College Connect by SIEMBRA is a free program application that helps students connect with community colleges, non-profit universities, and scholarships. Students aren't enrolled until they register, or are automatically enrolled allowing colleges, universities, and scholarships to provide information about their career technical education programs, transfer degrees, university admissions support and financial aid. If students do not desire help from a non-profit college, university or scholarship fund they can simply uncheck the box, or send an email to opt out to support@siembramobile.com
In basic terms, Siembra is designed to be a hub for student mobile educational interventions and empowering ownership of their academic careers directly in an effective game-ified environment. We provide a configurable holistic solution for student performance. The core of our feature set is to make collecting and providing actionable information easier for University Recruiters, Community College Outreach Coordinators, Community College Transfer Services, K-12 Superintendents, Parents and most importantly, the Student (called the “college recruiting matrix”). In addition to parties within the recruiting matrix, many of the Universities, Community Colleges and school districts who use Siembra authorize other champions (like the Gear UP program) to access student progress information. We also give parents or guardians the ability to login to a Siembra’s “parent portal” to access progress information relating to her student. To make this Policy a bit more readable, unless the context indicates otherwise, we refer to:
Our value is our ability to quickly process and present information relating to student progress in usable ways. In other words, when schools and school officials take advantage of Siembra's full potential, they are providing and accessing information relating to the students entrusted to them and are in turn entrusting that information to us. That trust is integral to our social mission to advance all students to higher education in a fair and equitable way.
This Policy describes the types of information we may collect, or that you may provide, when registering with and accessing or using Siembra. This Policy does not apply to information we collect offline or on any other Company websites (such as our company site here) or to information that you may provide or is collected by third parties.
SIEMBRA ensures that all the organizations we partner with are accredited colleges and universities – private universities, state and community colleges, or nonprofit scholarship programs. As pertaining to our social mission organization's policy, we do not go outside the guardrails of secondary education to post-secondary education. We merely connect students and parents to colleges and universities inside these guardrails.
ROLE OF SCHOOL AND SCHOOL OFFICIALS
Although the balance of this Policy will focus largely on what we do — and what we confirm we will not do — with information entered in Siembra, we believe schools and school officials are critical partners in our efforts to protect and ensure only appropriate use of student related information entrusted to them and to us. In that regard, it is important that schools and school officials using Siembra be mindful that in granting or allowing access to Siembra, they are controlling who has access to student information. When we reference "granting or allowing access," we are referring to both intentional actions, such as an administrator authorizing a Siembra account, as well as unintentional actions or consequences that may flow from, for example, allowing students access to Siembra login credentials or a school's failure to maintain sufficient data governance or security practices.
In cases where FERPA applies (more below), access to certain student information remains the legal responsibility of the applicable school. In all situations, it is incumbent upon our partners to make an affirmative determination prior to furnishing access to anyone that the party has a legitimate need for access to Siembra and the sensitive information that may be accessible to that party through Siembra.
Family Educational Rights and Privacy Act ("FERPA")
One of the core tenets of FERPA was and remains the protection of the privacy of personally identifiable information (often called "PII") in students' education records. As defined in FERPA, "education records" are "those records, files, documents and other materials which (i) contain information directly related to a student; and (ii) are maintained by an educational agency or institution or by a person acting for such agency or institution."
SIEMBRA acknowledges that it is bound by all relevant provisions of FERPA and agrees that personally identifiable information obtained from DISTRICT by SIEMBRA will not be disclosed to commercial third parties or government agencies. In accordance with FERPA, any consents may be made electronically during user registration.
Some people tend to link (and sometimes confuse) FERPA and COPPA. The intent of the Children's Online Privacy Protection Act, or COPPA, is to give parents control over commercial websites and online services' collection, use and disclosure of information from children under the age of 13. Many people assume COPPA applies to all internet-based services, regardless of the identity of the end user. When Siembra is used as intended by high school officials and parents, COPPA does not apply.
DISCLOSURE AND RETENTION OF PII
When we integrate with a school's information system, we receive personally identifiable information:
The user can opt out any time by unchecking the box on the profile page or submit a request to op out to support@siembramobile.com
Siembra is an "opt-out" system. We limit such information to non-profit University Admissions, Community College Outreach Coordinators, and Parents. During the Summer quarter, Siembra works in concert with the local school district every August for the new cycle of high school students.
We retain PII for as long as the applicable school maintains it. We align with the applicable school's policy. When those subscriptions lapse or terminate, unless a written agreement between us and a school provides otherwise, we retain PII for up to 12 months after which time it will be destroyed.
DATA SECURITY
Our primary integration is directly between the application server and the school information system data source. Data is encrypted at the source and decrypted at the web server running on the same host as the application server. We have security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When the service is accessed using a supported web browser, Transport Layer Security (TLS) technology protects information using both server authentication and data encryption to help ensure that data are safe, secure, and available only to authorized users. We also implement an advanced security method based on dynamic data and encoded session identifications and hosts the service in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. We require unique account identifiers, usernames and passwords that must be entered each time a user sign- on. Single Sign-On (SSO) & Security Assertion Mark-Up Language (SAML) Requirements are supported by our application hosted by Amazon Web Service. Authentication and authorization are built into the application. Data is exchanged through encrypted channels.
We have also implemented measures designed to secure PII from accidental loss and from unauthorized access, use, alteration, and disclosure. Among other things, PII is encrypted in transit to and from Siembra using SSL technology. In addition, all PII is stored on secure servers behind firewalls by our hosting providers. In addition, consistent with guidance from the U.S. Department of Education that storing sensitive education records within the United States is a “best practice,” all the servers used by Siembra are in the United States. All that said, unfortunately, the transmission of information via the internet is not completely secure and, although we do our best to protect PII, neither we nor any other hosted service provider can absolutely guarantee the security of all personally identifiable information.
As discussed under Disclosure and Retention of PII, we use third-party providers to support elements of our infrastructure and functionality. These providers may, like us, use automatic information collection technologies to enable or streamline certain features they are providing on our behalf. In all cases, these providers are contractually bound to us to keep PII confidential and to only in use it to fulfill their responsibilities to us. With respect to technology that automates information collection, we use the following:
In support of operating, hosting, and enhancing our website(s), personally identifiable information may be accessed by our employees who work on programming and technical aspects of website operation. All employees follow our confidentiality and privacy conditions.
Fraud Prevention and Test Security: We perform internal testing with specific proxy students for fraud prevention or test security (internally created students). This information is collected, stored, reviewed, and used for (1) identifying and/or investigating possible test security incidents; (2) collecting evidence in connection with possible test security incidents; and (3) enhancing test security. We do not use or disclose our findings except as described above. In the event of a data breach, we suspend service immediately and communicate to our partners within 24 hours of the incident.
CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page (with a notice that the policy has been updated) and notify schools by email using the primary email address specified in their accounts.
CONTACT INFORMATION
You can and should ask questions about this Policy and our privacy practices. You should always feel free to contact us at: