Privacy Policy

1. Introduction

Booksie ("we," "our," or "us") operates the Booksie Reading Level Assessment Platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our educational assessment platform.

We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy regulations.

2. Information We Collect

2.1 Personal Information

When you register for our Service, we collect the following personal information:

• Contact Information: Email address, first name, last name
• Optional Information: Phone number (if provided)
• Account Information: Password (encrypted), user role (parent, facilitator, admin)
• Authentication Data: OTP codes for two-factor authentication, session tokens

2.2 Student/Reader Information

For educational assessments, we collect information about students/readers:

• Basic Information: First name, last name, school name
• Educational Data: Grade level, class code, gender (optional)
• Assessment Data: Assessment responses, scores, progress tracking
• Media Content: Audio recordings, images (if provided during assessments)

2.3 Technical Information

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, time spent, assessment progress
• Cookies: Session cookies, authentication tokens, preferences
• Log Data: Server logs, error reports, performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide and maintain our assessment platform
• Authentication: To verify user identity and manage access
• Educational Assessment: To conduct and evaluate student assessments
• Progress Tracking: To monitor learning progress and provide feedback
• Communication: To send important updates and notifications
• Security: To protect against fraud and unauthorized access
• Compliance: To meet legal and regulatory requirements

4. Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on the following legal grounds:

• Consent: When you explicitly consent to data processing
• Contract Performance: To fulfill our educational services
• Legitimate Interest: For platform security and improvement
• Legal Obligation: To comply with applicable laws

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following circumstances:

• Educational Institutions: With schools and educators for assessment purposes
• Service Providers: With trusted third-party vendors who assist in platform operation
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers or acquisitions

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data encrypted in transit and at rest
• Access Controls: Role-based access and authentication
• Secure Infrastructure: Protected servers and databases
• Regular Audits: Security assessments and monitoring

7. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at the information provided below.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Until account deletion or 3 years of inactivity
• Assessment Data: As required for educational purposes and legal compliance
• Log Data: Typically 12 months for security and debugging purposes
• Marketing Data: Until consent is withdrawn

9. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Remember user preferences and settings
• Analyze platform usage and performance
• Ensure platform security

You can control cookie settings through your browser preferences.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and adequacy decisions.

11. Children's Privacy

Our platform is designed for educational use and may collect information about children under 13. We comply with applicable children's privacy laws and obtain appropriate consent from parents or guardians when required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.