Product: VitalSource Learning Platform
Vetted by
Kevin
Lewis,
Data Privacy Officer
at 1EdTech
on 2022-02-09
Privacy Rubric Results
This product has met the criteria required to achieve the 1EdTech Data Privacy Seal.
- N/A
- UNMET
- PARTIAL
- MEETS
Data Collection
Security
3rd Party Data
Advertising
Certified
| Rubric Area | Expectations | ||
|---|---|---|---|
| General | Meets | Partially Meets | Doesn't Meet |
|
GEN1 - How are changes to key policies managed?
ANSWER: Notification is provided to the user in advance and a history of policy revisions are available
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Data Collected | Meets | Partially Meets | Doesn't Meet |
|
DCQ1 - Do the policies list all data collected?
ANSWER: Policies list the data collected OR policies state no data is collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
DCQ2 - Do the policies indicate how data is collected?
ANSWER: Policies state specifically how data is collected OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
DCQ3 - Do the policies state who owns the data?
ANSWER: Policies state the user owns the data alone OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
DCQ4 - Do the policies allow users to delete their data entirely?
ANSWER: Policies allow users to delete data entirely after a period of time OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
DCQ5 - Do the policies state the retention of data?
ANSWER: Policies have a 60-day or less retention policy OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Security | Meets | Partially Meets | Doesn't Meet |
|
SECQ1 - Do the policies state how data is protected?
ANSWER: Policies list the steps taken to protect data or OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SECQ2 - Do the policies state all confidential & sensitive information is encrypted throughout?
ANSWER: Data encrypted throughout OR passes an encryption test with no vulnerabilities OR policies state no data collected
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SECQ3 - Do the policies state whether or not it enforces strong password creation?
ANSWER: Supplier enforces strong password creation OR supplier user base exempt from password requirements or OR no account creation required
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SECQ4 - Do the policies indicate whether or not it leverages 2 step (or other forms of multifactor) authentication?
ANSWER: Supplier uses SSO or an LTI launch OR no account creation is required OR supplier user base exempt from 2-step authentication requirements
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SECQ5 - Do the policies state the use of cookies?
ANSWER: Policies list all cookies used and each cookie's purpose OR policies state that it only uses cookies that are crucial for app functionality
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Third Party Data | Meets | Partially Meets | Doesn't Meet |
|
SHRQ1 - Do the policies state the use of third parties?
ANSWER: Policies list each third party separately OR policies state third party use strictly for app functionality OR policies state that they do not use third parties
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SHRQ2 - Do the policies state what information is shared with each 3rd party?
ANSWER: Policies list the data it shares with each third party separately OR policies state that it does not share any data with any third party
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SHRQ3 - Do the policies state whether or not users can opt out of 3rd party data sharing?
ANSWER: Policies include an easy opt out process for users OR policies state that it does not share any data with any third party
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SHRQ4 - Do the policies state if the supplier requires 3rd parties to adhere to the terms of the vendor/customer agreement?
ANSWER: Supplier claims responsibility for third party privacy practices OR policies state that it does not share any data with any third party
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
SHRQ5 - Do the policies state whether or not user is notified of a change in third parties?
ANSWER: Supplier changes third party and keeps the same data sharing terms OR supplier does not use any third parties
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Advertising | Meets | Partially Meets | Doesn't Meet |
|
ADVQ1 - Do the policies indicate if advertisements are displayed?
ANSWER: No ads are displayed
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
ADVQ2 - Do the policies indicate whether or not users are targeted for advertisement?
ANSWER: Policies guarantee no ad targeting OR Policies state no ads are used on its platform
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
ADVQ3 - Do the policies indicate whether or not any 3rd parties track or collect information for advertisement?
ANSWER: Policies state third parties are not used for ads or tracking
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
ADVQ4 - Do the policies indicate whether or not web beacons or other tracking methods are used for ad purposes?
ANSWER: Policies state that it only tracks interactions within its application OR policies state that it does not use any tracking technologies for ads
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
ADVQ5 - Do the policies state whether or not users can opt out of sharing data with advertisers?
ANSWER: Policies state in detail how users can opt out of sharing data with advertisers OR policies state no ads are used on its platform
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
Vetting Context
Policies Cited
The following urls were cited as a basis for this information.
- Terms of Service/Terms of Use https://support.vitalsource.com/hc/en-us/articles/204612518-VitalSource-Technologies-LLC-Terms-and-Conditions-of-Use
- Privacy Policy https://support.vitalsource.com/hc/en-us/articles/201646123-VitalSource-Technologies-LLC-Privacy-Policy
- Cookie Policy https://support.vitalsource.com/hc/en-us/articles/360003928273-VitalSource-Technologies-LLC-Cookies-Notice
- The person providing this information is NOT using the product.
- The supplier was reportedly consulted about this evaluation.
Geographical Context
(Laws and regulations can vary across regions)
Tennessee
United States
Email Kevin about this record
The views and opinions expressed in this information are those of the authors and do not necessarily reflect the official policy or position of 1EdTech. The information provided is intended to surface trends about the policies and procedures of systems leveraged by the educational community. It should not be considered legal advice.
Disclaimer:
1EdTech Trusted Apps
provides a vetting of a product's data policy according to the
1EdTech Trusted Apps Rubric.
Achieving the
TrustEd Apps Certified Seal
indicates adherence to a baseline level of privacy.
Institutions should review an application's detailed vetting results before approving it for use.
© Copyright 2024 1EdTech Global Learning Consortium Inc. All Rights Reserved.
App Vetting Rubric Version: 2