Chapperone's Privacy Policy

​

Chapperone Inc is a Delaware state registered company. Chapperone is based in the United States and is compliant to all relevant federal and state laws regarding data privacy and security. Furthermore, Chapperone is used internationally so it follows EU (GDPR) regulations to ensure the highest level of data security and protection for its users.
 
This Statement of Privacy Policy applies to the Chapperone mobile application and web application at https://www.gochapperone.com/.

 

For the purposes of this Privacy Policy, unless otherwise noted, all references to Chapperone include the web application, and the mobile app.

​

Use of data
 
Chapperone does not collect, maintain, use, or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student. We do not create or keep student profiles for non-educational purposes. WE WILL NEVER SELL YOURS OR YOUR STUDENTS' DATA.
 
As part of the registration process for the app, we do collect some personal information. For students, we use that information purely to provide you with the services that Chapperone offer. For adults, we use the information to provide you with our services and to also let you know about any developments related to Chapperone; to check our records are correct and to check every now and then that you’re happy and satisfied. We don't rent or trade email lists with other organizations and businesses. 
 
Chapperone uses cookies to collect information. This includes information about pages viewed, and the customer journey on our website. We then use third party services, Wix Visitor Analytics and Apple App Analytics, Google Play Analytics, Google Analytics and Sentry.io to collect anonymised standard internet log information and details of visitor behavior patterns. We do this to learn more about our customers’ experience and their needs. This information is only processed in a way which does not identify anyone. We do not make or allow any attempt to find out the identities of those visiting our website.
 
We use a third-party provider, Stripe to process payments, and Keap as our sales CRM.  We use a third-party provider, SendGrid, to deliver our e-newsletter to our adult users and never to students. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see SendGrid's privacy policy. 

We will only use third-party providers that have privacy policy and data protection practices that are consistent with ours.
 
We will also only contract with future companies that are consistent with our privacy policy and data protection practices and will allow users a choice to send information to the future entity.
 

Definition of student personal information
 
"Student personal information" is personally identifiable information, as well as other information, that is both collected and maintained on an individual level. This could include indirect identifiers, such as an email, IP address, and the other kinds of information that are ‘technical’ and ‘non-personal.’

​

We have included some information below related to the Children's Online Privacy and Protection Act ("COPPA") that shows our commitment to prioritizing student safety. COPPA requires that online service providers obtain parental consent and provide notice before they knowingly collect personally identifiable information online from children who are under 13 ("under-13 users"). Chapperone typically relies on a teacher, school, or school district to obtain verifiable parental consent to provide our services to under-13 users. Pursuant to COPPA, we may collect an under-13 user's name (first and last name), and email address in order to operate and provide the Services. If we learn we have collected Personal Information from an under-13 user other than pursuant to the above, or if we learn that an under-13 user has provided us Personal Information beyond what we request from him or her, we will delete that information as quickly as possible after we have identified it. If you believe that an under-13 user may have provided us Personal Information in violation of this paragraph, please contact us at ali (at) gochapperone.com 

While COPPA requires Chapperone to follow these procedures for under-13 users in the United States, Chapperone employs the same process to obtain consent for all users under 13 years old.

 

Security of personal information
​
Security is a high priority requirement within every phase of our product development. We apply stringent processes to ensure the security of our systems and applications throughout design, development, testing, and day-to-day operations. We use a modern Software Development Lifecycle (SDLC). We use NIST CSF 2.0 to guide our security policies. We regularly conduct internal audits to address FISMA standards using a modified CSRAP. Additionally, we implement extra security measures for users who have access to sensitive student data.

​

All personal information provided by users is stored on hosting platforms that are ISO27001-certified including Firebase (Google owned), Amazon Web Services and Digital Ocean. These companies are GDPR compliant (EU regulations) and US regulations compliant. Therefore, Chapperone uses only the services of data storage companies that have the highest regard for data security. For more information, please see Firebase’s privacy notice, AWS’s privacy notice and Digital Ocean’s privacy notice.

​

We are hosted on a modern cloud platform in multiple locations. Our cloud-based hosting affords us many built in protections. Our backups are encrypted and stored securely at our cloud provider. We employ active protections including 24/7/365 security monitoring, web application firewalls, and DDoS protection. Your data is encrypted in transit and at rest, using TLS 1.3 for all data in transit.

 

Additionally we use role-based authorization (see below for more details) for access to all information in our databases. Our infrastructure is hardened based on guidance from the Center for Internet Security (CIS) Benchmarks.We use end to end encryption to protect your data and have additional layers of security for all sensitive student data. 

 

Role based security

​

We understand the importance of safeguarding personal information and ensuring it is accessible only to those who are authorized. Our platform offers multiple layers of permission settings to ensure that student personal information is available exclusively to those who absolutely need it, and only for the time they need it. School administrators and trip leaders are the only users with access to student personal information, protected by an additional two-factor authentication process to confirm their identity.

For teachers, we have a two-tiered permission system: i) Trip Leader and ii) Chaperone. Only Trip Leaders can view personal information, send group-wide communications, and make changes to trip details. Students and parents/guardians cannot view any participant information. For a detailed overview of user permissions, click here.

​

 
Data Retention
 
Chapperone does not keep any personal information for longer than necessary to deliver services or for school purposes. No personal information is kept in backups and any inactive or unused accounts will be deleted following time constraints of state and federal guidelines for data retention (not more than 8 years).
​
You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing ali (at) gochapperone.com
 

Disclosure/sale of data
​
Chapperone will NEVER sell student data under any circumstances. We do not permit selling information for advertising purposes, including behavioral targeting of advertisements.
​
Chapperone will disclose your personal information, without notice, only if required to do so by law or in the good faith and belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Chapperone or the service; (b) protect and defend the rights or property of Chapperone; and, (c) act under exigent circumstances to protect the personal safety of users of Chapperone, or the public.
 

 
Access to your personal information
​
Under GDPR, you are entitled to view, amend, or delete the personal information that we hold. Email your request to our data protection officer at ali@gochapperone.com
​

Changes to this Statement
 
Chapperone will occasionally update this Statement of Privacy to reflect company and customer feedback. Chapperone encourages you to periodically review this Statement to be informed of how Chapperone is protecting your information.
​

Contact Information
 
Chapperone welcomes your questions or comments regarding this Statement of Privacy Policy. If you believe that Chapperone has not adhered to this Statement, please contact Chapperone at:
 
81 Sherman Pl, 
Jersey City, NJ 07307
 
Email Address:
ali (at) gochapperone.com