Goodness Client Information Policy

At Goodness Group, Inc. (“Goodness,” “we,” “our,” or “us”), we are committed to protecting student and school data while providing services that help schools foster students’ emotional development and educational progress.

This Client Information Policy explains how we collect, use, store, and protect data when schools (“Clients”) use our platform and services. It also explains the responsibilities of schools under FERPA, COPPA, and other applicable privacy laws, and how parents and guardians can exercise their rights by contacting their child’s school.

Scope of This Policy

This policy applies to all personal information provided to Goodness by schools, districts, local education agencies, or educational institutions under a written agreement (“Clients”), or collected by Goodness as directed by Clients.

It does not apply to information collected directly from the public on our website, mobile app, or marketing channels. That information is covered in our Website/App Privacy Policy.

In case of any conflict, the written agreement between Goodness and the Client prevails.

Role of Schools and Parental Rights

Under FERPA and COPPA:

Schools act as the primary custodians of student data.
Schools are responsible for obtaining parental consent before student data is shared with Goodness.
Parents or guardians must contact the school directly to:
- Access their child’s personal data,
- Request corrections or updates,
- Request deletion of their child’s data from the platform.

If a parent contacts Goodness directly, we will promptly inform the school and follow their instructions before taking any action.

Compliance with U.S. Student Privacy Laws

Goodness is committed to complying with all relevant U.S. federal and state privacy laws, including:

FERPA (Family Educational Rights and Privacy Act),
COPPA (Children’s Online Privacy Protection Act),
PPRA (Pupil Privacy Protection Amendment).

Clients are responsible for obtaining parental or guardian consent, or providing required notifications, where applicable. Goodness only collects student data as instructed by Clients and solely for educational purposes.

No Marketing, Sale, or Advertising

Goodness does not sell, rent, or market student personal information.

We do not participate in, inform, influence, or enable advertising to students.

Student data is used only for purposes explicitly authorized by Clients and in compliance with applicable law.

Information We Collect

We collect information only as directed by Clients and only for educational purposes. This may include:

Student Information: Names, grades, survey responses, academic records, or roster data provided by the school.
School Staff Information: Teacher or administrator names, emails, and role information for account creation and access.
Parent/Guardian/Stakeholder Information: Contact details or survey responses when Clients request family or community engagement surveys.
Technical Data: Automatically generated information such as IP addresses, device type, browser logs, cookies, and engagement data (used only for functionality, not for advertising).

Clients must notify Goodness if they suspect unauthorized submission of personal information.

How We Use the Information

We use personal information only within the scope of a Client’s written agreement, including:

Delivering emotional well-being check-ups, surveys, and reports as requested by the school,
Providing analytics, reports, and insights for educational purposes,
Supporting teachers and administrators through reminders and platform notifications,
Conducting research and development to improve the platform, with data anonymized or aggregated where required,
Enhancing usability and security of the platform,
Providing customer support and technical troubleshooting.

Sharing of Information

We may share information only:

At the Client’s request, e.g., providing data to a parent or authorized third party,
With service providers (e.g., cloud hosting, delivery services, security providers) under confidentiality agreements,
When required by law or to protect safety,
During business transitions, such as mergers or acquisitions, under continued confidentiality obligations.

We do not share student data for marketing or advertising.

Data Security Practices

Goodness implements controls aligned with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring identification, protection, detection, response, and recovery against incidents. This includes encryption of data at rest and in transit, secure authentication, and information security practices consistent with K-12 standards. Although not a federal mandate, the NIST CSF is the U.S. Department of Education and CISA’s recommended framework for K-12 cybersecurity readiness, which Goodness fully embraces, including:

Data encryption (AES-256 at rest, TLS/HTTPS in transit),
Role-based access controls for teachers and administrators,
Two-factor authentication for administrators,
Firewall systems, SSL protocols, and strict access controls,
Secure hosting in the U.S.-based facilities,
Logging, monitoring, and incident response protocols,
Regular security audits and staff training.

In case of a breach, we promptly notify Clients and take corrective action.

Data Retention

We retain data only as long as necessary to provide services under a Client’s agreement.

Clients may request deletion of data at any time.
Minimal data may be retained for legal, tax, or auditing requirements.

Policy Updates

We may update this policy to comply with new laws or improve transparency.

Major updates will be notified to Clients by email,
Updates take effect immediately upon posting with a new effective date.

Contact Information

For questions about this policy:
Goodness Group, Inc. – Privacy Office
Email: [email protected]
Address: 1160 Harbor Ct, Hollywood, FL 33019

To access, update, or delete student data, parents or guardians must contact their child’s school directly.

Effective Date: Aug 21, 2025

Last Updated: Aug 21, 2025