Yabla tracks information about usage of the site. Much of this data is required to provide functionality of the site. For example, scores when completing Yabla activities, or tracking what videos have been watched or bookmarked. We also require paying subscribers to provide basic information such as an email address. We also track activity on the site for the purposes like customer support and analysis to determine which features are popular on the site. We also offer a commenting feature thus collect original user generated content.
This data is stored on Yabla controlled servers in a data center located in the US and managed by Linode, Inc. The servers are physically secured, and access to subscriber information is limited to Yabla employed customer support personnel and Yabla employed software engineers. We also store backups using Amazon's AWS S3 system. This is stored in the US East region.
We collect payment information and pass it to payment providers. We store no credit card numbers and our payment providers do not make the credit card numbers available to us. Our payment providers include Stripe, PayPal, and Apple for inApp payments.
We also use Google Analytics to monitor page views and event data on the site. We do not send personally identifiable information to Google Analytics such as email addresses. Google Analytics uses 1st-party (Yabla specific) cookies to identify and tag devices.
We collect email addresses when new subscribers sign up, and when people ask to be added to the mailing list. This information is stored on our servers, and passed to MailChimp. We use MailChimps platform to compose and send email newsletters and campaigns. Group subscriptions, such as K-12 schools or other institutions, have the option to change settings to allow for students to create usernames without email addresses. All subscribers can opt out of email communication via the emails sent or on our site.
We use various forms of advertising, primarily Facebook and Google Adwords. When a user (other than K-12 or university) visits our site, we will send a tracking pixel to Google and Facebook which includes a cookie to identify the device. Regardless of how a user reaches our site, the user may see Yabla advertising on Facebook or elsewhere on the web via Adwords. We also send similar tracking pixels when a user completes an action such as purchasing a subscription. This enables Yabla to see the effectiveness of advertising. While we send no personally identifiable information, the reach of Facebook and Google means they generally can know who purchased a subscription to Yabla or visited Yabla. They don't make this information available to us, e.g. we don't get a list of Facebook users that visited or signed up for Yabla. While we don't offer a way to opt out of this tracking, many ad blocking tools can stop this tracking. We frequently verify that Yabla's site works when users run ad blocking software.
Specific to our Yabla for Schools accounts, group accounts for K-12 schools as well as universities (both prepaid and direct or indirect student pay): We do not send personal information to Google Analytics. We use information from Google Analytics to evaluate accessibility or gauge the popularity of various features on our websites. We also use that information for general reporting and management functions. Specifically, we use log analysis tools to generate statistics, determine technical design specifications, and identify system performance issues.
On our servers which we control, we retain subscriber activity that is required for the service to function indefinitely. For information we use for internal analytics and logging, the data is purged within 6 months from our production systems, and within a year for all backup information to be purged.
We believe in the right to be forgotten. We have a procedure to remove all personally identifiable information. Our standard procedure is to replace names and emails with anonymous information, and delete device identifiers and IP address information for that user. Requests for deletion can be made by emailing support@yabla.com. We reserve the right to delay the deletion for up to 90 days if there are outstanding payment issues which would require contact information. A complete purge from offline backups may require up to 6 months.
Any subscriber data can be made available to the subscriber. We will provide all subscriber data upon request to support@yabla.com. This will include all data from our production system relevant to the user requesting their own information.
Additional information about Yabla's data handling can be requested by contacting privacy@yabla.com.
FERPA Yabla complies with all FERPA data protection requirements for student personal information. Our US school student data is stored in US data centers with strong physical security. All data at rest and in transit is encrypted. Our site is tested and audited for security regularly. We operate with added security and audits because we are an e-commerce business processing payments. Employee access to student data is limited and logged.
The information we collect from schools is limited to Directory Information (class rosters) which is permitted by FERPA rules. We also collect student activity on the site such as responses to multiple choice questions. We do not collect any free form or creative responses from students such as essays. While we record scores for various student activity, we do not have access to grades or course transcripts for students. All data we collect is stored with FERPA compliance.
COPPA When Yabla is used with student accounts in the default configuration, we collect student first and last names,a screen name/email, and use cookies to preserve logins. If the student is under age 13, consent for sharing the names and screen name is required by the parent or guardian. We use this information to identify and share the students activity on the site with the student's teacher. We do not collect, addresses, phone numbers, SSNs, geo-location information, creative content from the student such as essays, photos, or audio.
Yabla can also be used at schools without requiring a students name or screen name, thus no COPPA personal information is shared. Some schools opt to only create "lab" accounts, e.g. "lab computer 4", and the students name is not shared with Yabla. Schools can also purchase a subscription where all Yabla content is accessible from the schools network without any login identifiers.
NEW YORK STATE Yabla is compliant with NY Ed Law Section 2-d pertaining to agreements entered into with school districts in the state of New York as they relate to student and/or teacher data that may contain personally identifiable information.
PENNSYLVANIA STATE Yabla is compliant with all laws and regulations of the Commonwealth of Pennsylvania as they relate to agreements entered into by School Districts.
Yabla will not give, rent, sell or otherwise distribute your email address or any other personal information to any third party without your explicit consent. The only exception to this policy will take place if it is necessary to disclose information to law enforcement or other government authorities as part of an investigation, and the law demands that we comply.
Yabla may use cookies (small text files accessed by your web browser) as a way to track referrals from our marketing partners and credit them appropriately when necessary. No private personal subscriber information is transmitted to our marketing partners. Cookies may also be used to allow the Yabla server to recognize your computer when you log into the site.
Yabla reserves the right to change, modify or amend this policy at any time. Any such update will be posted here.
Write to us at: privacy@yabla.com