NoodleTools, Inc. Privacy Policy

Last updated: July 28, 2020

The NoodleTools Platform — An Educational Service that is Truly Private

NoodleTools is designed as a private and secure teaching and learning space for schools and students. This Privacy Policy describes our stringent policies for protecting personal information in clear language that you – as an administrator, teacher, parent or student – can understand.

  • We do not collect or store any personally identifiable information from children under 13, other than for the specific requirement described in the “Third-Party Authentication Systems” section of this Privacy Policy.
  • We do not collect, maintain, use or share personal information beyond what is necessary for authorized educational/school or legal purposes.
  • We will never sell any personal information to any third party.
  • There is no tracking of any personal information for third-party or marketing purposes on NoodleTools.
  • We will never expose any student, teacher, or other user of NoodleTools to any third-party advertisements on our site.
  • NoodleTools, Inc. complies with all applicable federal and state data privacy laws including the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational and Privacy Rights Act (“FERPA”).
  • For EU subscribers, NoodleTools, Inc. complies with the EU-U.S. Privacy Shield Framework, the Swiss-U.S. Privacy Shield Framework, and the General Data Protection Regulation (GDPR) for the protection of personal data and digital privacy.


Scope of this Privacy Policy

This Privacy Policy applies to all parts of the NoodleTools service (“Service”), as follows:

  • “NoodleTools,” our online research management platform for students and teachers.
  • “NoodleTools Companion,” our iOS and Android mobile application for NoodleTools subscribers.
  • Single-sign-on options available for authentication (currently Google, Microsoft 365, and Clever).
  • “Have a Question?” our email-based expert help service for users with research questions.

By using the Service, you acknowledge that you accept and agree to this Privacy Policy. We may occasionally update this Privacy Policy. You can see when it was last updated by looking at the last updated date at the top of this page.

If we make any significant changes to our Privacy Policy, we’ll post a notification prominently on the NoodleTools homepage. Individual subscribers and school account administrators will also be notified of any significant changes to this policy via email. Continued use of the website after a revision to the Privacy Policy indicates your acceptance and agreement to the current Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

Guiding Principles for Student/User Privacy

For any Site subscribing to NoodleTools, we follow these guiding principles related to identifiable personal information and privacy:

  1. NoodleTools, Inc. upholds COPPA, FERPA, EU-U.S. Privacy Shield Framework, Swiss-U.S. Privacy Shield Framework, General Data Protection Regulation (GDPR) and related regulations.
  2. For any student accessing NoodleTools from a K12 Site subscription, neither name nor email address nor other personally identifiable information is required for a student to create personal folders or otherwise use NoodleTools or NoodleTools Companion. Our commitment to COPPA and the protection of children under 13 thus extends beyond the COPPA requirement and to all K12 students at a Site, regardless of age.
  3. Within the NoodleTools classroom environment, a student is identifiable by a screen name or name of choice. For children under 13, the prompt for this screen name specifically instructs them to supply only a first name and last initial.
  4. For group work, a teacher or classroom peers may not access any student’s folder for purposes of viewing and providing feedback unless the student expressly provides that permission. Our guiding principle is that the student is the owner and author of his or her work, and thus must grant permission allowing a teacher or peer to gain a view into that work.
  5. Students and teachers can only provide access to their folders on a Project-by-Project basis with those within the private and limited scope of the Site, and not beyond.

For any Individual subscribing personally to NoodleTools (i.e. not through a school or university Site subscription), we follow these guiding principles related to identifiable personal information and privacy.

  1. Your name and email address collected at registration are associated with your account, for purposes of password reset.
  2. Students under 13 are expressly requested to obtain parental permission before signing up for an Individual NoodleTools account. (Since Individual accounts are primarily subscribed by university students and scholars, it is infrequent that a young child under 13 would seek access to NoodleTools on an individual basis.)
  3. Projects created in Individual accounts are not shareable or viewable by any other person.

Collection and Processing of Personal Information (PII)

Any Personal Information collected and processed by NoodleTools will always be done so with the consent of its users and for the specific purposes outlined below, which are necessary for the operations of the Service.

Information Necessary to Subscribe

There are two types of subscribers to our Service. A “Site Subscriber” is typically a school, school library, district, state, university, or consortium using the classroom version of NoodleTools. An “Individual Subscriber” is a single person – typically a scholar or a university or graduate student – who uses the non-classroom version of NoodleTools for independent research.

