Privacy Policy | Toddle

Our Privacy Policy

Last Updated: November 21, 2024

It is our mission to help teachers deliver meaningful learning experiences. To achieve this, we build easy to use tools that help make things simple for teachers and empower them to focus on the important things. It is hence critical that we create a safe and secure environment where teachers, children, and parents freely share content and ideas. Creating such a safe and secure environment is central to the success of our endeavours.

FERPA logo
Student Privacy Pledge logo
Privacy Policy illustration

Introduction 

This Privacy Policy governs the use of data collected by our websites toddleapp.comweb.toddleapp.com, web.toddleapp.cn, and our apps – Toddle Family, Toddle Educator and Toddle Student (hereafter, collectively referred to as “the Service”, “Toddle”, or, “the Toddle Service”).

By using Toddle, you are agreeing to this Privacy Policy. If you do not agree, please refrain from using Toddle. You can contact us anytime with queries about this Privacy Policy at privacy@toddleapp.com.


Definitions

“Profile”
This includes personally identifiable information that we collect when you create an account. This may include First Name, Last Name, Email, and Phone Number of the user.

“Class Journal”
This includes all the content added to the class journal.

“Academic Plans”
This includes the Programme of Inquiry, Unit Plans, Learning Experiences, Assessments, Schedule, Reflections created by the teachers using the planning elements on Toddle. The external resources added by the teacher are not included in this.

“Messages”
This includes the messages sent via Toddle – both from parents to teachers and vice- versa.

“Student Portfolio”
This includes all the content added to a specific student’s portfolio.

“Student Data”
Any data collected by Toddle that can be linked back to an individual student. This contains name, age, Email ID, name of parents, school name, and the assessment data.

“Toddle Resource Bank”
A collection of all the Academic Plans created by teachers. By default, the Academic Plans are private to the school.

“Insights”
Toddle analyses the data collected from the teachers and students and converts them into actionable points to support teachers in teaching and learning. This set of actionable data-points is collectively referred to as Insights.

“Large Language Models (LLMs) ”
Refers to advanced artificial intelligence models designed to process and analyze natural language data on a vast scale. These models possess significant computational power and have been trained on extensive datasets to understand and generate human-like language patterns, responses, and context.

Data Controller/Data Fiduciary
The Data Controller/Data Fiduciary is the entity that decides why and how information is used in Toddle. In most cases, this will be a School.

Data Subject/Data Principal ”
The Data Subject/Data Principal is the individual (teacher, student, parent) to whom the personal data belongs. These individuals have rights over their data, such as seeing it, correcting it, or deleting it.

Data Processor ”
Toddle is a Data Processor. Toddle stores and manages information according to the instructions given by the Data Controller/Data Fiduciary.


What is Toddle?

Toddle is one stop solution for educators that seamlessly integrates curriculum planning, portfolios, evidence collection, progress reports and communication. Toddle has a web end as well as a mobile end. The Toddle platform has 4 different types of users – Teachers, Students, Parents, and School Administrators. Below is a brief summary of what each type of user can use the platform for:

Teachers: Teachers use Toddle for planning (Unit Plans, Lesson Plans etc), for collecting evidence of learning, for continuous reflection, for assessment evaluation and for contributing to student portfolios.

Students: Students use Toddle to document their learning journeys, set their personalised goals, receive and self-evaluate assessments, and add work to their portfolios.

Parents: Parents are linked to individual students and can see their portfolios. Parents also get access to school calendar, school news, and school policies through the Toddle Family app. The app can also be used for communicating with teachers.

Administrators: Administrators can edit and approve all the academic plans, add, delete and edit the rights of other users from their organisation. They can also see insights for better program implementation.

Toddle and Privacy Certifications

Toddle is a signatory to the Student Privacy Pledge, agreeing to a set of principles intended to safeguard student privacy, including responsible stewardship, protection, and transparent handling of student personal information. Read more about the Student Privacy Pledge .

Toddle participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org.

Parental Consent

Schools must get verifiable parental consent for using Toddle for children below legal age (as specified by the local laws). The legal age of children in the USA is 13 years. In case you come across an instance where Toddle is collecting information from a student without parental consent, please contact us immediately at privacy@toddleapp.com

Schools can download a sample of the Parental Consent form from here

Compliance with FERPA

Toddle partners with and is certified by iKeepSafe for compliance with FERPA.

