Manage1to1 is Committed to Your Privacy
We have developed this Privacy Policy to outline how we collect, use, disclose, transfer, and store your information.
Manage1to1 (Overwatch Data Services, LLC) provides a variety of services (“Services”) to securely manage a portable device deployment. We understand the importance of privacy to our online visitors, to schools who register for our Services (“Schools”), and to students and staff (“end users”) whose information we may access on behalf of a School.
If You have entered into a separate Software as a Service Agreement (SaaS Agreement) with Manage1to1, the terms of that SaaS Agreement shall take precedence over the terms of this Privacy Policy in all respects where a conflict exists.
Our Commitments
- We will only collect the data that is necessary for the solutions and functions that the School has purchased from us.
- We will always treat that data with the utmost security and privacy.
- We will never sell student personal information.
- We will never share student personal information without the software license holder’s written authorization.
- We will never use student personal information to attempt to sell advertising to students.
- We will comply with applicable student privacy laws including the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA).
- As described below, Schools decide which data is integrated with our Services.
Scope
This Privacy Policy applies to our websites and Services (manage1to1.com, any content delivery networking frameworks used by manage1to1.com, and subdomains of manage1to1.com) and describes the steps we take to protect your data. This policy details the terms and conditions surrounding our use of the personally identifiable information we collect, namely our information gathering, use, maintenance, and dissemination practices necessary for the Services.
How We Collect & Use Your Data
We collect the following types of information:
District Information
When an authorized School administrator registers a School with Manage1to1 or corresponds with us online, we ask for certain information including a contact name, school name, school district, school email address and/or account name, phone number, message content, and information relating to the School’s information systems. We may also retain information provided by a School if the School sends us a message, posts content to our website or through our Service, or responds to emails or surveys. Once a School begins using a Manage1to1 Service, we will keep records of activities related to the Service. We use this information to operate, maintain, and provide the features and functionality of the Service, including customer service, support, and billing; to analyze our Service offerings and functionality; to communicate with our Schools and website visitors; to exchange information; and to offer related services such as event registration.
Student Data
Manage1to1 may have access to personally identifiable information about students (“Student Data”) in the course of providing its Services to a School. We recognize Student Data is confidential and do not use such data for any purpose other than to provide the Services on the School’s behalf. In all circumstances, Manage1to1 receives Student Data only from the School and never interacts with the student directly. Manage1to1 has access to Student Data only as requested by the School and only for the purposes of performing Services on the School’s behalf.
We may collect the following types of personally identifiable information from students via the School: first name, last name, email address, password, student ID numbers, grade level, school, and guardian information. We may also generate a login ID for the student that is different than the student’s actual name or under the School’s direction.
Non-Personally Identifiable Information
We may collect certain non-personally identifiable information from visitors to our sites and users of our Services, such as the date and time of their visit, the type of browser used (e.g., Chrome, Firefox, Edge), the type of operating system used (e.g., Windows or Mac OS), the ISP from which the visitor receives Internet access, and aggregate information regarding what pages users of the site access or visit. We may collect data for Schools to monitor and generate reports. In addition, we may monitor Schools’ onboarding tasks completed, number of user sessions on our websites, city and state/province where last accessing our Services, and responses to our survey questions.
We may also match non-personally identifiable information from registered members with personally identifiable information (such as the member’s name) in our database to track deployment progress, troubleshoot Services issues, analyze usage, and otherwise monitor Services to make improvements.
Anonymous Usage Data
Anonymous Usage Data refers to the data collected by Manage1to1 in connection with the use of the Software by You. This includes (a) the public IP address accessing the system, (b) traffic flow patterns throughout the Software, (c) data utilized to prevent and mitigate server attacks and compromises, and (d) license status. Additionally, Anonymous Usage Data may also include end-user data including, but not limited to, browser version, internet speed, proxy usage, browser addons, screen resolution, and access frequency information. Anonymous Usage Data is not considered district data or student data and is collected and used solely to improve the Service and monitor system health.
Cookies & Tracking Technologies
Manage1to1 uses cookies (both session and persistent cookies) and other tracking mechanisms to automatically collect information including IP addresses, session sources, and other data which tracks users’ access to the Services. We do not use this information to personally identify individual users beyond what is necessary for system functionality. This information is retained within Manage1to1 for use to specifically enhance the user experience via internal use only.
How We Use Cookies
We use or may use the data collected through cookies, log files, device identifiers, and similar technologies to (a) remember information so in subsequent visits a user will not have to re-enter it; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Services; (e) diagnose or fix technology problems; and (f) help users efficiently access information after signing in.
Clear GIFs and Pixel Tags
Clear GIFs (also known as web beacons, web bugs, or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs in connection with our Services to, among other things, track the activities of visitors, help us manage content, and compile statistics about site usage. We may also use clear GIFs in HTML emails to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third-Party Analytics
We use automated devices, applications, and other means, such as Google Analytics, to evaluate usage of our Manage1to1 websites and Services. We use these tools to help us improve our Services, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. Third-party advertising networks are never allowed to collect information about the users of our websites or Services.
