Privacy Policy | Toddle

Our Privacy Policy

Last Updated: May 3, 2024

It is our mission to help teachers deliver meaningful learning experiences. To achieve this, we build easy to use tools that help make things simple for teachers and empower them to focus on the important things. It is hence critical that we create a safe and secure environment where teachers, children, and parents freely share content and ideas. Creating such a safe and secure environment is central to the success of our endeavours.

FERPA logo
Student Privacy Pledge logo
Privacy Policy illustration

Introduction

This Privacy Policy governs the use of data collected by our websites www.toddleapp.comweb.toddleapp.com, and our apps – Toddle Family, Toddle Educator and Toddle Student (hereafter, collectively referred to as “the Service”, “Toddle”, or, “the Toddle Service”).

By using Toddle, you are agreeing to this Privacy Policy. If you do not agree, please refrain from using Toddle. You can contact us anytime with queries about this Privacy Policy at privacy@toddleapp.com.


Definitions

“Profile”
This includes personally identifiable information that we collect when you create an account. This may include First Name, Last Name, Email, and Phone Number of the user.

“Class Journal”
This includes all the content added to the class journal.

“Academic Plans”
This includes the Programme of Inquiry, Unit Plans, Learning Experiences, Assessments, Schedule, Reflections created by the teachers using the planning elements on Toddle. The external resources added by the teacher are not included in this.

“Messages”
This includes the messages sent via Toddle – both from parents to teachers and vice- versa.

“Student Portfolio”
This includes all the content added to a specific student’s portfolio.

“Student Data”
Any data collected by Toddle that can be linked back to an individual student. This contains name, age, Email ID, name of parents, school name, and the assessment data.

“Toddle Resource Bank”
A collection of all the Academic Plans created by teachers. By default, the Academic Plans are private to the school.

“Insights”
Toddle analyses the data collected from the teachers and students and converts them into actionable points to support teachers in teaching and learning. This set of actionable data-points is collectively referred to as Insights.

“Large Language Models (LLMs) ”
Refers to advanced artificial intelligence models designed to process and analyze natural language data on a vast scale. These models possess significant computational power and have been trained on extensive datasets to understand and generate human-like language patterns, responses, and context.

Data Controller/Data Fiduciary
The Data Controller/Data Fiduciary is the entity that decides why and how information is used in Toddle. In most cases, this will be a School.

Data Subject/Data Principal ”
The Data Subject/Data Principal is the individual (teacher, student, parent) to whom the personal data belongs. These individuals have rights over their data, such as seeing it, correcting it, or deleting it.

Data Processor ”
Toddle is a Data Processor. Toddle stores and manages information according to the instructions given by the Data Controller/Data Fiduciary.


What is Toddle?

Toddle is one stop solution for educators that seamlessly integrates curriculum planning, portfolios, evidence collection, progress reports and communication. Toddle has a web end as well as a mobile end. The Toddle platform has 4 different types of users – Teachers, Students, Parents, and School Administrators. Below is a brief summary of what each type of user can use the platform for:

Teachers: Teachers use Toddle for planning (Unit Plans, Lesson Plans etc), for collecting evidence of learning, for continuous reflection, for assessment evaluation and for contributing to student portfolios.

Students: Students use Toddle to document their learning journeys, set their personalised goals, receive and self-evaluate assessments, and add work to their portfolios.

Parents: Parents are linked to individual students and can see their portfolios. Parents also get access to school calendar, school news, and school policies through the Toddle Family app. The app can also be used for communicating with teachers.

Administrators: Administrators can edit and approve all the academic plans, add, delete and edit the rights of other users from their organisation. They can also see insights for better program implementation.

Toddle and Privacy Certifications

Toddle is a signatory to the Student Privacy Pledge, agreeing to a set of principles intended to safeguard student privacy, including responsible stewardship, protection, and transparent handling of student personal information. Read more about the Student Privacy Pledge .

Toddle participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org.

Parental Consent

Schools must get verifiable parental consent for using Toddle for children below legal age (as specified by the local laws). The legal age of children in the USA is 13 years. In case you come across an instance where Toddle is collecting information from a student without parental consent, please contact us immediately at privacy@toddleapp.com

Schools can download a sample of the Parental Consent form from here

Compliance with FERPA

Toddle partners with and is certified by iKeepSafe for compliance with FERPA.

FERPA is the “Family Education Rights and Privacy Act”. It governs the terms to protect personally identifiable information (PII) of students. Data collected by Toddle may include personally identifiable information from “education records” (Education Records in FERPA refers to documents, digital or otherwise, that may contain information related to a student and maintained by an educational agency).

