Privacy Policy
Introduction
Mission
IEP Solutions, LLC (the maker of fastIEP) is a research-driven and mission-focused company. We aim to apply the newest in neuroscience research and leading-edge digital technology to alleviate the burdens, and empower the lives, of differently-abled people who have challenges related to their brains or minds. We are committed to research, and we are also committed to the privacy and security of your personal data.
We have invented a range of software, hardware, and professional training products and offerings. A central theme across all our offerings is empowerment and inclusion for all neurotypes, and empowerment of their teachers, parents, and communities.
We do not sell your data. We are fundamentally committed to your privacy.
Terminology
IEP Solutions: Herein, the term “IEP Solutions” (or “we”, “our”, “us”) refers to IEP Solutions, LLC, of Wilmington, Delaware, USA, as well as its Partners.
Partners: The Partners of IEP Solutions, LLC, as incorporated into the term IEP Solutions, include scientific research collaborators, universities, clinics, clinicians, business partners, affiliates, subsidiaries, agents, and subcontractors with whom IEP Solutions, LLC collaborates from time to time. We choose our Partners carefully and intentionally, in line with our Mission and with your interests in mind. Each Partner has a privacy policy, to our knowledge, and we trust them to act in accordance with it.
Platform: IEP Solutions maintains and develops a series of products and services (collectively, the “Platform”). The Platform can be described as sets of software and sometimes accompanying hardware, comprising apps for wearable devices, apps for mobile / portable devices, algorithms, web-based data portals, and/or data stores. The Platform includes products and services known, from time to time, as “fastIEP”, and other related products and services that are trademarks of IEP Solutions (collectively, the “Platform”).
Site: IEP Solutions also operates world wide web sites including fastIEP.com, go.fastIEP.com, home.fastIEP.com, support.fastIEP.com, related sites, newsletters or mailings to those who visit these sites, and emails we may send directly to you regarding the Platform or information on these sites (collectively, the “Site”).
Agreement: This document (the “Agreement”) is a statement of our Privacy Policy governing the use of the Site and the Platform by you. The Agreement outlines types of information we collect from you, ways and reasons we analyze such information, and how it is shared within IEP Solutions and with third parties.
You: For the purposes of the Agreement, you (“you”, “the user”, “customer”) may be a natural person of any age. You may also be a group of natural persons of any age, such as a school, classroom, clinic, family, marital community, church, parents’ group, meetup group, support group, affiliation group, advocacy group, therapy group, employer, corporation, research community, university, government, NGO, veterans’ group, or other group or entity. If you are a group, then everything in this Agreement that applies to “you” applies to any one or several persons within you, individually and/or in aggregate.
Member: If you register on the Site or the Platform you thus become a “Member”.
Account: A member may have an “Account” on the Platform or Site. Having an Account allows a member to log in to the Platform or Site.
Data Profile: A person may have a “Data Profile” on the Platform or Site, into which relevant information is deposited about the person. A person may have a Data Profile without having an Account, and one Account may be associated with several Data Profiles. (As one illustrative example, a classroom teacher may have an Account and use multiple Data Profiles for the students of that classroom, to keep track of their progress and high scores on an educational game that is part of the Platform. However, those students cannot log in to the site – they have no Accounts, just Data Profiles controlled by the teachers. This protects students from online risks.)
Other Terms including Personal and General Data are defined below in their respective sections.
Primary goal of this Agreement
In this Agreement, we strive to outline some of the rules, benefits, and risks associated with your use of the Site and Platform, including those related to privacy.
Complying with this Agreement
By accessing or using the Site or the Platform, you agree to the policies stated in this Agreement.
If you are a Member, then in addition to the policies that are applicable to all users of the Site or Platform, the policies that apply only to Members shall apply to you.
If you are a group of natural persons or other entity, you agree to obtain consent to the policies in the Agreement by persons in your group who may be impacted by your use of the Site or Platform.
