DATA SECURITY & PRIVACY POLICY 

FOR 

SIP DATABASE 

Privacy Policy Overview: 

School Improvement Partnership (SIP) recognizes that privacy is a fundamental human  right and further recognizes the importance of privacy, security and data protection to our  customers and partners. We strive to provide protections across all our operations and  deploy consistent, rigorous policies and procedures. We are committed to the privacy of  our visitors and customers. We collect no personal information about you when you visit  our website unless you choose to provide that information to us by signing up as a user. 

When you visit our website, our servers automatically log your IP address and/or host  name. 

We store information such as your email address, name and locality only if you decide to  send us such information by completing a survey, or registering as a user on our sites. We  collect this information to help us improve the content of our sites, customize the layout of  our web pages and to contact people for providing additional information regarding our  services. We will not share your email address with other organizations unless required by  law. 

Our state-of-the-art cloud-based application resides on the AWS cloud platform and we  employ all the data privacy policies that are provided to us as part of the AWS data privacy  capabilities. Below is a link to the AWS data privacy policy explaining all the cloud security  measures deployed. 

AWS Data Privacy: 

https://aws.amazon.com/compliance/data-privacy-faq/ 

In order to log into our system, you are required to be a registered user through our user  registration process. Our site uses the Google authenticator to authenticate the user and once authenticated the user may log into the system.  

Data Encryption: We utilize PostgreSQL as our database platform and follow all  security protocols to maintain data privacy and security. The database utilizes the  system built in encryption capabilities to secure all the data within the database. The  user login is maintained in the database encrypted and cannot be extracted.  

JSON Web Tokens (JWT): We utilize JWT to manage the authentication between the  user and our google OAUTH integration. JWT is an open standard (RFC 7519) that  defines a compact and self-contained way for securely transmitting information between  parties. JWT is a safe, compact, and self-contained way of transmitting information  between multiple parties in the form of a JSON object. 

Data Retention: We will retain data the technology makes available only as long as  required by law, or specific program need as specified by the National Archives and  Records Administration’s General Records Schedule 20, which pertains to Electronic  Records or other approved records schedule as applicable.

Information collected and stored automatically: If you do nothing during your visit  but browse through the Web site, read pages, or download information, we will gather  and store certain information about your visit automatically. This information does not  identify you personally. We automatically collect and store information like the following  concerning your visit: 

  •     The Internet domain (for example, “xcompany.com” if you use a private Internet access  account or “yourschool.edu” if you connect from a university’s domain); 
  •     Your IP address (an IP address is a number that is automatically assigned to your  computer whenever you are surfing the Web) from which you access our Web site; 
  •     The type of browser and operating system used to access our site; 
  •     The date and time you access our site; 
  •     The pages you visit; and 
  •     If you linked to our Web site from another Web site, the address of that Web site. 

We use this information to help us make our site more useful to visitors, to learn about  the number of visitors to our site, and the types of technology our visitors use. We do  not track or record information about individuals and their visits.

Information that you voluntarily provide: We do not collect personally identifiable  information unless you choose to provide it to us. If you provide us with personally  identifiable information, for example, by sending an e-mail or by filling out a form and  submitting it through our Web site, we use that information to respond to your message  and to help us provide you with the information and services that you request. All uses  of that information are described on the Web page containing the form. 

Submitting voluntary information constitutes your consent to the use of the information  for the stated purpose. When you click the “Submit” button on any of the Web forms  found on our sites, you are indicating your voluntary consent to use of the information  you submit for the purpose stated. 

How information is used: The information we collect is used for a variety of purposes  (e.g., to register you for our system access, to respond to requests for information, and  to fill orders). We make every effort to disclose clearly how information is used at the  point where it is collected so you can determine whether you wish to provide the  information. 

Retention of Information: We destroy the information we collect when the purpose for  which it was provided has been fulfilled unless we are required to keep it longer by  statute or official policy. Electronically submitted information is maintained and  destroyed according to the principles of the Federal Records Act and the regulations  and records schedules approved by the National Archives and Records Administration,  and in some cases, information submitted to us may become an agency record and  therefore might be subject to a Freedom of Information Act request. 

Links to other sites: Our Web site contains links to various other federal agencies and  private organizations. Once you link to another site, you are then subject to the privacy policies of the new site. It is always a good idea to read the Privacy Policy of any site  you visit. 

Your right under the Privacy Act: Information on the Privacy Act can be found on the website

Security: The security of your personal information is important to us. We follow  generally accepted industry standards to protect the personal information submitted to  us, both during transmission and once we receive it. No method of transmission over  the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot  guarantee its absolute security. 

 

Created March 30, 2021