Privacy & Security FAQs

How Brisk Teaching Uses Data
What data is shared with Brisk Teaching and why is it needed?

Our Privacy Policy provides a full explanation of the type of information we collect and how we use it. Brisk Teaching seeks to access the least amount of data required to provide the highest positive impact we can on teaching and learning. Brisk Teaching considers student data to be confidential and does not use student data for any purpose other than to provide the Brisk Teaching to schools.

Brisk accesses data only where you are using the tool. For example, if you desire to change the reading level of a webpage, Brisk Teaching needs to access the contents of that webpage. If you want Brisk Teaching to provide feedback on student work, Brisk Teaching needs access to the student work.

What data does Brisk Teaching store on its servers? Does Brisk Teaching store student data that may be present on documents or information I input to generate things like feedback or IEP goal plans?

Brisk Teaching stores user input (e.g., a rubric that a teacher uploads, a curriculum or IEP prompt that a teacher writes) and Brisk-generated responses (e.g., a lesson plan, an IEP, feedback on a student essay). Brisk Teaching does not store data that it processes (e.g., student essay). If a teacher input includes a student name, then Brisk Teaching would store that student’s name on its servers. If Brisk Teaching generated content includes a student’s name, then Brisk Teaching would store that student's name on its servers.

  • Let’s take a “create” example:  if a teacher includes student information in a prompt like “Create a letter of recommendation for ‘Student Name’”, Brisk Teaching will store that prompt, and the letter of recommendation that Brisk Teaching generates. Both the prompt and the letter of recommendation would include the student’s name.
  • Now let’s look at the feedback tool: a teacher prompts Brisk Teaching to provide targeted feedback on a student’s essay, which includes their name. Brisk Teaching will store the feedback prompt that the teacher writes, and the feedback that Brisk Teaching generates, but not the content of the student’s essay. The feedback could include the student’s name, because their name is typed in their essay.
Why does Brisk Teaching need access to my "entire" Google Drive?
  • Brisk Teaching accesses the minimum data necessary in order to provide Brisk products to teachers and students. Brisk does not have access to teachers’ entire Google Drives. Rather, it has permission to "create" / "save" certain items within your Google Drive. This permission allows Brisk to produce teacher-requested content in Google Docs, Google Slides, and Google Forms.
  • Brisk cannot see any information in Google Drive files or create anything in Google Drive unless a teacher explicitly asks Brisk to give feedback on a file or create a resource through the Chrome Extension.
Security Practices
How does Brisk Teaching protect student information?

Protecting student privacy is a top priority. We are signers of the Student Data Privacy Pledge, and comply with all student data privacy laws, including FERPA and COPPA. We have signed the National Data Privacy Agreement with California, Illinois, Massachusetts, Maine, Missouri, New Hampshire, Ohio, Rhode Island, Virginia, Vermont, Washington, and Wisconsin, and are open to signing district-level agreements when state-level Data Privacy Agreements are not possible.

We have established robust physical, technical, and administrative safeguards designed to protect the information in Brisk Teaching. These safeguards prevent unauthorized access, disclosure, or improper use of information. Below is a summary of some of the steps Brisk Teaching takes to protect student information:some text

  • We restrict access to personal information to authorized Brisk Teaching employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations.  Employees and contractors (“Staff”) are subject to discipline if they fail to meet these obligations;
  • We require our service providers with which we share Student User personal information to employ industry standard data protection and security protocols;
  • We use identification and authentication methods such as multi-factor authentication;
  • We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information;
  • We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored;
  • We maintain a data backup and recovery capability designed to ensure a timely and accurate restoration of personal information;
  • We maintain a secure software development lifecycle with industry standard security practices designed to establish secure application(s), network, and infrastructure architectures;
  • We maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of Brisk Teaching;
  • We regularly provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.
Data Retention, Deletion, & Ownership
How long is information retained in Brisk Teaching? Can it be deleted?

Brisk Teaching automatically deletes accounts after 18 months of inactivity. If you would like Brisk to delete your data, email privacy@briskteaching.com.

Who maintains ownership of information that is input into and generated with Brisk Teaching?

Brisk Teaching does not own the personal information provided by users who engage with Brisk Teaching. Rather, schools control, and are responsible for, data input into and generated with Brisk Teaching. Read more about content owner rights in our Terms of Use. At any point, schools can request the deletion of data by emailing privacy@briskteaching.com.

Large Language Models & AI Training
Does Brisk Teaching use user input to train its models?

No, user input is not used to train any AI models.

What underlying LLMs does Brisk Teaching use? Does Brisk Teaching share my data with them?

Brisk Teaching uses a range of Large Language Models to support different use cases. This way, teachers can get the best of all worlds because Brisk Teaching can figure out which AI model will work best for their task. Boost, Brisk Teaching's learner-facing tool employs a Large Language Model that is hosted by our cloud provider, which ensures additional privacy and security models are in place.

Compliance
Is Brisk Teaching compliant with the Family Educational Rights and Privacy Act (FERPA)?

