Privacy Policy for Education Users

Your Privacy Is Important

Your Data

• We believe that schools, acting with parent permission, should determine whether any student data is collected and maintain control over that data.

• The school account administrator can purge identifiable student data at any time.

• We will never share identifiable data without your permission. We will never sell student data to a third party.

GMetrix Is Safe

• GMetrix uses industry standard SSL to ensure that student data is encrypted and transmitted securely from end to end.

• Teachers can monitor student accounts and student work.

• Students cannot privately communicate with other students outside their school.

• Parents can access their child's account at any time by logging into their student’s account.

Data Collection Improves Learning

• If a school chooses to use GMetrix, teachers will gain valuable data on student performance and students will receive feedback on how to improve.

• We also use anonymous, aggregated and de-identified data to improve learning opportunities and continually make GMetrix more effective.

FERPA Compliance

• GMetrix makes every effort to ensure consistency with the Family Educational Rights and Privacy Act (FERPA) policies. We also make every effort to comply with Children's Online Privacy Protection Act (COPPA).

• We provide prominent notice to users before making any material change to our Privacy Policy that affects them.

Privacy Questions? If you have questions or complaints regarding our privacy policy or practices, please contact us at [email protected]

Privacy Policy


This Privacy Policy applies to all the GMetrix branded websites and our mobile applications operated by GMetrix and its affiliates (“GMetrix”).

The privacy of those who use this website or app is extremely important to us. We design and operate our technology and services with our users' protection and privacy in mind, and make every effort to be transparent in our data collection and use practices.

We comply with the FTC's Children's Online Privacy Protection Act (COPPA), and support the goals and guidelines set forth by industry self-regulatory bodies and experts to providing online safety and privacy for children, households, parents and schools. We also support districts and schools that are subject to compliance with the Family Educational Rights and Privacy Act (FERPA).

This document explains what information we collect about users of this product, how we use this information, who we share the information with and other privacy and security issues. We encourage you to provide us feedback about our privacy policy at [email protected]

A note to minors: If you are under the age of 13, please get permission from your parent/legal guardian before using this website or app or sending any e- mail to us. You must be 18 or older to order a subscription to any of the GMetrix websites or apps. We will not sell or market directly to minors and always seek parental or legal guardian's authorization whenever we identify that a minor attempts to purchase a GMetrix product or service.

A note to schools and districts: Wherever we collect student identifiable information, we do so in support of the educational purposes for which GMetrix is designed. Such information is only collected in conjunction with the use of GMetrix.


For purposes of this Policy, we introduce the definitions of how we characterize users' information: "Personally Identifiable Information" or "PII" is information that can identify a user of this website, including e-mail and name. "Anonymous Information" is information that does not enable identification of an individual user. "De- Identified Information" is information from which all personally identifiable components have been removed. Unlike Anonymous Information, De- Identified information is initially collected as Personally Identifiable Information, after which we remove any identifying component to make the information anonymous.

What Type of Information Do We Collect and Why?


We collect the following types of information:

Information collected when subscribing: In the registration process of any of our subscription types, we ask our subscriber to provide us with first name, last name and affiliation with a school or district (if applicable). Providing an email is optional. We use this contact information to send users service- related announcements on rare occasions when it is necessary or advisable to do so. For instance, if we perform routine maintenance, we might send an informational email. We may also use this contact information to request feedback on the use of our products and services, to be used to improve the products and services. We will always provide an option to opt out of such communications.

Username and password: Subscribers create a username and password in the registration process, or, if they prefer, we or their school may assign these for them. We use usernames and passwords of subscribers' accounts to authenticate logins, allow access to the paid content and monitor subscription compliance. The username is also used to authenticate users when requesting technical support. The passwords are all encrypted when stored. For more information on our security practices, see "How We Store and Process Your Information" below.

Information collected automatically:We automatically receive and record information on our server logs from a user’s browser, including the user’s IP address. We use IP addresses to maintain a user’s session and we do not store them after the user’s session is over. We also use the IP address to check if a user is located in some countries outside of the United States where a country-wide log-in option is activated, and we do not store this information after the initial page load. We do not otherwise combine this information with other PII.

We also use a standard feature found in browser software, called a "cookie", in order to establish and authenticate user sessions, enable access to paid content and monitor potential misuse of the accounts. We do not use cookies to collect Personally Identifiable Information nor do we combine such general information with other PII to identify a user. Disabling our cookies will prevent access to paid content and limit some of the features and functionalities of the website or app. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your Web browser, or visit

We do not collect a user’s web search history across third party websites or search engines. However, if a user navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find our website. Our website does not honor "do not track" signals transmitted by users' web browsers, so we encourage you to visit these links if you would like to opt out of certain tracking: or If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox® or Safari®) on each device.