When either a Site or Individual subscribes to NoodleTools, we collect only the minimal pieces of information that we need for subscription registration and billing purposes. Usernames, passwords, and IP addresses collected for the purpose of site-access authentication are held in the strictest confidence.

NoodleTools, Inc. is the sole owner of any information collected for subscription purposes. We will not sell, share, or distribute this information in any way, or use it for any other purpose than for site access authentication and subscription/renewal processes. Such collected information may be provided to an entity that purchases all or substantially all of the business or assets of NoodleTools, Inc. through a merger, financing, acquisition, or bankruptcy transaction or proceeding (“Successor Entity”), assuming that the Successor Entity has data privacy principles that are consistent with the principles described in this Privacy Policy.

For Site accounts, payment may be made by physical check, wire/ACH, or credit card. No credit card or other payment information is stored in our database, nor kept in any electronic or paper version.

For Individual accounts, payment is made through an external payment services and we do not see or handle the credit card or payment information. Pursuant to COPPA, for children under 13 requesting an individual account, there is specific language on our submission form counseling the child to obtain parental permission, and have the parent complete the credit card payment.

One-Time Use of Email

Under the “Limited Exceptions to COPPA’s Verifiable Parental Consent Requirement,” when a student working in NoodleTools uses the function to email their work to themselves or another person, the email address is used in a one-time manner for that purpose.

Withholding Personal Information

In situations where Personal Information is collected, if you choose to withhold any personal data requested by us, it may not be possible for you to gain access to certain parts of the site or for us to respond to your queries.

Passive Information Collection Technologies for Internal Operations

Some Privacy Frameworks like GDPR consider IP address logs to constitute personal information. Thus, no identifiers are ever used except for to provide support for our internal operations, site and service. Furthermore, IP addresses are never shared with any third parties. In order to compile usage statistics for subscribing organizations, we also record the date and time that users access the Service, and from what IP address they log in.


Certain information is stored by NoodleTools using session and persistent cookies. Those cookies are used for the express and limited purpose of maintaining the user’s active session and login preferences, and to customize the user’s experience within NoodleTools.

You can control whether or not cookies are allowed through your browser. If you choose to disable cookies, it may limit use of certain features or functions of the website and/or NoodleTools platform.

External Links and Third-Party Integrations

No ads are served from the NoodleTools website or Service, but many NoodleTools pages do contain links to other websites. There is no exchange of personal information by NoodleTools to any external service or website.

When a user asks a citation question via the “Have a Question?” link in NoodleTools or submits a ticket through our Help Desk, an email address is used on a one-time basis to respond to that query. Both “Have a Question?” and the Help Desk are facilitated through FreshDesk. In addition to FreshDesk’s standard privacy policy, NoodleTools, Inc. has entered into a separate stringent agreement with FreshDesk regarding data privacy and security of NoodleTools user data, guaranteeing that they provide at least the same level of privacy protection as is required by this privacy policy and implemented by NoodleTools.

In addition to FreshDesk, NoodleTools utilizes the services of other companies to perform certain business-related services. We may disclose personal information to certain types of third-party companies but only to the extent needed to enable them to provide such services. NoodleTools currently uses services such as Stripe for credit card processing, Sumo Logic for server monitoring, and Amazon Web Services (AWS) and related Amazon Cloud services for hosting, database management and backup. These and all such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by NoodleTools.

NoodleTools can connect to Google Docs or Word Online through APIs, if a student wishes to export citations and notecards to those services. If the user is not already authenticating through one of those services, NoodleTools prompts for the user’s G Suite or Office 365 ID to facilitate this integration, and that ID is not used by NoodleTools for any other purpose.

Third-Party Authentication Systems (Google, Microsoft 365, Clever, ClassLink)

Third-party authentication systems may provide passive access to student personal information that NoodleTools, Inc. does not access or store due to our own stringent privacy policy. For example, if a school shares data through Clever with NoodleTools, students’ gender and date of birth are included, but that information is not used or stored in the NoodleTools database. The only user information stored is name and email address, and those are used solely for authentication purposes. If you decide to use Google, Microsoft 365, Clever or ClassLink Authentication Services for access to NoodleTools, it shall be consistent with this Privacy Policy.

