Date of Last Revision: January 29, 2019.
Welcome to CourseNetworking, LLC, an academic and professional networking and content delivery service. Please keep the following in mind while reading:
- The CourseNetworking, LLC service (the "Service")
- CourseNetworking, LLC (collectively, "us", "we" or "the Company").
- CourseNetworking, LLC Site located at thecn.com (collectively, the "Site")
The Information We Collect
When you visit the Site, you provide us with two types of information: personal information you knowingly choose to disclose that is collected by us, and website use information collected by us as you interact with our Site.
Your Site-Use Information
CN collects information based on your use of the Site, your created content you’ve chosen to save to your ePortfolio and your social activity with others within the CN platform. This information is stored solely so you can go back and review, edit view, etc. If you want to delete a past interaction, your created content, etc. you may do so at any time.
When you enter the Site, we collect your browser type and IP address. This information is gathered for all Site visitors. We also collect information from the URLs from which you linked to our Site. Collecting such information may involve logging the IP address, operating system and browser software used by each user of the Site. We may be able to determine from an IP address a user’s Internet Service Provider and the geographic location of his or her point of connectivity.
In addition, we store certain information from your browser using "cookies." A cookie is a piece of data stored on the user's computer tied to information about the user. We use session ID cookies to confirm that users are logged in. These cookies terminate once the user closes the browser. By default, we use a persistent cookie that stores your login ID (but not your password) to make it easier for you to login when you come back to the Site. This cookie does not contain any other information except your login ID/CN number. In addition, the Company uses SendGrid to send emails to Users. These emails contain cookies and web beacons that let SendGrid know what emails are delivered, opened, clicked-on, bounced back, or treated as spam solely to improve the service and ensure Users are getting access to important information from the Service.
Personally Identifiable Information
When you use the Site, you may set up your personal profile, form relationships, send messages, perform searches, form groups, and transmit information through various channels. We collect this information so that we can provide you the Service and offer personalized features. When you update your information, we may keep a backup copy of the prior version in our archives. These backups stay in our system for 6 months on a month-to-month basis. When a new month is saved, the oldest existing month is deleted permanently.
If you choose to use our "Invite New Members" service to tell a friend about the Site, we will ask you for your friend's email address. We will automatically send your friend a one-time email inviting him or her to visit the Site. The Site stores this information to send this one-time email, to register a friend connection if your invitation is accepted, and to track the success of our referral program. Your friend may contact us at firstname.lastname@example.org to request that we remove this information from our database.
When you register with the Site, you provide us with certain personal information, such as your name, your email address, your major or interests (optional), and your country. For licensed institutions, we acquire information from the SIS which includes additional information like course registration, course role, and groups, etc.
By using the Site, you are consenting to have your personal data transferred to and processed in the United States.
How we use this Information
When you register with the Site, you create your own profile and privacy settings. Your profile information, as well as your name, email, and photo, are displayed to people in the networks specified in your privacy settings to enable you to connect with people on the Site.
Generally, you may opt out of such emails, though the Site reserves the right to send you notices about your account even if you opt out of all voluntary email notifications. Licensed institutions may completely block user public access and search engines. Individual users may check a box on their own ePortfolio/profile to block this feature as well.
Sharing Your Information with Third Parties
The Site permits sharing information with other students and colleagues in your networks while providing you with privacy settings that restrict access to your information. We allow you to choose the information you provide to others through the Site. Our network architecture and your privacy settings allow you to make informed choices about who has access to your information. We share your information with third parties only in limited circumstances where we believe such sharing is 1) reasonably necessary to provide the Service; 2) legally permitted or required; 3) with your permission. Without limiting the generality of the foregoing, some examples of circumstances under which we may share your personal information are:
We may be required to disclose user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We do not reveal information until we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. Additionally, we may share account or other information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Service or using the Site, or to prevent imminent bodily harm. This may include sharing information with other companies, lawyers, agents or government agencies.
When you use the Site, certain information you post or share with third parties (e.g., a fellow student or colleague), based on your permission settings, such as personal information, comments, messages, photos, videos, or other information, may be shared with other users in accordance with the privacy settings you select. All such sharing of information is done at your own risk. You may choose to keep it private, share with classmates, instructors, global classmates, or publicly share. Please keep in mind that if you disclose personal information in your profile or when posting comments, messages, photos, videos, or other items, this information may become publicly available.
