PLANS
PARENTS
EDUCATORS
CLASS CODE
LOG IN

Epic School Privacy Policy

Last Updated: February 24, 2022

Welcome to Epic. We're glad you want to use the leading streaming service for children's books and other content in your classroom. We value the privacy of all of our users and we know you care about your privacy and the privacy of your students, so we created this Epic School Privacy Policy.

This School Privacy Policy applies to the Epic School product, including related website, services, software, applications, and/or content made available by Epic Creations, Inc., "Epic" ("the Service", "we", and "us"). The Epic School product is only available for educators, schools, school districts, and other K-12 education institution users (collectively referred to as “Schools”) to use with students for a K-12 educational purpose. To be eligible to use the Epic School product, you must create an educator account using your School email address or authentication service and you represent that you are authorized to permit Epic to access, collect, transmit, modify, disclose, display and maintain Student Data to provide the Service as described in this policy. When you use the Epic School Service, you also agree to our Terms of Service. Please note that our general Epic Privacy Policy applies to our collection and use of data collected from parents and children through the Epic Service outside of the school context.

This School Privacy Policy explains how we collect, use and protect personal information through the Epic School product, including the personal information we collect about students (“Student Data”).

Protecting students’ privacy is fundamental to our mission and business. We are committed to the following principles to protect Student Data:

  • We use Student Data only for purposes for which we are authorized by the school or the parent/student.

  • We have designed our School Privacy Policy and the Epic School product to meet our responsibilities under COPPA, FERPA and state student privacy laws, including SOPIPA.

  • We do not use or disclose Student Data for targeted advertising or marketing purposes.

  • We never show third-party ads to students in Epic.

  • We do not build a personal profile of a student other than for supporting school or educational purposes or as authorized by the parent.

  • We believe that schools should have control over their Student Data.

  • We will not knowingly retain Student Data beyond the time period necessary to support the School's purpose, unless authorized by the parent.

  • We will never sell or rent Student Data to third parties, unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets.

  • We employ industry-standard network security and encryption technology to protect Student Data.

  • We will clearly and transparently disclose our data policies and practices.

  • We will not make any material changes to our School Privacy Policy that relate to the collection or use of Student Data without first giving notice to the School and providing a choice before the Student Data is used in a materially different manner than was disclosed when the information was collected.

1. EPIC SCHOOL AND STUDENT DATA

When the Epic School product is used by a School for an educational purpose, Epic may access, collect or receive Student Data that is provided by the School, by the student or by a student’s parent or legal guardian (referred to as a “Parent”). Epic does not own or control Student Data, which belongs to the School and to the student (or the student’s Parent).

This School Privacy Policy and the Epic School product are intended to protect Student Data as required by applicable student data privacy laws. For example:

The Family Educational Rights and Privacy Act (“FERPA”). Student Data collected by Epic may include personally identifiable information from education records that are subject to FERPA. Epic may collect and process Student Data as a "School Official" (as that term is used in FERPA and its implementing regulations), under the direct control of the school. We agree to work with our School partners to jointly ensure compliance with the FERPA regulations, as well the Protection of Pupil Rights Amendment (“PPRA”).

The Children’s Online Privacy Protection Act (“COPPA”). We do not knowingly collect personal information from a child under 13 unless a School has authorized us to collect such information through the provision of the Service on the School's behalf. When a School uses Epic School in the classroom or in an educational context, we rely on the School to provide appropriate consent for Epic to collect personal information from a student under 13 for the use and benefit of the School and for no other commercial purpose, as permitted by COPPA. Upon written request, we will provide the School the opportunity to review and delete the personal information collected from their students. If you are a Parent and you have questions about your child's use of Epic School and any information collected, please discuss your questions with your child's School.

Student Online Personal Information Privacy Act (“SOPIPA”) and similar state laws. Student Data is owned by, and under the control of, the School. We do not use or disclose Student Data for targeted advertising purposes or to amass a profile of a student except in furtherance of an educational purpose. We never sell Student Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we make efforts to ensure the successor entity honors the privacy commitments made in this policy and/or we will notify you of such a sale and provide you an opportunity to opt out by deleting your account before the data transfer occurs. Parents may review Student Data and correct erroneous information by contacting their School directly. In the event of an unauthorized disclosure of Student Data, Epic will promptly notify the School account administrator.

