Curriculum Associates logo.
i-Readyi-Ready Teacher Login

i-Ready® Platform Privacy Policy

Last Updated: April 16, 2026

Table of Contents

  1. Who we are and scope of this Privacy Policy
  2. Terms used in this Privacy Policy
  3. Our role with School Customers
  4. Information we collect from and about Students and Educators
  5. If you use i-Ready Teacher Toolbox, Success Central, the Digital Resource Library, and Online Educator Learning
  6. Optional Google Classroom Integration
  7. How we use the collected information
  8. How we use and share de-identified information
  9. Information use restrictions
  10. With whom we share information
  11. Service providers
  12. Children’s privacy and Parental consent
  13. Student and Parental rights
  14. Educator rights
  15. Security
  16. Data retention and deletion
  17. Data breach notification
  18. Updates to this Privacy Policy
  19. Contact information

1. Who we are and scope of this Privacy Policy

Curriculum Associates (“CA,” “we,” “our” or “us”) provides proprietary educational products and related services to School Customers. Our platforms are primarily used by and intended for Students – including children under the age of 13 – and Educators. This Privacy Policy describes how we handle Student information as well as Educator information. We take Student and Educator privacy very seriously and strive for maximum transparency. Personal information collected from Students and Student Data is handled in accordance with applicable student and children’s privacy laws such as the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable state privacy laws.

While CA operates multiple educational products, this Privacy Policy covers the collection, use, disclosure, and storage of information that is obtained through the use of i-Ready. i-Ready is an integrated, web-based educational platform developed by CA for Students in Kindergarten through Grade 12. The platform delivers adaptive assessment, personalized instruction, core curriculum, and educator reporting tools across Reading (English and Spanish) and Mathematics. 

The following CA products and related services form what we refer to as “i-Ready” or the “i-Ready Platform”: i-Ready platform and i-Ready Connect™, including their components i-Ready Assessment (including i-Ready Inform, i-Ready Standards Mastery and Literacy Tasks), i-Ready Learning (including Personalized Instruction, Learning Games, Fluency Flight), digital components of i-Ready Classroom Mathematics and Magnetic Literacy, and i-Ready reports and reporting tools. 

This Privacy Policy also applies to our Educator-only facing products related to the i-Ready Platform, including i-Ready Teacher Toolbox, Success Central, the Digital Resource Library, and Online Educator Learning.   

We acknowledge that a School Customer may not use or purchase all available parts of the i-Ready Platform or all Educator-only facing products. Therefore, if any part of i-Ready meaningfully differs in data collection, use, or disclosure from other parts of i-Ready, we call these differences out throughout this Privacy Policy.  

2. Terms used in this Privacy Policy

Personal Information means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household, as such terms are defined under applicable U.S. federal and state privacy laws.

Student means an individual who is enrolled in kindergarten through grade 12 (K12), or an equivalent level of education outside of the United States, at a School that uses the i-Ready Platform.

Student Data means Personal Information about K12 Students that is processed by us on behalf of a School while providing the i-Ready Platform. Student Data includes information provided to us by a School, a Parent, or a Student, as well as information generated by or provided by a Student through their use of the i-Ready Platform.  

Education Records has the meaning set forth under the Family Educational Rights and Privacy Act (FERPA) and includes records that are directly related to a Student and maintained by a School, or by a party acting for the School.  

School Customer or School means a K12 school, school district, local educational agency (LEA), diocese, or other educational institution or authority that contracts with CA for, or otherwise subscribes to, the i-Ready Platform.

Educator means authorized School personnel who access or use the i-Ready platform, and our Educator-only facing products, including teachers, instructional staff, instructional coaches, specialists, and administrators.    

Parent means a Student’s parent or legal guardian.

De-identified Data means information that has been derived from Personal Information and that cannot reasonably be used to identify, relate to, describe, be associated with, or be linked to a particular individual or Student. We may use De-identified Data for product development, research, and improving educational outcomes, provided that we maintain appropriate technical and organizational safeguards and do not attempt to reidentify such data.

Aggregate Data means information that has been derived from Personal Information and combined into groups or categories such that it cannot reasonably be used to identify any specific individual, Student, or School.

