Terms of Use

LinkIt!™ (Licensor) provides technology resources for its customers within the educational sector (Licensees) through its web-based data warehousing and analytics platform. Our public-facing website offers information about its products, services, policies, and recommended security/privacy practices for K-12 communities. Our customer portal may only be accessed by authorized users who have been approved by the Licensor’s or Licensee’s organization, and who are subject to the terms and conditions outlined here.

1. Privacy and Security. LinkIt does not sell, share, distribute, or otherwise grant access to any de-identified, confidential, and personally identifiable student information to any third party without the explicit written consent of the Licensee, unless such third party is a contractor or subcontractor of Licensor, has signed a non-disclosure agreement with the Licensor, and warrants that it maintains security and privacy controls and practices that are at least equivalent to those implemented by LinkIt.

2. Legal Compliance. LinkIt complies with FERPA, COPPA, PPRA, HIPAA, DMCA, IDEA, CIPA, SOPIPA, and similar laws when applicable to our US-based school or school district customers. With respect to its non-US customers, LinkIt complies with applicable laws like the Australian Privacy Act and conforms to ISO/IEC 27001. LinkIt collects and handles covered data (e.g., education records and personally identifiable information or PII) to provide contracted, educational services as directed by our customer school or district.

   1. FERPA (Family Education Rights and Protection Act). LinkIt acts as a “school official,” which means that the customer school or district owns the protected personally identifiable information (PII) it shares with LinkIt, for which the latter acts as the data controller, implementing district and school policies regarding data collection, secure storage, and disposition. 
   2. COPPA (1998 Children’s Online Privacy Protection Act and proposed Children and Teens’ Online Privacy Protection Act). LinkIt never sells, shares, or transfers student PII to third parties for any commercial or marketing purpose. This guarantee applies to any student regardless of age (whether under 13 years of age or older). To the extent that COPPA applies, our customer school or district provides us with the necessary consent on behalf of students’ parents or guardians to permit student use of the LinkIt platform.
   3. HIPAA (Health Information Portability and Accountability Act) and PPRA (Protection of Pupil Rights Amendment). LinkIt complies with HIPAA and PPRA requirements in its handling and encryption of applicable information used and/or developed through its Intervention Manager, MTSS, and Navigator Analytics tools.
   4. DMCA (Digital Millennium Copyright Act). LinkIt respects the intellectual property (IP) of others and expects that others respect LinkIt’s, as outlined in this document, its software licensing and data privacy agreements, and notifications on its content and materials. LinkIt also credits the work of researchers who have influenced the development of LinkIt’s educational resources (e.g., intervention strategies).
   5. IDEA (Individuals with Disabilities Education Act) and Section 508. LinkIt incorporates WCAG guidelines as part of its quality assessment and testing processes during product and website development.
   6. SOPIPA (Student Online Personal Information Protection Act). LinkIt does not engage in activities directly or indirectly that target students for marketing opportunities. Visitors to its public-facing website can determine their cookie management preferences. LinkIt protects information uploaded to, or shared through, LinkIt’s Customer Portal in accordance with relevant federal, state, and local regulations. LinkIt’s security, privacy, and product development practices conform to NIST, ISO/IEC, and industry frameworks and guidelines. 
   7. Australian Privacy Act and Privacy and Data Act of 2014 (Victoria). LinkIt adheres to the information privacy principles outlined in these acts and maintains a separate, SOC2-certified data storage facility in Australia as the secure repository for covered data owned by its customers in that region.

3. Modification of Terms. LinkIt reserves the right to update its terms and conditions to align with changes in federal, state, and local regulations. LinkIt will notify current customers when it makes significant changes to its security and privacy policies. 

4. Contact Information. Additional information about LinkIt’s security, privacy, digital accessibility, and AI practices is available on the public website under the Trust Center. Questions related to LinkIt’s security, privacy, AI, and digital accessibility practices and policies should be directed to LinkIt’s Security/Privacy Team.

5. Ownership and License Grants. LinkIt grants usage rights but retains intellectual property (IP) rights to all forms, testing/instructional items, templates, and related materials (including instructional videos) it provides to its customer schools or school districts for the contract performance period. Such usage rights pertain to the License and cannot be shared or transferred without signed consent from LinkIt. Upon termination of an agreement with a school or school district, LinkIt requests that the Licensee return, destroy, and/or cease using all LinkIt-proprietary materials.

6. AI Technology Use. LinkIt has launched initiatives to incorporate AI technology tools into internal processes and, as an option for its customer schools and school districts, into its product and services offerings. Its use of these technologies is predicated on the principles of safety, accountability, efficacy, transparency, bias mitigation, and data privacy. 

   1. LinkIt is developing a bank of recommended prompts to facilitate and track chain-of-thought reasoning behind an AI-assisted solution.
   2. LinkIt has introduced a limited set of approved AI tools for use by internal departments. Tools are used within a sandboxed environment to protect customer- and company-proprietary information.
   3. LinkIt has established an AI Review Board (AIRB) to ensure that products developed using AI tools have received appropriate quality assurance testing and human review.
   4. LinkIt identifies how AI was used in the preparation of analytical reports and other services, in addition to incorporating human review of outputs.
   5. LinkIt strongly encourages that its customer schools and school districts also incorporate human review of AI-assisted outputs. AI is a technology still in its infancy and is prone to making mistakes and/or misrepresentations.

