Yabla tracks information about usage of the site. Much of this data is required to provide functionality of the site. For example, scores when completing Yabla activities, or tracking what videos have been watched or bookmarked. We also require paying subscribers to provide basic information such as an email address. We also track activity on the site for the purposes like customer support and analysis to determine which features are popular on the site. We also offer a commenting feature thus collect original user generated content.
This data is stored on Yabla controlled servers in a data center located in the US and managed by Linode, Inc. The servers are physically secured, and access to subscriber information is limited to Yabla employed customer support personnel and Yabla employed software engineers. We also store backups using Amazon's AWS S3 system. This is stored in the US East region.
We collect payment information and pass it to payment providers. We store no credit card numbers and our payment providers do not make the credit card numbers available to us. Our payment providers include Stripe, PayPal, and Apple for inApp payments.
We also use Google Analytics to monitor page views and event data on the site. We do not send personally identifiable information to Google Analytics such as email addresses. Google Analytics uses 1st-party (Yabla specific) cookies to identify and tag devices.
We collect email addresses when new subscribers sign up, and when people ask to be added to the mailing list. This information is stored on our servers, and passed to MailChimp. We use MailChimps platform to compose and send email campaigns. Subscribers can opt out of email communication via the emails sent or on our site.
We use various forms of advertising, primarily Facebook and Google Adwords. When a user visits our site, we send a tracking pixel to Google and Facebook which includes a cookie to identify the device. This enables advertising commonly referred to as re-targeting. Regardless of how a user reaches our site, the user may see Yabla advertising on Facebook or elsewhere on the web via Adwords. We also send a similar tracking pixels when a user completes an action such as purchasing a subscription. This enables Yabla to see the effectiveness of advertising. While we send no personally identifiable information, the reach of Facebook and Google means they generally can know who purchased a subscription to Yabla or visited Yabla. They don't make this information available to us, e.g. we don't get a list of Facebook users that visited or signed up for Yabla. While we don't offer a way to opt out of this tracking, many ad blocking tools can stop this tracking. We frequently verify that Yabla's site works when users run ad blocking software.
For school and university subscribers, we offer an option to turn off all 3rd-party communication. This feature can be enabled with a request to firstname.lastname@example.org
On our servers which we control, we retain subscriber activity that is required for the service to function indefinitely. For information we use for internal analytics and logging, the data is purged within 6 months from our production systems, and within a year for all backup information to be purged.
We believe in the right to be forgotten. We have a procedure to remove all personally identifiable information. Our standard procedure is to replace names and emails with anonymous information, and delete device identifiers and IP address information for that user. Requests for deletion can be made by emailing email@example.com. We reserve the right to delay the deletion for up to 90 days if there are outstanding payment issues which would require contact information. A complete purge from offline backups may require up to 6 months.
Any subscriber data can be made available to the subsriber. We will provide all subscriber data upon request to firstname.lastname@example.org. This will include all data from our production system relevant to the user requesting their own information.
Additional information about Yabla's data handling can be requested by contacting email@example.com.
FERPA Yabla complies with all FERPA data protection requirements for student personal information. Our US school student data is stored in US data centers with strong physical security. All data at rest and in transit is encrypted. Our site is tested and audited for security regularly. We operate with added security and audits because we are an e-commerce business processing payments. Employee access to student data is limited and logged.
The information we collect from schools is limited to Directory Information (class rosters) which is permitted by FERPA rules. We also collect student activity on the site such as responses to multiple choice questions. We do not collect any free form or creative responses from students such as essays. While we record scores for various student activity, we do not have access to grades or course transcripts for students. All data we collect is stored with FERPA compliance.
Yabla can also be used at schools without requiring a students name or screen name, thus no COPPA personal information is shared. Some schools opt to only create "lab" accounts, e.g. "lab computer 4", and the students name is not shared with Yabla. Schools can also purchase a subscription where all Yabla content is accessible from the schools network without any login identifiers.
Yabla will not give, rent, sell or otherwise distribute your email address or any other personal information to any third party without your explicit consent. The only exception to this policy will take place if it is necessary to disclose information to law enforcement or other government authorities as part of an investigation, and the law demands that we comply.
Yabla reserves the right to change, modify or amend this policy at any time. Any such update will be posted here.
Write to us at: firstname.lastname@example.org