FERPA is a federal law that covers student personal information in the education context and applies to schools. Brisk Teaching provides Brisk Products to Schools as a “School Official” under FERPA, and we work with Schools to help protect personal data from the Student’s educational record, as required by the FERPA.

Is Brisk Teaching compliant with the Children’s Online Privacy Protection Act (COPPA)?

COPPA governs the collection of certain information from children under the age of 13 by commercial websites and online services.

When Brisk Teaching provides Brisk Products on behalf of a school, the school provides consent for Brisk Teaching to collect information from students under the age of 13. In this case: some text

  • We collect and process personal data from students under 13 solely at the direction of and under the control of a school, and do not require students to disclose more information than is reasonably necessary to use Brisk Products.
  • At all times, schools have the right to request to review or delete the personal data from students under 13 or decline to permit further collection or use of the students’ personal data by contacting the school’s account representative.
  • Schools are responsible for providing appropriate notice to parents of the school’s use of third-party service providers such as Brisk Teaching.

When Brisk Teaching provides Brisk Products directly to children under 13 outside of the school context, we require the child’s parent or legal guardian to provide the appropriate consent or authorization for Brisk Teaching to collect the child’s personal data. The parent, legal guardian or school may withdraw consent at any time.

Where can I read Brisk Teaching’s Terms of Use & Privacy Policy?

You can review Brisk Teaching’s Terms of Use here.
You can review Brisk Teaching's Privacy Policy here.

How do I get a Data Sharing Agreement from Brisk Teaching?

Brisk Teaching has signed the National Data Privacy Agreement with Arkansas, California, Illinois, Massachusetts, Maine, Missouri, New Hampshire, Ohio, Rhode Island, Texas, Vermont, Washington, and Wisconsin. Your district can sign on to your state’s agreement via Exhibit E through the Student Data Privacy Consortium Website (instructions). For districts in the state of New York, we review and sign EdLaw 2d agreements, and have agreements in place with the following Boards of Cooperative Educational Services (BOCES): CiTi, Ulster, and Warren Saratoga Washington Hamilton Essex.

If your district is in a state where we do not have a state-level Data Privacy Agreement in place, reach out to privacy@briskteaching.com, and our privacy team will work with you to sign an agreement.

Service Providers
What data does Brisk Teaching share with third parties?

Brisk Teaching works with service providers to operate and improve Brisk Teaching and Brisk Boost. These trusted vendors help us with a variety of tasks, ranging from web hosting and analytics to software engineering. In order to enable our Service Providers to perform these functions we may need to provide them with access to personally identifiable user (student, educator) information stored in Brisk Teaching systems. For example, we securely store Brisk Teaching and Brisk Boost data in databases managed by Amazon Web Services. For our current list of service providers, please email privacy@briskteaching.com.

We take this type of information sharing extremely seriously and require all the service providers who have access to student personal information to comply with strong privacy and security terms.  Brisk Teaching only enters into agreements with service providers who agree to be contractually bound to, at a minimum, materially similar data protection obligations as are imposed on Brisk Teaching by applicable state and federal laws and contracts.

How Brisk Teaching Uses Data
What data is shared with Brisk Teaching and why is it needed?

Our Privacy Policy provides a full explanation of the type of information we collect and how we use it. Brisk Teaching seeks to access the least amount of data required to provide the highest positive impact we can on teaching and learning. Brisk Teaching considers student data to be confidential and does not use student data for any purpose other than to provide the Brisk Teaching to schools. 

Brisk accesses data only where you are using the tool. For example, if you desire to change the reading level of a webpage, Brisk Teaching needs to access the contents of that webpage. If you want Brisk Teaching to provide feedback on student work, Brisk Teaching needs access to the student work.

What data does Brisk Teaching store on its servers? Does Brisk Teaching store student data that may be present on documents or information I input to generate things like feedback or IEP goal plans?

Brisk Teaching stores user input (e.g., a rubric that a teacher uploads, a curriculum or IEP prompt that a teacher writes) and Brisk-generated responses (e.g., a lesson plan, an IEP, feedback on a student essay). Brisk Teaching does not store data that it processes (e.g., student essay). If a teacher input includes a student name, then Brisk Teaching would store that student’s name on its servers. If Brisk Teaching generated content includes a student’s name, then Brisk Teaching would store that student's name on its servers.

