Our Policies are now Open Source and on Github

As part of our ongoing commitment to clarity and transparency in our approach to privacy, we've made some important changes to our privacy policies.

Our policies are now on GitHub

For those who are not familiar with it, GitHub is a web-based repository with handy version control features. It is most commonly used for developers to manage source code, since old versions are kept and changes can be viewed in a change log. We have harnessed this feature in our quest to be open and honest about data protection and security, and now have all our policies in a public repository. We can’t make any edits to any of our policies without you being able to track the exact change.

Don’t worry - this hasn’t made our policies harder to find or less friendly to non-developers. We ‘scrape’ them from GitHub onto our website so the most recent version is present on our website just as it was before. What it means is that any changes we make will be clearly logged and visible on GitHub. If they’re material changes then we’ll also notify you directly through blog or email. View the policies or "watch" for future alterations on GitHub.

If you think our policies could be even better then the great thing about GitHub is that you can suggest these edits directly to us! So if you are at all unclear about our policies, simply tell us how we can be better.

Our policies are Open Source

When you finish reading one of our policies you’ll now notice this at the bottom:

Applying this Creative Commons license means that we are relinquishing our sole ownership of these documents and allowing you to use them for your own purposes. You’re even allowed to edit them and adapt them to suit you better. We don’t mind whether you’re a for-profit or a non-profit organisation. All we require is that you distribute your derivative work under the same license as we have, and that you give us the appropriate credit when you do choose to use our work.

So why are we doing this? We want to drive up the standards for data security and privacy in the education technology sector. We’ve spent a lot of time, thought and money on making these policies clear, comprehensive and relevant, and we’d like others in the sector to have no barriers to being equally open and transparent. Our Third Party Developer Agreement requires that third party app developers have a privacy policy covering certain areas, and we make this available to schools at the point of permissioning an app so schools can check whether or not they’re happy to go ahead and share the data. By making our own policies open source, we make it even easier for third party app developers to ensure that they’ve got a good policy which makes it clear how they use your data.

Just a word of caution: no two organisations are alike, so for our policies to be useful and applicable to your organisation you’ll need to do some thinking about how they need to be adapted. Whilst you are allowed to use it word-for-word, simply copying our policy won’t make you any better at carrying out your data protection duties. We hope you use it as a prompt to think of the kind of areas you should be covering, and to make your practices even more secure accordingly.