Scrible

Modern research platform for school and work

Privacy

PRIVACY POLICY

Scrible, Inc. (“Scrible”, “we”, “us”, “our”) has created this privacy policy (“Privacy Policy”) to disclose our use and protection of data collected about you (“you”, “your”) related to your use of our Services (“Data”). If you access or use our Services, you consent to this Privacy Policy. If you do not consent to this Privacy Policy, please do not access or use our Services.

Contact Information

After reviewing this Privacy Policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us via email at privacy@scrible.com.  Please utilize the following subject lines to specify the nature of your inquiry.

  • GDPR Request (for EU/EEA residents)
  • California CCPA Rights (for California residents)
  • [State] Privacy Rights (for other state-specific requests)
  • Privacy Inquiry (for general questions)

This Privacy Policy should be read in conjunction with our Terms of Service (“Terms”) as certain terms used in this Privacy Policy are defined there.

If you access, use or obtain our Services for or on behalf of a group of individuals (“Group”), you agree to this Privacy Policy for that Group and represent that you have the legal authority to consent to this Privacy Policy on behalf of that Group. If the Group is an organization such as a business, nonprofit, school, school district, college, university or government agency (“Organization”), our use and protection of data may be governed by this Privacy Policy in conjunction with a separate agreement, including but not limited to a data privacy agreement, data sharing and use agreement, or data security agreement  (“Other Agreement”). In the event of a conflict, the terms of the Other Agreement shall prevail.

1. DATA PROCESSING AND STORAGE

1.1 Controller and Processor Roles. Depending on the circumstances, we may act as either a data controller or data processor. We act as a controller when you directly create an individual account or when we make independent decisions about data collection and use for our own business purposes. We act as a processor when we process student data on behalf of an educational institution under their direction and pursuant to an Other Agreement. We also act as a processor of data for a non-educational institution such as a business on behalf of its licensed users. In either instance, the educational institution or business would be considered a “Controlling Organization”.

When acting as a processor, we process Data only as instructed by the Controlling Organization and in accordance with applicable agreements.

1.2 Subprocessors. We use third party service providers to help operate, support and improve our Services (“Subprocessors”). We only utilize Subprocessors that meet industry standard data privacy and security requirements. We only share PII, as defined in Section 3.1 below, with Subprocessors to the minimum extent necessary and whose terms treat your PII consistent with this Privacy Policy, any relevant contractual obligations and applicable privacy regulations.

1.3 United States. Our Services are hosted and operated entirely in the United States and are subject to United States law. Data we collect from you is stored and processed in the United States. By accessing or using our Services outside of the U.S., you consent to the transfer of your Data to the United States.

1.4 International Transfer. Data may be processed and/or stored in the United States, European Union Member Nations, Canada or any other country in which our Subprocessors operate. We may transfer Data across borders.

2. LAWFUL BASIS

We only collect and process your Data where we have lawful basis, including (i) consent (where you have given it); (ii) where necessary for us to operate our Services and (iii) for our legitimate interests, including complying with applicable law, protecting against security threats, improving our Services, and addressing customer support, service and relationship issues.

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide. We may collect the following Data directly from you, some of which may constitute Personally Identifiable Information (“PII”):

For All Users:

  • Account registration information (username, email address);
  • Name;
  • Communication information when you contact us;
  • Content you create, save, capture, upload, post, receive or share using our Services; and 
  • Survey responses, feedback and testimonials (voluntary).

For Paid Plan Users:

  • Payment information (processed by secure third-party payment processors); and
  • Billing address information.

For Education Users:

  • Grade level;
  • School name and location (when applicable);
  • Instructor name (when applicable); and
  • Educational progress and activity data within our Services.

3.2 Information Automatically Collected. We may automatically collect certain information when you access or  our Services:

Device and Technical Information:

  • IP address and general location information (city/state level); 
  • Device type, operating system, and browser information;
  • Pages visited and time spent on our Services;
  • Clickstream data and interaction patterns; and
  • Session information and login timestamps.

Education Activity Data:

  • Learning progress and achievement data; 
  • Time spent on educational activities; 
  • Assignment completion status; and
  • Interaction patterns within educational content.