3. Our role with School Customers

When a School Customer purchases or implements i-Ready, CA acts as a “School Official” with an educational interest as defined by FERPA. In this capacity, CA acknowledges that it remains under the direct control of the School Customer with respect to the use and maintenance of Student Data and Education Records. We process Student Data for educational purposes expressly authorized in our agreement with the School Customer and in accordance with applicable state and federal laws. We will not share Education Records with third parties unless permitted by our contract, and the third party is bound by the same confidentiality obligations. The School Customer at all times remains the owner of the Student Data.

CA also acts as a “Service Provider” or an “Operator” of an online service under COPPA. When School Customers use i-Ready, we may collect and process certain Personal Information on their behalf. Our processing of this Personal Information is governed by our agreements with School Customers, who are the controllers of such Personal Information. School Customers may have their own privacy policies describing the collection, use, and sharing of users’ Personal Information in connection with the use of i-Ready, and in this case the policies of the applicable School Customer control how they process and share Personal Information relating to i-Ready, including with respect to any rights users may have to such Personal Information. 

4. Information we collect from and about Students and Educators

Information We Collect Directly from School Customers  about Students

As a data processor, CA receives certain information directly from School Customers to enable Students to access and use i-Ready. School Customers determine and provide the information to CA for each Student authorized by the School Customer to use i-Ready. Most information is provided at the School Customer's discretion and is not required to use i-Ready. 

Category Data fields Purpose of collection
Account information
  • Student’s first and last name
  • Student’s date of birth and gender
  • Student username and password
  • Student Email Address
  • Student Identification Number
  • School name, location (state only), and School district affiliation
  • Class enrollment and grade level
     
 Used to create Student accounts, authenticate access, associate Students with instructional content, assign assessments, generate academic reports, and support account administration, reporting, and compliance with education program requirements.
Student demographic information
  • Student race and/or ethnicity
  • Eligibility for free or reduced-price lunch  
     
 Provided by School Customers to support education related services, reporting, and analytics, where permitted by law.
Student demographic and program information
  • Student disability status (including special education or 504 Plan/eligibility)
  • English learner or multilingual classification
  • Gifted and talented or gifted eligibility status
  • Homeless Youth, Foster Youth status, Migrant, Military Family status
  • Participation in specialized education programs
     
 Provided by School Customers to support education related services and reporting based on School Customer and applicable state or district requirements.

Information we collect directly from Students

When a Student signs into i-Ready using the username and password provided by their School, we collect certain additional information directly from Student users as they interact with the i-Ready Platform. This information is collected to deliver instructional content, assess learning progress, and support educational outcomes. There is no Student user-to-user interaction through the i-Ready Platform, and Student user profiles are not visible to other users of the Platform. Students cannot share any information publicly or with others. 

Category Data fields Purpose of collection
Student learning content and performance data
  • Student responses (including responses to multiple‑choice questions)
  • Assessment results
  • Lesson performance results
 Collected or generated when a Student interacts with i‑Ready instructional content. This information is used to deliver learning activities and to evaluate and improve educational outcomes.
 

Information we collect directly from or about Educators

Depending on the School Customer's set up, we are either collecting information directly from Educators, or it is collected directly from the School Customer when they start using i-Ready and upload data from their Student Information System. The School Customers and Educators determine what specific information out of the list below is collected from or about the Educators.

Educators authorized by the School Customer to use the i-Ready platform may also create their accounts manually, or edit, update, and delete information provided about them by the School Customer during an automatic account set up. This Educator information is provided to support account creation, access management, and use of i-Ready’s instructional and administrative features.

Category Data fields Purpose of collection
Account information
  • Educator’s username and password  
  • Educator’s first and last name
 Used to authenticate Educator access to the i-Ready Platform and to create and manage Educator accounts and support classroom administration features.
Account information
  • School name
  • School location (state only)
  • School district affiliation
  • Room number
 Provided to associate Educator accounts with schools and support classroom and administrative features.
Professional information
  • Grade level taught
  • Classroom enrollments
  • Teacher’s role (e.g., Teacher versus a School Administrator)
 Provided to support instructional setup, reporting, and role‑based access within the platform.
Contact information
  • Educator’s email address
 Used for account‑related communications and support.

Information we collect automatically when Students and Educators use i-Ready

The following information is collected automatically when Students and Educators interact with i-Ready. This information is collected and used solely to support the internal operations of the i-Ready Platform, including authentication, security monitoring, troubleshooting, research and analytics, and ensuring appropriate technical performance. They are not used to contact Students, for targeted advertising, or for any other purpose prohibited under COPPA.  

