Updated: August, 2023
Brightspire Virtual School exists to serve parents and students and strives to provide a safe, positive experience for children. We do not collect information directly from children. Any students under the age of 18 wishing to enroll, must do so by a parent or legal guardian. Brightspire Virtual School does not sell or market directly to minors and always seeks the appropriate authorization whenever we identify a minor attempting to purchase a service. Whenever we collect Personally Identifiable Information, or “PII”, we do so with the sole purpose of supporting the educational goals of which the school was designed. We only distribute PII to third party partners for the purpose of delivering education services for students enrolled at Brightspire. We prohibit students from publicly posting or distributing PII without prior parental consent.
As you participate in classes, you will enter student data or interact with student data that has been entered for you. Federal law (the Family Educational Rights and Privacy Act, “FERPA”) allows a school district to release student records to an organization that is “conducting studies for, or on behalf of, educational agencies or institutions for the purpose of developing, validating, or administering predictive tests… [or] improving instruction.”
However, FERPA requires limitations on disclosure of those records and implementation of appropriate security measures to protect those records. To comply with FERPA, Brightspire Virtual School has adopted certain practices, and requires that all third party partners working with Brightspire, maintain responsibilities to safeguard student data.
Brightspire Virtual School is designed to provide virtual education for students in grades 6-12. Parents or legal guardians may enroll their child with the school by providing their contact and billing information as well as other student data used to determine enrollment eligibility and to maintain appropriate student records. A user’s contact information may be used to send users service-related announcements when it is necessary or advisable to do so. However, a user’s personal information will never be shared with third parties for advertising or marketing purposes. User information may be shared with partners, business affiliates or third party service providers who work for Brightspire Virtual School and operate some of its functionalities, such as hosting services, streaming services, academic instruction, and credit card processing. These third parties are established service providers, who are bound to practice adequate security measures and only use user information for the sole purpose of providing the services. A user’s information may also be shared with law enforcement or other third parties as required by law or if we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order or other legal process.
Brightspire Virtual School has appropriate security measures in place to safeguard against unauthorized access to the personal information collected from our information systems, including limiting the number of people who have physical access to our database servers, as well as electronic security systems and password protections. We only store passwords in an encrypted format.
Parents or legal guardians enrolling their children with the school are asked to provide an email address and password during the enrollment process. We use email addresses and passwords to authenticate logins, allow access to the course content, monitor enrollment compliance and identity verification. The email is also used to authenticate users when requesting technical support. The passwords are all encrypted when stored.
All PII related inquiries follow a process that takes into account available technology and procedures to verify the person requesting the data is the parent listed on the account. The verification procedures are as follows.
Information regarding students, parents or legal guardians enrolled with Brightspire Virtual School is not viewable or searchable by people or automated systems, such as the automated indexing software utilized by Google, Yahoo, and Bing, on our website.
Brightspire Virtual School uses Google API Services to collect documentation for the purposes of enrolling students at Brightspire Virtual School. Any Google user data that Brightspire Virtual School collects through Google API Services is only used for such purposes and deleted after such use.
Parents or legal guardians control what student information is provided to Brightspire Virtual School. Information that parents or legal guardians choose to enter regarding students should always be limited to information that is relevant to a legitimate educational purpose and/or needed by Brightspire Virtual School for enrollment and class delivery purposes.
Brightspire Virtual School stores the data created by students so that the students and the students’ parents can access it and use it for educational purposes. Parents are able to review, manage, or edit student information at any time by logging into their accounts. If enrollment is canceled by a parent either deliberately or due to non-payment, all course progress will be lost and it cannot be retrieved. Inactive data is automatically purged on a regular basis or upon a verified, authorized user’s request. Data purge requests must come directly from the email address on file.
Brightspire Virtual School is committed to protecting student data against unauthorized access, destruction, use, modification or disclosure. To this end, we have implemented reasonable and appropriate safeguards when collecting and storing student data in our database. Our servers are located in a secured, locked and monitored environment designed to prevent unauthorized entry or theft, and are protected by a firewall. The servers are also backed up to a secure offsite data center. We take extra measures to ensure the safety of PII and Student Records and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted. Governance policies and access controls are in place to ensure that the student information linked to each parent or educator (depending on the type of account) is separated, and parents and/or legal guardians only have access to their own student data. Only limited Brightspire Virtual School personnel have access to the database, and they only access the database when necessary to provide services. We follow standardized and documented procedures for coding, configuration management, patch installation and change management for all applicable servers and we audit our practices at least once a year. While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. In the event we learn of an actual data breach, loss or disaster, we will notify the affected user(s), and as appropriate, coordinate with the user(s) to support its notification of affected individuals, students and parents when there is a substantial risk of harm from the breach or a legal duty to provide notification.
There are processes and technology used for parent verification purposes to ensure any data requests are provided to the authorized user. Measures include detection features that match incoming phone call and email requests with our database.
It is the responsibility of parents and legal guardians to supervise children using the website and teach them about security and privacy. We recommend that parents and educational institutions provide the following information to all children: Kids’ Rules for Online Safety.
From time to time, Brightspire Virtual School may partner with third-parties to send information to users on Brightspire Virtual School’s behalf regarding Time4Learning, its affiliates, and other similar products. We take measures to maintain the appropriateness of all communications to users of Brightspire Virtual School. We are compliant with COPPA, and never permit targeted advertisements based on user’s behavior over time. For more information about this practice and your ability to opt-out, contact us directly.
Enrollment with Brightspire Virtual School includes an option to receive periodic email updates about Brightspire Virtual School and other services and products that might be of interest to users of Brightspire Virtual School.
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practices are 100% immune, and we can’t guarantee the security of information. Outages, attacks, human error, system failure, unauthorized use or other factors may compromise the security of user information at any time. If we learn of a security breach or other unauthorized disclosure of your PII, we will attempt to notify you so that you can take appropriate protective steps by posting a notice on our homepage or elsewhere in our Service and we will send an email to you at the email address you have provided to us.
Any such notice will include:
If you are a parent, legal guardian or eligible student and an unauthorized disclosure of your student’s PII records occurs, we will notify you by email at the email address we have on record for you.
When you enroll with Brightspire Virtual School you consent to our privacy practices and agree to accept the responsibilities outlined in this statement.
Brightspire Virtual School
17855 Dallas Parkway, Ste 400
Dallas, TX 75287