3.3 Information from Educational Institutions. When used in school settings, we may receive: 

  • Student roster information; 
  • Class and instructor assignment data; 
  • School-provided student identifiers; and 
  • Educational goals and curriculum information.

3.4 Cookies and Tracking Technologies We may use essential cookies and other tracking technologies only for:

  • User authentication and session management; 
  • Remembering user preferences and settings; 
  • Ensuring security and preventing fraud; 
  • Analytics to understand how our Services are used; and 
  • Technical functionality required for our Services to operate.

We do NOT use tracking technologies for:

  • Behavioral advertising;
  • Cross-site tracking;
  • Creating advertising profiles; and
  • Third-party marketing purposes.

3.5 Data Collection Limitations

  • We collect only information necessary to provide our Services; 
  • We clearly distinguish between required and optional information;
  • We do not collect PII unless specifically required to operate, provide and improve our Services; and
  • All data collection from children under 13 follows COPPA requirements.

4. HOW WE USE YOUR INFORMATION

We use your Data only for legitimate educational and business purposes, including:

4.1 Service Provision:

  • Operate and provide our educational Services;
  • Enable account creation and user authentication;
  • Facilitate content creation, storage, and sharing; and
  • Process payments for Paid Plans.

4.2 Educational Support:

  • Customize teaching and learning experiences based on user progress;
  • Provide technical support and customer service; and
  • Enable communication between instructors, students, and parents (where appropriate).

4.3 Service Evaluation and Improvement:

  • Analyze usage patterns to improve our Services (using aggregated, de-identified data);
  • Conduct research to measure or enhance educational effectiveness;
  • Develop new features and functionality; and
  • Perform system maintenance and troubleshooting.

4.4 Legal and Safety:

  • Comply with legal obligations and court orders;
  • Enforce our Terms of Service and other agreements;
  • Protect the safety and security of our users and Services;
  • Investigate potential violations of our policies; and
  • Respond to law enforcement requests when legally required.

4.5 Communication:

  • Send account-related notifications and updates;
  • Provide customer support responses;
  • Communicate about Service changes or updates; and
  • Send educational newsletters (with opt-out available).

4.6 Data Use Limitations:

  • We do NOT use student data for advertising or marketing purposes;
  • We do NOT sell personal information to third parties;
  • We do NOT create behavioral profiles for advertising purposes; and 
  • We do NOT use student data beyond what is necessary for educational purposes.

5. DATA SHARING AND DISCLOSURE

5.1 No Sale of Personal Information. We will not sell your PII to any third party without your permission.

5.2 Service Providers. We share information with service providers who help us operate our Services, subject to agreements requiring adherence to the provisions of this Privacy Policy and/or Other Agreement.

5.3 Legal Requirements. We may disclose Data when required by law, to comply with legal process, enforce agreements, protect security and integrity of our Services, or protect our rights and users.

5.4 Business Transfers. If our business is acquired, merged, or assets are sold, Data may be transferred. You will be notified of any resulting change in protection or use of your Data.

5.5 Public Information. Any Data you choose to make publicly available via our Services will be available to others.

5.6 Aggregate Data. We may share aggregated, de-identified Data that does not identify you personally for quality assurance, platform improvement and evaluation purposes.

6. ACCOUNT CONVERSION AND DATA PORTABILITY

6.1 School to Individual Account Conversion. When a student’s School-Sponsored Account is converted to an individual Account, we will:

  • Reclassify the student’s School-Sponsored Account to an individual Account;
  • Maintain data continuity to preserve the student’s work and progress;
  • Allow the student to associate a personal email address with their account;
  • Transfer ownership of the student Data from the school to the student; and
  • Notify relevant parties of the conversion in accordance with applicable agreements.

6.2 Data Portability. Upon account conversion or upon request, we will provide your Data in a structured, commonly used, machine-readable format where technically feasible.

7. DATA RETENTION AND DELETION

7.1 General Retention Policy. We retain personal data only as long as necessary to (i) fulfill the purposes for which it was collected; (ii) comply with legal obligations; (iii) resolve disputes and enforce agreements; and/or provide ongoing Services to active users.