Category Data fields Purpose of collection
Online identifiers
  • IP address
  • Session identifier
 Collected for security, fraud prevention, and platform performance monitoring. Session identifiers are used to maintain platform functionality, security logging, and troubleshooting. IP addresses are not used to directly identify individual students by name.
Unique identifiers
  • User/account identifier (e.g., internal user ID, login username, district Student ID, state Student ID)
     
 A pseudonymous identifier used to associate activity with an authenticated user account for platform operations and support activities.
Device and technical data
  • Device data, including operating system
  • Browser type and version
  • Device type
  • Mobile platform indicators
 Used to ensure compatibility, optimize performance, support diagnostics and troubleshooting, and enable proper delivery of content and user experience across devices.
Usage data
  • Usage and interaction data
 Includes information about how and when educators and students interact with the platform, such as login and logout events and feature usage, for security monitoring and performance analysis.
Operational and security data
  • Log and event data
 Includes system logs that record account activity (such as requests made to the platform, success or failure of those requests, and system response times) used for troubleshooting, security, and reliability monitoring.

5. If you use i-Ready Teacher Toolbox, Success Central, the Digital Resource Library, and Online Educator Learning 

The i-Ready Teacher Toolbox, Success Central, the Digital Resource Library, and Online Educator Learning are products accessible only to and intended for use by Educators. These tools are not student facing, and i-Ready does not collect Student Personal Information or information about Students through an Educator’s use of these products. 

Information we collect from Educators

When Educators access and use the i-Ready Teacher Toolbox, Success Central, and the Digital Resource Library, CA collects limited Educator Personal Information for account management, service delivery, support, and product improvement purposes, as described below.

Category Data fields Purpose of collection
Account Information

Educator name, email address, school or district affiliation, grade level taught

 To create, administer, and maintain Educator accounts; to associate Educators with the appropriate School Customer; and to authenticate access to the educator-only products
Account Activity and Access Data

Account creation date, login and logout timestamps

 To maintain service security, monitor system performance, and support account administration.
Usage and Interaction Data

Information about which materials are accessed, how frequently resources are used, and general usage patterns

 To improve and develop the educator-only products; evaluate resource usefulness; and inform product enhancements and service optimization
Support and Implementation Information Usage insights linked to Educator accounts To provide customer support, partner success services, and technical assistance; to support School Customers in understanding Educator adoption and use; and to communicate with Educators regarding implementation and available resources

CA uses this information only to provide, support, and improve i-Ready and its related educator-only products. CA does not sell Educator Personal Information; share Educator Personal Information with third parties for advertising purposes; serve targeted advertising based on Educator usage; or create Educator profiles for disclosure outside of i-Ready.

i-Ready Online Educator Learning hosted by Mindtools Kineo

CA utilizes a third-party learning management system (“LMS”) Totara, operated by Mindtools Kineo, to host and deliver professional development and training content for Educators. Educators may access the LMS through the i-Ready Platform if they click on i-Ready Online Educator Learning, including via single sign on (“SSO”), or may create an LMS account prior to being rostered in i-Ready.

When an Educator accesses Online Educator Learning through i-Ready, the Educator is automatically redirected from i-Ready to the LMS application using SSO. In connection with this access, CA or the Educator may provide certain i-Ready account information to Mindtools Kineo.

The information shared may include:

  • Educator name 
  • Email address 
  • School name 
  • District name 
  • School i-Ready ID 
  • District i-Ready ID 
  • State 
  • i-Ready role and permission sets 
  • Grade levels taught 
  • i-Ready products used

This information is used to authenticate Educators, personalize the experience, communicate more effectively with School Customers regarding their specific implementation, and better understand how Educators use the i-Ready Platform and the associated professional learning tools. Mindtools Kineo processes this information solely on CA’s behalf and in accordance with CA’s instructions. This tool is educator-facing only.

6. Optional Google Classroom Integration

For School Customers that use Google Classroom, i-Ready offers an optional integration that allows Educators to assign certain student-facing content directly through Google Classroom.

If an Educator chooses to use this integration:

  • Google may provide CA with the Educator’s name and email address, as well as class roster information and coursework metadata associated with that Educator’s Google Classroom.
  • With the Educator’s permission and under the direction of the applicable School Customer, CA may access the Educator’s Google Classroom environment to facilitate assignment delivery through Google Drive.

CA uses this information solely to enable the functionality requested by the Educator and the School Customer and acts under the School Customer’s control for purposes of applicable education and student privacy laws, including FERPA. CA does not use this information for advertising or any other secondary purposes.