IEP Solutions researchers may use the Site or Platform, and the data these collect, to create collective knowledge about education, brain development, behavior, wellbeing, technology, assessments, or interventions. We fundamentally believe that success in achieving these goals depends on a shared belief between IEP Solutions and you that real-world data will help us all develop useful strategies to improve the independence and livelihood of all differently-abled people.
If you do not accept the terms of this Agreement, you may not use the Site or the Platform.
IEP Solutions has signed the Massachusetts Student Data Privacy Agreement
The Massachusetts Student Data Privacy Agreement (“DPA” ) of 2018 is rigorous and in-depth agreement related to companies who provide software or digital services to schools in Massachusetts. We believe that the DPA strictly requires a high standard of protection of student data privacy, rigorous policies on student data after completion of the purposes for which they were collected, ownership of student data, and more.
The DPA has been adopted by many school districts in Massachusetts, and IEP Solutions believes that signing the DPA puts us firmly at the leading edge of student data privacy in Massachusetts and across the United States.
You may request a copy of our signed DPA Agreement at any time using the contact information provided at the bottom of this Agreement.
GDPR law
The General Data Protection Rule (GDPR) of 2016 applies to processing of personal data of residents of the European Union.
If you reside in the European Union you may not use the Site or the Platform.
If you begin residing in the European Union at some point after beginning to use the Site or Platform, you must stop using the Site or Platform. It is your responsibility to be aware of your residency and to comply with this Agreement in full.
COPPA law
The Child Online Privacy Protection Act (COPPA) of 1998 is a U.S. Federal law (15 U.S.C. 6501-6505). Our understanding is that COPPA is aimed to protect children under the age of 13 from risks associated with directly using internet sites or online services that may retain and publicly post their personal information without their consent. At IEP Solutions, we take privacy and protection seriously, and are committed to guarding the digital health of children.
If you are under the age of 13, you may not have an Account on our Site or Platform. By using our Site or Platform directly or submitting your personally identifiable information, you certify that you are not under 13.
If you are under the age of 13, you may not log in to the Platform or Site directly. You may, however, have a Data Profile created for you. A Data Profile as described above is simply a holding place for basic data about a student, and it does not allow the student to log in directly. The Data Profile for you must be created by a Member over 13 who uses an Account (for instance a teacher or parent), and that Member must comply with all terms of this Agreement as well as our Terms of Service. Therefore, since no person under the age of 13 may have an Account on our Site or Platform, we comply 100% with what we understand to be the COPPA law.
The following is an illustrative example of the difference in policy between Accounts and Data Profiles:
A classroom teacher may use an Account to log in to the Platform and create a Data Profile related to a student. The Data Profile may for instance record information about the progress that the student has made in detecting other people’s emotions in school, as measured by an educational game that is part of the Platform.
If the student is under 13, the student may not log in to the Platform and may not have an Account. The student’s Data Profile may be accessed by a teacher associated with that student. The teacher may then prepare reports or summaries of the data, e.g. for the parents. In this way, the Data Profile on the Platform serves as a digital notebook for the teacher, similar to but more advanced than a paper notebook that a teacher may use to keep track of the in-class activities and preferences of the student. An act to give others those digital notes/data, or information derived from them, is done by choice and with consent of the teacher through the Account, and is subject to the terms of this Agreement.
The above is one illustrative example of many, provided here to explain the relevant difference between Accounts and Data Profiles.
Information that may directly identify you (Personal Data)
This section relates to Personally Identifying Information (PII) and other data that may directly identify you (“Personal Data”), as well as our mechanisms designed to collect Personal Data. We generally collect Personal Data when you supply information, for instance when registering to become a Member of our Site or Platform or when onboarding classrooms if you are a school district. Personal Data may include:
Account Info, e.g. name, email address, postal address, phone number, and sometimes social security number or EIN
Payment Info, e.g. credit card number, billing & shipping address, bank wire info
Password, e.g. stored securely as part of initial registration, or in the Account information of a Member
Date of Birth.
Private Messages.
