Privacy & Security Commitments to Schools
Avatar
Flipgrid Support

Flipgrid is officially part of Microsoft. Check out the announcement here - blog.flipgrid.com/bettertogether

Flipgrid's privacy terms (legal.flipgrid.com) outline our industry-leading privacy and security commitments supported by the team at Microsoft. We are used by educators throughout the world and the privacy of your student data is very important to us. Below is an outline of Flipgrid's commitment to educator and student data with all official documents at legal.flipgrid.com:

Privacy of Educator & Student Personal Data

Flipgrid is an educational offering and any personal data that is collected from or generated by Flipgrid is used only to provide that educational offering:

  • We abide by the Student Privacy Pledge, which pledges us to “not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes.”
  • Educators control the content in their Grids and are able to edit/delete any student content. All data will be saved on Flipgrid until deleted by the educator or student. Any deletion is immediate and permanent.
  • Flipgrid can be used by students of all ages.
  • We do not sell or share student data with any marketers.
  • Data collected by Flipgrid is only processed to provide, improve & develop the service, provide customer & technical service, and comply with applicable laws.
  • Parent, student, eligible student, teacher or principal should contact the Grid educator directly to understand the Grid educator's privacy practices or to request to access, change or delete information collected by the Grid educator when using Flipgrid.
  • Any 3rd parties also must abide by Flipgrid's data practices. We periodically conduct or review compliance monitoring and assessments of 3rd parties to determine their compliance with Microsoft’s Supplier Security and Privacy Assurance (SSPA) program. Also see Microsoft's Supplier Code of Conduct.

Security Best Practices

Flipgrid has robust data security, follows industry best practices, and is routinely reviewed by experts at Microsoft:

  • Data is stored in a secure datacenter facility located in the United States.
  • Security practices, processes, and controls include, but are not limited to, encryption of data in transit, encryption of data at rest, manual & automated monitoring & auditing systems, and access control. Data at rest is encrypted using AES-256 and data in transit is encrypted using TLS protocol standards.
  • Security practices and controls are validated through third party penetration and vulnerability assessments.
  • Implementation of least privilege data access by limiting employee access to whatever extent is required for them to perform their job functions. Flipgrid follows employee access best practices including, but not limited to, employee training & education, signed confidentiality agreements, criminal background checks, and secured access control such as network & application level firewalling & two-factor authentication.
  • Upon becoming aware of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Student Data or other personal information, promptly and without undue delay Flipgrid will (1) notify affected individuals (either directly or through the Grid educators) of the Security Incident; (2) investigate the Security Incident and provide affected individuals with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. 

This plan outlines Flipgrid's commitments for New York Schools, the Education Law 2-d Rider, and Parent's Bill of Rights.

If you do have any questions about our privacy & security commitments, COPPA, FERPA, GDPR, or CCPA please reach out to us and we would be happy to provide the answers!