Pendalearning.com is owned and operated by Learning 2020, Inc, dba Penda Learning. Penda Learning is a cloud-based science intervention platform designed for K-12 educational purposes. The platform provides a full suite of instructional management tools. Students, teachers and school/district administrators can access the platform through an account created via their school or school district’s account.
Learning 2020, Inc. respects the privacy of its users and is committed to protecting your personal data. This Privacy Policy describes Penda Learning’s privacy practices in relation to information that we collect through the website Pendalearning.com and its Partner sites, operated by us from which you are accessing this Privacy Policy (the “Main Domain”) and through the software applications made available by us for use on or through computers and mobile devices that link to this Privacy Policy (the “App”). Penda Learning is fully compliant with the Family Educational Rights and Privacy Act of 1974, also known as the FERPA, a United States Federal regulation.
- Learning 2020, Inc., DBA Penda Learning, is a registered corporation, FEI/EIN Number 84-2197909, with registered address: Learning 2020, Inc., 2400 SE Federal Highway, Fourth Floor, Stuart, FL. 34994
- Penda Learning is registered with the State of Florida - Department of State: Document Number P19000050555
- All data is held within Amazon Web Services
- You retain full control over what data we can access
- All data is transmitted using SSL/TLS encryption
- Personal sensitive data at rest is encrypted with modern encryption methods
- All data is processed for the purpose of running Penda Learning and Partner sites
- All personal data is anonymized at the end of the school’s subscription within 90 days
Penda Learning Data & Privacy Policy
This privacy statement covers your use of the website and related services provided by Penda Learning. Specifically, this policy sets out what data is collected, how that data is used, how it is kept secure and how long it is kept. It also outlines your rights and how to contact Penda Learning for more information.
Penda Learning requires schools, districts, or teachers (on behalf of the parents or legal guardians of students under the age of 13) to provide consent for the online collection of personal information of the student under the age of 13 through Penda Learning. In order to register to use Penda Learning, students must use an account created and provided to them by their school district.
Penda Learning collects limited personal information from minor students only where that student’s school, district, or teacher has contracted with Penda Learning to collect personal information for the use and benefit of the learning environment. This information is not shared outside of the school or with any third parties except those needed for the provision of the service as outlined in this policy.
Students of any age cannot share their profiles publicly outside of their classroom or school. Teachers accessing Penda Learning on behalf of a School or District account must ensure that they provide parents with access to this privacy policy.
What data does Penda Learning require schools to share?
We require all schools to share student first and last name, grade level, student ID number, and enrollment data. This data is needed in order to properly provision student accounts as well as Penda Learning services.
In addition to the above data, a school may choose to share data on the following student characteristics: demographic data, date of birth, gender, email address and default password. This data allows filtering and analysis based on student characteristics, SSO compatibility, and ease of onboarding.
Teachers and school administrators who wish to use Penda Learning are required to share their first and last name, role and email address. This data is needed in order to properly provision teacher/admin accounts as well as Penda Learning services.
We also store data related to the district and schools if available for the purpose of running Penda Learning services.
How is this data gathered by Penda Learning?
Student data is shared one of three ways over which the district and/or school has full control:
- A District/School Administrator manually uploading a data file to our secure servers by SSL 3.3/TLS 1.2 encryption
- A District/School IT Manager authorizing, installing and provisioning a custom student information system (SIS) application that, once setup, automatically syncs via SFTP to our secure servers by SSL 3.3/TLS 1.2 encryption
- A District/School IT Manager installing and authorizing an auto data-rostering service (such as ClassLink and Clever) that automatically syncs to our secure servers by SSL 3.3/TLS 1.2 encryption.
Teachers are rostered in the same process as students. Administrator accounts are created via a manual upload with data provided by the district and/or school.
What is the lawful basis for storing this data?
This data is required for learners, teachers and school admin to be able to use the Penda Learning platform for intervention support, supplemental curriculum support, classroom use and homework, in accordance with the school’s contractual agreement with Penda Learning.
Where and how is this data stored?
The data is stored on Penda Learning’s servers in data centers in Virginia, USA, provided by Amazon Web Services (AWS). AWS data centers are compliant with the international information security standard, ISO 27001.
For more information about AWS’s ISO 27001 certification, please VISIT THIS WEBPAGE.
For more information about AWS security, please VISIT THIS WEBPAGE.
