Our Commitment to You and Adherence to Compliances

We’re committed to the protection and privacy of our users’ personal information. We adhere to the most up-to-date compliances focused on the safety and security of private data. Through our sophisticated encryptions, advanced security measures, impenetrable data storage on the Cloud, and compliance to regulatory privacy and security acts around the world, Copyleaks’ users can rest assured knowing their information is consistently safe and secure.

Read through below to learn more about the different compliances that Copyleaks is compliant with.

Children's Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA), enforced by The Federal Trade Commission, regulates the collection of personal information from children under 13 and places parents in control. The COPPA rule outlines the regulations websites and online services must follow in order to protect children’s privacy and ensure safety online.

Per COPPA, schools are allowed to act on behalf of parents to provide consent for the online collection of students’ personal information within the school content. According to the FTC, service providers like Copyleaks may presume that the school has obtained consent from parents to collect students’ personal information.

We understand the importance of continuously protecting children online. Therefore, we do not disclose any personal information that may cause damage to teachers, students, and parents. We prioritize the safety, security, and privacy of all data we process.

Copyleaks follows all COPPA guidelines and receives any data by way of the institution which has approved student use of Copyleaks.

Family Educational Rights and Privacy Act (FERPA)

The security and privacy of our users’ data is our top priority and we do everything we can to ensure the safety of user information. Copyleaks agrees to be a platform used for legitimate educational interests in regards to customer data as defined under FERPA. Copyleaks handles any user records, including students’, in a way that protects all information. Copyleaks commits to using the information provided by schools and users themselves in a way that is compatible with the agreement, cloud services, and will never mine the data.

Copyleaks is compliant and recommends partnered institutions to comply with FERPA, including:

Copyleaks recommends that institutions comply with FERPA’s requirements regarding the use and disclosure of education records so that students and parents are informed about any services the school may engage with.

Data that is collected from students are kept safe, secure, and private. The primary purpose of data collection is in assisting the instructor in assessing the assignment.

Children’s International Protection Act (CIPA)

The purpose of the Children’s Internet Protection Act (CIPA) is to limit children’s exposure to explicit content. The CIPA rule enforces schools and libraries to filter content on computers that have access to the internet.

Copyleaks takes into account that students considered minors are using the platform in specific capacities. Administrators have the ability to turn on the safe-search setting to hide any potentially harmful links that may be found during a plagiarism scan.

General Data Protection Regulation (GDPR)

Protecting your data is important to us, and that’s why data protection and security is a top priority of ours. We want our customers to feel safe and in control of their personal information, at any point in time.

Copyleaks is committed to adhering to the guidelines outlined in the EU GDPR and does so by following these practices:

• We will never disclose your personal data.
• We promise to never use your personal data for targeted advertising.
• Your data is securely stored and encrypted.
• Your personal data is solely collected to improve your experience and our service to you.
• We promise to leave the control of your personal data in your control by allowing you to modify, update, or delete uploaded content.
• We promise to continue evolving our practices and procedures to be in compliance with regulatory standards.

For additional information, you can refer to our Terms of Use and Privacy Policy at any time.

Service Organization Control 2 (SOC2)

SOC2 compliance ensures companies securely manage any collected data to protect the interests of organizations and the privacy of its customers. Companies in compliance with SOC2 are required to readily show their measures of data protection and the security of its storage.

Copyleaks is committed to ensuring the privacy and protection of personal data and has obtained the SOC2 certification as a demonstration of this commitment. The SOC2 report outlines Copyleaks’ high-powered system and our adherence to security, privacy, and confidentiality. To read the report, please contact our team.

Service Organization Control 3 (SOC3)

Copyleaks adheres to all guidelines outlined in SOC 3. Similar to SOC 2, SOC 3 focuses on internal controls and their relation to security, confidentiality, and availability. This information can be found on a routinely updated public report that outlines Copyleaks’ internal control policies. To read the report, please contact our team.

California Privacy Rights (CCPA)

Notice for California Residents:

Per the California Consumer Privacy Act (CCPA), California residents have certain rights with respect to their personal information. The following information outlines these rights:

The objective of CCPA:

The objective of CCPA is to help the residents of California maintain control of how their personal data is used and stored, and disallow this information from being unknowingly collected and used or sold in manners not explicitly agreed upon.