FERPA is the “Family Education Rights and Privacy Act”. It governs the terms to protect personally identifiable information (PII) of students. Data collected by Toddle may include personally identifiable information from “education records” (Education Records in FERPA refers to documents, digital or otherwise, that may contain information related to a student and maintained by an educational agency).

Under this Privacy Policy, you designate Toddle as a “School Official” (School Official in FERPA refers to an agency that provides a service to schools for use and maintenance of FERPA records, is under the direct control of the school and uses PII only for authorised purposes). Toddle agrees to comply with FERPA. You can find more details on Toddle and FERPA here.

Compliance with COPPA

Toddle partners with and is certified by iKeepSafe for compliance with COPPA.

As a third party operator Toddle relies on School Consent for all underage children under COPPA.  Toddle operates as a School Official under the FERPA regulations and complies with these regulations as it relates to children under the age of 13.  If you are a school or teacher and you would like to obtain direct parental consent from the parent, Toddle has provided a consent form which can be downloaded here. We do not encourage children to share their work publicly. We continuously review and update our practices to ensure compliance with COPPA requirements. You can find more details on Toddle and COPPA here.

Compliance with GDPR

Toddle collects minimal information from you and only uses it for the purposes explicitly called out in the Privacy Policy. The data collected is stored securely using industry standards. All the details with regards to the nature of the data collected and the reason for collecting it can be found in the Privacy Policy. Toddle executes a Data Processing Agreement with all the schools in the EU/ EEA and Switzerland Regions. You can find more details on Toddle and GDPR here.

Compliance with California Consumer Privacy Act (CCPA)

As a service provider, Toddle is dedicated to complying with the California Consumer Privacy Act (CCPA). We provide California residents with clear rights regarding their personal data. These include the right to access, delete, and manage their personal information, with a guarantee of non-discriminatory service when exercising these rights. Learn more about Toddle’s compliance with the CCPA here.

Compliance with DPDPA

We are committed to complying with the Digital Personal Data Protection Act, 2023 (DPDPA), a comprehensive legislation that governs the collection, use, storage, and disclosure of personal data in India.

To ensure compliance with DPDPA, we have implemented robust data security practices and procedures. We only collect minimal data necessary for our services and store it securely using industry-standard measures. Our Privacy Policy outlines what data we collect and how we use it. Additionally, we have established transparent data governance processes to ensure responsible data handling. Learn more about Toddle and DPDPA here.

Compliance with Australian Privacy Principles

Toddle is committed to maintaining the highest standards of privacy protection and complying with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988. We only gather and handle personal information when necessary for delivering our services, subject to your explicit consent. Your data is securely stored using industry-standard methods and we are open about how we collect, use, and disclose it as outlined in our Privacy Policy. More details about our conformity with the APPs can be found here.

Compliance with KSA’s Personal Data Protection Law (PDPL)

At Toddle, we are dedicated to ensuring that your personal data is handled with the utmost care and in accordance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL). Our approach to data protection is guided by the principles and rights outlined in PDPL, ensuring transparency, security, and respect for your personal information. Learn more about Toddle and KSA PDPL here.

Data collected by Toddle

We only collect the data that we need for providing Toddle services. It is our honest endeavour to minimise the data that we collect about our users.

We collect information from all individuals creating an account on Toddle. This includes teachers, students, parents, other family members of students, and schools. De-identified or pseudonymised user information is also acceptable.

We also collect log data from all the visitors to our website and teachers and school administrators willingly leaving data for our marketing campaigns.

Below is a list of data that we collect from our different users and and how we refer to it:

“Profile”: This includes personally identifiable information that we collect when you create an account. This may include First Name, Last Name, EMail and Phone Number of the user.

“Class Journal”: This includes all the content added to the class journal.

“Academic Plans”: This includes the Programme of Inquiry, Unit Plans, Learning Experiences, Schedule, Reflections created by the teachers using all the planning elements as specified in the customisable templates. The external resources added by the teacher are not included in this.

“Messages”: This includes the messages sent via Toddle – both from parents to teachers and vice- versa.

“Student Portfolio”: This includes all the content added to a specific student’s portfolio – photos, videos, notes, comments etc.