7. Customer Portal/LinkIt Platform Protection.

   1. Student performance data for US customers is stored in a US-based, secure remote server (a Microsoft SQL Server Database or its equivalent) in a SOC2-certified facility. Covered data for its Australian customers is stored in an equivalent facility in Australia. Students, teachers, and administrators can access the Platform from any computer with an Internet connection, subject to specific minimum technology requirements.
   2. Data Access. LinkIt employs various control mechanisms to restrict access to customer-owned data. These controls include data segregation to create secure data silos so that a district cannot view another’s protected data; multifactor authentication (MFA), an option for customers to reduce their vulnerability to credential theft or identity spoofing; role-based access control (RBAC), coupled with least privilege/least functionality, to control what an individual or process is authorized to do with data that is accessed. LinkIt works with customer schools and school districts to define RBAC categories. 

   3. Data Protection (at rest, in transit). LinkIt uses physical and technical controls to secure and protect covered data while at rest and in transit.

      • In addition to ensuring the physical safety of its technology infrastructure and covered data by securing server rooms, offices, and hard copies, LinkIt secures its digital assets when at rest through encryption and hashing protocols (e.g., SQL Server, AES and SHA-256 in accordance with PCI-DSS guidelines).
      • LinkIt conforms to NIST 800-171 guidelines with respect to conducting periodic vulnerability assessments, penetration testing, file backup procedures, and incident response.
      • LinkIt protects data in transit through IPSec tunnels to the LinkIt virtual private cloud (VPC) using TLS 1.2 and TLS 1.3. All AWS APIs are available via SSH-protected endpoints. Secure socket layer (SSL) encryption is provided for data transmitted over the Internet.
      • Internal staff use virtual private network (VPN) technology to access sensitive data when working remotely.

   4. Data Retention/Transfer/Sharing. LinkIt retains only the covered data required to provide the contracted services and products.

      • During contract negotiations, the customer school or school district specifies which categories of student PII will be shared with LinkIt. This data is securely encrypted, stored, and retained throughout the contract performance period.
      • The customer school or school district directs LinkIt’s handling of covered data for a review of its accuracy or other purposes.
      • LinkIt returns covered data to the customer school or school district upon request (via secured file transfer mechanisms) and then permanently erases, destroys, or otherwise renders inaccessible or unrecoverable all account holder PII within 60 days of service agreement termination.
      • Upon written request from the customer school or school district, LinkIt will share or transfer covered data to another school or school district as provided under FERPA.
   5. Threat and Anomaly Detection. LinkIt uses sophisticated controls through its SOC2-certified cloud service provider (CSP) to deploy software and antimalware patches, monitor and log system and account activity 24/7, and mitigate vulnerabilities.

   6. Prohibited Use. LinkIt subscribes to the Association for Computing Machinery (ACM) Code of Ethics, which includes the following general ethical principles:

      • Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing
      • Avoid harm.
      • Be honest and trustworthy.
      • Be fair and take action not to discriminate.
      • Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
      • Respect privacy.
      • Honor confidentiality.

8. Customer Account Maintenance. Customer accounts are inventoried annually, in cooperation with the appropriate school or district representative(s), to ensure that access to data and associated account privileges are still valid (i.e., that the account holder has not experienced a change in employment status that would alter least privilege or least functionality requirements). 

   1. LinkIt may also deactivate or suspend accounts due to a change in employee status or an extended period of inactivity by the account holder. 
   2. If requested and due to urgent circumstances, LinkIt can deactivate an account within 24 hours of written notification by the authorized school or district representative.  

   3. Customer accounts must be configured to allow review or provide an audit trail of the following:

      • System alerts and error messages
      • Application alerts and error messages
      • Modifications to system applications
      • User logon and logoff attempts
      • Multiple failed logon attempts or simultaneous logon attempts
      • Automatic termination of the user session after a defined period of inactivity
      • System administration activities
      • Access to information, files, systems, and SFTP sites
      • Account creation, modification, or deletion
      • Password changes
      • Modifications of access controls (e.g., file permissions or privileges)
      • Modifications of system activity or audit logs
      • Additional security-related events as appropriate

9. Prohibited Use. The LinkIt Platform and associated materials and website may not be used for illegal or objectionable purposes. Such purposes include any of the following:

   1. Posting copyrighted or proprietary material without the permission of the owner 
   2. Posting material that infringes on another’s IP, privacy, publicity, or civil rights
   3. Posting material with the intent to bully, shame, or harm another individual
   4. Posting advertisements or solicitations of business, chain letters, or pyramid schemes
   5. Posting material that contains viruses, Trojan horses, worms, time bombs, cancelbots, or other computer programming routines or engines that are intended to damage, surreptitiously intercept, or expropriate any system, data, or information
   6. Using the website to solicit, threaten, or foment unlawful activity
   7. Modifying or using materials for other than legitimate educational purposes
   8. Using tools or third-party services to damage, disable, impair, or obtain unauthorized access to the LinkIt Platform and its materials
   9. Unless expressly permitted in the product usage description, please do not reproduce, upload, post, transmit, download, or distribute any part of this site other than printing out or downloading portions of the text and images for your own personal, non-commercial use.

10. Indemnification, Disclaimer, Limitation of Liability. LinkIt maintains business and cyber insurance coverage to protect its customer schools and school districts, as well as its platform. 

    1. LinkIt may provide links to third-party websites or resources through its website. Because LinkIt does not control such websites and resources, it cannot be responsible or liable for their content or performance. By connecting to those websites, you acknowledge and agree to waive any claim against LinkIt with respect to your experience upon using such websites and resources.
    2. LinkIt trusts that its customer schools and school districts use reasonable care to ensure that they are authorized to use materials uploaded to the LinkIt Platform or that materials meet Fair Use standards.