To keep control in the hands of California residents, companies are required to delete any specific personal data when requested by the user. With CCPA, California residents are capable of exercising privacy rights at any point in time.

Summary of Information We Collect:

Under the CCPA, any personal information collected from you must be grouped into “categories” and can only be disclosed for business purposes (as defined by applicable law). Those categories are as follows:

• Identifiers (ex: name, email address, or social network account and profile data).
• Commercial information (ex: transaction data for a paid account).
• Financial data (ex: payment method or financial account information).
• Internet or other network or device activity (ex: IP address and usage information).
• Location information (ex: the general location where you use your device when interacting with the Site, Software, or Services).
• Sensory information (ex: audio recordings if you call our customer service).
• Inference data about you.
• Other information that identifies or can be reasonably associated with you.

This collected information is used to improve your experience with our software and tailor our services to you.

Rights:

If you are a California resident, you hold certain rights in accordance with CCPA. As Copyleaks collects and stores your personal information, California residents are permitted to request:

• Access to the information stored on you.
• Provide a detailed account of the categories of personal information we have collected or disclosed about you.
• Delete any information that may be stored about you.

Read more about the CCPA on Copyleaks’ blog: https://copyleaks.com/blog/what-is-the-california-consumer-privacy-act-ccpa/

EU-US & Swiss-US Privacy Shield

Constructed by the U.S. Department of Commerce, the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework set policies regarding the collection, use, and retention of personal data transferred from Switzerland and the European Union to the U.S.

Copyleaks is in full compliance with all guidelines and principles set forth in the Privacy Shield and has been certified by the Department of Commerce.

Copyleaks aims to be fully transparent and address concerns regarding our collection or use of any personal information, in compliance with the Privacy Shield policy. If EU or Swiss users have questions or concerns about their data collection or use of information, please contact us at [email protected].

As outlined in the Privacy Shield Framework, Copyleaks may be held responsible for data that is misused after being transferred to a third-party agent. Personal data can be misused if third-party agents use the information in a manner inconsistent with the Principles. This accountability can be evaded if adequate evidence is provided that Copyleaks did not play a hand in the mishandling of personal information and did not give rise to any occurring damage.

GÉANT Data Protection Code of Conduct

At Copyleaks, we prioritize the privacy and protection of our users. We want to remove any concerns users may have regarding identity theft or misuse. To do this, Copyleaks follows the guidelines and adheres to the GÉANT Data Protection Code of Conduct.

Per the GÉANT Project, “The Data Protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. The Data Protection Code of Conduct defines behavioral rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations.” For more information, please refer to http://www.geant.net/uri/dataprotection-code-of-conduct/v1.

For more additional information on our policies relating to personal information, data privacy, and more, users can refer to our complete privacy policy here: https://copyleaks.com/legal/privacypolicy

Web Content Accessibility Guidelines (WCAG) 2.0 + 2.1 AA

Accessibility is an important value at Copyleaks, which is why we continuously update our system to offer the highest quality service to our users. We comply with the Web Content Accessibility Guidelines (WCAG 2.0 + 2.1 AA) which evaluates and monitors Copyleaks’ conformance to accessibility standards on a routine basis. For more information, please review the WCAG Standards.

The Web Content Accessibility Guidelines are based on four main principles: perceivable, operable, understandable, and robust. There are high standards that must be met in order to adhere to these principles. Examples of this vary from allowing the online text to be zoomed in without any blurriness, including alternative text, ensuring high contrast text, and various other strategies. By adhering to these principles and continuously optimizing our system to be understandable by all, Copyleaks maintains a user-friendly, accessible system.

At Copyleaks, we strive to consistently improve our system and enhance the experience of our users. We routinely review, audit, and assess our compliances as well as update our material to reflect the newest information.

Voluntary Product Accessibility Template (VPAT)

At Copyleaks, we strive to make our platform accessible for everyone, regardless of users’ disabilities. To accomplish this, we offer voluntary product accessibility templates (VPAT). This tool validates our compliance and conformance with the accessibility standards under Section 508 of the Rehabilitation Act and the Act WCAG 2.0 AA Standards.

We promise to continuously update our site to offer the most accessible services to our users and offer complete transparency in all respects to accessibility.

You can request Copyleaks’ Product VPAT documents and/or the Accessibility Conformance Report by contacting us at [email protected].

For additional information on our policies relating to personal information, data privacy, and more, users can refer to our privacy policy and security policy.