Privacy Rubric Results
This product has met the criteria required to achieve the 1EdTech Data Privacy Seal.
- N/A
- UNMET
- PARTIAL
- MEETS
Data Collection
Security
3rd Party Data
Advertising
Certified
| Rubric Area | Expectations | ||
|---|---|---|---|
| General | Meets | Partially Meets | Doesn't Meet |
|
User Notes
User Notes
GEN1 - How are changes to key policies managed?
ANSWER: Notification is provided to the user in advance and a history of policy revisions are available
User Notes:
"Notice is provided if the context in which data is collected changes. We will obtain consent from users if the practices in which data is collected change.
"
"Notice is provided if the context in which data is collected changes. We will obtain consent from users if the practices in which data is collected change.
"
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Data Collected | Meets | Partially Meets | Doesn't Meet |
|
User Notes
User Notes
DCQ1 - Do the policies list all data collected?
ANSWER: Policies list the data collected OR policies state no data is collected
User Notes:
We collect Personal Information you provide to us, as well as Personal Information collected automatically and from third-party sources such as the schools. If you are an end user of a school that uses our Product, your institution may have provided us with data to deliver the services. For the purpose of this policy, Personal Information is defined as information that identifies, relates to or could reasonably be linked with or describes an individual or household, either directly or indirectly. Policy also includes a table of data collected.
We collect Personal Information you provide to us, as well as Personal Information collected automatically and from third-party sources such as the schools. If you are an end user of a school that uses our Product, your institution may have provided us with data to deliver the services. For the purpose of this policy, Personal Information is defined as information that identifies, relates to or could reasonably be linked with or describes an individual or household, either directly or indirectly. Policy also includes a table of data collected.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
DCQ2 - Do the policies indicate how data is collected?
ANSWER: Policies state specifically how data is collected OR policies state no data collected
User Notes:
Cybernut collects data from two sources. Engagement data from simulation emails (ie -> we send fake phishing emails to users, and track how they respond to these), and the second is real threat reporting using our Cybernut Threat Reporting tool (ie -> users receive a real phishing email, and by reporting it with our plugin/addon, the info gets sent to our system, and their IT team can take action accordingly to delete/quarantine/ignore etc).
Cybernut collects data from two sources. Engagement data from simulation emails (ie -> we send fake phishing emails to users, and track how they respond to these), and the second is real threat reporting using our Cybernut Threat Reporting tool (ie -> users receive a real phishing email, and by reporting it with our plugin/addon, the info gets sent to our system, and their IT team can take action accordingly to delete/quarantine/ignore etc).
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
DCQ3 - Do the policies state who owns the data?
ANSWER: Policies state the user owns the data alone OR policies state no data collected
User Notes:
Customer shall retain all title to and ownership of and all proprietary rights with respect to User Data, and shall be solely responsible for its use thereof.
Customer shall retain all title to and ownership of and all proprietary rights with respect to User Data, and shall be solely responsible for its use thereof.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
DCQ4 - Do the policies allow users to delete their data entirely?
ANSWER: Policies allow users to delete data entirely after a period of time OR policies state no data collected
User Notes:
"Access: You can request a copy of the personal information that we have collected about you. Deletion: You can request that we delete your personal information. Please note that once we process a deletion request, we may be unable to provide access or support to any past products or services.
"
"Access: You can request a copy of the personal information that we have collected about you. Deletion: You can request that we delete your personal information. Please note that once we process a deletion request, we may be unable to provide access or support to any past products or services.
"
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
DCQ5 - Do the policies state the retention of data?
ANSWER: Policies have a 60-day or less retention policy OR policies state no data collected
User Notes:
The processing time for full deletion of all data would be 5 days (at the most), 1/2 days normal time.
The processing time for full deletion of all data would be 5 days (at the most), 1/2 days normal time.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Security | Meets | Partially Meets | Doesn't Meet |
|
User Notes
User Notes
SECQ1 - Do the policies state how data is protected?
ANSWER: Policies list the steps taken to protect data or OR policies state no data collected
User Notes:
All data is encrypted in transit and rest (all APIs are built via AWS API Gateway, which gives us inbuilt TLS and SSL). Our database we use also ensures encryption at rest. From our dashboard and APIs that are used, we don't expose any PII data.
All data is encrypted in transit and rest (all APIs are built via AWS API Gateway, which gives us inbuilt TLS and SSL). Our database we use also ensures encryption at rest. From our dashboard and APIs that are used, we don't expose any PII data.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SECQ2 - Do the policies state all confidential & sensitive information is encrypted throughout?
ANSWER: Data encrypted throughout OR passes an encryption test with no vulnerabilities OR policies state no data collected
User Notes:
SSL Labs report shows an overall rating of A+
SSL Labs report shows an overall rating of A+
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SECQ3 - Do the policies state whether or not it enforces strong password creation?
ANSWER: Supplier enforces strong password creation OR supplier user base exempt from password requirements or OR no account creation required
User Notes:
No free account creation available
No free account creation available
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SECQ4 - Do the policies indicate whether or not it leverages 2 step (or other forms of multifactor) authentication?