Under this Privacy Policy, you designate Toddle as a “School Official” (School Official in FERPA refers to an agency that provides a service to schools for use and maintenance of FERPA records, is under the direct control of the school and uses PII only for authorised purposes). Toddle agrees to comply with FERPA. You can find more details on Toddle and FERPA here.

Compliance with COPPA

Toddle partners with and is certified by iKeepSafe for compliance with COPPA.

As a third party operator Toddle relies on School Consent for all underage children under COPPA.  Toddle operates as a School Official under the FERPA regulations and complies with these regulations as it relates to children under the age of 13.  If you are a school or teacher and you would like to obtain direct parental consent from the parent, Toddle has provided a consent form which can be downloaded here. We do not encourage children to share their work publicly. We continuously review and update our practices to ensure compliance with COPPA requirements. You can find more details on Toddle and COPPA here.

Compliance with GDPR

Toddle collects minimal information from you and only uses it for the purposes explicitly called out in the Privacy Policy. The data collected is stored securely using industry standards. All the details with regards to the nature of the data collected and the reason for collecting it can be found in the Privacy Policy. Toddle executes a Data Processing Agreement with all the schools in the EU/ EEA and Switzerland Regions. You can find more details on Toddle and GDPR here.

Compliance with DPDPA

We are committed to complying with the Digital Personal Data Protection Act, 2023 (DPDPA), a comprehensive legislation that governs the collection, use, storage, and disclosure of personal data in India.

To ensure compliance with DPDPA, we have implemented robust data security practices and procedures. We only collect minimal data necessary for our services and store it securely using industry-standard measures. Our Privacy Policy outlines what data we collect and how we use it. Additionally, we have established transparent data governance processes to ensure responsible data handling. Learn more about Toddle and DPDPA here.

Data collected by Toddle

We only collect the data that we need for providing Toddle services. It is our honest endeavour to minimise the data that we collect about our users.

We collect information from all individuals creating an account on Toddle. This includes teachers, students, parents, other family members of students, and schools. De-identified or pseudonymised user information is also acceptable.

We also collect log data from all the visitors to our website and teachers and school administrators willingly leaving data for our marketing campaigns.

Below is a list of data that we collect from our different users and and how we refer to it:

“Profile”: This includes personally identifiable information that we collect when you create an account. This may include First Name, Last Name, EMail and Phone Number of the user.

“Class Journal”: This includes all the content added to the class journal.

“Academic Plans”: This includes the Programme of Inquiry, Unit Plans, Learning Experiences, Schedule, Reflections created by the teachers using all the planning elements as specified in the customisable templates. The external resources added by the teacher are not included in this.

“Messages”: This includes the messages sent via Toddle – both from parents to teachers and vice- versa.

“Student Portfolio”: This includes all the content added to a specific student’s portfolio – photos, videos, notes, comments etc.

“Student Data”: Any data collected by us that can be linked back to an individual student. This contains name, age, Email ID, name of parents and the school name.

“Log Data”: We collect log data such as your IP address, browser type, device type, operating system, and your mobile carrier. Additionally we also use cookies to keep you logged into your system to improve your user experience.

Why do we collect this data?

We use the collected data only to provide services to you as laid out in the Privacy Policy and as authorised by your school. Below are a few use cases that we have for the collected data:

  • Allow users to retrieve, view and edit Academic Plans
  • Allow users to access and use our various features such as Journal Content, Activities, Messages etc.
  • Send notifications about activities and updates on your account
  • Analyse usage information to investigate, prevent, and detect activities on our service that we believe may violate the law or applicable regulations
  • Provide customer support to users
  • Derive insights from usage trends to develop new features or to improve the existing ones

Where do we store the data?

  • Our data is hosted on Amazon Web Services (AWS) servers.
  • For our users in Europe, we store the data in servers in Ireland to ensure compliance with GDPR. 
  • For users in other regions, they can opt for data storage in any of the following locations:  
     – Australia, Ireland, United Arab Emirates, and United States of America

What is the data NOT collected for?

  • We do not allow advertising or sharing data for advertising for any data collected through Toddle
  • We never display ads, share data for the purpose of displaying ads, or allow data collection by advertisers or data brokers
  • We never sell data to anyone for any purposes
  • We never allow profiling of our users for targeted online ads

Data Retention

Toddle will keep your data for only as long as it is required or as mandated by law or as requested by the 3rd party. Before deleting your data, Toddle will send out 3 reminders to you.

