Data Security Policy Addendum for Educational Institutions

Pixel Press Technology, LLC Data Security and Privacy Policy for Educational Agencies Last Updated: 08/01/2021

The Data We Collect

The privacy and security of student data is important to us. Pixel Press Technology (the makers of Bloxels and Bloxels EDU) collects and uses only the minimum amount of data required to provide the functionality of Bloxels EDU software. These data elements are limited to:

Usernames and passwords. These are created and maintained by the administrative user to comply with their specific policies on usernames. Usernames are not required to be first or last names.

Student generated content. Games created by students with Bloxels EDU are made up of written texts, art, and animations.

App usage, analytics, and related metadata. Information is collected to understand usage and how to improve the software. This may include date/time stamps, browser type, operating system, and application version, which are all collected for purposes of monitoring and improving the software. 

Prohibition of Advertising and Marketing

We do not use personal information for marketing or advertising purposes, nor do we permit third parties to do so. Bloxels EDU does not show advertising.

Pixel Press Technology does not sell personal information.

Data Security Technologies, Safeguards and Practices

Pixel Press Technology maintains data security measures consistent with industry standards and technology best practices to protect data from unauthorized disclosure or acquisition by an unauthorized person. These measures include, but are not limited to:

No data is stored or processed by “terrestrial” Pixel Press Technology servers. Data is stored and processed in Amazon Web Services. AWS Cloud infrastructure and services have been validated by third-party testing performed against the NIST 800-53 Revision 4 controls.

AWS’s alignment with ISO 27018 has been validated by an independent third party assessor. ISO 27018 is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to Personally Identifiable Information (PII) processed by public cloud service providers.

Pixel Press employs further measures to secure data in motion, including but not limited to: HTTPS (SSL) security for all traffic, IP-based database protection, and hash-based encryption and authentication. These technologies are part of a layered defense, that includes rules that protect against unauthorized access. For example, Bloxels EDU software limits unsuccessful logon attempts, and “locks” accounts that have surpassed this limit.

Employees, Subcontractors, and Training

Pixel Press Technology provides periodic cybersecurity and data privacy training to its employees who operate or have access to the system. This training includes: third-party, online sessions on privacy, physical, and cyber security best practices, and counsel from outside legal and technical advisors.

Employees are required to sign a confidentiality policy upon hiring, which includes protecting customer information. Pixel Press Technology does not make use of subcontractors for the purposes of providing the service. Pixel Press Technology does not make protected data or systems available to subcontractors.

In the Event of a Breach

Pixel Press Technology will notify the District of any breach of security resulting in an unauthorized release of personally identifiable information (PII). This notification will be made in the most expedient way possible and without delay. A written notification will be sent not later than seven (7) calendar days after discovery of the breach of security resulting in an unauthorized release of personally identifiable information from PII Data, to the designated representative and either personally delivered or sent by nationally recognized overnight carrier to the District.

Data Retention, Deletion and Changes

Pixel Press Technology retains the data needed to deliver the service for the duration of the subscription. After a subscription is expired for more than 30 days, this data may be archived for backup purposes.

An educational user (teachers or principals) may request a deletion of their data, or part of their data, at any time. Requests can be made in writing to education@bloxelsbuilder.com. A request to delete data will be handled in an expedient manner, within (7) calendar days.

Parents (eligible students, teachers or principals) can challenge the accuracy of any student data stored by Pixel Press Technology by following the school district’s procedure for the requesting the amendment of education records under the Family Educational Rights of Privacy Act (FERPA). They can do so by contacting Pixel Press in writing at education@bloxelsbuilder.com.