In choosing AWS to store data, Penda Learning is subject to its Shared Responsibility Model. The division of these responsibilities and how Penda Learning specifically meets those responsibilities as an AWS customer is outlined below:
| Responsibility of Penda Learning | Responsibility of Amazon Web Services | |
Preventing or detecting when an AWS account has been compromised:
|
X | |
Preventing or detecting a privileged or regular AWS user behaving in an insecure manner
|
X | |
Configuring AWS services (except AWS Managed Services) in a secure manner:
|
X | |
Restricting access to AWS services or custom applications to only those
|
X | |
Updating Operating Systems and applying security patches
|
X | |
Ensuring AWS and custom applications are being used in a manner compliant with internal and external policies
|
X | X |
Ensuring network security (DoS, MITM, port scanning)
|
X | X |
| Configuring AWS Managed Services in a secure manner | X | |
| Providing physical access control to hardware/software | X | |
| Providing environmental security assurance against things like mass power outages, earthquakes, floods, and other natural disasters | X | |
| Database patching | X | |
| Protecting against AWS zero day exploits and other vulnerabilities | X | |
| Business continuity management (availability, incident response) | X |
Penda Learning and your school work together to protect the online privacy of all of your school community members that use Penda Learning, including students, teachers, and school/district administrators. This privacy policy and Penda Learning’s information collection and security practices have been authorized by your school or teacher. Penda Learning strives to manage information collection and storage in a secure manner.
For example, Penda Learning uses industry-standard technology called SSL (Secure Socket Layer). SSL encrypts information transmitted across the internet to and from Penda Learning. Refer to your browser or device for use of SSL.
Penda Learning uses Cloudflare for a web application firewall. See below for details.
No data transmission over the internet can be guaranteed to be 100% secure and “hacker-proof,” and Penda Learning cannot ensure or warrant the security of any information managed by the site, whether transmitted to Penda Learning by you, your school, or your teacher. Penda Learning shall not be liable if a security breach occurs, if the site malfunctions, or if information is misused or mismanaged in any way to your detriment or the detriment of a third party, whether by Penda Learning, your school, your teacher, or an unauthorized third party.
Related to disaster recovery, how is data backed up?
Data is backed up daily by AWS Virginia, USA data centers. All backups are encrypted and are stored for 30-days.
How is data encrypted between the clients and your AWS servers?
Data is encrypted using modern SSL / TLS encryption between clients and our AWS servers. Our secure certificates are updated and maintained within the AWS and Cloudflare systems. These are industry leaders in the field.
Do you share our school data with any third-party organizations?
We share limited data with our customer support software, ZenDesk, including teacher and school admin’ names, school names and email addresses. This allows us to help with any technical problems or support requests quickly and easily, via email, by telephone or by an online chat system.
Basic information related to student user support is shared with ZenDesk when a student submits data directly for the purpose of solving a support ticket. Upon voluntary submission of a support ticket, we store the student’s first and last name, username, school name and email address. ZenDesk is based in the USA.
For information regarding ZenDesk’s Privacy Policy compliance, please VISIT THIS PAGE
For our digital marketing (email campaigns) system, we use MailChimp. We share limited data with MailChimp, including teacher and school admin first and last names and email addresses. This allows us to send communications regarding any platform downtime, scheduled maintenance, new features/functionality, platform enhancements, implementation strategies and support services available.
Emails contain tracking identifiers within the actual email. Tracked activities include: the opening of emails; the clicking of links within the email content; times, dates and frequency of activity; how you access and view the emails (web browser version, OS version). You have the right to opt out of digital marketing (email campaigns) at any time: you can opt out using the ‘Unsubscribe’ link at the bottom of each email we send or you can email support@pendalearning.com and request to be removed. MailChimp is based in the USA.
For information regarding MailChimp’s Privacy Policy compliance, please VISIT THIS PAGE.
We use SendGrid for sending platform related emails. These include, but are not limited to, forgot password requests, reporting updates and platform notifications. SendGrid only receives the data related to the user email and the content of the email. We do not share personally identifiable or other sensitive information via email.
For information regarding SendGrid’s Privacy Policy compliance, please VISIT THIS PAGE.
For our accountancy system, we use QuickBooks by Intuit. We store school addresses, the name and email of our contacts (e.g. finance office), invoices/ transactions, payment terms and payment history. Intuit is based in the USA.