When does Toddle share data with third parties?

We use a few third-party services in order to operate and improve Toddle. All these services are contractually prohibited from using that information for any other purpose other than to provide the Toddle service. You can find a list of our third party service providers here.

In case of the sale, merger, bankruptcy, sale of assets or reorganisation of our company, we may disclose or transfer your data. We will notify you of the same and the terms of this Privacy Policy will apply to your data when transferred to the new entity.

Third Party Analytics

  • In order to improve your experience with Toddle, we collect and use aggregate data about usage patterns of how you use Toddle – for example, how you interact with various features on a page, the buttons that you click, the time that you spend on a page, etc. This is done to streamline existing user experience and to provide you a better experience of using Toddle.

  • We use a small number of third-party services to collect and analyse this data (such as Google Analytics, Sentry). These services are contractually obligated only to use data about your usage of Toddle to provide analytics services to us and are prohibited from sharing it or using it for other purposes. You can find details of all the third party analytics services that we use here.

Toddle’s Use of AI

This section explains how we collect, use, disclose, and protect your information when using Toddle AI’s services. Please read this section carefully to understand how we handle your data. Kindly note that this section is only applicable if your school has subscribed to using Toddle AI. By accessing or using Toddle AI’s services, you agree to the practices described in this section:

  1. Information Collection and Use

1.1. Anonymized Data: Toddle AI uses anonymized data collected from schools as context for prompts to LLMs. This data does not contain personally identifiable information (PII) of any individual and is scrubbed of any identifiable details that could be used to trace back to specific individuals. Toddle shares data about progress reports, unit plans, learning experiences and interactions of teachers with Toddle AI. 

Exception: For the messaging module ‘Toddle Connect’, PII data is shared with LLMs solely for summarizing the message content. Such PII data sharing is governed by the data sharing and privacy policy outlined below. Toddle Connect is an optional module that schools can choose to buy as an add-on.

1.2. LLMs Responses: The responses from LLMs are generated based on patterns learned from the anonymized data and do not contain any specific information about individual users, or any other identifiable parties. 

  1. Data Security

Toddle AI takes the security of the data seriously. We implement industry-standard measures to protect the confidentiality and integrity of the data we collect and process. Access to the LLMs and the anonymized data is restricted to authorized personnel only and we follow the principle of least privilege. PII data shared with LLMs for the messaging module ‘Toddle Connect’ is fully encrypted at rest and in transit to safeguard information from unauthorized access.

  1. Data Retention

The anonymized data collected from schools may be retained for as long as necessary to maintain the effectiveness of the LLMs and the quality of the services. 

  1. Third-Party Disclosure

Toddle AI does not share any personally identifiable information (PII) with the LLMs or any third parties. The LLMs operate solely on anonymized and non-identifiable data.

Exception: For Users subscribing to the messaging module ‘Toddle Connect’, PII data is shared with LLMs solely for summarizing the message content.

  1. Compliance with Laws

Toddle AI complies with applicable data protection laws and regulations. We are committed to maintaining the privacy and security of the data we handle.

  1. Updates to this Policy

Toddle AI may update this policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will provide prominent notice of any material changes to this policy on our website or through other means.

  1. Contact Information

If you have any questions, concerns, or requests regarding this policy or Toddle AI’s use of LLMs, please contact us at privacy@toddleapp.com

Terms of Service and Fair Usage Policy for Toddle AI

1. Introduction

1.1. These Terms of Service govern your use of Toddle AI and are in addition to your contract with Toddle. These must be read alongside your contract with Toddle. In case of a conflict, your contract with Toddle will prevail. By signing this agreement, you agree to be bound by our Terms of Service for the usage of Toddle AI (our “Terms”).

1.2. Occasionally the Service Provider may, at its discretion, make changes to the Service. Upon such material changes to the Agreement or Services, Service Provider shall notify the Subscriber. By continuing to use the Service or entitle the Users to continue using the Service after changes are made, Subscriber is expressing and acknowledging its acceptance of the changes.

2. Data Sharing and Privacy

2.1. The Service Provider uses multiple Large Language Models (such as ChatGPT from Open AI, Bard from Google, and Llama2 from Meta) for providing the services of Toddle AI. At times Service Provider may share the Subscriber’s data with these LLMs. Whenever such data is shared, it is fully encrypted at rest and in transit to safeguard information from unauthorized access.

2.2. Except for the Users of Toddle Connect module, No Personally Identifiable Information (PII) is shared with the LLMs. This is implemented through anonymisation of data. The Service Provider will take all practicable measures to anonymize any data shared with the LLMs.