7.2 Student Data Retention. For student data, we follow these specific retention practices:

  • Active accounts: Data retained while account remains active and in use;
  • Inactive accounts: Student data deleted after 2 years of inactivity unless longer retention is required by law or Other Agreement;
  • Upon graduation or course completion: Schools may request data deletion or transfer to student for school-sponsored student accounts via the school to individual account conversion described herein; and
  • Account termination: Data deleted within 60 days unless legal retention is required.

7.3 Data Deletion Requests . Users may request deletion of their data by emailing privacy@scrible.com with “Data Deletion Request” in the subject line.  You may be asked to providing verification of identity as required by law, regulation or our own internal policies.  Your request should specify what data should be deleted.

7.4 Deletion Process. Upon receiving a valid deletion request, we will:

  • Confirm the request within ten (10) business days; 
  • Complete deletion within 60 days where technically feasible;
  • Notify the user when deletion is complete; and
  • Retain only data required by law or for legitimate business purposes.

7.5 Limitations on Deletion.  We may retain de-identified, aggregated data that cannot be linked to individuals.  Some data may remain in backup systems for as long as reasonably necessary or to comply with relevant laws, regulations or Other Agreements. We may retain data required for legal compliance, fraud prevention, evaluation, platform improvement, quality assurance or safety purposes.  Partial deletion of data may not be possible without affecting account functionality.

7.6 Account Termination. When accounts are terminated (i) user  and personal data are deleted within 60 days; (ii) system logs may be retained for security and legal compliance purpose and (iii) de-identified usage statistics may be retained for service improvement.

8. CHILDREN’S PRIVACY AND STUDENT DATA

8.1 COPPA Compliance and Safe Harbor Participation. Our Services comply with the Children’s Online Privacy Protection Act (COPPA). We participate in the iKeepSafe COPPA Safe Harbor Program, which provides enhanced protections for children under 13. We do not knowingly collect personal information from children under 13 without proper consent.

8.2 Data Collection Minimization. We limit data collection from children to only what is reasonably necessary to provide our Services for educational purposes. We clearly identify what data is required for basic operation versus what is optional.

8.3 Parental Rights and Control. For children under 13, we ensure parents maintain control over their child’s personal information through:

  • Notice: Clear notification of our data collection practices;
  • Consent: Obtaining verifiable parental consent before collecting personal information or relying on school consent as a substitute where applicable;
  • Access: Providing parents reasonable means to review data collected from their child;
  • Deletion: Allowing parents to request deletion of their child’s data; and
  • Future Collection: Enabling parents to refuse future data collection from their child.

8.4 School Consent Authority. Schools may provide consent on behalf of parents for the collection of student information exclusively for educational purposes. Such collection must be for the use and benefit of the child or school.

8.5 FERPA Compliance. Our Services comply with the Family Educational Rights and Privacy Act (FERPA). We act as school officials with legitimate educational interests when processing student data on behalf of schools.

8.6 Student Data Ownership. We do not claim ownership of a student’s Data. For individual Accounts, student Data is owned by the student. For School-Sponsored Accounts, Student Data is owned by the school.

8.7 Parent and Student Access. A student or their parents or legal guardians may access, correct, update, or delete the student’s personal information through their Account settings.

8.8 No Advertising or Marketing to Students. For School-Sponsored Accounts, we do not:

  • Display advertising to students;
  • Use Student Sata for targeted advertising;
  • Share Student Sata with third parties for advertising or marketing purposes; or
  • Create marketing profiles from student data; or
  • Collect student data for any purpose other than providing educational services. 

8.9 Employee Training and Knowledge. All employees with access to student or child data receive regular training on privacy requirements, COPPA compliance, and data security best practices. We maintain baseline knowledge of privacy requirements through ongoing education.

9. SECURITY

9.1 Security Measures. We implement industry-standard security measures including: (i) encryption of data in transit and at rest using current standards; (ii) secure access controls and multi-factor authentication; (iii) regular security audits and vulnerability assessments; (iv) intrusion detection and monitoring systems; (v) secure hosting facilities with firewalls and 24/7 monitoring and background checks for all employees with access to personal data.