For information regarding Intuit’s Privacy Policy compliance, please VISIT THIS PAGE.
Penda Learning uses Cloudflare software to provide a web application firewall. This software analyzes the traffic to the platform for security and safety purposes. We strive to provide a safe and secure platform for all of our users. Cloudflare is an industry leader in this technology.
For information regarding Cloudflare’s Privacy Policy compliance, please VISIT THIS PAGE.
We use the server monitoring software known as DataDog to track technical issues throughout the platform. DataDog has infrastructure level access to our servers. The platform does not use any user tracking services, but rather system level monitoring for tracking code and software problems. We use this tool to provide better service and respond quickly to technical issues as they arise.
For information regarding DataDog’s Privacy Policy compliance, please VISIT THIS PAGE.
How long will the data be kept?
During the subscription period, if a student is withdrawn, their account and all associated data is anonymized within 90 days. All personal data is anonymized within 90 days after the school subscription ends.
How will the data be anonymized?
Student, teacher and admin (school admin) data will be anonymized as follows:
Student AccountsStudent first names are replaced with ‘Anonymous’ and last names are replaced with ‘Student-’ along with a random string of 6 numbers/letters. For example, Albert Einstein would become ‘Anonymous Student-BFHPIL’. This is carried out so that we can continue to improve our understanding of program efficacy and impact evaluation, while ensuring anonymity. Below is a full listing of student data fields and treatments applied:
| First Name | ‘Anonymous’ |
| Last Name | ‘Student-’ + Random Characters |
| Deleted | |
| Grade level | Retained |
| Gender | Retained |
| Credentials: Username | Deleted |
| Credentials: Password | Deleted |
| SSO Connections | Deleted |
| Memorable Questions | Deleted |
| Memorable Answers | Deleted |
| Assignment Data | Retained |
| System Log Entries | Deleted |
| Gamification Data | Retained or Deleted |
| Roster History | Deleted |
| Demographic Data | Retained |
| Student ID number | Retained if returning student, Reformatted if exiting student |
| Classes | Retained |
| Group Membership | Deleted |
Teacher Accounts
Teacher first names are replaced with ‘Anonymous’ and last names are replaced with ‘Teacher-’ along with a random string of 6 numbers/letters. For example, Johnny Appleseed would become ‘Anonymous Teacher-HLZWQY’. Below is a full listing of teacher data fields and treatments applied:
| First Name | ‘Anonymous’ |
| Last Name | ‘Teacher-’ + Random Characters |
| Deleted | |
| Class Connection | Retained |
| Intervention Groups | Retained |
| Assignments | Retained |
| User ID | Regenerated |
| Credentials: Username | Deleted |
| Credentials: Password | Deleted |
School Admin Accounts
School admin first names are replaced with ‘Anonymous’ and last names are replaced with ‘Admin-’ along with a random string of 6 numbers/letters. For example, Johnny Appleseed would become ‘Anonymous Admin-VBXMPZ’. Below is a full listing of admin account data fields and the treatments applied. Any additional teachers who have an account with admin permissions are treated the same as a standard teacher account (above).
| First Name | ‘Anonymous’ |
| Last Name | ‘Admin-’ + Random Characters |
| Role | Retained |
| Deleted | |
| User ID | Regenerated |
| School Connection | Retained |
| Credentials: Username | Deleted |
| Credentials: Password | Deleted |
Retained data will only be used for platform improvement, statistical and quality assurance purposes. This is necessary for the year over year improvement of the platform. No personal information is retained.
What other information do you store about users once they use Penda Learning?
We store information about their use of Penda Learning.
For students, we store their usage, activity and assignment data, gamification participation, internal groups membership and other data related to use of features and functions of the platform.
For teachers and school admin we store the date they last logged in, total number of logins since the beginning of the academic year, total number of assignments set, classroom intervention groups created and activities they have created using our authoring tool Activity Builder.
For the purpose of improving and enhancing its service, Penda Learning collects and analyzes data on how the platform is used in the aggregate (how groups of people use Penda Learning). As true of most Web Sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We also use tracking technologies from third party service providers (as described below) to gather information regarding the date and time of your visit and the information you interacted with. We may link this automatically collected data to personally identifiable information. We do not share this information with third parties - for more information on third party service providers, see section below.