2. INFORMATION WE COLLECT

We intentionally limit our data collection to only what we need to provide the Epic School service. Sometimes we get asked if we collect data about other areas that are of particular interest to a school. To be clear, we do not collect biometric, free or reduced lunch eligibility, health, or financial data from or about students. In providing the Epic School Services, we may collect the following:

  • Information about educators and Schools: We collect personal information, such as first and last name, email address and password, profession, country of residence, school name, and school zip code, when an educator creates an account. We also collect information and content submitted by an educator, such as lesson plans and notes.

  • Information about students: Students cannot create an account by themselves on Epic School but must be invited to join a classroom by an educator or school administrator. Educators submit information about students in the particular classroom, such as first and last names and learning levels (or the educator may elect to provide usernames or identifiers which are not readily identifiable in lieu of a full student name, at its discretion). The Educator may provide student profile names or permit students to add their own first name and last initial to a student profile. Schools may elect to roster the classroom through Google Classroom integration and/or use a single-sign on (SSO) service like Google Classroom rather than usernames and passwords to authenticate student access. Depending on how the Educator uses the Epic School Service, we may also collect information and content submitted by a student, such as responses to quizzes, which may be viewable to others in the same class.

  • Information about Parents: Epic may also collect information about a student’s parent or guardian, such as a name or email addresses. This information may be submitted by a teacher or by the parent or guardian, and we may associate it with the student’s information. We may collect additional information if a Parent creates a Parent account (which is governed by our general Epic Privacy Policy, and not by this Policy).

  • Third-Party Authentication Services: If you register through an integrated platform or authentication service (such as Google Accounts), Epic receives personal information associated with the authentication service and we may receive additional information that is not required for use of the Service (such as a Student’s full name or student ID), which we will treat as Student Data. By using an authentication service and/or permitting your students to use such a service to create Epic accounts, you give Epic permission to collect and store information the authentication service provides to us. You may adjust the information the authentication service shares with Epic and/or revoke access at any time by adjusting your settings with the authentication service.

  • Use of Service: We collect information about the use of the Services, such as when, and for how long a user accesses our Services, what content a user views, and what actions he or she takes. For example, we collect information about how many books a student has read, the length of time to complete a book, and the student’s reading abilities and interests.

  • Device Information: We and our third-party service providers collect certain information from and about a user’s device automatically when you access our Services through cookies, pixel tags or similar technologies. For example, we collect information about your device, such as the device type, browser type and version, operating system name and version, IP address, and referring URL and may collect a persistent identifier or unique ID that allows us to identify your browser, mobile device or account. We may also collect the device’s location data, or we may approximate your location by analyzing data like IP address. We collect this data to help us understand usage, to diagnose problems and provide support, to administer our Services, facilitate navigation, display information more effectively, to personalize your experience while using the Services, and to recognize your computer in order to assist your use of the Services and for security purposes. We also gather statistical information about use of the Services in order to continually improve its design and functionality, understand how they are used and assist us with resolving questions regarding them.

We do not permit third-party advertising networks to collect information about students’ use of the Epic School Services for targeted advertising purposes.

3. HOW WE USE STUDENT DATA AND PERSONAL INFORMATION

We only use Student Data to provide our Services to schools and to support, improve and develop the product. Specifically, we may use the information we collect:

  • To permit teachers to review students’ work, monitor students’ performance and progress, plan lessons, and otherwise support instruction.

  • To permit parents and guardians to review their children’s work and monitor their performance and progress.

  • To offer students feedback and support, permit them to access information shared by their teachers and allow them to create a collection of books.

  • For adaptive or personalized learning, including generating personalized learning recommendations, suggesting other educational content or activities for students, allowing them to track their progress and maintain a file of their work.

  • To personalize user experience, such as displaying a student’s name on his or her profile page or the teacher dashboard.

  • For analytics purposes, to understand how our Services are accessed and used, and how they perform, so that we may improve design and functionality. We also perform analytics on aggregate information that does not identify any individual user.

  • To provide teachers with various types of reports, such as reports detailing the performance and progress of a particular classroom or student and to make product recommendations.

  • To diagnose problems, troubleshoot issues, and provide maintenance and support.

  • We may use teacher or parent information to communicate with those teachers or parents, including by sending marketing communications, consistent with their choices. We do not send marketing communications to students.

