At Ablespace Inc. (“Ablespace,” “we,” “us,” or “our”), we are committed to protecting your privacy and ensuring a safe online experience. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you use our websites www.ablespace.io and app.ablespace.io (collectively, the “Sites”) and our services (the “Services”). By accessing or using our Sites and Services, you agree to the terms outlined in this Privacy Policy.
1. Information We Collect
1.1 Personal Information You Provide
We collect personal information that you voluntarily provide when you:
- Create an Account: We collect your name, email address, and password when you register for our Services.
- Use Our Services: Teachers may input personal student information, including but not limited to students’ names, grades, assignments, health information, and other educational records.
- Communicate with Us: We collect your name, email address, and any other information you provide when you contact us for support or inquiries.
- Make Payments: We collect billing information such as credit card numbers and billing addresses if you make purchases through our Services. Payment information is processed securely by third-party payment processors and is not stored on our servers.
Data Minimization
We only collect the minimum amount of personal information necessary to provide and improve our Services, fulfill contractual and legal obligations, and maintain the security and effectiveness of our platform.
School Official Under FERPA
When we process student data on behalf of a school or district, we act as a “School Official” under the Family Educational Rights and Privacy Act (FERPA). We use student data only for the educational purposes authorized by the school or district.
Note: Our Services are designed primarily for teachers and educational institutions; they are not intended for direct use by students.
1.2 Information Collected Automatically
We automatically collect certain information when you interact with our Sites:
- Usage Data: Information about your interactions with our Sites, such as IP address, browser type, pages visited, and the date and time of each visit.
- Cookies and Similar Technologies: We use cookies and similar technologies to enhance your experience and analyze usage.
1.3 Information from Third Parties
We may receive information about you from third parties, such as:
- Teachers or Schools: Educators using our Services may provide personal information about their students.
2. How We Use Your Information
We use your personal information for the following purposes:
- Provide and Improve Services: To operate, maintain, and enhance our Services.
- No Student Data for Product Improvement: We do not use any student data for product improvement or for advertising/targeting purposes.
- Account Management: To manage your account, authenticate users, and provide customer support.
- Communication: To respond to your inquiries, send transactional notifications, and provide updates about our Services.
- Processing Payments: To securely process transactions.
- Compliance and Legal Obligations: To comply with applicable laws, regulations, and legal processes.
- Safety and Security: To protect the rights, property, or safety of Ablespace, our users, or others.
- Personalization: To personalize your experience and deliver content relevant to your interests (excluding student data, which is not used for personalization).
3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We share your personal information with third-party service providers who assist us in providing our Services. These providers are contractually obligated to protect your information and use it only for the purposes we specify. We do not sell or rent any data (student or user) to third parties, and we do not share student data for advertising or targeting purposes.
3.2 List of Third-Party Service Providers
Below is a list of third-party service providers we use, along with their purposes. All data—including backups—is stored in the United States. Any sub-processor or partner we engage also stores data in U.S. data centers.
| Vendor Name | Purpose | Processes Student Data | Data Storage Location |
|---|---|---|---|
| Userway | Accessibility help widget | Yes | United States |
| Canny | User feedback collection | Yes | United States |
| Amplitude | Product analytics for debugging/improving user experience (No student-level analytics) | Yes | United States |
| Hubspot | Customer relationship management with schools and districts | No | United States |
| Pipedrive | Customer relationship management with schools and districts | No | United States |
| Aircall | Communication with school and district prospective customers | No | United States |
| Stripe | Payment processing (PCI compliant) | No | United States |
| Slack | Internal communications (may include user data during support) | No | United States |
| Sentry | Log tracking to identify and resolve technical issues | Yes | United States |
| Mailmodo | Communication with customers and transactional emails | No | United States |
| Google LLC | Cloud services, internal documents, and communication | Yes | United States |
| Amazon Web Services (AWS) | Cloud services, website hosting, and data center services | Yes | United States |
| Vercel | Website hosting | Yes | United States |
| MongoDB | Data storage for app data | Yes | United States |
3.3 Legal Requirements
We may disclose your personal information if required to do so by law or in response to valid requests by public authorities.
4. Data Security
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.