Use of Google Classroom is governed by Google’s applicable terms of service and privacy policy. Google Drive™ is a trademark of Google LLC.

7. How we use the collected information

CA uses the collected Personal Information, including Personal Information collected from or about Students, to provide i-Ready to its School Customers. This includes making i-Ready available to Students, providing usage and performance reports to School Customers, supporting account registration and maintenance, and maintaining and improving i-Ready for the benefit of School Customers and Student educational outcomes. CA processes Personal Information in accordance with School Customer instructions and applicable law.

Personal Information is never used for advertising, marketing, or other commercial purposes unrelated to the provision of educational services to the School Customer. 

Analytics and reports

CA processes Student Personal Information and Educator Personal Information to generate analytics, insights, and reports, including assessment results, progress monitoring reports, diagnostic outputs, and usage reports. These analytics and reports are core components of the i-Ready educational services and are provided to School Customers to support instructional decisions, student learning, and program implementation.

CA uses analytics and reporting data solely to deliver assessment results and instructional insights requested by School Customers; support Educators in understanding Student progress and learning needs; provide School Customers with aggregated and individual performance and usage reports; and maintain, evaluate, and improve the functionality and effectiveness of the i-Ready Platform.

Product improvement to support educational outcomes

CA uses the collected information, including information collected from and about Students, to conduct research aimed at improving our products and supporting educational outcomes of Students. In the vast majority of circumstances, CA conducts research using de-identified School Customer data rather than Personal Information, as described in Section 8 below.

In very limited cases and only with the prior consent or authorization of the applicable School Customer, CA may use Student or Educator Personal Information for research purposes. Any such research is conducted on behalf of, or at the direction of, the School Customer for educational purposes, is intended to benefit Students and the School Customer, and is carried out in accordance with applicable law, including the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act (“FERPA”). 

8. How we use and share de-identified information

We may use de-identified School Customer data for product, service, and research purposes. De-identified data is created by removing personal identifiers from data generated through use of i-Ready Platform so that the information cannot reasonably be used to identify an individual.

We use de-identified School Customer data for the following purposes: 

  • To maintain, enhance, and improve core product functionality and to make i-Ready more effective. 
  • To provide and improve services to our School Customers, including using third-party software tools such as customer relationship management and data analytics platforms that support service delivery. 
  • For research and development purposes, including evaluating the efficacy of i-Ready, improving our existing products and services, and developing new or enhanced offerings intended to support educational use cases. We also conduct research with de-identified data aimed at improving educational systems and student outcomes more broadly, in furtherance of our product improvements supporting Student success. 

While some research and development activities are conducted internally, we may, in limited circumstances, share de-identified School Customer data with trusted third-party research partners in connection with approved research initiatives.

We take reasonable measures to protect against the re-identification of de-identified School Customer data. These measures include technical and organizational safeguards such as access controls, aggregation, and contractual restrictions. Third-party research partners are contractually prohibited from attempting to re-identify de-identified data or from using such data for purposes outside the scope of the approved research or from using such data for advertising, marketing, or other purposes outside the scope of the approved research.

9. Information use restrictions

CA does not sell, rent, or otherwise disclose Student Personal Information or Educator Personal Information for independent commercial purposes. CA does not include advertisements or marketing within the i-Ready Platform and does not use Student Personal Information for advertising, marketing, profiling, or targeted promotional activities.  

10. With whom we share information

We may disclose information to third parties only where necessary and in the following circumstances: 

  • Service providers: We share information with authorized third-party service providers to assist us in operating and providing our products and services and process information on our behalf, as described in Section 11 below. 
  • Legal and compliance purposes: Where necessary to comply with applicable laws, regulations, legal processes, or lawful requests from regulators, courts, or other authorities, or to establish, exercise, or defend legal rights and claims. 
  • Business transactions: In connection with an actual or proposed reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or equity, including bankruptcy or similar proceedings. Where required by applicable law, School Customers will be notified of such transactions and any material changes to the processing of School Customer data. 
  • At the direction of School Customers: Where a School Customer requests or authorizes us to share information, in accordance with applicable law. 

11. Service providers

We engage third‑party service providers to support the hosting, security, authentication, analytics, operation, improvement, and research related to the i‑Ready Platform, as well as to support our internal business operations.

Where service providers process Student Data or Educator data, they do so solely on our behalf, for the limited purposes described in this Privacy Policy, and in accordance with our written instructions. Student Data may include Student persistent identifiers and other data necessary to provide and maintain the i‑Ready Platform. 