Information that may not directly identify you (General Data)
This section relates to information that may not personally identify you (“General Data”), and to our mechanisms for collecting General Data. Examples of General Data include:
Information that you supply directly:
General biographical information, e.g. gender, age, city, and general notes
Clinical information that you supply, e.g. whether a person has autism; history of treatment, symptoms, genetics, clinical assessments, IEP goals, etc
Images, e.g. photographs, video, audio, and other recordings (supplied by you)
Individual and aggregated survey responses.
Information shared via free-text fields, e.g. on a support forum, signup forms for our mailing list or research studies, job applications, treatment evaluations, social media feeds, surveys, annotations, etc. (Note: Because processing of information supplied by you in such fields may be automatic, it will be treated as General Data even if there is a chance that it may identify you.)
Connections to other people on the Site or Platform, e.g. fellow Members, invited members of an education or care team, mentors, feeds, subscriptions.
Information that we derive from your usage of the Site or Platform (while you use them or while in the background):
Progress on our education games, e.g. game scores, game elements interacted with, achievements, levels, high scores, etc.
Usage Information, e.g. dates, times, location, device or browser ID, features or pages used, touchscreen taps and swipes, etc.
Images, e.g. photographs, video, audio, and other recordings (collected during usage)
Sensor information, e.g. device data from accelerometers, gyroscopes, magnetometers, radar, sonar, and other sensors
Physiological measures, e.g. heart rate variability, breathing dynamics, blinkrate, etc., for instance to help adjust the games if players seem stressed
Tracking data: In some cases, we collect information through cookies, pixel tags, email tracking, and similar methods that use unique identifiers
Independently of the Site or Platform we may directly communicate with you and you may elect to share information with us. For instance you may speak to or email us about yourself or another person or you may share a document such as an IEP report or student behavior characteristics. We consider such communications to be outside of the Site or Platform. Also, we consider such communications as carrying with them your direct consent by virtue of your intentionally taking the action of communicating with us. We treat such information in its entirety as General Data. As explained elsewhere herein, we treat all data with respect and care.
We use digital best-practices to protect your data
We care about your privacy and your data, and we are committed to protecting you.
IEP Solutions uses advanced, modern data privacy methods in order to secure your data. Your information is kept encrypted when being transmitted from the mobile or wearable devices used by our Platform to our secure data stores in the cloud. Your information is also kept encrypted when transmitted from our web-based Account interfaces to our secure data stores in the cloud.
Our servers use Secure Socket Layer (SSL) to encrypt the information from our Site and Platform as it flows across the Internet. This is the same technology that your banks and merchants use to protect your credit card number and other sensitive information when it is sent over the Internet. Please adhere to the following procedures to ensure security: a.) Do Not give your account name or password to anyone, b.) Do Not write your password down where it can be seen by anyone else, c.) Do Not save documents or reports to an unsecured computer.
While no method of electronic storage or transmission over the Internet is 100% secure, and thus we cannot guarantee the absolute security of your data, we take great precaution to assure data security. Our secure data stores in the cloud use only those cloud-based services that are certified as “HIPAA-eligible”, meaning that they are inherently secure and dependable to the level required by the HIPAA law that governs official medical records for entities that have a protected relationship with you and your medical data. IEP Solutions takes your data privacy very seriously and thus use the types of services that such covered providers use to guard their data.
Why and how we use General Data
In addition to serving the individual needs of our Members, IEP Solutions is interested in better understanding the end-user experience and improving our services, for everyone. We also are focused on contributing to the literature on evidence-based practice. Additionally, we are deeply committed to fundamental science, for instance toward understanding the general workings of the human brain and mind. These are the contexts in which we use General Data.