Changing or Removing Information
Access and control over much of your personal information on the Site is readily available through the profile editing tools. You may modify or delete your profile information at any time by logging into your account. Individuals who wish to deactivate their Site account may do so by contacting us at email@example.com. Deleted information may persist in our archives, but will not available on the Site after deactivation. This data stays archived for up to 6 months and is deleted on a monthly basis. Where you make use of the communication features of the Service to share information with other individuals, (e.g., sending a message to another Site user) you generally cannot remove or delete such communications. If you wish to have this data removed from our servers entirely before it is scheduled to be removed, you must contact firstname.lastname@example.org.
International Privacy Practices
CourseNetworking sites and services are primarily operated on Amazon servers located in the United States. To improve our service and site for users, we may transfer your personally identifiable information from the EEA to the U.S. However, during these transfers, we take full precautions and provide the same level of protection as transfers residing in the EEA. As previously mentioned, we use Amazon servers, and through Amazon, we adhere to the EU-U.S. Privacy Shield Framework when transferring data from the EEA to the United States. Please see the Amazon Privacy Shield Policy certification for more information.
We developed CN using universally accepted best practices for applications that handle sensitive information, and are accessed via the Internet by end-users and partners. These best practices include guidelines for encryption and highly restricted access to back-end development, deployment, and data storage environments. This also covers the OWASP Top 10 recommendations.
We have proved proficiency in all audits and security scans conducted by University IT departments. This means that our clients perform inspections and approve of our product suite post-security checks.
We apply established best practices for ensuring our infrastructure is secure:
- All traffic is encrypted using SSL/TLS with 256-bit encryption (HTTPS).
- CN servers are guarded by various firewalls, with both external WAN access and internal LAN restrictions - powered by AWS infrastructure.
- CN server access is given only to the trusted CN employees who require it.
- CN controls all access logs and records actions made each user.
- CN employs automatic installations (with no interruption to end-users) for all crucial operating system and application security patches as soon as they are released
- All servers operate within a Virtual Private Network (VPN) (secure structure of different components of the system), which are only accessible from internal nodes
- We transfer all of the incoming and outgoing traffic through one secure proxy interface.
CN is hosted using Amazon Web Services (AWS). AWS data centers adhere to the highest standards of physical security and processes and have fulfilled ISO 27001, ISO 9001, SOC 3 and other certifications. For more information on AWS security infrastructure visit http://aws.amazon.com/security/ and http://aws.amazon.com/compliance/
Our user-data back-ups to the Amazon Elastic Block Store (EBS) service occur regularly and automatically; additionally, EBS has redundant nodes in different locations. CN stores all data for six months for customers (may be extended per contract terms if necessary). We can also execute a data dump or delete data based on client need. All backups and snapshots are encrypted.
Regarding user-data and AWS, we...
- host our services in the N. Virginia datacenters of Amazon
- perform daily data backups on a separate server - backups are complete versions of production data
- use the Mongo DB Replica set which renders higher availability, retrieval performance, reliability, vertical and horizontal scalability, and very low "Recovery Time Objective"
- can extend the number of servers to handle the higher load without any interruption
CN is hosted on thoroughly firewalled servers which automatically disable any unsupported device that tries to access them; the servers are carefully configured to allow access only to known services. Our data centers are only accessible by our internal servers, and no external access is granted.
Data Integrity and Disaster Recovery
CN is designed and meticulously built for High Availability and 99.9999% uptime. We conduct user data backups daily. However, having access to multiple duplicate servers reduce the risk of data loss (close to zero). Essential data and data with the highest usage rates are delivered to users worldwide using CDN to reduce the propagation delay. In addition to providing higher performance and availability, redundant data centers decrease the disaster recovery time (to zero). Therefore, if one or more servers fail, there are backup servers that can replace them immediately, without interruption.
We look for our service providers to provide us timely notification of breaches. If a security breach occurs, we will work with our clients and end-users to notify them promptly. If a data breach should occur, the GDPR specifies that we must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.”
Children under the Age of 13
The Site does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register. If you are under 13, do not attempt to register for the Site or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to or on the Site. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you are a user under the age of 13, we require parental permission before allowing the use of the CN site. If you believe that we might have any information from or about a child under 13, please contact us at email@example.com.
Children between the Ages of 13 and 18
We recommend that minors over the age of 13 receive the permission of their parents or guardians before sending any information about themselves to anyone over the Internet.