All service providers that process Student Data or Educator data act as processors pursuant to written agreements that require confidentiality, the implementation of appropriate technical and organizational security measures, and the deletion or return of Student Data upon our request or upon termination of the services. Such service providers are prohibited from using Student Data or Educator data for advertising, marketing, profiling, or any independent commercial purposes. 

A current list of third party service providers can be found here.

12. Children’s privacy and Parental consent

CA is committed to protecting the privacy of Students. i-Ready is made available to Students only if their school becomes a School Customer and purchases the i-Ready Platform or any of its components. We adhere to data minimization and require only the information necessary to provide the educational experience. i-Ready does not require Students to provide free text responses or other open-ended inputs.

If applicable, CA will seek and obtain consent of a School Customer acting on behalf of the Student’s Parent prior to any collection of Personal Information from Students. School Customer may provide this consent by entering into an agreement with CA to use i-Ready for educational purposes.

CA provides notices to School Customers about how i-Ready collects, uses, and discloses Student Personal Information. CA also supports School Customers in providing Parents with information about i-Ready’s data practices, as appropriate.

If CA becomes aware that a Student account has been created or used in a manner inconsistent with applicable legal requirements or School Customer authorization, CA will take appropriate steps to address the issue, which may include deleting the account and associated information. In such cases, Students may lose access to the i-Ready Platform.

13. Student and Parental rights

Parents and eligible Students can request a description of the specific types or categories of Personal Information collected through i-Ready from or about the Student, a deletion of Student’s Personal Information, or that CA stops collecting Personal Information from or about the Student.

To exercise these rights, please contact the Student’s School. CA acts under the direct control of the School as the FERPA “School Official”. CA does not act on direct Parental deletion requests unless explicitly directed to do so by the Student’s School, consistent with FERPA and standard best practices in the industry. CA aids Schools in their response to Parental requests and forwards any requests it receives to the appropriate School.

Note that if the Personal Information collection is integral to i-Ready, Student may lose access to the service if this Personal Information is deleted at your request. 

14. Educator rights

Educators may have certain rights with respect to their Personal Information under applicable U.S. state privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA), and similar laws in other states. These rights are subject to applicable exceptions and limitations. 

Depending on the user’s state of residence, these rights may include the right to:  

  • Request access to the categories and specific pieces of Personal Information we have collected about the individual;  
  • Request correction of inaccurate Personal Information;  
  • Request deletion of Personal Information, subject to legal, contractual, and service related obligations;  
  • Request that we limit the use or disclosure of sensitive Personal Information, where applicable;  
  • Opt out of certain disclosures of Personal Information, where required by law; and  
  • Not be discriminated against for exercising applicable privacy rights.

CA collects and processes Educator Personal Information primarily to provide services on behalf of Schools and acts as a service provider or processor with respect to such information. As a result, certain requests may need to be coordinated with the Educator’s School or employer, and some information may not be deleted or modified where retention is required to provide the service, comply with legal obligations, maintain security, or support contractual requirements.  

Educators may submit privacy rights requests by contacting CA using the contact information provided in this Privacy Policy. We may take reasonable steps to verify the identity of the requestor and to confirm the scope of the request. Where appropriate, we may direct the request to the relevant School or process the request in accordance with their instructions.

Authorized agents may submit requests on behalf of an Educator where permitted by law, subject to verification of authorization.

15. Security

CA maintains administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of information processed through the i-Ready Platform.

CA continuously reviews and improves its security practices to help safeguard Student and educator information. i-Ready is a cloud-based platform hosted in Tier 1 data centers located in the United States. CA does not store School Customer data outside of the United States. 

The i-Ready Platform is hosted in a secure cloud environment. Our hosting provider implements security measures consistent with recognized industry security standards. In addition, CA implements and manages its own security controls for the platform environment. Key platform security measures include restricted access to production systems, limited to a small, identified group of trained operations engineers; daily application of applicable security patches and updates; use of antivirus protection, intrusion detection, configuration controls, and monitoring and alerting; automated backups to support system availability and reliability; regular vulnerability testing conducted against the platform.

i-Ready is accessible only via HTTPS, and all public network traffic is encrypted using current encryption standards. Encryption at rest is implemented for data stored within the i-Ready system.