Please be aware that NoodleTools, Inc. is not responsible for the privacy or data security practices of any other website or service. We encourage our users to be aware when they leave our site and to read the privacy policies and terms of service of all websites that they visit. This Privacy Policy applies solely to information collected by NoodleTools. The use of all external services or websites are at your own risk, regardless of whether such services are linked or connected to NoodleTools, and NoodleTools, Inc. shall have no liability related to the use of any external service or website.

Our Security Practices

NoodleTools, Inc. maintains a security program that is designed to protect the security, privacy, confidentiality and integrity of the student personal information against risks such as unauthorized access or use, or unintended or inappropriate disclosure. Our data is stored in the United States with robust digital and procedural safeguards in place to protect your personal information. All passwords are securely encrypted within our database, which has daily backups and is protected by SSH and a firewall. All actions that involve the digital transmission of personal data are handled by 256-bit encryption.

As previously noted, the Service has minimal collection of personal information, and minimal integration with services that could cause any unintended transference of personal information. If you have any questions about the security at our website, you can contact us via the NoodleTools Help Desk.

NoodleTools, Inc. will quickly respond to and mitigate any private user data breach, as summarized in our Breach Response Plan.

Data Retention, Destruction, Correction

To the extent allowed by applicable law, NoodleTools, Inc. retains personally identifiable information provided by you after the termination of your relationship with us. This is done to allow an individual, school or district to renew a subscription that had previously expired, without any loss of the work done by students and teachers within that account. If a K12 Site requests that NoodleTools delete or destroy personally identifiable student information after the termination of its relationship with us, we will take commercially reasonable efforts to do so within 60 days; provided, however, that NoodleTools, Inc. may retain aggregated and anonymized data.

If a parent, student, principal, or teaching staff member would like to make corrections to data that has been collected they can either submit a request to the NoodleTools Help Desk or submit a letter to the following address: NoodleTools, Inc., PO Box 60214, Palo Alto, CA 94306.

International Compliance

EU & Swiss Privacy Shield

NoodleTools, Inc. is compliant and certified with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield site.

Under the Privacy Shield frameworks, NoodleTools, Inc. is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting as an agent on its behalf. NoodleTools, Inc. complies with the Privacy Shield principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield frameworks, NoodleTools, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, NoodleTools, Inc. may be required to disclose personal data.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact JAMS, our U.S.-based, third-party dispute resolution provider (free of charge) at

As more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

General Data Protection Regulation (GDPR)

We meet the privacy requirements of all EU members. All technical and procedural measures are in place to protect personally identifying information.

Under GDPR, NoodleTools, Inc. stands behind your fundamental rights regarding how we will collect, use and store data:

  1. We strive to be transparent and inform you in how we use personal data.
  2. Users of NoodleTools shall have the right to know exactly what information is held about them and how it is processed, and are entitled to have personal data rectified if it is inaccurate or incomplete, or deleted if so requested.
  3. With respect to personal information, we respect the right for subscribers to block or suppress its processing.
  4. Users of NoodleTools have the right to retain and reuse their personal data for their own purpose.
  5. Personal data is not used for the purpose of direct marketing, scientific and historical research, or the performance of tasks outside the scope of operation of the NoodleTools platform.

Data Protection and Control

NoodleTools, Inc. processes Personal Data as both a Processor and as a Controller, as defined in the EU Directive and the GDPR. NoodleTools, Inc. has a “Data Protection Officer” who is responsible for matters related to privacy and data protection. The Data Protection Officer is Damon Abilock, who can be reached per the contact information listed at the bottom of this agreement.

EU Personal Data: Data Processing Addendum

With respect to the processing of personal data relating to data subjects located in the European Economic Area (including the United Kingdom as of the Effective Date of this Privacy Policy) by NoodleTools, Inc. solely on behalf of the End Customer, the terms of the Data Processing Addendum shall apply.

Terms of Service

This Privacy Policy is incorporated into our Terms of Service and is part of that contractual agreement between you (the user) and NoodleTools, Inc. and is enforceable under the provisions of that Terms of Service, as updated or amended from time to time.


For any questions regarding this Privacy Policy, please contact:
Damon Abilock, President
PO Box 60214
Palo Alto, CA 94306