Third Parties: We may use a variety of third-party service providers, such as analytics companies, to understand usage of our services. We may allow those providers to place and read their own cookies, electronic images known as web beacons or single-pixel gifs and similar technologies, to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties. If you want to opt out of third party cookies, you may do so through your browser, as mentioned above in Information collected automatically.

Information collected when using GMetrix: School and District licenses use the individual accounts system, called GMetrix SMS, which allows students and their teachers to keep track of learning. Student and teacher accounts are organized by classrooms created by the teachers of the subscribing school. For these accounts, we ask the teachers to enter the first and last name of students and teachers, their username, the school they are associated with and a security question for resetting their password. We also require the teachers' email for password recovery and for contacting them on support and service-related announcements. The only Personally Identifiable Information collected about students is their first name, last name, email (optional), and the students’ work under the account (student records). We store the data created in each student account ("Student Records"), such as the history of GMetrix tests and activities they've completed. We do so for the purpose of enhancing teachers’ and students’ use of the website.rvices. We will always provide an option to opt out of such communications.

Emails received from users: We may retain certain information from users when they send us messages through our system or by email. We only use such information for providing the services or support requested.

Feedback: Certain features we offer include an option to provide us with feedback on your experience. The feedback feature does not identify the user submitting it. The feedback option is voluntary and the information a user submits to us will only be used for improving these features. If we receive personally identifiable information through a feedback form we take steps to immediately delete that information.

Information collected when using a GMetrix mobile app: Your website subscription may also provide access to the Full Access level of our mobile apps. If you choose to download any such app and log into it with your website subscription username and password, we collect limited usage information in connection with user logins in order to monitor subscription compliance. This information is maintained in accordance to this policy. We do not collect Personally Identifiable Information from users of the various GMetrix applications. If you subscribe to a GMetrix app with an in-app purchase subscription, we do not collect any user information.

Push Notifications on mobile apps: We send you push notifications on GMetrix mobile apps from time to time in order to update you about any events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information. We also collect the user time zone as it’s set on the device to limit the time we send push notifications within a reasonable time of day. We do not combine this information with other PII.

Mobile Analytics on mobile apps: We use mobile analytics software to allow us to better understand the functionality of our Mobile apps Software on your phone. This software may record information such as how often you use the apps, the events that occur within the apps, aggregated usage, performance data, and where the apps were downloaded from. We do not link the information we store within the analytics software to any PII you submit within the mobile apps.

We Do NOT Collect Or Use Information As Follows:

• Other than in the places and for the purposes explicitly disclosed in this Policy, we do not knowingly collect Personally Identifiable Information directly from users under the age of 13. If we learn that we have inadvertently collected any Personally Identifiable Information from a user under 13, we will take steps to promptly delete it. Please contact us at [email protected] if you believe we have inadvertently collected Personally Identifiable Information from a user under 13.

• We do not collect, use or share Personally Identifiable Information other than as described in our privacy policy, or with the consent of a parent or legal guardian as authorized by law, or otherwise as directed by an applicable district or school or required by contract or by law.

• In no event shall we use, share or sell any Personally Identifiable Information for advertising or marketing purposes.

COPPA Compliance

Parents and legal guardians of children under 13 who use any of the GMetrix products have certain rights under the Children's Online Privacy Protection Act (COPPA), and GMetrix recognizes those rights. Parents/guardians can consent to collection and use of a child's personally-identifying information without consenting to the disclosure of information to third parties.

A child's participation or access to an activity on GMetrix cannot be conditioned on him or her providing more information than is reasonably necessary for that activity, or any personally-identifying information. GMetrix does not collect personally-identifying information from children under 13, without a parent or guardian's consent or school if applicable.

Using GMetrix

Schools or districts using GMetrix maintain ownership of their Student Records.

Each school or district has access to a user-friendly administrator dashboard that allows direct control over the Student Records at all times. The administrator can create, update, review, modify and deactivate individual accounts, and monitor logins in the individual accounts. "Administrators" are only those individuals explicitly designated by the school or the district. Schools and districts are required to appoint an administrator that will be responsible for the Student Records. Districts and schools are urged to safeguard the administrator's access information and keep it in strict confidence, and notify us of any unauthorized use of password or account registered under their subscription.

The teachers using GMetrix will only be able to access or use GMetrix with an administrator login provided by their school or GMetrix. Students will only be able to create or access their teacher's class with an Access Code provided by their teachers. Students will be able to store their activities, tests, and results with their teachers on their individual accounts. Students can only interact with teachers who created the GMetrix class.

