EFFECTIVE JULY 1, 2023 ( see archived version)
Our Guiding Principles
Practice makes progress.
It is okay to make mistakes.
Mistakes made as a child should not haunt you.
It is okay to say: “I don’t want everyone to know I’m online.”
You should know how companies use what they know about you.
1. Who Does This Notice Apply To?
This notice applies to data processed by the Boom Learning web app, iOS app, Android app, and Kindle Fire app (the "Services"). It is part of our Terms of Service. It includes all these supplemental notices. Read them.
- KID-FRIENDLY PRIVACY NOTICE
- INFORMATION SECURITY PLAN
- DATA ELEMENTS DISCLOSURE
- SUBPROCESSOR DISCLOSURE
- CONSUMER PRIVACY PROTECTIONS NOTICE
- NON- US DATA SUBJECT PRIVACY NOTICE
We made these separate documents to allow you to link to them from your website or to include them in parent notices. You can access our Cookie Notices from our cookie consent dialogue boxes.
You agree that you have the legal right to agree to these notices, which tell you your roles and obligations, for your entity.
Additional privacy information that applies solely to Public Authors is found in the Public Author Terms of Service.
2. Other Ways to Have Your Privacy Protected
We must have binding privacy agreements in place. We cannot accept any Purchase Order with terms that would effectively ask us to proceed without a privacy agreement.
Government Entities may sign and return our Government Entity Master Agreement or our Government Entity Master Agreement – Canada to change our Terms of Service and Privacy Notices. Contact us if you want an alternate agreement. If we have a direct privacy agreement with your district, state, or purchasing entity, those terms will win where they conflict with the terms in this notice.
3. We Are Service Providers
Our business purposes are
To act as your service provider to enable you, an Educator, to make, share, buy, sell, and assign digital educational resources (Boom Cards) that mostly grade themselves;
To act as your service provider to enable you, an Educator, to get rapid student performance reports so you have more time to teach and can intervene and accelerate learning.
Collectively we call these the “Services”. To provide the Services, we use personal information we receive from you (Adult Data). We also use student personal information, student records, or student-generated content (Student Data) we receive from your students that you have decided to send us. We call all this data User Data.
Educators make accounts for the students they are in charge of. Although minors may use Boom Learning, a responsible adult Educator must accept the terms and set up accounts for the minor. Educators must ensure they have a legal right or actual consent from parents to set up accounts. This will vary from place to place so check with your entity. Parents and legal guardians who are homeschooling or after schooling their children may use the product as Educators.
Some United States schools are governed by the Family Educational Rights and Privacy Act (“FERPA”). These schools agree they are engaging us to process Student Data for them. We are doing work for the school for which a school would otherwise use employees. The school tells us what it wants us to do when it comes to use of education records. We agree that we use and maintain these records for a legitimate educational interest. We use Student Data for the purpose of fulfilling our duties and providing and improving services under this agreement, and nothing else. FERPA entities provide COPPA consent through in parentis loci.
“COPPA” is the Children’s Online Privacy Act. You may be an entity covered by COPPA but which cannot consent in parentis loci because you are not a FERPA entity (for example, you are a private music tutor). If this is you, you must obtain consent from the parent or guardian before creating a student account as part of your normal business service. If you can pay us and we can verify an email address, we assume you are an adult. Educator accounts are for adults only. If we learn that a minor has created an Educator account, we will delete the account and all of the data in it as soon as possible.
You may collect User Data for health therapy interventions. This collection must be consistent with the Health Insurance Portability and Accountability Act ("HIPAA"). You must have consent to collect this data. You must also use pseudonyms and private rosters to protect the medical information of patients. You may need to obtain consent under COPPA too.
4. We Do Not Sell Data
We do not sell User Data. See also our notice regarding Consumer Privacy Protections Notice.
5. How To Contact Us and Changes
Boom Learning is a trade name of Omega Labs Inc. We are a Washington state C Corporation. Our mailing address is 9805 NE 116th St. Suite 7198, Kirkland, WA 98034. You can call us at 833-969-2666. You can contact us to ask questions about this policy or to send us notices.
We will not make material changes to the terms, including our Privacy Notices, without first providing notice via our newsletter service. A material change is one that changes your duties or ours. These things do not count as a material change:
- Reorganizing components between cross-referenced documents.
- Adding detail previously stated in our FAQs if it doesn’t change your duties or ours.
You can review previous versions of the notices in our archive. Any version of this Privacy Notice in a language other than English is provided for convenience. The English language version will control if there is any conflict.
