NoodleTools, Inc. Privacy Policy

Last updated: November 7, 2023

The NoodleTools Platform — An Educational Service that is Truly Private

NoodleTools is designed as a private and secure teaching and learning space for schools and students. This Privacy Policy describes our stringent policies for protecting personal information in clear language that you – as an administrator, teacher, parent or student – can understand.

  • We do not collect or store any personally identifiable information from children under 13, other than for the specific requirement described in the “Third-Party Authentication Systems” section of this Privacy Policy.
  • We do not collect, maintain, use or share personal information beyond what is necessary for authorized educational/school or legal purposes.
  • We will never sell any personal information to any third party.
  • There is no tracking of any personal information for third-party or marketing purposes on NoodleTools.
  • We will never expose any student, teacher, or other user of NoodleTools to any third-party advertisements on our site.
  • NoodleTools, Inc. complies with all applicable federal and state data privacy laws including the Children’s Online Privacy Protection Act (“COPPA”), Student Online Personal Protection Act (“SOPPA), the Family Educational and Privacy Rights Act (“FERPA”), and the California Consumer Privacy Act (“CCPA”).
  • For EU subscribers, NoodleTools, Inc. complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and the General Data Protection Regulation (GDPR) for the protection of personal data and digital privacy.

 

Scope of this Privacy Policy

This Privacy Policy applies to all parts of the NoodleTools service (“Service”), as follows:

  • “NoodleTools,” our online research management platform for students and teachers.
  • “NoodleTools Companion,” our iOS and Android mobile application for NoodleTools subscribers.
  • Single-sign-on options available for authentication (currently Google, Microsoft 365, Clever and ClassLink).
  • “Have a Question?” our email-based expert help service for users with research questions.

By using the Service, you acknowledge that you accept and agree to this Privacy Policy. We may occasionally update this Privacy Policy. You can see when it was last updated by looking at the last updated date at the top of this page.

If we make any significant changes to our Privacy Policy, we’ll post a notification prominently on the NoodleTools homepage. Individual subscribers and school account administrators will also be notified of any significant changes to this policy via email. Continued use of the website after a revision to the Privacy Policy indicates your acceptance and agreement to the current Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

Guiding Principles for Student/User Privacy

For any Site subscribing to NoodleTools, we follow these guiding principles related to identifiable personal information and privacy:

  1. NoodleTools, Inc. upholds COPPA, SOPPA, FERPA, CCPA, EU-U.S. DPF, Swiss-U.S. DPF, UK Extension to the EU-U.S. DPF, General Data Protection Regulation (GDPR) and related regulations.
  2. Sites may provide username/password access to NoodleTools, for which no email address or other personally identifiable information is required for a student to use NoodleTools or NoodleTools Companion. As such, we protect students regardless of age, beyond the COPPA requirement.
  3. Within the NoodleTools application, a student is identifiable by a screen name of choice. For children under 13, the prompt for this screen name instructs them to supply only a first name and last initial.
  4. For group work, a teacher or classroom peers may not access any student’s folder for purposes of viewing and providing feedback unless the student expressly provides that permission. Our guiding principle is that the student is the owner and author of his or her work, and thus must grant permission allowing a teacher or peer to gain a view into that work.
  5. Students can only provide access to their work on a project-by-project basis with those within the private and limited scope of the Site, and not beyond.

For any Individual subscribing personally to NoodleTools (i.e. not through a school or university Site subscription), we follow these guiding principles related to identifiable personal information and privacy.

  1. Your name and email address collected at registration are associated with your account, for purposes of password reset.
  2. Students under 13 are expressly requested to obtain parental permission before signing up for an Individual NoodleTools account. (Since Individual accounts are primarily subscribed by university students and scholars, it is infrequent that a young child under 13 would seek access to NoodleTools on an individual basis.)
  3. Projects created in Individual accounts are not shareable or viewable by any other person.

Collection and Processing of Personal Information (PII)

Any Personal Information collected and processed by NoodleTools will always be done so with the consent of its users and for the specific purposes outlined below, which are necessary for the operations of the Service.

Information Necessary to Subscribe

There are two types of subscribers to our Service. A “Site Subscriber” is typically a school, school library, district, state, university, or consortium using the classroom version of NoodleTools. An “Individual Subscriber” is a single person – typically a scholar or a university or graduate student – who uses the non-classroom version of NoodleTools for independent research.

When either a Site or Individual subscribes to NoodleTools, we collect only the minimal pieces of information that we need for subscription registration and billing purposes. Usernames, passwords, and IP addresses collected for the purpose of site-access authentication are held in the strictest confidence.