We encourage schools and districts using GMetrix to notify parents that the product is used in their school. Parents can log into their children's accounts and access their records. If you are a parent or guardian of a student using GMetrix with his or her school, you can request the login information from your child or their teacher. You are encouraged to use the student's login information and view all their activities and progress on the account at any time. Parents have a right to request the student's Personally Identifiable Information be deleted or request changes in his or her records if it is inaccurate or misleading by contacting the school or teacher or GMetrix at [email protected] Parents may also refuse to allow GMetrix to collect further information from their children by contacting us at [email protected]

FERPA Compliance

We understand the obligation educational agencies, districts and school systems have to comply with the Family Educational Rights and Privacy Act (FERPA) and we support schools in their compliance efforts and facilitate their alignment with FERPA. Under the terms of our contracts with schools, we agree to act as a "School Official" as defined by FERPA, meaning that we:

• Perform an institutional service or function for which the school or district would otherwise use its own employees;

• Have been determined to meet the criteria set forth in the school's or district's annual notification of FERPA rights for being a School Official with a legitimate educational interest in the education records;

• Are under the direct control of the school or district with regard to the use and maintenance of education records;

• Use education records only for authorized purposes and will not re- disclose Personally Identifiable Information from education records to other parties (unless we have specific authorization from the school or district to do so and it is otherwise permitted by FERPA).

How Long We Retain Student Data Information

Districts and schools are able to delete student identifiable information at any time using the Administrator Dashboard as mentioned above. Once information is deleted, we do not retain any copies.

How We Share Your Information

We may provide Personally Identifiable Information to our partners, business affiliates and third party service providers who work for GMetrix and operate some of its functionalities, such as hosting services, streaming services and credit card processing. These third parties are well-known, established service providers, who are bound contractually to practice adequate security measures and only use your information for the sole purpose of providing the services. These third parties do not have an independent right to share your Personally Identifiable Information. We share Anonymous Information or De- Identified Information about our users for tracking analytical information when using third party web analytical tools. We may use or share Anonymous Information or De-Identified Information for educational research purposes, to evaluate the educational benefit of using our services or to improve our services.

We will NOT share any information for marketing or advertising purposes.

We reserve the right to disclose Personally Identifiable Information if we are required to do so by law or if we believe that disclosure is necessary to protect our rights, protect your safety or the safety or others, investigate fraud and/or comply with a judicial proceeding, court order, subpoena or legal process.

We also reserve the right to transfer your Personally Identifiable Information in case of a corporate restructuring (such as a merger or acquisition), as long as the receiving entity adopts this privacy policy that applies to your information.

How We Store And Process Your Information

We strive to maintain security policies and procedures that are designed to protect your information.

Our servers are located in a secured, locked and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, "US-based," offsite data center.

We take extra measures to ensure the safety of PII and Student Records and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted.

Governance policies and access controls are in place to ensure that the information of each district or school or other subscriber is separated and they are only able to access their own data.

Only limited GMetrix personnel have access to the database, and they only access the database when necessary to provide services. Personnel with access to Student Records pass criminal background checks and periodic privacy training.

While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. In the event we learn of an actual data breach, loss or disaster, we have established a Disaster Recovery Plan, which includes notifying the affected subscriber, and as appropriate, coordinating with the subscriber to support its notification of affected individuals, students and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.

Links To Third-Party Sites

We carefully choose our business partners and associate only with reliable partners who demonstrate a commitment to users' privacy and who share our commitment to education.

Using GMetrix Outside the US

If you are using this website or app outside the United States, you consent to having your information and data stored in the United States. If you are from any jurisdiction with laws or regulations governing the use of the Internet, including collection, use and disclosure of personal data, different from those of the United States, you may only use this website or app in a manner lawful in your jurisdiction. If your use of this website or app may be unlawful in your jurisdiction, please do not use this website or app. If your use of GMetrix may be unlawful in your jurisdiction, please do not use GMetrix.

Using GMetrix® from the EU

EU-US Privacy Shield

GMetrix is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

GMetrix is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. GMetrix complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, GMetrix is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, GMetrix may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.


Upon request GMetrix will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us at [email protected] We will respond to your request within a reasonable timeframe.

Changes To Our Privacy Policy

We constantly strive to provide the best services. Changes to this policy may be required to keep pace with changing technology and threats, and as new or changed services are released. We expect most such changes to be minor, but there may be cases where changes may be more significant. In such cases we will first provide prominent notice to users who are affected.

Posting the modified Privacy Policy on this website or app and providing notice as stated above will give effect to the revised terms. Your continued use of this website or app indicates your acceptance of any revised terms. If you do not agree to the revised policy, please refrain from using this website or app and/or leave this website or app.

If we make material changes to how we collect and use personal information from children under age 13, we will notify the school or the parents, as applicable, by email in order to obtain verifiable parental consent for the new uses of the child's Personal Information.

Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected] or at GMetrix, 105 S. State Street, Orem, UT 84058.

If you wish to report a security breach, please contact us at [email protected]

This policy was last updated on December 15th, 2017.