Information on individual usage of the system, including but not limited to individual IP addresses, may be analyzed on a case-specific basis to resolve a technical difficulty or to assist in resolving or investigating any misuse of the service; also, such individual usage information may be furnished to your school if your school requests such information to assist in the investigation of fraudulent, abusive, or criminal activity or any other use of Penda Learning that violates your school’s rules or policies.
What is your policy for serious incidents such as data breaches?
Should a school or subject (user) report a serious incident, such as a data breach, or should a serious incident be identified by Penda Learning, we will notify the impacted school’s school admin and any affected subjects within 48 hours. Following Penda Learning’s internal data breach protocol, we will work closely with all subjects impacted to minimize the incident and ensure it is fully resolved. To report a concern or possible incident involving Penda Learning, SUBMIT A SUPPORT TICKET, email support@pendalearning.com or call Penda Learning Customer Support at 1-888-919-0404
Monday-Friday from 8:00 a.m. to 5:00 p.m. ET. Should any issue not be resolved, they can be escalated to the Chief Executive Officer, Brad Baird, via bbaird@pendalearning.com.
What are cookies and how do you use them?
Cookies are small text files that are set by a website or app operator so that your browser or device may be recognized. Cookies store basic text information on your device for use on the website between sessions. Penda Learning uses technologies such as cookies, scripts and local storage. These technologies are used to make it easier for you to navigate our site, track and identify issues, track user movements on the site and store preferences. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Penda Learning uses Data Dog, which is an analytics service used to help analyze your use of our App and to improve it. We use the information we get from this service only to improve our App and our Services. Data Dog does not share your information with any other third parties.
Penda Learning uses Google Analytics software to monitor website traffic to enhance our service offering. This software will save a cookie to your device in order to track and monitor your engagement and usage of the website, but will not store, save or collect any personal information. You can read GOOGLE’S PRIVACY POLICY HERE for further information.
If you don’t want cookies to be stored on your device, you should make the necessary changes to your device, relevant browsers or apps. Some features and functionality of the service may no longer be usable if you disable features in your device or browser.
On request we can delete an admin account, removing the admin and their data from our servers completely, within 90 days. Student and Teacher accounts can be deleted through the rostering data provided by the District/School.
How can student data be removed when the student withdraws from the school?
If your school elected to provision student data via custom SIS integration or via an auto data-rostering service: during the subscription period, if a student withdraws, their account and all associated data is automatically anonymized within 90 days.
What are my rights as a parent?
Parents have the right to have their child’s account deleted within 90 days upon request, according to the rules above.
If you are the parent and guardian of a student using Penda Learning, and cease to agree with Penda Learning's terms of use and privacy policy at some point in the future, you may remove your child from our system by SUBMITTING A SUPPORT TICKET or by emailing support@pendalearning.com. Upon authenticating the subject’s identity, we will delete all data we hold on the subject within 90 days.
If your child’s personally identifiable information changes, or if you no longer desire our service, you may contact your school or district to update or remove your child from the roster data sent to Penda Learning.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at support@pendalearning.com. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Changes to this Privacy Policy
If we decide to change our privacy policy, we will post those changes to this privacy statement and
other places we deem appropriate.
We reserve the right to modify this privacy statement at any time, so please review it frequently.
Disclosure
We may disclose your or your child’s personally identifiable information in connection with business transfers and purchases. As we continue to develop our business we may buy or sell business divisions or companies, we may partner with, merge or combine with another company, or our company itself and/or all or a significant part of its assets may be acquired by another company. We may provide any information we have to a potential counter-party in any such potential transaction. If such a transaction is completed, your or your child’s personally identifiable information may be one of the transferred and shared business assets. In the event that information is shared in this manner, notice will be posted on our Site.
In this event this privacy policy will continue to apply unless we contact you and ask you to opt in to any changes before they are implemented.
We may also share de-identified and/or aggregated data with others for their own uses.
We reserve the right to disclose your or your child’s personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site.
Links to Other Sites
If you click on a link to a third-party site, you will leave Penda Learning.com and be redirected to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personally identifiable information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as PendaLearning.com. We encourage you to review the privacy statements of any other service provider from whom you request services. If you visit a third-party website that is linked to the PendaLearning.com site, you should read that site’s privacy statement before providing any personally identifiable information.