NoodleTools, Inc. is the sole owner of any information collected for subscription purposes. We will not sell, share, or distribute this information in any way, or use it for any other purpose than for site access authentication and subscription/renewal processes. Such collected information may be provided to an entity that purchases all or substantially all of the business or assets of NoodleTools, Inc. through a merger, financing, acquisition, or bankruptcy transaction or proceeding (“Successor Entity”), assuming that the Successor Entity has data privacy principles that are consistent with the principles described in this Privacy Policy.

For Site accounts, payment may be made by physical check, wire/ACH, or credit card. No credit card or other payment information is stored in our database, nor kept in any electronic or paper version.

For Individual accounts, payment is made through an external payment services and we do not see or handle the credit card or payment information. Pursuant to COPPA, for children under 13 requesting an individual account, there is specific language on our submission form counseling the child to obtain parental permission, and have the parent complete the credit card payment.

One-Time Use of Email

Under the “Limited Exceptions to COPPA’s Verifiable Parental Consent Requirement,” when a student working in NoodleTools uses the function to email their work to themselves or another person, the email address is used in a one-time manner for that purpose.

Withholding Personal Information

In situations where Personal Information is collected, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the site or for us to respond to your queries.

Passive Information Collection Technologies for Internal Operations

Some Privacy Frameworks like GDPR consider IP address logs to constitute personal information. Thus, no identifiers are ever used except for to provide support for our internal operations, site and service. Furthermore, IP addresses are never shared with any third parties. In order to compile usage statistics for subscribing organizations, we also record the date and time that users access the Service, and from what IP address they log in.

Cookies

Certain information is stored by NoodleTools using session and persistent cookies. Those cookies are used for the express and limited purpose of maintaining the user’s active session and login preferences, and to customize the user’s experience within NoodleTools.

You can control whether or not cookies are allowed through your browser. If you choose to disable cookies, it may limit use of certain features or functions of the website and/or NoodleTools platform.

External Links and Third-Party Integrations

No ads are served from the NoodleTools website or Service, but many NoodleTools pages do contain links to other websites. There is no exchange of personal information by NoodleTools to any external service or website.

When a user asks a citation question via the “Have a Question?” link in NoodleTools or submits a ticket through our Help Desk, an email address is used on a one-time basis to respond to that query. Both “Have a Question?” and the Help Desk are facilitated through FreshDesk. In addition to FreshDesk’s standard privacy policy, NoodleTools, Inc. has entered into a separate stringent agreement with FreshDesk regarding data privacy and security of NoodleTools user data, guaranteeing that they provide at least the same level of privacy protection as is required by this privacy policy and implemented by NoodleTools.

In addition to FreshDesk, NoodleTools utilizes the services of other companies to perform certain business-related services. NoodleTools currently uses services such as Stripe for credit card processing, Sumo Logic for server monitoring, and Amazon Web Services (AWS) and related Amazon Cloud services for hosting, database management and backup. These and all such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by NoodleTools.

NoodleTools can connect to Google Docs or Word Online through APIs, if a student wishes to export citations and notecards to those services. If the user is not already authenticating through one of those services, NoodleTools prompts for the user’s Google or Microsoft 365 login to facilitate this integration, and that ID and login is not used by NoodleTools for any other purpose.

Third-Party Authentication Systems (Google, Microsoft 365, Clever, ClassLink)

Third-party authentication systems may provide passive access to student personal information that NoodleTools, Inc. does not access or store due to our own stringent privacy policy. For example, if a school shares data through Clever with NoodleTools, students’ gender and date of birth are included, but that information is not used or stored in the NoodleTools database. The only user information stored is name and email address, and those are used solely for authentication purposes. If you decide to use Google, Microsoft 365, Clever or ClassLink Authentication Services for access to NoodleTools, it shall be consistent with this Privacy Policy.

Please be aware that NoodleTools, Inc. is not responsible for the privacy or data security practices of any other website or service. We encourage our users to be aware when they leave our site and to read the privacy policies and terms of service of all websites that they visit. This Privacy Policy applies solely to information collected by NoodleTools. The use of all external services or websites are at your own risk, regardless of whether such services are linked or connected to NoodleTools, and NoodleTools, Inc. shall have no liability related to the use of any external service or website.

Our Security Practices

NoodleTools, Inc. maintains a security program that is designed to protect the security, privacy, confidentiality and integrity of the student personal information against risks such as unauthorized access or use, or unintended or inappropriate disclosure. Our data is stored in the United States with robust digital and procedural safeguards in place to protect personal information. All passwords are SHA-512 encrypted in our database. Regular database backups ensure data security and business continuity in the event of data loss, and firewalls prevent all unauthorized access into or out of the network. All digital transmission of personal data is SHA-512 encrypted and employs TLS/HTTPS secure connections.