4.1 Security Measures
- Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
- Access Controls: We restrict access to personal information to authorized personnel who need it to perform their job duties.
- Regular Assessments: We regularly review our security practices and update them as necessary.
- Employee Training: Our staff are trained on data protection and privacy best practices.
4.2 Data Breach Notification
In the event of a data breach that may compromise your personal information, we will notify you and the appropriate authorities as required by law.
5. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.
- Account Information: Retained until you delete your account or as required by law.
- Student Data: Retained as long as necessary to provide Services to the educational institution or as required by applicable laws. Once the school contract ends or upon request, we securely delete or return all student data.
Backup and Deletion Requests
If personal data is requested for deletion, we remove it from our production environment within a commercially reasonable timeframe. We also remove or anonymize it in our backups within a set period (except where retention is required by law), ensuring that no identifiable information remains accessible.
6. Your Choices and Rights
6.1 Access and Correction
You may access, correct, or update your personal information at any time by logging into your account or contacting us at support@ablespace.io.
6.2 Deletion
You have the right to request the deletion of your personal information. We will process your request within 30 days, except where we are legally required to retain certain information. To request deletion, please contact us at privacy@ablespace.io.
6.3 Opt-Out of Communications
To opt out of receiving promotional communications, you can:
- Email Communications: Click the "unsubscribe" link in any promotional email or adjust your preferences in your account settings.
6.4 Cookies Management
You can set your browser to refuse all or some browser cookies or to alert you when cookies are being used. Please note that disabling cookies may affect the functionality of our Services.
7. Children’s Privacy (COPPA Compliance)
We comply with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent.
- Teachers and Schools: Educators are responsible for obtaining parental consent before providing us with students’ personal information if those students are under 13.
- Parental Access and Control: Parents or guardians seeking to review or delete their child’s personal information can contact us at privacy@ablespace.io. We will coordinate with the school to fulfill any such requests as required by law.
For additional details on our overall compliance, including FERPA, please visit our Compliance Page.
8. GDPR Compliance
If you are located in the European Economic Area (EEA) or the United Kingdom, you may have additional rights under the General Data Protection Regulation (GDPR) or UK data protection laws. These rights may include:
- Right to Access: Request information about how your personal data is processed and to obtain a copy of your personal data.
- Right to Rectification: Request that we correct any inaccuracies in your personal data.
- Right to Erasure (“Right to Be Forgotten”): Request that we delete your personal data when it is no longer needed or where processing is unlawful.
- Right to Restrict Processing: Request that we limit the processing of your personal data under certain circumstances.
- Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: Object to the processing of your personal data in certain situations, including for direct marketing purposes.
- Right Not to Be Subject to Automated Decision-Making: Where applicable, you have the right not to be subject to decisions based solely on automated processing, including profiling.
8.1 Legal Bases for Processing
We process personal data under the following legal bases:
- Consent: Where you have given explicit consent.
- Contract: Where processing is necessary for the performance of a contract (e.g., to provide our Services).
- Legal Obligation: Where processing is necessary to comply with a legal obligation.
- Legitimate Interest: Where processing is necessary for our legitimate interests (e.g., improving our Services), and these are not overridden by your rights and interests.
8.2 Exercising Your GDPR Rights
If you wish to exercise your GDPR rights, please contact us at privacy@ablespace.io. We will respond to your request within the time frames required by applicable data protection laws.
9. AI Policy
Ablespace utilizes Artificial Intelligence (“AI”), including generative AI (“Gen-AI”), to enhance certain features of our Services. We recognize the importance of transparency, user choice, and data privacy when using AI.
9.1 When We Use AI
- Clear Indicators: We will display a clear label or notification whenever Gen-AI features are enabled or available for use.
- User Choice: The use of Gen-AI is optional. You may choose whether or not to engage with these AI-powered features.
9.2 Data Sources and Ownership
- User-Owned Data: All personal or user-generated data remains owned by the user.
- No Model Training: We do not use your personal data or content for the purpose of training our AI models. Any data processed by our AI systems is ephemeral and not retained for model improvement or shared for external AI training.