Do-Not-Track
Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking by disabling cookies in your browser settings.
Data Roles
Data Controller and Data Processor
For data provided directly to Manage1to1 via our website, tradeshows, emails, phone calls, and support cases (such as contact information and sales inquiries), Manage1to1 serves as the Data Controller.
For all district data and student data processed through the licensed Manage1to1 Services, the School or School District serves as the Data Controller and Manage1to1 serves as the Data Processor. Manage1to1 processes district data and student data solely in accordance with the School’s instructions and only for the purposes of providing the Services.
Student Safety
Manage1to1 is committed to protecting the privacy and safety of students. We maintain the following practices:
- We never interact directly with students. All student data is received from and managed by the School.
- We do not display advertising to students or use student data for advertising purposes.
- We do not create student profiles for purposes unrelated to the educational services provided to the School.
- We do not knowingly collect personal information from children under 13 except as directed by and on behalf of a School, in compliance with COPPA.
- We support Schools in responding to parent or eligible student requests for access to, correction of, or deletion of student data in compliance with FERPA.
Data Accessibility
Manage1to1 does not author or provide any of the data within the system. The data is owned by the School District wholly and the School District is required to abide by all local and federal regulations as well as Manage1to1 policies. Our policy requires student personal information to be provided to parents and students for review and correction upon their request. This requirement follows your School District’s privacy and board policies and access will never be given directly by Manage1to1. All access to this data must be done directly through the School District.
Data Retention
Upon termination of Services, Manage1to1 will make district data available for export for a period of thirty (30) days. This grace period is to allow sufficient time for the district to retrieve any data they may need. Following this period, all district data, including student identifying data, will be securely removed from our servers, backups, and databases. Written confirmation of deletion will be provided upon request.
Districts with a separate SaaS Agreement should refer to that agreement for specific data return and deletion terms.
Third-Party Services
Manage1to1 will never share student information with third parties unless those third parties have privacy practices that are consistent with our own. The following third-party services may be used in connection with the operation of the Manage1to1 platform:
- Google Analytics — Platform usage analytics. Google Analytics collects anonymized usage data to help us improve our Services. No student data or district data is shared with Google Analytics.
- Mailgun (Sinch Email) — Transactional email delivery. Mailgun processes email addresses solely for the purpose of sending system notifications and communications on behalf of the Service.
These third-party services do not have access to student data beyond what is described above. We require that third-party service providers maintain privacy practices consistent with our own.
Security & Data
Manage1to1 maintains a comprehensive security program designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks such as unauthorized access or use, or unintended or inappropriate disclosure. Our security measures include:
- Encryption of all data in transit using TLS/SSL.
- Encryption of all data at rest using full-disk or database-level encryption.
- Multi-factor authentication for administrative access to systems containing district data.
- Role-based access controls limiting access to authorized personnel on a need-to-know basis.
- Automated vulnerability scanning and infrastructure monitoring.
- Third-party uptime and availability monitoring.
- Hosting on infrastructure certified under SOC 2+ (HIPAA), PCI (Merchant), CSA Star Level 1, ISO/IEC 27001:2022, and related standards.
All of our employees are required to undergo an initial background check, with subsequent checks performed regularly. Physical access to data equipment, backup equipment, and servers is limited to those with an expressed need to access, such as engineers and hardware personnel.
Data Breach Notification
In the event of a confirmed or suspected unauthorized access to, acquisition of, use of, or disclosure of district data or student data that compromises the security, confidentiality, or integrity of such data, Manage1to1 will notify the affected School or District without unreasonable delay and in no event later than seventy-two (72) hours after discovery. Manage1to1 will cooperate fully with the School or District in investigating and remediating any such incident.
Districts with a separate SaaS Agreement should refer to that agreement for specific breach notification terms.
Successor Entities
In the event of a merger, acquisition, or sale of all or substantially all of Manage1to1’s assets, district data and student data may be transferred to the successor entity, provided that the successor entity agrees to be bound by privacy practices consistent with this Privacy Policy. Manage1to1 will provide reasonable notice to affected Schools prior to any such transfer. Districts with a separate SaaS Agreement should refer to that agreement’s assignment provisions, which may require prior written consent.
Updates & Modifications to Policy
Manage1to1 reserves the right to update and/or modify this Privacy Policy at any time. Upon updating this Policy, the last modified date will be updated promptly. Changes to this Policy will be presented to users for review and acceptance upon next login to the Manage1to1 platform. Continued use of the Service following acceptance constitutes agreement to the revised Privacy Policy.
Where a separate SaaS Agreement exists, no amendment to this Privacy Policy shall diminish or conflict with the rights or protections afforded to the district under that agreement.