9.2 Data Integrity and Confidentiality. We maintain the confidentiality, security, and integrity of personal data through: (i) regular data backups with secure storage; (ii) access controls limiting data access to authorized personnel only; (iii) secure data deletion procedures when data is no longer needed and (iv) incident response procedures for security events.

9.3 Employee Training. All employees receive regular training on: (i) data privacy and security requirements; (ii) COPPA and FERPA compliance; (iii) Company privacy policies and procedures; (iv) incident response protocols and (v) best practices for handling personal and student data.

9.4 Third-Party Security. We utilize subprocessors and service providers whose terms are consistent with the security standards contained in this Privacy Policy or Other Agreement, if any.

9.5 Data Breach Notification. In the event of a security incident affecting your Data, we will:

  • Notify affected users via email and/or through our Services within two (2) business days of discovery;
  • Notify schools affected within two (2) business days for student data breaches;
  • Provide details about the nature of the breach, affected data, and remediation steps;
  • Cooperate with law enforcement and regulatory authorities as required; and
  • Take immediate steps to contain and remediate the breach.

9.6 Limitations. While we implement robust security measures, no method of data transmission or storage is 100% secure. We encourage users to take appropriate precautions when sharing information online.

10. STATE-SPECIFIC PRIVACY RIGHTS

10.1 California Residents (CCPA/CPRA) California residents have the right to:

  • Know what personal information is collected and how it’s used;
  • Access their personal information;
  • Delete personal information;
  • Correct inaccurate personal information;
  • Opt-out of the sale or sharing of personal information; and
  • Non-discrimination for exercising these rights.

10.2 Other State Privacy Rights We comply with privacy laws in Colorado, Connecticut, Delaware, Florida, Illinois, Indiana, Iowa, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New York, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, Washington, and West Virginia.

Residents of these states may have rights including:

  • Access to personal information;
  • Correction of inaccurate information;
  • Deletion of personal information;
  • Data portability;
  • Opt-out of targeted advertising and data sales; and
  • Appeal denied requests.

10.3 Sensitive Data Processing.  We do not currently collect or require you to provide any sensitive data.  Before doing so, we would obtain affirmative consent before processing sensitive personal data, including biometric, health, or precise geolocation data.

10.4 Appeals Process. If we deny a privacy request, you may appeal within 30-60 days (depending on your state). We will respond to appeals within 45 days.

11. GDPR RIGHTS (EU/EEA Residents)

If you are in the EU or EEA, you have the right to (i) access, rectify, or erase your personal information; (ii) restrict or object to processing; (iii) data portability; (iv) withdraw consent and (v) lodge a complaint with supervisory authorities.  The legal basis upon which we process personal information is based on consent, contract performance, legal obligations, vital interests, public interest, or legitimate interests.

12. INTERNATIONAL USERS

If you access our Services from outside the United States, your information will be transferred to and processed in the United States. Data protection laws may differ from those in your jurisdiction. By using our Services, you consent to this transfer and processing.

13. DO NOT TRACK

We do not currently respond to browser “Do Not Track” signals, as there is no universally accepted standard for handling such signals.

14. THIRD-PARTY SERVICES

Our Services may include links to or functionality from third-party services. These third parties have their own privacy policies, and we are not responsible for their practices.

15. MARKETING COMMUNICATIONS

You may opt-out of receiving email communications from us, except transactional correspondence and messages related to privacy, data security, negative Account or payment status and interruption or disruption of our Services. You may set or change your email communication preferences via Your Account settings.

16. ACCESSIBILITY

We are committed to making our privacy practices accessible. If you need this policy in an alternative format or require accommodation to exercise privacy rights, please contact us at privacy@scrible.com.

17. POLICY UPDATES

We may update this Privacy Policy periodically. For minor changes, we will update the “Last Updated” date on our website. For significant changes, we will notify users directly by email when possible. Organizations subject to Other Agreements will be notified as required in such Other Agreements of material changes affecting student data processing.

18. SUCCESSORS AND ASSIGNS

This Privacy Policy inures to the benefit of successors and assigns of Scrible.

Last Updated: 2025-12-19

Facebook Twitter LinkedIn YouTube