CA employs dedicated Information Security and Information Technology teams responsible for managing and securing corporate and employee systems. Security measures include encrypted and centrally managed laptops with configuration updates and antivirus protection; password-controlled access to CA computers and systems; multifactor authentication (MFA) for access to CA systems; password protected educator and administrator accounts for i-Ready. 

CA limits access to School Customer data to employees and contractors who require such access to perform their job responsibilities. Additional controls include confidentiality agreements for employees with access to CA systems and servers, and annual training on information security policies and best practices. Prompt termination of system access occurs when an employee or contractor leaves CA, along with reminders of ongoing confidentiality obligations. 

In addition to internal monitoring and vulnerability assessments, CA engages an independent third party to conduct annual security audits, including penetration testing of the i-Ready application. CA reviews audit findings and implements recommended security enhancements where practical and appropriate. 

16. Data retention and deletion

CA retains School Customer data, including Student Personal Information, only for as long as reasonably necessary to provide the i-Ready Platform and to fulfill the educational purposes for which the data was collected, unless a longer retention period is required or permitted by applicable law or requested by a written instruction from the applicable School Customer.

Retention periods below reflect instructional, operational, and security needs. Where a School Customer requires a shorter period, the School‑directed timeline prevails. If a contract with a School expires, CA will return or delete all School Customer data at the School Customer’s election within 90 days of contract expiration. 

An account is considered inactive after 12 consecutive months without login activity, unless the School specifies a shorter threshold. Each “course term” in the schedule below refers to the academic year of the School that corresponds to one grade.  

Data Category Purpose of Collection Business Need for Retention Retention Period / Deletion Trigger
Student online and unique identifiers and Student account information (including enrollment and classroom context)

Provisioning of student accounts, rostering, and linking student records to classes and educators; linking students to classes and educators; generation of instructional and administrative reports.

 Correct identification, class placement, account continuity, and accurate reporting to educators; classroom management, instructional reporting, and educator visibility. Retained while the Student account is active; deleted 12 months after account inactivity or earlier per School Customer direction
Student demographic and program information Enablement of district requested reporting by subgroup where provided by School Customers Subgroup reporting and analytics requested by districts Retained while the account is active; deleted 12 months after inactivity or upon School Customer request
Student learning content and performance data
 Delivery of instructional content, measurement of student progress, and evaluation of educational outcomes Support of grade challenges, longitudinal progress tracking, instructional audits, and academic integrity Retained for the course or academic term plus 24 months, or a shorter period as required by the School Customer
Usage data
 Operation of the i‑Ready Platform; educator reporting; improvement of reliability and support Operational analytics, service monitoring, support, and capacity planning Retained for up to 24 months, or a shorter period as required by the School Customer
Operational and security data Security monitoring, incident investigation, and maintenance of system integrity Forensics, abuse prevention, compliance evidence, and reliability assurance Retained only as long as necessary to support security, operational integrity, and legal or regulatory requirements, and deleted or anonymized when no longer required for those purposes 
Educator account and professional Information
 Educator account setup, authentication, professional learning enablement, and reporting to districts Account lifecycle management, implementation support, and training records Account data retained while active plus 12 months; training and professional learning interaction history retained up to 24 months, or shorter per School Customer requirement
Support communications and help desk records
 Customer support, troubleshooting, and issue resolution Operational history, quality assurance, and service improvement Retained for up to 24 months after ticket closure
De-identified data Core product functionality and research without personal identifiers Product efficacy analysis and service improvements Retained in de-identified form for the period permitted under the applicable data sharing agreement; no re-identification

17. Data breach notification

CA follows documented “Security Incident Management Procedures” when investigating any potential security incident. In the event of a data security incident affecting Personal Information from School Customers, CA will notify impacted School Customers as promptly as possible that an incident has occurred and will inform them (to the extent known) what data has been compromised. CA expects School Customers to notify individual Educators and Parents of a security incident affecting their or their Students’ Personal Information if required but will provide School Customers reasonably requested assistance with such notifications and will also reimburse School Customers for the reasonable costs associated with legally required breach notices.

18. Updates to this Privacy Policy

CA updates this Privacy Policy from time to time to reflect changes in our services, data handling practices, or new legal requirements and to provide notice to our School Customers and Students and Educators. If you have any questions about our data handling practices or this Privacy Policy, you may contact us at privacy@cainc.com.

19. Contact Information

Curriculum Associates, LLC
153 Rangeway Road North Billerica, MA 01862
privacy@cainc.com
United States: (800) 225-0248