2.2.1. Personally identifiable information that we share for Toddle Connect include First Name, Last Name and Role of the user.

3. Toddle AI Fair Usage Policy

This Fair Usage Policy (the “Policy”) outlines the guidelines and expectations for the usage of Toddle AI by the Subscriber. To ensure an equitable and efficient experience for all users, this Policy is a part of the contract between the Service Provider and the Subscriber.

Usage Guidelines

1. Usage for educational purposes: Toddle AI is intended to be used for educational purposes. The Users agree that they will use Toddle AI for educational purposes only.

2. Reasonable Usage: The Subscriber should make all practicable efforts to ensure that the Users make reasonable use of Toddle AI to improve teaching efficiency. Excessive or abusive usage is prohibited.

3. User Accounts: Users will have Toddle AI enabled for their unique Toddle account across the subscribed curriculum or programme. Sharing accounts or login credentials is not allowed and may result in restricted access.

4. Data Security: Users are responsible for maintaining the security of their accounts and passwords. Any unauthorized access should be reported immediately.

5.Prohibited Activities: The following activities are strictly prohibited and may lead to suspension or termination of access:

  • Misusing the AI features for malicious purposes
  • Attempting to reverse-engineer or manipulate the AI algorithms
  • Uploading inappropriate, offensive, or copyrighted content

6. System Integrity: Users should refrain from any action that might compromise the integrity of the Toddle AI system or its infrastructure.

4. Usage Monitoring and Enforcement

4.1. Usage Monitoring: Service Provider reserves the right to monitor usage patterns to ensure compliance with this Policy.

4.2. Suspension or Termination: To ensure optimal performance and fair usage across all Toddle AI users, your access to AI features can be reduced depending on your usage.

5.  Updates to the Policy

Cookie Policy

We use Cookies and other similar services (such as Local Storage) to keep you logged in to Toddle, customize your Toddle experience, understand how you use Toddle, and promote Toddle to relevant teachers and schools. You can remove or disable cookies via your browser settings, in which case your experience with Toddle will not be optimal.

Abandoned accounts

We consider an account to be abandoned if it has not been accessed for over a year. We will delete an account and all content associated with such accounts. However, to prevent accidental deletion, we will notify the teacher, the school and any other email IDs associated with the account and provide an opportunity to download the data of the abandoned account.

Viewing, editing or Porting your information

Parents are encouraged to work directly with teachers and school to make any changes in your data. If however, you need to get in touch with us, you can write to privacy@toddleapp.com and we will work with the school and do our best to make the required changes.

Teachers, administrators and parents can directly edit their information in their Toddle profiles. Schools also have a right to use any other similar service and can place a request to get all of their data. We will do our best to comply to such requests. Once the pending request is processed, the data retention and deletion policies will be followed.

Deleting Toddle Account

You have the right to “forget ability”, i.e., we will remove all your information from our systems if you so wish. If you would like to delete your Toddle account or any content submitted to Toddle, please send an email to privacy@toddleapp.com. We will notify you with email before deleting your account from our database. After receiving your request, we may still retain information for up to 365 days to provide customer support and prevent accidental deletion.

For users in the USA, please note that to comply with FERPA, we may need to retain certain student education records once a valid request to inspect those records has been made and we may retain your data to comply to the FERPA requirements.

Data Protection Practices

We follow the latest, industry standards to protect your data. Some measures that are in place include use of highly secure, access-controlled data centres, data encryption in transit, and encryption data at rest etc.

Despite these measures, in the event of a security breach, we will notify affected account holders within the amount of time required by the local law or by Toddle’s internal data breach policy, whichever is more stringent, so that you can take steps to keep your data safe.

Changes to the Privacy Policy

We may from time to time make changes to this Privacy Policy to account for changes to our practices or applicable law. If we make changes to this Privacy Policy that we believe will materially affect your rights, we will notify you by email about these changes. If you continue to use our service after you receive notice of changes to this Privacy Policy, we will assume that you have accepted these changes.

For previous versions of the Privacy Policy, please reach out to us at privacy@toddleapp.com

Contact Information

Our Data Protection Officer is Misbah Jafary. If you have any questions about this Privacy Policy, please feel free to write to us at: privacy@toddleapp.com and we will reach out to you as soon as possible.

If you are based in India and you have any grievance or complaint about how your personal data is being processed you can contact the Grievance Officer for India – Misbah Jafary via e-mail address privacy@toddleapp.com

We value and protect your privacy