9.3 Internal vs. Third-Party AI Tools
- Internal AI Systems: Certain AI functionalities may be developed and maintained by Ablespace internally.
- Third-Party APIs: We may also integrate third-party Gen-AI APIs that adhere to HIPAA compliance and meet or exceed our own privacy and security standards. When using these third-party APIs, your data is processed only to deliver the requested AI functionality and is subject to the same or stricter privacy protections.
- Data Privacy and Ownership: Regardless of whether internal or third-party AI services are used, your data remains your property, and we ensure that our partners do not claim ownership or repurpose your data for their own training.
9.4 Opt-In and Opt-Out
- Opt-In Required: To use our AI features, you will be prompted to opt in. If you do not opt in, no personal information will be sent to AI systems.
- Opt-Out at Any Time: If you initially opt in and later decide not to use AI features, you can disable AI functionality in your account settings or by contacting us at privacy@ablespace.io.
9.5 Security and HIPAA Compliance
- HIPAA-Compliant Services: Any third-party Gen-AI solutions we use maintain HIPAA compliance and are contractually bound to protect your data according to industry best practices.
- Same or Higher Privacy Standards: We only partner with Gen-AI providers whose privacy policies meet or exceed our own stringent requirements.
9.6 Responsible AI Usage
- Ethical Considerations: We commit to responsible AI usage, including fair treatment, non-discrimination, and the protection of minors and vulnerable populations.
- User Control: We strive to ensure that AI recommendations or outputs are transparent and interpretable, allowing you to make informed decisions on whether to follow such outputs.
10. Cookies and Similar Technologies
We use cookies and similar tracking technologies to enhance your experience on our Sites.
10.1 Types of Cookies We Use
- Essential Cookies: Necessary for the operation of our Sites.
- Functional Cookies: To remember your preferences and settings.
- Analytics Cookies: To analyze how you use our Sites and improve functionality.
- No Student-Level Analytics: We do not use student-level information for analytics or product improvement.
10.2 Managing Cookies
You can manage your cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of our Services.
11. Third-Party Links
Our Sites may contain links to other websites not operated by us. We are not responsible for the privacy practices of these third-party websites. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
- Effective Date: The date at the top of this Privacy Policy indicates when it was last updated.
- Notification of Changes: We will notify you of any material changes by posting the new Privacy Policy on this page and updating the Effective Date.
13. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:
- Email: privacy@ablespace.io
- Mailing Address:
Ablespace Inc.
1111B S Governors Ave #6145
Dover, DE 19904
Your privacy is important to us. We are committed to protecting your personal information and using it responsibly. Thank you for trusting Ablespace with your educational needs.
14. No Targeted Advertising
As an additional reassurance, we do not use any student or personal information for targeted advertising or related marketing purposes.
15. Aggregate or De-Identified Data
We may compile or create aggregate, de-identified data from user information (excluding student-level data). Such data does not identify an individual and is used solely for legitimate business purposes such as improving or analyzing the functionality of our Services. We do not use this data for targeted advertising or marketing purposes.
16. Compliance & Certifications
We take information security and privacy very seriously. In addition to our commitments under FERPA, COPPA, GDPR, and other laws and regulations, Ablespace holds the following certifications and attestations from recognized third parties:
- ISO 27001 Certification: We maintain an ISO 27001 certification, which demonstrates that our Information Security Management System (ISMS) has been audited and meets rigorous international standards for protecting data.
- HIPAA Compliance: We have undergone third-party audits to validate our compliance with the Health Insurance Portability and Accountability Act (HIPAA) requirements for safeguarding protected health information (PHI).
- FERPA Compliance: We follow FERPA guidelines to protect student education records, and we have received third-party verification that our policies, processes, and platform align with the protections required under FERPA.
These certifications and compliance measures reflect our ongoing commitment to data security and privacy throughout all levels of our organization and Services. If you have further questions about our certifications, please reach out to us at privacy@ablespace.io.
CCPA Notice
We do not “sell” personal information under the California Consumer Privacy Act (CCPA). If you are a California resident, you may have additional privacy rights under the CCPA/CPRA. To exercise these rights or learn more, please contact us at privacy@ablespace.io.
Last Updated: November 28, 2024