ANSWER: Supplier uses SSO or an LTI launch OR no account creation is required OR supplier user base exempt from 2-step authentication requirements
User Notes:
No free account creation available
No free account creation available
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SECQ5 - Do the policies state the use of cookies?
ANSWER: Policies list all cookies used and each cookie's purpose OR policies state that it only uses cookies that are crucial for app functionality
User Notes:
We don't use cookies at all, but if we did in the future, it would be strictly for the functionality of the application (and they'd be session specific).
We don't use cookies at all, but if we did in the future, it would be strictly for the functionality of the application (and they'd be session specific).
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Third Party Data | Meets | Partially Meets | Doesn't Meet |
|
User Notes
User Notes
SHRQ1 - Do the policies state the use of third parties?
ANSWER: Policies list each third party separately OR policies state third party use strictly for app functionality OR policies state that they do not use third parties
User Notes:
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SHRQ2 - Do the policies state what information is shared with each 3rd party?
ANSWER: Policies list the data it shares with each third party separately OR policies state that it does not share any data with any third party
User Notes:
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SHRQ3 - Do the policies state whether or not users can opt out of 3rd party data sharing?
ANSWER: Policies include an easy opt out process for users OR policies state that it does not share any data with any third party
User Notes:
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
Collected information is not shared with third parties. Data is not shared for analytics. Data is not shared for research and/or product improvement. Personal information is not shared for third-party marketing.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SHRQ4 - Do the policies state if the supplier requires 3rd parties to adhere to the terms of the vendor/customer agreement?
ANSWER: Supplier claims responsibility for third party privacy practices OR policies state that it does not share any data with any third party
User Notes:
Third-party services are not used to support the product. Contractual limits are placed on third-party data use. In the event of a merger, acquisition, or bankruptcy user information may be transferred to a acquiring third party. Third-parties with access to information are required to provide the same security protections as the company. Personal information can be displayed publicly. Data is not collected by third-parties for the purpose of tracking.
Third-party services are not used to support the product. Contractual limits are placed on third-party data use. In the event of a merger, acquisition, or bankruptcy user information may be transferred to a acquiring third party. Third-parties with access to information are required to provide the same security protections as the company. Personal information can be displayed publicly. Data is not collected by third-parties for the purpose of tracking.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
SHRQ5 - Do the policies state whether or not user is notified of a change in third parties?
ANSWER: Supplier changes third party and keeps the same data sharing terms OR supplier does not use any third parties
User Notes:
"Notice is provided if the context in which data is collected changes. We will obtain consent from users if the practices in which data is collected change.
"
"Notice is provided if the context in which data is collected changes. We will obtain consent from users if the practices in which data is collected change.
"
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
| Advertising | Meets | Partially Meets | Doesn't Meet |
|
User Notes
User Notes
ADVQ1 - Do the policies indicate if advertisements are displayed?
ANSWER: No ads are displayed
User Notes:
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
ADVQ2 - Do the policies indicate whether or not users are targeted for advertisement?
ANSWER: Policies guarantee no ad targeting OR Policies state no ads are used on its platform
User Notes:
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
ADVQ3 - Do the policies indicate whether or not any 3rd parties track or collect information for advertisement?
ANSWER: Policies state third parties are not used for ads or tracking
User Notes:
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
ADVQ4 - Do the policies indicate whether or not web beacons or other tracking methods are used for ad purposes?
ANSWER: Policies state that it only tracks interactions within its application OR policies state that it does not use any tracking technologies for ads
User Notes:
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
|
User Notes
User Notes
ADVQ5 - Do the policies state whether or not users can opt out of sharing data with advertisers?
ANSWER: Policies state in detail how users can opt out of sharing data with advertisers OR policies state no ads are used on its platform
User Notes:
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
We do not display any contextual, personalized, or targeted advertising in the product. Users can opt out of some types of marketing. Choices for marketing opt-out are listed below.
|
Answer Meets Expectations | Unselected Option: | Unselected Option: |
Vetting Context
Policies Cited
The following urls were cited as a basis for this information.
- Terms of Service/Terms of Use https://www.cybernut.com/Terms-of-Service
- Privacy Policy https://www.cybernut.com/privacy
- The person providing this information is NOT using the product.
- The supplier was NOT consulted about this evaluation.
Geographical Context
(Laws and regulations can vary across regions)
Florida
United States
Email 1EdTech about this record
The views and opinions expressed in this information are those of the authors and do not necessarily reflect the official policy or position of 1EdTech. The information provided is intended to surface trends about the policies and procedures of systems leveraged by the educational community. It should not be considered legal advice.
Disclaimer:
1EdTech Trusted Apps
provides a vetting of a product's data policy according to the
1EdTech Trusted Apps Rubric.
Achieving the
TrustEd Apps Certified Seal
indicates adherence to a baseline level of privacy.
Institutions should review an application's detailed vetting results before approving it for use.
© Copyright 2025 1EdTech Global Learning Consortium Inc. All Rights Reserved.
App Vetting Rubric Version: 2