4. HOW WE DISCLOSE OR SHARE STUDENT DATA AND PERSONAL INFORMATION

We share or disclose personal information as needed to provide our Service or with the permission of the educator, School or Parent. We also share personal information in the following circumstances:

  • We share information within the Service in accordance with the functionality of the Service. For example, the profile name (first name, last initial) of each student in a class may be viewable by other students in the same class, as well as classmate avatars and information related to participation in class reading activities. For additional privacy, educators may use pseudonymous profile names that do not readily identify a particular student.

  • Student Data may be shared among authorized School users such as teachers and school or district administrators, depending on the settings and functionality selected by the School.

  • Student Data may also be shared with a student’s Parent that connects a Parent account to the student’s account. We also provide a mechanism to enable a Parent to transfer or store Student Data to a personal Parent account when it is no longer needed for the School’s educational purpose. Certain features of the Service may enable limited communications between users. For example, an educator may be able to send communications to students in the classroom and/or a parent may be able to send a communication to her child. Students are not permitted to communicate or interact with anyone outside of the student’s classroom other than the student’s Parent.

  • We do not use, disclose, sell, or rent Student Data to third parties for targeted advertising, marketing or other commercial purposes.

  • We share information with our trusted third-party service providers who provide services to us or on our behalf, such as website hosting and customer support services.

  • We may disclose information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings). In the event that we sell, divest or transfer our business to a new corporate owner, we will not transfer Student Data unless the new owner has agreed to data privacy standards no less stringent than our own or we will provide Schools with notice and an opportunity to opt out of the transfer of Student Data by deleting the Student Data before the transfer occurs.

  • We may use and disclose information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use and disclose information that does not identify or otherwise directly relate to an individual for any purpose, subject to any restrictions imposed by applicable law.

5. THIRD-PARTY SERVICES

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service.

6. SECURITY

We use reasonable organizational, physical, technical, and administrative measures designed to preserve the integrity and security of the personal information we collect and to protect against unauthorized access. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Access to Student Data is limited to Epic employees who require it to perform their job functions. Our employees may be subject to disciplinary action, including termination, if they fail to meet our privacy and confidentiality standards. However, no security system is impenetrable—for that reason, we cannot guarantee the security of your personal information or Student Data. If personal information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and take all steps required by applicable laws and regulations. If a security incident materially impacts the security or confidentiality of Student Data, we will promptly notify the educator or School.

7. USER ACCESS

You may have the right to access, correct, download for transport to a similar service, or delete any of your personal information collected by Epic. If you would like to exercise such rights, please contact us here.

If you are a parent and want to access, correct, modify, download, or update information about a student, please work directly with your teacher or school.

8. RETENTION PERIOD

We do not knowingly retain Student Data beyond the time period required to support the School’s educational purpose, unless authorized by the School or a Parent. We do not delete or de-identify any Student Data from an active student user account associated with a School except at the direction of the School. The educator and School is responsible for maintaining current student rosters and identifying Student Data which the School no longer needs for an educational by submitting a deletion request. Educators and School users may contact us at privacy@getepic.com to request deletion of Student Data.

We will delete or de-identify Student Data within 60 days of receipt of a deletion request from a School. Even if we do not receive a deletion request from a School, we may delete or de-identify Student Data after a period of inactivity in accordance with our standard data retention schedule.

Please note: We may not be able to immediately or completely delete all data in all instances, such as information retained in technical support records, customer service records, backups, and other similar business records. We will not be required to delete any information which has been de-identified or disassociated with personal identifiers such that the remaining information cannot reasonably be used to identify a particular individual. We will also not delete any Student Data that has been transferred or stored in a personal account except at the request of the Parent.

9. YOUR CALIFORNIA CONSUMER PRIVACY RIGHTS

When Epic provides the Epic School product to Schools as a "School Official," we operate as a service provider as that term is defined by the California Consumer Privacy Act and collect, retain, use and disclose Student Data only for or on behalf of our School customers for the purpose of providing the Services and for no other commercial purpose. If you have any questions or would like to exercise your California rights, please contact your School directly.

10. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy as needed to reflect changes to our Service and standard practices. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Your use of the Services following these changes means that you accept the revised Privacy Policy.

We will not make any material changes to this Policy that relate to the collection or use of Student Data without first giving notice to the school and providing a choice before the Student Data is used in a materially different manner than was disclosed when the information was collected.

11. CONTACT US

If you have any questions about this Privacy Policy, please contact us here.