To protect Personal Information from unauthorized access, use and disclosure, Lrnr maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative and technical safeguards. Lrnr performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.
Collection and Processing
Lrnr collects and processes data in order to provide the Services for educational purposes. This data may include Personal Information.
If a Customer purchases the Services online directly from Lrnr, payment data submitted by that Customer will be used and disclosed to the Customer’s financial institution and Lrnr’s payment processing vendor for the purpose of processing payment for the Services ordered.
Lrnr collects and processes Account Data to set up, maintain and enable a User account to use the Services. Account Data includes a User’s name (unless an alias is used with Educator or Institution approval/coordination), email address, username and password, as well as the Institution and course identifier for any courses for which User uses the Services. With coordination/approval by the Educator, a User may be registered for a User account using an alias* instead of actual first and last name. Account Data does not include student coursework or responses, scores, grades or instructor feedback on interactive exercises, assignments or assessments.
*Alias Registration Option
With Educator approval/coordination, a User account may be established by using an alias name (pseudonym) and email address that is not otherwise associated with Personal Information provided to Lrnr. Alias Registration may not be available if the User account is established through integration with a third party service or if the Institution or Educator establishes the User Account or otherwise prohibits the use of this option. If a User establishes a User account through Alias Registration, the User must notify each Educator of the alias information used to establish the User account so that the Educator can recognize the User account as belonging to that User.
Course Data means educational data collected, generated or processed through use of the Services in connection with educational coursework. Course Data includes assignments, student coursework, responses to interactive exercises, assignments and assignments scores, grades and instructor comments. Lrnr collects and processes Course Data in order to provide the Services to Users, Educators and Institutions for educational purposes.
Community/Forum Postings; Other Communications
Information posted by a User in a community or forum or communicated with a communication tool provided through the Services may constitute Personal Information. Postings and communications will be visible to and shared with all members of the community or forum. Lrnr is not responsible for further use or disclosures by others who are members of the community or forum or recipients of any communications.
Some Services may have the capability to connect to your Google Drive so that you can upload or download documents directly from or into your Google Drive. Before they do so, you will receive a prompt asking you to click “Allow” to enable the Services to connect to your Google Drive. You may remove this connection in the My Account settings for your Google account at any time. Lrnr will use this connection to access your Google Drive only for the purpose of uploading or downloading documents that you specifically select with limited metadata to allow identification and retrieval, so that you can access and use the documents within the Services or download them to Google Drive. Lrnr will use, process and store these documents and associated personal data in accordance with this Privacy Notice.
Cookies and Related Technologies
Application and System Logs
Application and system logs are critical to ensuring the availability and security of the Services. Lrnr automatically collects log data related to User interaction with the Services. This data may include browser type, type of computer/device and technical information about the User’s means of connection to the Services, such as operating system, internet service provider and IP address. This data is collected and used to monitor the health of the Services, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the Services.
Feedback, De-Identified and Aggregate Data
Do Not Track (DNT) is a proposed mechanism for allowing website visitors to control the collection of certain usage data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. The Services do not currently respond to Do Not Track signals.