“Student Data”: Any data collected by us that can be linked back to an individual student. This contains name, age, Email ID, name of parents and the school name.

“Log Data”: We collect log data such as your IP address, browser type, device type, operating system, and your mobile carrier. Additionally we also use cookies to keep you logged into your system to improve your user experience.

Mobile Applications

When using our mobile application, Toddle may access features such as the camera, music, album/gallery and accelerometer on your device to provide the desired services. For example, when you use the portfolio, scan QR code, or add student functions to shoot in real-time; When you use profile settings and upload portfolio photos/videos; or when you use portfolio recording to capture voice input through the microphone. If you do not turn on permissions, you will not be able to use the specific functions related to those permissions, but this will not affect your use of other services provided by the Toddle App.

Why do we collect this data?

We use the collected data only to provide services to you as laid out in the Privacy Policy and as authorised by your school. Below are a few use cases that we have for the collected data:

  • Allow users to retrieve, view and edit Academic Plans
  • Allow users to access and use our various features such as Journal Content, Activities, Messages etc.
  • Send notifications about activities and updates on your account
  • Analyse usage information to investigate, prevent, and detect activities on our service that we believe may violate the law or applicable regulations
  • Provide customer support to users
  • Derive insights from usage trends to develop new features or to improve the existing ones

Where do we store the data?

  • Our data is hosted on Amazon Web Services (AWS) servers.
  • For our users in Europe, we store the data in servers in Ireland to ensure compliance with GDPR. 
  • For our users in Australia, we store the data in servers in Sydney to ensure compliance with APA.
  • For our users in China, we store the data in servers in Beijing to ensure compliance with PIPL.
  • For users in other regions, they can opt for data storage in any of the following locations:  
     – Australia, Ireland, Singapore, United Arab Emirates, and United States of America

What is the data NOT collected for?

  • We do not allow advertising or sharing data for advertising for any data collected through the Toddle website (web.toddleapp.com), or our apps
  • We never display ads, share data for the purpose of displaying ads, or allow data collection by advertisers or data brokers on the Toddle website (web.toddleapp.com) or our apps
  • We never sell data to anyone for any purposes
  • We never allow profiling of our users for targeted online ads on the Toddle website (web.toddleapp.com) or our apps

Data Retention

Toddle will retain your information for 7 years or as long as necessary to fulfill the purposes outlined in its Privacy Policy. Data that Toddle processes on behalf of its customers will be retained under Toddle’s Terms of Service, Toddle’s Data Processing Agreement, as mandated by law, and any other relevant agreements. Before deleting your data, Toddle will send out 3 reminders to you.

When does Toddle share data with third parties?

We use a few third-party services in order to operate and improve Toddle. All these services are contractually prohibited from using that information for any other purpose other than to provide the Toddle service. You can find a list of our third party service providers here.

In case of the sale, merger, bankruptcy, sale of assets or reorganisation of our company, we may disclose or transfer your data. We will notify you of the same and the terms of this Privacy Policy will apply to your data when transferred to the new entity.

Third Party Analytics

  • In order to improve your experience with Toddle, we collect and use aggregate data about usage patterns of how you use Toddle – for example, how you interact with various features on a page, the buttons that you click, the time that you spend on a page, etc. This is done to streamline existing user experience and to provide you a better experience of using Toddle.

  • We use a small number of third-party services to collect and analyse this data (such as Google Analytics, Sentry). These services are contractually obligated only to use data about your usage of Toddle to provide analytics services to us and are prohibited from sharing it or using it for other purposes. You can find details of all the third party analytics services that we use here.

Toddle’s Use of AI

This section explains how we collect, use, disclose, and protect your information when using Toddle AI’s services. Please read this section carefully to understand how we handle your data. Kindly note that this section is only applicable if your school has subscribed to using Toddle AI. By accessing or using Toddle AI’s services, you agree to the practices described in this section:

  1. Information Collection and Use

1.1. Pseudonymized Data: Toddle AI uses pseudonymized data collected from schools as context for prompts to LLMs. This data does not contain personally identifiable information (PII) of any individual and is scrubbed of any identifiable details that could be used to trace back to specific individuals. Toddle shares data about progress reports, unit plans, learning experiences and interactions of teachers with Toddle AI. 

