Last updated: July 28, 2020
The NoodleTools Platform — An Educational Service that is Truly Private
- We do not collect, maintain, use or share personal information beyond what is necessary for authorized educational/school or legal purposes.
- We will never sell any personal information to any third party.
- There is no tracking of any personal information for third-party or marketing purposes on NoodleTools.
- We will never expose any student, teacher, or other user of NoodleTools to any third-party advertisements on our site.
- NoodleTools, Inc. complies with all applicable federal and state data privacy laws including the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational and Privacy Rights Act (“FERPA”).
- For EU subscribers, NoodleTools, Inc. complies with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and the General Data Protection Regulation (GDPR) for the protection of personal data and digital privacy.
- “NoodleTools,” our online research management platform for students and teachers.
- “NoodleTools Companion,” our iOS and Android mobile application for NoodleTools subscribers.
- Single-sign-on options available for authentication (currently Google, Microsoft 365, and Clever).
- “Have a Question?” our email-based expert help service for users with research questions.
Guiding Principles for Student/User Privacy
For any Site subscribing to NoodleTools, we follow these guiding principles related to identifiable personal information and privacy:
- NoodleTools, Inc. upholds COPPA, FERPA, EU-U.S. Privacy Shield Framework, Swiss-U.S. Privacy Shield Framework, General Data Protection Regulation (GDPR) and related regulations.
- For any student accessing NoodleTools from a K12 Site subscription, neither name nor email address nor other personally identifiable information is required for a student to create personal folders or otherwise use NoodleTools or NoodleTools Companion. Our commitment to COPPA and the protection of children under 13 thus extends beyond the COPPA requirement and to all K12 students at a Site, regardless of age.
- Within the NoodleTools classroom environment, a student is identifiable by a screen name or name of choice. For children under 13, the prompt for this screen name specifically instructs them to supply only a first name and last initial.
- For group work, a teacher or classroom peers may not access any student’s folder for purposes of viewing and providing feedback unless the student expressly provides that permission. Our guiding principle is that the student is the owner and author of his or her work, and thus must grant permission allowing a teacher or peer to gain a view into that work.
- Students and teachers can only provide access to their folders on a Project-by-Project basis with those within the private and limited scope of the Site, and not beyond.
For any Individual subscribing personally to NoodleTools (i.e. not through a school or university Site subscription), we follow these guiding principles related to identifiable personal information and privacy.
- Your name and email address collected at registration are associated with your account, for purposes of password reset.
- Students under 13 are expressly requested to obtain parental permission before signing up for an Individual NoodleTools account. (Since Individual accounts are primarily subscribed by university students and scholars, it is infrequent that a young child under 13 would seek access to NoodleTools on an individual basis.)
- Projects created in Individual accounts are not shareable or viewable by any other person.
Collection and Processing of Personal Information (PII)
Any Personal Information collected and processed by NoodleTools will always be done so with the consent of its users and for the specific purposes outlined below, which are necessary for the operations of the Service.
Information Necessary to Subscribe
There are two types of subscribers to our Service. A “Site Subscriber” is typically a school, school library, district, state, university, or consortium using the classroom version of NoodleTools. An “Individual Subscriber” is a single person – typically a scholar or a university or graduate student – who uses the non-classroom version of NoodleTools for independent research.
When either a Site or Individual subscribes to NoodleTools, we collect only the minimal pieces of information that we need for subscription registration and billing purposes. Usernames, passwords, and IP addresses collected for the purpose of site-access authentication are held in the strictest confidence.
For Site accounts, payment may be made by physical check, wire/ACH, or credit card. No credit card or other payment information is stored in our database, nor kept in any electronic or paper version.
For Individual accounts, payment is made through an external payment services and we do not see or handle the credit card or payment information. Pursuant to COPPA, for children under 13 requesting an individual account, there is specific language on our submission form counseling the child to obtain parental permission, and have the parent complete the credit card payment.
One-Time Use of Email
Under the “Limited Exceptions to COPPA’s Verifiable Parental Consent Requirement,” when a student working in NoodleTools uses the function to email their work to themselves or another person, the email address is used in a one-time manner for that purpose.
Withholding Personal Information
In situations where Personal Information is collected, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the site or for us to respond to your queries.