For example, we may address research questions such as, “Do certain applications work better for some groups of individuals versus others?” or “Which method of feedback or reward best reduces your signs of anxiety such as quickened heart rate, shallow breathing, and utterances that relate to stress?” or “How stressful is eye contact for certain groups of people; and can predictable, engaging games help reduce the stress to a comfortable level?” or “What are the data-driven subtypes of autism?” or “Can we predict when someone will have a meltdown or anxiety attack?” or “What is your child’s or your student’s risk of self-harm?” or “What patterns embedded in years of data can predict life outcomes after decades such as success in long-term employment or romantic partnership?”. (These are illustrative examples of research questions we intend to address. We do not yet have answers to them nor are we making any claims such as medical claims about them. Yet we hope to be able to someday.)
IEP Solutions may use General Data for scientific research in order to address such short-term and long-term questions as the examples above. Because our research questions include ones about patterns of subgroups of people relative to larger groups of people (e.g., finding data-driven subtypes of autism), the value of one set of data is unlocked only when we can process many, many people’s data. Because our research questions include ones that require long-term analysis (e.g., so we can eventually use data from grade-school to offer you predictions about the likelihood that your child or student will gain steady employment in adulthood), the predictive power of the data can only be fully unlocked after many years. Therefore, in order to fulfill the above purposes, IEP Solutions must and will maintain data from all users from time to time, and as long as possible within the law.
IEP Solutions may provide General Data, in individual and aggregate format, to Partners for use in scientific research and research on the preferences and behaviors of consumers. When providing this information to Partners, IEP Solutions provides General Data, not data collected as Personal Data, except as noted in the section about Personal Data. When providing this information to Partners, IEP Solutions will assure that each Partner has a privacy policy, and is made aware of our privacy policy as articulated by this Agreement from time to time.
IEP Solutions may also periodically ask Members to complete short surveys about their experiences (including questions about products and services). Survey responses may be analyzed, combined with other General Data, and shared with and/or provided to Partners. Member participation in these surveys is not required, and refusal to do so will not impact a Member’s access to the Site or the Platform.
Why and how we use Personal Data
As with General Data, IEP Solutions aims to use Personal Data in support of our mission to empower people who have brain and mind challenges. Therefore our primary objectives for the data are refinement of the Platform and Site, and generating new knowledge about the mind and brain. Personal Data will not be automatically shared with, sold to, or displayed for other Members or Partners. In particular, Personal Data will not be sold to Partners or other third parties for use in marketing or advertising.
Personal Data will be retained for as long as is required to fulfill the purposes set forth herein. We will comply with written requests that are lawfully made to remove your data, to the extent specified by law and to the extent possible to remove from our servers and research data pools.
Illustrative instances where Personal Data may be used include, but are not limited to, the following:
- If we have your permission, your email address may be used to send you notifications, including research-study invitations, newsletters, and direct notifications. You may change this setting by clicking the unsubscribe link at the bottom of emails sent to large groups, or in some cases by changing settings in your Account if you are registered as a Member.
- For critical updates such as account password changes, and for information we deem important to send to your attention, you may be contacted regardless of account settings. We are committed to being respectful of your time with such notifications.
- If you explicitly opt in for this, we may share your Personal Data with a Partner (for instance, co-registration with a non-profit organization, or cross-registration for a cutting-edge clinical research study at a local university).
- If you agree to participate in a media interview (as arranged by IEP Solutions), IEP Solutions will share your contact information (e.g. name, email, telephone) with the reporter for the purpose of scheduling and conducting an interview.
- We may share Personal Data if we believe that disclosure is reasonably necessary to comply with a law or an official request from law enforcement.
- We may share Personal Data if obligated to do so in connection with the sale, merger, bankruptcy, sale of assets, or reorganization of IEP Solutions.
- We may share Personal Data with Partners who are contractually engaged in providing us routine professional services, or who are collaborating on useful research we believe to be well-intentioned, if they have a privacy policy in place at that time that states that they will safeguard PII such as they will receive from us.
- Personal data may be used to guide our own scientific research and our development of new products and services that may assist you or others similar to you, although the Personal Data will not be distributed as part of those products and services.
Personal data may be used by us to contact you from time to time. - Where IEP Solutions is required by mandatory law to retain your Personal Data longer or where your Personal Data are required for IEP Solutions to assert or defend against legal claims, IEP Solutions will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.