6. User Data we collect and its disclosure
We detail the User Data collected from Students, Educators, and Public Authors in our Data Elements. We collect some User Data for security monitoring. Most data elements are optional. We give Educators self-help controls that may be used to retrieve, correct, delete, or restrict User Data. We don’t analyze, process, serve, or transfer Student Data until you tell us to by opening an account, adding students, and assigning resources to them. As an Educator, you may update or change most information you have provided to us.
We retain information we must maintain for our business purposes, including but not limited to:
at least one login authenticator if you are maintaining an active account;
Boom Cards decks you have sold or shared to other Educators;
logs for detecting security incidents, deception, and malicious activity;
logs for detecting fraud and other illegal activity;
records for internal uses, including debugging and repairing errors, transaction and payment records, and the like; and
data legally required to be maintained (such as tax-related and financial data).
Student Data is deemed confidential. Educators who enable the classroom roster will display student nicknames to all students on the roster.
Student Data may be disclosed as follows:
- to the student.
- to the Educator who created the student account.
- to the Entity employing that Educator, if any.
- to an Educator provided the information through Educator to Educator student sharing.
- to parents and legal guardians who observe the student dashboard.
7. Data Subject Requests
Parents and students may review Student Data by reviewing the student dashboard with the student or by asking the Educator to show the teacher dashboard for that student. If you are a student or a patient, you must contact the entity who collected the information about you if you are making a data subject request. If you are a parent who wants to review or delete Student Data, contact your Student’s Educator. We will not release information to a person other than an Educator unless we are provided satisfactory proof of a legal right to disclose, review, or delete student information.
Everyone else may contact us to learn which personal information we have collected about you. You must make your request in a way that lets us properly understand, evaluate, and respond to it. We will help you delete personal information if you can prove who you are. You will also have to
- provide enough information for us to reasonably prove that you are the owner of the personal information we collected; or
- prove the owner of the personal information said you are allowed to access it;
You may not assign a resource that collects sensitive data unless you have all the required consents. Depending on your governing jurisdiction, these things may be considered sensitive information:
- political affiliation;
- trade union membership;
- health information;
- sexuality information;
- information about protected relationships such as lawyers or ministers;
- criminal behavior;
- firearm ownership;
- and/or biometric data.
You are solely responsible for understanding what you may or may not assign in your jurisdiction.
You agree to indemnify Boom Learning for any liability arising from your actions if you assign a resource that collects information in violation of law. You also agree Boom Learning shall not be liable if you fail to provide a student with the required information regarding their rights. If in doubt, consult your legal counsel and governing body.
Our subprocessor disclosure details our sharing of data with our subprocessors. It also discusses your responsibilities with respect to Educator selected subprocessors. Read it carefully.
9. Information Security Plan — Including Security Incidents and Deletion
Our Information Security Plan includes our policies on security incidents, backups, deletion, encryption, and more.
You agree to use Boom Learning in a way that protects you and your students’ data. This includes providing or getting adequate training on the use of secure authentication and the dangers of open networks. It also includes obtaining secure networks on which to use Boom Learning. You agree to use passwords for Educator accounts that are adequately secure to prevent intrusion. It is up to you to keep your login information confidential.
You will take reasonable steps to ensure that any of your employees, agents, or independent contractors who have access to Student Data are reliable. This includes volunteers.
Reasonable steps include:
- making sure access is limited to those with a need to know and access the Student Data;
- conducting background checks if required;
- making sure that all these people are required to keep data confidential; and
- training these people on security and privacy requirements for your organization.
You agree that we are not liable for any regulatory penalties or other liabilities that arise when you fail to comply with your data security responsibilities. Boom Learning will only be liable for its own failures and those of its selected subprocessors.
10. No Advertising to Students; Adults Opt In
We direct our marketing to Educators; never to students.
Educators are either Direct Purchase Educators or Managed Teachers. Managed Teachers are associated with a buying entity such as a school or clinic. Managed Teachers can only opt in to email promotional offers if their entity contract permits them to opt in. Administrators of Managed Teacher accounts may contact our sales team to ask about discounts or special offers available to entities.
We provide All Educators with recommendations based on the Educator choices made for the populations they serve to further our shared goal of providing education. You agree that Boom Learning is permitted to inform Educators of training opportunities, new Boom Cards, or Boom Learning features or functionality.
11. Legal authority data requests
We are required to disclose User Data in response to lawful requests. This includes requests by national security and law enforcement officials. In the event a legal authority asks to access your data, we will direct the requestor to you. We will await your consent, unless we are legally compelled to act without getting your consent. If we are legally compelled to act, we will promptly notify you and provide you with a copy of the request unless legally prohibited from doing so. If a legal authority is asking for information about a student, you agree to pass the notification to the student’s legal guardian and you indemnify us for your failure to do so.