top of page

Jotit App Privacy Policy

1. Introduction and scope
Jotit.io is an educational platform designed to help K–12 students collaborate on assignments and track learning progress. Protecting the privacy and security of students, teachers, and parents is a core part of our mission. This Privacy Policy explains what information we collect, how we use and share it, how we safeguard it, and the rights available to users. Jotit.io complies with all applicable federal and state privacy laws, including the Family Educational Rights and Privacy Act (FERPA) and its implementing regulations, the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), the Illinois School Student Records Act (ISSRA), Florida’s Student Online Personal Information Protection Act (SOPIPA), the Oklahoma Student DATA Act, and other relevant laws and regulations. Where state‑level Student Data Privacy Agreements (SDPAs) apply, Jotit.io will honor and incorporate their terms.


2. Information We Collect
Jotit collects only the minimum information necessary to provide its educational services and ensure secure operation. The categories of data collected include:

  • Account Information: Jotit user authentication is handled via secure, token-based services such as Google Sign-In, and Multi-Factor Authentication (MFA) is required for access to critical systems. The account details are only saved on the LMS and Jotit does not collect or save this information.

  • Educational Content and Submissions: Educational content is locally stored in Jotit and backed up on the student’s connected Learning Management System (LMS). Annotations are encrypted locally on the student’s device and then uploaded to Jotit's Firebase storage for secure storage and backup.

  • Usage and Device Information: To improve reliability and user experience, we automatically collect technical data such as IP address, device type, operating system, browser type, interaction logs, and usage duration. This information is used solely for operational purposes like troubleshooting, analytics, and platform enhancement. Jotit does not serve ads or use tracking cookies, and no persistent identifiers are used to follow students across external websites.

  • Communication Data: When users contact Jotit, for example, for technical support or feedback, we collect contact details and the contents of the communication to assist and improve our service.

  • Sensitive Data: Jotit does not intentionally collect sensitive or personal data such as health records, biometric data, or government-issued identifiers. The platform is designed to operate exclusively within the scope of educational use. Users should avoid submitting sensitive or unnecessary personal information. If such data is inadvertently collected, it will be promptly deleted upon identification.

3. Legal bases and purposes of processing
We process personal data solely for legitimate educational purposes and to operate our platform. These purposes include:

  • Providing and maintaining the service – Creating and managing user accounts, enabling collaboration on assignments, storing and displaying educational content, and providing support.

  • Improving the platform – Analyzing aggregated usage patterns to troubleshoot, enhance functionality, and develop new features. Any data used for improvement is aggregated or de‑identified.

  • Communications – Responding to teacher, student, or parental inquiries; informing users of important updates or changes to our service; and providing notifications related to assignments or system status.

  • Compliance with law and contracts – Fulfilling obligations under FERPA, PPRA, COPPA, SOPIPA, and other regulations; complying with SDPAs; and assisting schools with reporting and accountability requirements.

Jotit.io does not use personal data for advertising, marketing, or profiling purposes. We prohibit targeted advertising to students and will never sell, share, or rent student information to third parties, consistent with Florida’s SOPIPA. We also do not engage in automatic decision‑making about students, and we do not use persistent identifiers to track students across other websites.


4. Sharing and disclosure of information
We do not sell or rent personal data to third parties. We may share information under the following circumstances:

  • With educational institutions and authorized users, Jotit.io enables students to share their work with teachers and classmates. Where a school or district licenses Jotit.io, that institution acts as the data controller and determines how data is used; Jotit.io acts as a “school official” under FERPA and only discloses data to teachers, administrators, parents/guardians, or students as directed by the institution. Parents and eligible students have the right to access their records; Jotit.io may facilitate access by returning records to the school or district upon request.

  • Service providers – We engage trusted third-party companies (e.g., cloud hosting providers, analytics providers) to perform functions on our behalf. These providers are contractually bound to use the data only for educational purposes, to protect it with appropriate security measures, and to comply with applicable privacy laws and SDPAs.

  • Legal requirements – We may disclose data to comply with applicable laws, court orders, or government regulations or to protect the rights, safety, or property of students, users, school,s or Jotit.io.

  • Change of control – If Jotit.io undergoes a merger, acquisition, or sale, we will provide notice and require the successor entity to honour this policy. Data will not be used for any new purposes without consent.

5. Data retention and destruction
Jotit.io retains personal data only as long as necessary to provide the service or as required by law or contractual obligations. For student accounts, data are retained as long as the student remains an active user. Upon request from the school, district, parent, or eligible student, or upon termination of the educational relationship, Jotit.io will delete or de-identify the data within a reasonable period (typically within 30 days). Contracts with schools will include provisions on data retention and secure destruction upon contract termination, as recommended by PTAC.


6. Data security
We employ administrative, technical, and physical safeguards to protect personal data. These measures include encryption in transit (e.g., TLS) and at rest, robust authentication and access controls, regular security audits, network segmentation and intrusion detection, and incident‑response procedures. Our cloud providers meet industry‑recognized standards (e.g., ISO 27001, SOC 2) comparable to those used by leading educational platforms. We also require service providers to implement similar measures. In the event of a data breach, Jotit.io will promptly notify affected schools and users within the timelines required by law and will work with the institution to comply with any applicable breach notification laws and SDPAs.


7. User and parental rights
Jotit.io recognizes and supports the rights of parents, guardians, students, and educational institutions as outlined in FERPA, PPRA, and COPPA. Accordingly:
Access and correction – Parents, guardians, eligible students, and school officials may request access to or correction of personal data that Jotit.io maintains. Requests should be made through the school or directly to Jotit.io’s privacy team (see contact information below). We will respond within 30 days.

 

  • Deletion – Parents, eligible students, or schools may request deletion of personal data. Upon receiving a verified request, Jotit.io will delete or de-identify the data, unless retention is required by law or necessary to fulfill the educational purpose.

  • Opt-out of directory information – Jotit.io will not disclose any information designated as directory information by a school or district unless permitted by that institution and after parents have been allowed to opt out. We encourage schools to define directory information narrowly and to exclude addresses and phone numbers when not necessary.

  • Consistent with COPPA – For users under 13, Jotit.io relies on school officials acting as agents of parents to provide consent for the collection and use of data, as permitted by COPPA. Parents may review, delete, or refuse further use of their child’s data at any time.

8. Updates to this policy
We reserve the right to update this Privacy Policy to reflect changes in our services or any applicable legal requirements. If we make material changes, we will provide reasonable notice via our website or through the school or district. Continued use of Jotit.io after the effective date of a revised policy constitutes acceptance of the revised terms.

9. Contact information
For questions or concerns about this policy or to exercise your rights under it, please contact Jotit.io’s Privacy Officer at:
Email: privacy@jotit.io
Mail: Jotit Inc.
1000 N West St
Suite 1400
Wilmington, DE
US 19801

This privacy policy is designed to meet or exceed the requirements of FERPA, PPRA, COPPA, Illinois ISSRA, Florida SOPIPA, Oklahoma’s Student DATA Act, and relevant state student‑data‑privacy agreements. It incorporates best practices from existing education‑technology providers by minimizing data collection, prohibiting targeted advertising, ensuring direct control by educational institutions and protecting students’ and parents’ rights.
 

bottom of page