Passive Information Collection Technologies for Internal Operations
Some Privacy Frameworks like GDPR consider IP address logs to constitute personal information. Thus, no identifiers are ever used except for to provide support for our internal operations, site and service. Furthermore, IP addresses are never shared with any third parties. In order to compile usage statistics for subscribing organizations, we also record the date and time that users access the Service, and from what IP address they log in.
Certain information is stored by NoodleTools using session and persistent cookies. Those cookies are used for the express and limited purpose of maintaining the user’s active session and login preferences, and to customize the user’s experience within NoodleTools.
You can control whether or not cookies are allowed through your browser. If you choose to disable cookies, it may limit use of certain features or functions of the website and/or NoodleTools platform.
External Links and Third-Party Integrations
No ads are served from the NoodleTools website or Service, but many NoodleTools pages do contain links to other websites. There is no exchange of personal information by NoodleTools to any external service or website.
NoodleTools can connect to Google Docs or Word Online through APIs, if a student wishes to export citations and notecards to those services. If the user is not already authenticating through one of those services, NoodleTools prompts for the user’s G Suite or Office 365 ID to facilitate this integration, and that ID is not used by NoodleTools for any other purpose.
Third-Party Authentication Systems (Google, Microsoft 365, Clever, ClassLink)
Our Security Practices
NoodleTools, Inc. maintains a security program that is designed to protect the security, privacy, confidentiality and integrity of the student personal information against risks such as unauthorized access or use, or unintended or inappropriate disclosure. Our data is stored in the United States with robust digital and procedural safeguards in place to protect your personal information. All passwords are securely encrypted within our database, which has daily backups and is protected by SSH and a firewall. All actions that involve the digital transmission of personal data are handled by 256-bit encryption.
As previously noted, the Service has minimal collection of personal information, and minimal integration with services that could cause any unintended transference of personal information. If you have any questions about the security at our website, you can contact us via the NoodleTools Help Desk.
NoodleTools, Inc. will quickly respond to and mitigate any private user data breach, as summarized in our Breach Response Plan.
Data Retention, Destruction, Correction
To the extent allowed by applicable law, NoodleTools, Inc. retains personally identifiable information provided by you after the termination of your relationship with us. This is done to allow an individual, school or district to renew a subscription that had previously expired, without any loss of the work done by students and teachers within that account. If a K12 Site requests that NoodleTools delete or destroy personally identifiable student information after the termination of its relationship with us, we will take commercially reasonable efforts to do so within 60 days; provided, however, that NoodleTools, Inc. may retain aggregated and anonymized data.
If a parent, student, principal, or teaching staff member would like to make corrections to data that has been collected they can either submit a request to the NoodleTools Help Desk or submit a letter to the following address: NoodleTools, Inc., PO Box 60214, Palo Alto, CA 94306.
EU & Swiss Privacy Shield
NoodleTools, Inc. is compliant and certified with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield site.
Under the Privacy Shield frameworks, NoodleTools, Inc. is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting as an agent on its behalf. NoodleTools, Inc. complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield frameworks, NoodleTools, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, NoodleTools, Inc. may be required to disclose personal data.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS, our U.S.-based, third-party dispute resolution provider (free of charge) at https://www.jamsadr.com/eu-us-privacy-shield.
As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
General Data Protection Regulation (GDPR)
We meet the privacy requirements of all EU members. All technical and procedural measures are in place to protect personally identifying information.
Under GDPR, NoodleTools, Inc. stands behind your fundamental rights regarding how we will collect, use and store data:
- We strive to be transparent and inform you in how we use personal data.
- Users of NoodleTools shall have the right to know exactly what information is held about them and how it is processed, and are entitled to have personal data rectified if it is inaccurate or incomplete, or deleted if so requested.
- With respect to personal information, we respect the right for subscribers to block or suppress its processing.
- Users of NoodleTools have the right to retain and reuse their personal data for their own purpose.
- Personal data is not used for the purpose of direct marketing, scientific and historical research, or the performance of tasks outside the scope of operation of the NoodleTools platform.
Data Protection and Control
NoodleTools, Inc. processes Personal Data as both a Processor and as a Controller, as defined in the EU Directive and the GDPR. NoodleTools, Inc. has a “Data Protection Officer” who is responsible for matters related to privacy and data protection. The Data Protection Officer is Damon Abilock, who can be reached per the contact information listed at the bottom of this agreement.
EU Personal Data: Data Processing Addendum
Terms of Service
Damon Abilock, President
PO Box 60214
Palo Alto, CA 94306