As previously noted, the Service has minimal collection of personal information, and minimal integration with services that could cause any unintended transference of personal information. If you have any questions about the security at our website, you can contact us via the NoodleTools Help Desk.

NoodleTools, Inc. will quickly respond to and mitigate any private user data breach, as summarized in our Breach Response Plan.

Data Retention, Destruction, Correction

To the extent allowed by applicable law, NoodleTools, Inc. retains personally identifiable information provided by you after the termination of your relationship with us. This is done to allow an individual, school or district to renew a subscription that had previously expired, without any loss of the work done by students and teachers within that account. If a K-12 Site requests that NoodleTools delete or destroy personally identifiable student information after the termination of its relationship with us, or it is required by state law, we will do so within 30 days; provided, however, that NoodleTools, Inc. may retain aggregated and anonymized data.

A parent, student, principal, or teaching staff member who would like to make corrections to personal data that has been collected should contact their school/district account administrator, who can work with us to facilitate that request. Individuals who have purchased a single-user license may submit their request to the NoodleTools Help Desk.

California CCPA Compliance

NoodleTools, Inc. is compliant with the California Consumer Privacy Act (CCPA). If you are a California resident, your rights are described in the CCPA addendum.

International Compliance

EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF

NoodleTools, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. NoodleTools, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. NoodleTools, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, NoodleTools, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission, who has jurisdiction over NoodleTools, Inc. compliance.

Under certain conditions, more fully described on the Data Privacy Framework website, you may invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms.

Choice: In compliance with Data Privacy Framework Principles, you have the right to opt out of:

  • Disclosures of your Personal Data to third parties not identified at the time of collection or subsequently authorized.
  • Uses of your Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.

If you would like to exercise these rights, send your request to our data protection officer at privacy@noodletools.com.

Personal Data may be disclosed under specific circumstances (with no option to opt-out): (i) if we are required to do so by law or legal process; (ii) pursuant to valid requests by law enforcement or other government authorities (which we are legally required to respond to); and (iii) when we believe disclosure is necessary to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. We reserve the right to transfer Personal Data in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation), and in such case we will direct the transferee to use the Personal Data in a manner consistent with this Privacy Policy.

Onward Transfers: In the context of an onward transfer, NoodleTools, Inc. has responsibility for the processing of personal information it receives under the Data Privacy Framework and subsequently transfers to a third party acting as an agent on its behalf. NoodleTools, Inc. shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

If you have a related question or concern, please contact our data protection officer at privacy@noodletools.com

In compliance with the Data Privacy Framework Principles, NoodleTools, Inc. commits to resolve complaints about our collection or use of your personal information. EU, UK or Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact NoodleTools, Inc. at: privacy@noodletools.com

In compliance with the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, NoodleTools, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS website for more information or to file a complaint. The services of JAMS are provided at no cost to you.

General Data Protection Regulation (GDPR)

We meet the privacy requirements of EU, UK and Swiss members. All technical and procedural measures are in place to protect personally identifying information.

Under GDPR, NoodleTools, Inc. stands behind your fundamental rights regarding how we will collect, use and store data:

  1. We strive to be transparent and inform you in how we use personal data.
  2. Users of NoodleTools shall have the right to know exactly what information is held about them and how it is processed, and are entitled to have personal data rectified if it is inaccurate or incomplete, or deleted if so requested.
  3. With respect to personal information, we respect the right for subscribers to block or suppress its processing.
  4. Users of NoodleTools have the right to retain and reuse their personal data for their own purpose.
  5. Personal data is not used for the purpose of direct marketing, scientific and historical research, or the performance of tasks outside the scope of operation of the NoodleTools platform.

Data Protection and Control

NoodleTools, Inc. processes Personal Data as both a Processor and as a Controller, as defined under GDPR. NoodleTools, Inc. has a “Data Protection Officer” who is responsible for matters related to privacy and data protection. The Data Protection Officer is Damon Abilock, who can be reached per the contact information listed at the bottom of this agreement.

Personal Data: Data Processing Addendum

With respect to the processing of personal data relating to EU, UK, and Swiss data subjects by NoodleTools, Inc. solely on behalf of the End Customer, the terms of the Data Processing Addendum shall apply.

Terms of Service

This Privacy Policy is incorporated into our Terms of Service and is part of that contractual agreement between you (the user) and NoodleTools, Inc. and is enforceable under the provisions of that Terms of Service, as updated or amended from time to time.

Contact

For any questions regarding this Privacy Policy, please email privacy@noodletools.com or contact:
Damon Abilock, President
PO Box 60214
Palo Alto, CA 94306
650-561-4071