerate learning.

Collectively we call these the “Services”. To provide the Services, we use personal information we receive from you ("Adult Data"). We also use student personal information, student records, or student-generated content ("Student Data") we receive from your students that you have decided to send us. We call all this data Boom App User Data.

Educators make accounts for the students they are in charge of. Although minors may use Boom Learning, a responsible adult Educator must accept the terms and set up accounts for the minor. Educators must ensure they have a legal right or actual consent from parents to set up accounts. Parents and legal guardians who are homeschooling or after schooling their children may use the product as Educators.

4.2 FERPA

Schools in the United States are governed by the Family Educational Rights and Privacy Act (“FERPA”). United States based schools agree they are engaging us to process Student Data for them. We are doing work for the school for which the school would otherwise use employees. The school tells us what it wants us to do when it comes to use of education records. We agree that we use and maintain these records for a legitimate educational interest. We use Student Data for the purpose of fulfilling our duties and providing and improving services under this agreement, and nothing else. FERPA entities provide COPPA consent through in parentis loci.

4.3 COPPA

“COPPA” is the Children’s Online Privacy Act. You may be an entity covered by COPPA but which cannot consent in parentis loci because you are not a FERPA entity (for example, you are a private music tutor). If this is you, you must obtain consent from the parent or guardian before creating a student account as part of your normal business service. If you can pay us and we can verify an email address, we assume you are an adult. Educator accounts are for adults only. If we learn that a minor has created an Educator account, we will delete the account and all of the data in it as soon as possible.

4.4. HIPAA

You may collect User Data for health therapy interventions. This collection must be consistent with the Health Insurance Portability and Accountability Act ("HIPAA"). You must have consent to collect this data. You must also use pseudonyms and private rosters to protect the medical information of patients. You may contact us if you want to sign a Business Associates Agreement with us.

5. We Do Not Sell Data

We do not sell User Data. See also our notice regarding Consumer Privacy Protections Notice. We reserve the right to transfer User Data as needed for security investigations, to comply with a contract with you, to comply with the law, or with your consent upon a merger, acquisition or sale of our assets.

If you purchase a Boom Card from an external marketplace, we do share your proof of purchase, name, and redemption date with the Publisher, and, if necessary, the external marketplace, for integrity and proof of purchase purposes. By redeeming an external purchase, you are consenting to use sharing your information with the Publisher and external marketplace.

6. How To Contact Us

Boom Learning is a trade name of Omega Labs Inc. We are a Washington state C Corporation. Our mailing address is 9805 NE 116th St. Suite 7198, Kirkland, WA 98034. You can call us at 833-969-2666. You can contact us to ask questions about this policy or to send us notices.

7. Notification of Changes

We will not make material changes to the terms, including our Privacy Notices, without first providing notice via our newsletter service. A material change is one that changes your duties or ours. These things do not count as a material change:

Reorganizing components between cross-referenced documents.
Adding detail previously stated in our FAQs if it doesn’t change your duties or ours.

You can review previous versions of the notices in our archive. Any version of this Privacy Notice in a language other than English is provided for convenience. The English language version will control if there is any conflict.

8. User Data we collect and its disclosure

8.1. Data Collected

We detail the User Data collected from Students, Educators, and Public Authors in our Data Elements. We collect some User Data for security monitoring. Most data elements are optional. We give Educators self-help controls that may be used to retrieve, correct, delete, or restrict User Data. We don’t analyze, process, serve, or transfer Student Data until you tell us to by opening an account, adding students, and assigning resources to them. As an Educator, you may update or change most information you have provided to us.

You agree to indemnify Boom Learning for any liability arising from your actions if you assign a resource that collects information in violation of law. You also agree Boom Learning shall not be liable if you fail to provide a student with the required information regarding their rights. If in doubt, consult your legal counsel and governing body.

8.2. Sensitive Data Collection Requires You to Obtain Consent from the Appropriate Parties

You may not assign a resource that collects sensitive data unless you have all the required consents. Depending on your governing jurisdiction, these things may be considered sensitive information:

political affiliation;
trade union membership;
health information;
sexuality information;
information about protected relationships such as lawyers or ministers;
criminal behavior;
firearm ownership;
and/or biometric data.

You are solely responsible for understanding what you may or may not assign in your jurisdiction.

8.2. Data Retained

We retain information we must maintain for our business purposes, including but not limited to:

at least one login authenticator if you are maintaining an active account;
Boom Cards decks you have sold or shared to other Educators;
logs for detecting security incidents, deception, and malicious activity;
logs for detecting fraud and other illegal activity;
records for internal uses, including debugging and repairing errors, transaction and payment records, and the like; and
data legally required to be maintained (such as tax-related and financial data).

