Common use of Use of De-identified Data Clause in Contracts

Use of De-identified Data. We may use de-identified usage data internally to analyze and improve our educational services, and to develop new products or features. We will never attempt to re-identify data that has been de-identified. We may release de-identified data to educational researchers for the purpose of evaluating the effectiveness of our program. We will not release de-identified data unless we are confident it cannot be re- identified, due to the removal of all direct and indirect personal identifiers, and the educational researchers have agreed in writing that they will not attempt to re- identify any individuals, classes, or Schools. We may use aggregate de-identified data, such as the number of users of our service, for promotional purposes. How We Securely Store Data XtraMath takes security seriously. We implement a variety of industry-standard security measures to prevent any unauthorized access to our users’ data. Such measures include, but are not limited to: data minimization; encrypting data in transit via HTTPS; hashing sensitive data, like passwords; deletion of outdated data; locked physical facilities; employee training; and administrator account security. XtraMath stores and processes all data on servers in the United States. All servers that store XtraMath data are operated by trusted third party processors with whom we have contractual Data Processing Addendums. Our providers are certified under the EU-US Privacy Shield and Swiss-US Privacy Shield, to better protect the data of our international users. For details, see Appendix A, List of Third Party Providers.