Cookies
IEP Solutions uses cookies.
Cookies are tiny text files that get downloaded onto the device you use to access the Site or Platform (e.g. laptop, smartphone, wearable, etc.) when you visit or log in. These files allow our Site or Platform to recognize your device and store information about what you like and dislike related to our offerings.
We use cookies on our Site and Platform to personalise the content you experience, to optimize the ads that may have brought you here, to provide social media features, and to analyse the web traffic that comes to our site. We may also share information about your use of our Site and Platform with our social media, advertising, and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Our aim is to ensure that you love your experience when you are on our Site or Platform, and to ensure that we attract as many people who can benefit from our offerings and mission as possible.
External publication of data
IEP Solutions was founded by a scientific researcher with a doctoral degree (PhD) in neuroscience. We continue to perform scientific research alongside product development in order to produce evidence-based products to serve our customers, and to produce general knowledge that can serve all people.
In order to produce this type of evidence and general knowledge, we follow the best practices of the professional research community, for instance publishing our results in peer-reviewed research journals for the community to inspect.
Your data will not be published in peer-reviewed research journals unless you have explicitly gone through an informed-consent process for one of our approved research studies.
The research that we publish in peer-reviewed journals is conducted under strict ethical and regulatory guidelines and supervision of an internationally compliant and accredited supervisory body known as an Institutional Review Board (IRB). IEP Solutions research controlled by an IRB is continuously reviewed and controlled by a strict application review process and subsequent audits. Control includes all aspects of the research, study design, recruitment procedures for human participants, informed consent of human participants, data privacy and security, record-keeping, reporting, and publication. Our research data and records are kept permanently, under data retention and protection procedures that are stipulated under IRB and related regulations, and are audited every year by full-time and certified staff members of the IRB organization during on-site audit visits. In these ways, data destined for publication in peer-reviewed journals are acquired and kept under strict, international ethical regulations.
IEP Solutions does not conduct any animal research.
FERPA Compliant: Not student education data; Not used for marketing
IEP Solutions does not use the data we collect from schools for marketing to students or to their parents. We do not sell the data to third parties in order for them to use for marketing to students or to their parents.
Our understanding is that the FERPA rule relates to many specific categories of information mostly centered around student education data.
The following are some categories of student data that our Platform and Site do NOT collect (unless a Member inputs them into open text fields, annotations, or the like):
- Standardized test scores
- Grades
- Other academic scores and assessments
- Approval to graduate
- Bus assignment
- Other transportation assignment data
- Disciplinary records
- Course enrollment data
- Class and elective enrollment
- Extracurricular activities
- Sports activities
- Teacher identity (except those teachers using the Platform)
- Income status indicators
- Living situations
- Discounted or free lunch status
- Religious affiliation
- Political affiliation
- Criminal records
- Family composition
- Text messages
- ELL status
- Classwork
- Homework
Again, the above is a list of illustrative categories of information that our Site and Platform do NOT collect.
California privacy rights including DNT
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by IEP Solutions to a third party, for the third party’s direct marketing purposes. IEP Solutions does not make such disclosures, and therefore we believe that we are exempt from these reporting requirements.
Your browser may offer you a “Do Not Track” (DNT) option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities, over time and across different websites. IEP Solutions currently does not respond to DNT browser signals or mechanisms.
Not a HIPAA-covered entity. No PHI.
IEP Solutions is not a healthcare provider. We do not maintain a doctor-patient relationship with our Members or other users, and we do not claim to cure, treat, or diagnose diseases. Also, we are not a clearinghouse for medical data from other healthcare providers, nor are we a health insurance provider. It is our understanding that these are the legal tests to determine whether an entity is covered by the HIPAA privacy law, and therefore it is our understanding that IEP Solutions does not fall under the jurisdiction of the HIPAA law and is not a “HIPAA-covered entity”.
