Flip has industry-leading privacy and security commitments supported by the team at Microsoft. We are used by educators throughout the world and the privacy of your student data is very important to us. Below is an outline of Flip's commitment to educator and student data with all official documents at Terms & Privacy.
Privacy of Educator & Student Personal Data
Flip is an educational offering and any personal data that is collected from or generated by Flip is used only to provide that educational offering:
- We abide by the Student Privacy Pledge, which pledges us to “not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes.”
- Educators (School leads) control the content in their Discussions and are able to edit/delete any student content. All data will be saved on Flip until deleted by the educator or student. Any deletion is immediate and permanent.
- Flip can be used by students of all ages.
- We do not sell or share student data with any marketers.
- Data collected by Flip is only processed to provide, improve & develop the service, provide customer & technical service, and comply with applicable laws.
- Parent, student, eligible student, teacher or principal should contact the Flip educator directly to understand the educator's privacy practices or to request to access, change or delete information collected by the educator when using Flip.
- All 3rd parties must abide by Flip's data practices. We periodically conduct or review compliance monitoring and assessments of 3rd parties to determine their compliance with Microsoft’s Supplier Security and Privacy Assurance (SSPA) program. Please see Microsoft's Supplier Code of Conduct for additional information.
Security Best Practices
Flip has robust data security, follows industry best practices, and is routinely reviewed by experts at Microsoft. Our practices include but are not limited to the following:
- Data is stored in a secure data center facility located in the United States.
- Security practices, processes, and controls include, but are not limited to, encryption of data in transit, encryption of data at rest, manual & automated monitoring & auditing systems, and access control. Data at rest is encrypted using AES-256 and data in transit is encrypted using TLS protocol standards.
- Security practices and controls are validated through third-party penetration and vulnerability assessments.
- Implementation of least privilege data access by limiting employee access to whatever extent is required for them to perform their job functions. Flip follows employee access best practices including, but not limited to, employee training & education, signed confidentiality agreements, criminal background checks, and secured access control such as network & application level firewalling & two-factor authentication.
- Upon becoming aware of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Student Data or other personal information, promptly and without undue delay Flip will (1) notify affected individuals of the Security Incident; (2) investigate the Security Incident and provide affected individuals with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
This plan outlines Flip's commitments for New York Schools, the Education Law 2-d Rider, and Parent's Bill of Rights. If you have any questions about our privacy & security commitments, COPPA, FERPA, GDPR, or CCPA please reach out to us and we would be happy to provide the answers!
In addition to our privacy and security practices, we encourage you leverage these features when hosting a discussion with your community.
- When using Flip with your school community, use Email, Username, or Google Classroom access.
- Educators can approve all member activity to review all videos and text comments before the content is made available to your community.
- Flip will automatically review English, French, Spanish, Portuguese, Russian, German, Indonesian, and Chinese text comments and prevent the comment from being posted if the comment contains potentially inappropriate words or phrasing; this feature is free and automatically activated on every Topic.