1.2. LLMs Responses: The responses from LLMs are generated based on patterns learned from the pseudonymized data and do not contain any specific information about individual users, or any other identifiable parties. 

  1. Data Security

Toddle AI takes the security of the data seriously. We implement industry-standard measures to protect the confidentiality and integrity of the data we collect and process. Access to the LLMs and the pseudonymized data is restricted to authorized personnel only and we follow the principle of least privilege.

  1. Data Retention

The pseudonymized data collected from schools may be retained for as long as necessary to maintain the effectiveness of the LLMs and the quality of the services. 

  1. Third-Party Disclosure

Toddle AI does not share any personally identifiable information (PII) with the LLMs or any third parties. The LLMs operate solely on pseudonymized and non-identifiable data.

  1. Compliance with Laws

Toddle AI complies with applicable data protection laws and regulations. We are committed to maintaining the privacy and security of the data we handle.

  1. Updates to this Policy

Toddle AI may update this policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will provide prominent notice of any material changes to this policy on our website or through other means.

  1. Contact Information

If you have any questions, concerns, or requests regarding this policy or Toddle AI’s use of LLMs, please contact us at privacy@toddleapp.com

Use of Cookies and Advertising

We use Cookies and other similar services (such as Local Storage) to keep you logged in to Toddle, customize your Toddle experience, understand how you use Toddle, and promote Toddle to relevant teachers and schools. On the Toddle Website (toddleapp.com), we also use the Facebook pixel to understand how visitors, including those who may be directed from our apps, use our website. Information collected through the Facebook pixel may be shared with Facebook. We do not use these technologies on our website (web.toddleapp.com) and our apps for advertising or marketing purposes, and we do not knowingly collect personal information from children under 13 without verifiable parental consent.

You can remove or disable cookies via your browser settings, in which case your experience with Toddle will not be optimal.

Abandoned accounts

We consider an account to be abandoned if it has not been accessed for over a year. We will delete an account and all content associated with such accounts. However, to prevent accidental deletion, we will notify the teacher, the school and any other email IDs associated with the account and provide an opportunity to download the data of the abandoned account.

Viewing, editing or Porting your information

Parents are encouraged to work directly with teachers and school to make any changes in your data. If however, you need to get in touch with us, you can write to privacy@toddleapp.com and we will work with the school and do our best to make the required changes.

Teachers, administrators and parents can directly edit their information in their Toddle profiles. Schools also have a right to use any other similar service and can place a request to get all of their data. We will do our best to comply to such requests. Once the pending request is processed, the data retention and deletion policies will be followed.

Deleting Toddle Account

You have the right to “forget ability”, i.e., we will remove all your information from our systems if you so wish. If you would like to delete your Toddle account or any content submitted to Toddle, please send an email to privacy@toddleapp.com. We will notify you with email before deleting your account from our database. After receiving your request, we may still retain information for up to 365 days to provide customer support and prevent accidental deletion.

For users in the USA, please note that to comply with FERPA, we may need to retain certain student education records once a valid request to inspect those records has been made and we may retain your data to comply to the FERPA requirements.

Data Protection Practices

We follow the latest, industry standards to protect your data. Some measures that are in place include use of highly secure, access-controlled data centres, data encryption in transit, and encryption data at rest etc.

Despite these measures, in the event of a security breach, we will notify affected account holders within the amount of time required by the local law or by Toddle’s internal data breach policy, whichever is more stringent, so that you can take steps to keep your data safe.

Changes to the Privacy Policy

We may from time to time make changes to this Privacy Policy to account for changes to our practices or applicable law. If we make changes to this Privacy Policy that we believe will materially affect your rights, we will notify you by email about these changes. If you continue to use our service after you receive notice of changes to this Privacy Policy, we will assume that you have accepted these changes.

For previous versions of the Privacy Policy, please reach out to us at privacy@toddleapp.com

Contact Information

Our Data Protection Officer is Anshul Chauhan. If you have any questions about this Privacy Policy, please feel free to write to us at: privacy@toddleapp.com and we will reach out to you as soon as possible.

If you are based in India and you have any grievance or complaint about how your personal data is being processed you can contact the Grievance Officer for India – Anshul Chauhan via e-mail address privacy@toddleapp.com