In this context, information that we collect is not considered PHI (Protected Health Information) since PHI refers not to the type of information but to whether it is held by an entity covered by the HIPAA law.
(To help understand this: Your friends may know that you have a diagnosis, or you may share that information in a Meetup, but neither Meetup, Inc. nor your friends are placed under Federal control suddenly because they have that information. In contrast, your doctor who generated that diagnosis is.)
Regardless of HIPAA or PHI restrictions, we are respectful and cautious with your data.
You have responsibilities to use our Site and Platform appropriately.
Our Site and Platform provide multiple ways for you to store images, video, audio, notes, text documents, and other media that you create, record, or acquire.
We can provide a secure infrastructure for processing and storing those media but we cannot control exactly what you upload into our infrastructure. Therefore, you have responsibilities to use our Site and Platform appropriately.
This is not unique to digital systems like ours. By analogy, if we were to provide you with a camera and a safe containing a scrapbook, we could not control whether you would take photos that infract your local laws or workplace rules, and we cannot control whether the photos or notes you would place in that scrapbook would be appropriate.
This analogy also applies to our Platform and Site. We must request that you take responsibility to use them appropriately.
If you wish to use our Platform or Site, you must take responsibility to be aware of applicable laws and workplace rules regarding informed consent, appropriate content, and communication for all media.
If you are associated with a school, we remind that each school and district is unique regarding these matters, so we rely on you to know and act according to the relevant regulations.
Media and documents created or stored on our servers may be reviewed by our team for quality assurance, and in order to learn more about typical parameters of such documents so we can optimize your experience.
We are not responsible for inappropriate or dangerous images or other media, nor ones that represent crimes or potential crimes. If such images are found, we do not have an obligation to launch investigations or report them to the police, but we do reserve the right to do so.
We trust that you will empathize with our goals and the constraints of a system that allows you to generate media, and that you will responsibly act accordingly. Thank you.
Other privacy matters
IEP Solutions cannot guarantee the identity of any Member with whom you may interact in the course of using the Site or Platform, or who may have access to your General Data by using the Site or Platform. Additionally, we cannot guarantee the authenticity of any data that other Members may provide about themselves.
IEP Solutions will cooperate with police to the extent required by law. However, if data contained within the volume of data we collect happen to indicate or suggest the commission of a crime, we cannot guarantee that the crime will be investigated by the police or by us.
Risks and benefits
While our goals include empowering people with neural challenges, and helping better understand how people’s brains and minds develop and flourish, there are no guaranteed benefits to using this Site or Platform. However, mindfully keeping track of personal achievements, well-being, treatments, and symptoms has long been shown to be generally helpful in improving overall health. To understand more specific outcomes related to using our Platform, please see our published peer-reviewed research papers and assess the outcomes according to your own expertise.
We are not aware of significant risks to your providing data via the Site or Platform. There is a possibility that you may feel uncomfortable sharing information. In using the Site or Platform, you are free to skip any non-required questions or data fields that make you feel uncomfortable. You are also free to stop using the Site or Platform at any time.
Updates to this Agreement
We reserve the right to modify this Agreement at any time by posting an amended version of the Agreement on this website. We encourage you to review this site periodically for any updates.
You have no obligation to use our Site or Platform
Using the Site or Platform is elective and optional, as is becoming a Member.
If you are not comfortable with our Privacy Policy, Terms of Service, or other policies at any time, you are free to decline to use our Site and Platform, and/or to withdraw from Membership. We would of course be interested to hear from you if you care to share your reasons since we are committed to adding value and improving how we empower people, but you have no obligation to communicate with us in this way.
Questions about the Privacy Policy
If you have questions, comments, or requests related to our Privacy Policy or your data, please contact us:
Email: privacy @ fastiep . com (remove spaces)
Submit a Request Online: https://support.fastiep.com/ticket/add
Postal Mail:
IEP Solutions, LLC
Attn: Privacy Issues
1201 N Orange Street Suite #7206
Wilmington, DE 19801