Data Security and Ownership

System/Data Security

  1. 1.
    Access to application data via web/mobile to authorized users only (username/password)
  2. 2.
    Password protected by encryption via Secure Salt Hashing (no storage of straight passwords)
  3. 3.
    Secure Socket Layer (https://) communication over web using SHA-256 with RSA encryption
  4. 4.
    Tightly secured hardware environment for Bridg-it servers with top-of-the class firewalls security
  5. 5.
    Access to servers only to authorized Bridg-it employees on a “need-to-know” basis
  6. 6.
    Strong protection to data provided by following stringent security procedures
  7. 7.
    Use best of the class Secure Database management system to store information
  8. 8.
    Follow industries best practices to Data access and governance, inclusive of both manual and automated review of logs in order to detect any potential threats threats.
  9. 9.
    Very limited storage of user personal information – only student name, date of birth
  10. 10.
    Regular secure Data backup to provide application integrity and continuity

Data Ownership

  1. Individual users own the reports they file.
  2. A school owns any and all written commentary made by its employees and recorded on the Bridg-it system (the school can be subpoenaed for their written commentary/"notes").
  3. Once a users data is de-identified,(data is no longer associated with any individual in the system) ownership of that de-identified data goes to the school, only for use by the school community from which it came, and only to evaluate community trends over time.  Once data is de-identified, it is no longer identified with any individual.

NYS privacy policy requirements

  • 1. INFORMATION COLLECTED UPON REGISTRATION

    • 1.1
      Personal Information. The Bridg-it System requires that you provide certain personally identifiable information, but subject to the exceptions detailed below, your information will remain confidential. When a school or administrative entity responsible for schools (“Participating Institution”) agrees to participate in The Bridg-it System, that Institution may supply Bridg-it LLC with personally identifiable information (“Personal Information”) for the purpose of creating accounts for Participants.

      Upon registration in The Bridg-it System, each Participant will create a unique username and password. Pursuant to the Terms and Conditions to which you agree, passwords may not be shared or distributed.

      Personal Information may include the following: name, password, home telephone number, gender, the name of the school at which a Student is registered, grade and date of birth.

      Students are asked not to disclose more Personal Information than is necessary for them to participate in The Bridg-it System.

    • 1.2
      Computer Information and Some information is automatically collected when you access The Bridg-it System from a computer or mobile device. This information may include the type of computer operating system, associated serial numbers and software versions, the visitor’s IP address, the web browser used, and information about the websites visited before and after logging on to The Bridg-it System. Bridg-it LLC retains the right to use the data for its own purposes such as internal system maintenance, policy review or product development conducted by Bridg-it LLC.

      The Bridg-it System uses session “cookies” (text files such as html files, Flash files or other technology) to enhance the security and functionality of The Bridg-it System. A cookie will also be placed on your computer so we can track what messages are read and which are not. Web browsers often automatically accept cookies but you retain the ability to adjust your preferences through the settings on your browser. Information described in this subsection shall not be distributed to third parties for the purpose of advertising or marketing.

  • 2. SECURITY AND DISCLOSURE OF INFORMATION

    • 2.1
      System Security.  Any Personal Information, Complaints or Reports collected or generated during the registration or use of The Bridg-it System will not be disclosed to third-parties by Bridg-it LLC, unless one of exceptions below applies. Bridg-it LLC maintains a secure 256-bit encryption system to provide the best-available security technology.
    • 2.2
      No Commercial Disclosure. Bridg-it will not disclose, rent or sell any personally identifiable information to third parties for any commercial purpose.
    • 2.3
      Authorized Disclosures. In order to carry out Bridg-it LLC’s mission of helping Students, Guardians and School Agents to detect, report and manage instances of bullying, cyberbullying and harmful behavior, Personal Information may also be shared with School Agents when reviewing reports that are received through The Bridg-it. In order to administer the system and maintain functionality, Bridg-it LLC may provide Personal Information to its technology suppliers. All such suppliers or contractors are required to execute Non-Disclosure Agreements that comport with this Privacy Policy.

      Bridg-it LLC may generate reports to be provided to state education officials in accordance with Federal, State or Local laws. However, subject to the exceptions listed below, all names are converted to coded numbers to preserve confidentiality.

    • 2.4
      Data Storage and Protection. Bridg-it’s system encrypts all student, principal and teacher data using military grade AE-256 encryption. All user passwords as well as the user security questions and security answers are encrypted in the databases. All such data is stored on our servers located in NYC. The data center facility is located at Telehouse, in Chelsea, 85 10th Ave, New York, NY 10001. The Data Center houses technology for numerous leading online companies such as Amazon and Ebay. Access to the data center and access to our servers is limited to a few of our engineers. Each authorized person who wishes to access the servers has to use a combination of biometric and card authorization. All physical servers are located inside locked cabinets, which require an additional access card and authorization. All physical entrants who access the servers are automatically logged by time and identity. All the Bridg-it servers are virtualized and hosted on virtual machines. All Bridg-it databases containing student, teacher and principal data are backed up every four hours, and are not directly connect to the Internet and have use no public IP. All communication between the data servers and the other Bridg-it servers are done over a high-speed private network.
  • 3. EXCEPTIONS TO DISCLOSURE PROHIBITIONS

    Bridg-it LLC will not automatically disclose information on receipt of a subpoena. Compliance with subpoenas is subject to the following procedure:

    A third party must serve upon Bridg-it LLC a facially valid subpoena issued through either the Federal District Court for the Southern District of New York or The Supreme Court of the State of New York; ii) On receipt of such subpoena, Bridg-it LLC will provide timely notice to the Student and Guardian associated with the requested information in order for those Participants to seek legal counsel; and iii) In the event that the Guardian does not wish Bridg-it to disclose the requested information, it is solely the Guardian’s responsibility to intervene or file the appropriate pleading to the judicial authorities to challenge the validity and/or enforcement of the Guardian must timely notify Bridg-it LLC of such filing and provide proof of any such filing.

    In the event that the guardian does not timely provide to Bridg-It proof of any such filing, Bridg-It LLC will comply with the subpoena.

    • 3.1
      Court Orders.Bridg-it LLC will comply with properly served Court Orders to which Bridg-it LLC is a party. Bridg-it LLC will not file any appeal or seek injunctive relief regarding a Court Order on behalf of a Student or
    • 3.2
      Law Enforcement. Bridg-it LLC in its sole discretion, may unilaterally provide information in compliance with a law enforcement agency’s request if there is a good faith basis to believe that such disclosure will aid in the prevention of imminent or serious harm to others’ safety or property. Participants will receive notice from Bridg-it LLC of such disclosure unless the law enforcement agency making the request affirms in writing that such notice would interfere with or otherwise jeopardize such
    • 3.3
      Parental Consent to Disclosure. Bridg-it LLC will disclose to a Student’s Parent or Guardian information upon the written request of that Student’s Guardian, and the completion of a Voluntary Release Form. In the event that such a request contains Personal Information about a Student for whom that Guardian does not have legal responsibility, such information will be redacted or
    • 3.4
      Policy and Contractual Enforcement. Bridg-it LLC may also use or disclose information contained on The Bridg-it System when it is necessary to investigate violations of our Terms of Service, to enforce compliance with our governing policies, when necessary to limit Bridg-it LLC’s legal liability, or protect its rights or property.

California privacy policy requirements

 

  1. 1.
    Placeholder