8.3 Student Data Disclosures

Educators who enable the classroom roster will display student nicknames to all students on the roster. Student Data may be disclosed by the Boom App as follows:

to the student.
to the Educator who created the student account.
to the Entity employing that Educator, if any.
to any Educator provided the information through Educator to Educator student sharing.
to any Educator in the same organization as the Educator who caused the student data to be created.
to parents and legal guardians who observe the student dashboard.

9. Data Subject Requests

Data Subjects have the ability to use self-help tools to delete their data. See our Information Security Plan for more information.

9.1 Parent and Student Access to Student Data

Parents and students may review Student Data by reviewing the student dashboard with the student or by asking the Educator to show the teacher dashboard for that student. If you are a student or a patient, you must contact the entity who collected the information about you if you are making a data subject request. If you are a parent who wants to review or delete Student Data, contact your Student’s Educator. We will not release information to a person other than an Educator unless we are provided satisfactory proof of a legal right to disclose, review, or delete student information.

9.2. Adult Access to Adult Data

Everyone else may contact us to learn which personal information we have collected about you. You must make your request in a way that lets us properly understand, evaluate, and respond to it. We will help you delete personal information if you can prove who you are. You will also have to

provide enough information for us to reasonably prove that you are the owner of the personal information we collected; or
prove the owner of the personal information said you are allowed to access it.

10. Subprocessors

10.1 Subprocessor Disclosure

Our subprocessor disclosure details our sharing of data with our subprocessors. It also discusses your responsibilities with respect to Educator selected subprocessors. Read it carefully.

10.2 Google Add-On Additional Subprocessing Policies

In addition to the terms of the Privacy Policy and its additional disclosures, our use and transfer to the Boom App of any information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. We discard any data sent to us by the Google Add On during authentication that is not necessary for the Boom App's usage.

10.3 OAuth Providers and Analytics

Be aware that your selection of an OAuth providers, such as Google, may effective mean you have opted in to provide us analytics for your usage via G4 Analytics. Your administrators should carefully review all settings available to them with respect to the data your OAuth provider will send to G4 and how it shares it with us.

11. Information Security Plan — Including Security Incidents and Deletion

11.1 Information Security Plan Disclosure

Our Information Security Plan includes our policies on security incidents, backups, deletion, encryption, and more.

11.2 Your Information Security Responsibilities

You agree to use the Boom App in a way that protects you and your students’ data. This includes providing or getting adequate training on the use of secure authentication and the dangers of open networks. It also includes obtaining secure networks on which to use Boom Learning. You agree to use passwords for Educator accounts that are adequately secure to prevent intrusion. It is up to you to keep your login information confidential.

You will take reasonable steps to ensure that any of your employees, agents, or independent contractors who have access to Student Data are reliable. This includes volunteers. Reasonable steps include:

making sure access is limited to those with a need to know and access the Student Data;
conducting background checks if required;
making sure that all these people are required to keep data confidential; and
training these people on security and privacy requirements for your organization.

You agree that we are not liable for any regulatory penalties or other liabilities that arise when you fail to comply with your data security responsibilities. Boom Learning will only be liable for its own failures and those of its selected subprocessors.

12. No Advertising to Students; Adults Opt In

We direct our marketing to Educators; not to students.

Educators are either Direct Purchase Educators or Managed Teachers. Managed Teachers are associated with a buying entity such as a school or clinic. Managed Teachers can only opt in to email promotional offers if their entity contract permits them to opt in. Administrators of Managed Teacher accounts may contact our sales team to ask about discounts or special offers available to entities.

Direct Purchase Educators may be presented with discount and reward offers from time to time. Offers are primarily communicated through our email newsletter, landing pages, our blog, estimator tool, and social media. We also allow Direct Purchase Educators to opt in to receive special offers from select Publishers. These offers are covered by our separate Privacy Policy for advertising and marketing here.

We provide All Educators with recommendations based on the Educator choices made for the populations they serve to further our shared goal of providing education. You agree that we may inform Educators of training opportunities, Boom Cards, or Boom App features or functionality.

13. Legal authority data requests

We are required to disclose User Data in response to lawful requests. This includes requests by national security and law enforcement officials. In the event a legal authority asks to access your data, we will direct the requestor to you. We will await your consent, unless we are legally compelled to act without getting your consent. If we are legally compelled to act, we will promptly notify you and provide you with a copy of the request unless legally prohibited from doing so. If a legal authority is asking for information about a student, you agree to pass the notification to the student’s legal guardian and you indemnify us for your failure to do so.

14. Data Privacy Framework Compliance

Omega Labs dba Boom Learning complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. To learn more read out Non-US Data Subject Privacy Notice.

15. Student Data Privacy Alliance

We are members of the Student Data Privacy Alliance. Schools are invited and encouraged to sign a standard SDPC Alliance Data Privacy Agreement, or Exhibit E as applicable.

General Privacy Notice Print