Privacy, Safety, and Trust
at Goodness Education

Our Commitment to Safeguarding Student Privacy

Educators use Goodness’ Platform to gather and monitor students’ daily emotional well-being, helping provide timely support. Protecting this sensitive data is central to Goodness’ mission. We are committed to ensuring student information remains safe, private, and exclusively educational.

Ensuring Student Data Security at Goodness

Goodness prioritizes student data protection through strict administrative, technical, and physical safeguards. Examples include:

  • Secure Employee Devices: All staff use centrally managed computers with Full Disk Encryption, automatic lockout, and strong password requirements.

     

  • Data Protection Framework: Our servers, hosted in the United States, are secured through encryption (AES-256 at rest, TLS/HTTPS in transit), access controls, and monitoring for unauthorized access.

     

  • NIST & CISA Alignment: Goodness implements controls consistent with the NIST Cybersecurity Framework (CSF), covering identification, protection, detection, response, and recovery. These controls align with recommendations from the U.S. Department of Education and the Cybersecurity & Infrastructure Security Agency (CISA).

Goodness never uses educational data for commercial purposes. Schools and districts maintain ownership of their data, with full control over access, retention, and deletion.

Student Data Exclusively for Educational Use

At Goodness, student information is used solely to support schools’ educational missions:

  • No Social Media Sharing: Student data is never shared with social platforms.

     

  • No Marketing or Ads: Goodness does not market, sell, or rent personal information, nor enable advertising directed at students.

  • Age-Appropriate Protections: Data from individuals under 18 is only collected in the context of services provided to schools/districts with verified consent, as outlined in our Client Information Policy.

Student Data Commitments

Goodness is guided by the following principles:

  1. Educational Use Only: Collect, use, share, and retain student data exclusively for school-authorized purposes.

     

  2. Transparency: Provide clear, parent- and teacher-friendly privacy policies.

     

  3. Security: Apply layered safeguards—technical, administrative, and physical—to prevent unauthorized access or breaches.

     

  4. Vendor Standards: Require any third-party service provider to meet equivalent privacy and security commitments.

     

  5. No Sale of Data: Never sell, rent, or use data for targeted ads.

  6. Retention Limits: Maintain data only as long as needed for authorized educational purposes, with deletion upon school/district request.

Privacy, Safety, and Trust FAQs

Is Goodness compliant with FERPA and PPRA?

Yes. Goodness complies with FERPA, ensuring student records remain private, and with PPRA, limiting collection to non-sensitive indicators (mood, hunger, tiredness).

Does Goodness comply with COPPA?

Yes. Goodness follows COPPA, under FTC guidance (16 CFR Part 312.5(c)(2)), allowing schools to act on behalf of parents to provide verifiable consent for services strictly used for educational purposes.

Does Goodness engage in data mining?

No. Goodness does not conduct data mining or profiling for marketing, advertising, or any commercial activity.

Does Goodness share student data with third parties?

No. Student data is never shared with third parties for advertising or marketing, including social media companies.

What should parents/caregivers do if they have questions?

Parents should contact their child’s school or district for access, correction, or deletion requests. Schools are the custodians of student records and will coordinate with Goodness as needed.

How does Goodness handle a data security incident?

Goodness maintains an incident response plan aligned with NIST and industry standards. In the event of a breach, we investigate immediately, mitigate impact, and notify affected schools/districts in accordance with law and contractual obligations.


For further inquiries regarding Privacy, Safety, and Trust, please contact us at [email protected]