  1. Let’s take a “create” example:  if a teacher includes student information in a prompt like “Create a letter of recommendation for ‘Student Name’”, Brisk Teaching will store that prompt, and the letter of recommendation that Brisk Teaching generates. Both the prompt and the letter of recommendation would include the student’s name. 
  2. Now let’s look at the feedback tool: a teacher prompts Brisk Teaching to provide targeted feedback on a student’s essay, which includes their name. Brisk Teaching will store the feedback prompt that the teacher writes, and the feedback that Brisk Teaching generates, but not the content of the student’s essay. The feedback could include the student’s name, because their name is typed in their essay.
Why does Brisk Teaching need access to my "entire" Google Drive?
  1. Brisk Teaching accesses the minimum data necessary in order to provide Brisk products to teachers and students. Brisk does not have access to teachers’ entire Google Drives. Rather, it has permission to "create" / "save" certain items within your Google Drive. This permission allows Brisk to produce teacher-requested content in Google Docs, Google Slides, and Google Forms.
  2. Brisk cannot see any information in Google Drive files or create anything in Google Drive unless a teacher explicitly asks Brisk to give feedback on a file or create a resource through the Chrome Extension.
Security Practices
How does Brisk Teaching protect student information?

Protecting student privacy is a top priority. We are signers of the Student Data Privacy Pledge, and comply with all student data privacy laws, including FERPA and COPPA. We have signed the National Data Privacy Agreement with California, Illinois, Massachusetts, Maine, Missouri, New Hampshire, Ohio, Rhode Island, Virginia, Vermont, Washington, and Wisconsin, and are open to signing district-level agreements when state-level Data Privacy Agreements are not possible. 

We have established robust physical, technical, and administrative safeguards designed to protect the information in Brisk Teaching. These safeguards prevent unauthorized access, disclosure, or improper use of information. Below is a summary of some of the steps Brisk Teaching takes to protect student information:some text

  1. We restrict access to personal information to authorized Brisk Teaching employees, agents, service providers, or independent contractors who reasonably need to know that information in order to process it for us, and who are subject to confidentiality obligations.  Employees and contractors (“Staff”) are subject to discipline if they fail to meet these obligations;
  2. We require our service providers with which we share Student User personal information to employ industry standard data protection and security protocols;
  3. We use identification and authentication methods such as multi-factor authentication;
  4. We employ administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information;
  5. We employ encryption technologies to securely transmit personal information, including data-in-transit encryption, and we encrypt personal information that is stored;
  6. We maintain a data backup and recovery capability designed to ensure a timely and accurate restoration of personal information;
  7. We maintain a secure software development lifecycle with industry standard security practices designed to establish secure application(s), network, and infrastructure architectures;
  8. We maintain event monitoring and response procedures for events which could impact functionality, security and/or availability of Brisk Teaching;
  9. We regularly provide Staff training for security incidents and maintain incident response policies, plans and procedures focused on timely and effective incident response.


Data Retention, Deletion, & Ownership
How long is information retained in Brisk Teaching? Can it be deleted? 

Brisk Teaching automatically deletes accounts after 18 months of inactivity. If you would like Brisk to delete your data, email privacy@briskteaching.com

Who maintains ownership of information that is input into and generated with Brisk Teaching?

Brisk Teaching does not own the personal information provided by users who engage with Brisk Teaching. Rather, schools control, and are responsible for, data input into and generated with Brisk Teaching. Read more about content owner rights in our Terms of Use. At any point, schools can request the deletion of data by emailing privacy@briskteaching.com

Large Language Models & AI Training
Does Brisk Teaching use user input to train its models?

No, user input is not used to train any AI models.

What underlying LLMs does Brisk Teaching use? Does Brisk Teaching share my data with them?

Brisk Teaching uses a range of Large Language Models to support different use cases. This way, teachers can get the best of all worlds because Brisk Teaching can figure out which AI model will work best for their task. Boost, Brisk Teaching's learner-facing tool employs a Large Language Model that is hosted by our cloud provider, which ensures additional privacy and security models are in place.

Compliance
Is Brisk Teaching compliant with the Family Educational Rights and Privacy Act (FERPA)?

FERPA is a federal law that covers student personal information in the education context and applies to schools. Brisk Teaching provides Brisk Products to Schools as a “School Official” under FERPA, and we work with Schools to help protect personal data from the Student’s educational record, as required by the FERPA.

Is Brisk Teaching compliant with the Children’s Online Privacy Protection Act (COPPA)?

COPPA governs the collection of certain information from children under the age of 13 by commercial websites and online services. 

When Brisk Teaching provides Brisk Products on behalf of a school, the school provides consent for Brisk Teaching to collect information from students under the age of 13. In this case: some text

  1. We collect and process personal data from students under 13 solely at the direction of and under the control of a school, and do not require students to disclose more information than is reasonably necessary to use Brisk Products. 
  2. At all times, schools have the right to request to review or delete the personal data from students under 13 or decline to permit further collection or use of the students’ personal data by contacting the school’s account representative. 
  3. Schools are responsible for providing appropriate notice to parents of the school’s use of third-party service providers such as Brisk Teaching. 

When Brisk Teaching provides Brisk Products directly to children under 13 outside of the school context, we require the child’s parent or legal guardian to provide the appropriate consent or authorization for Brisk Teaching to collect the child’s personal data. The parent, legal guardian or school may withdraw consent at any time.

Where can I read Brisk Teaching’s Terms of Use & Privacy Policy?

You can review Brisk Teaching’s Terms of Use here.
You can review Brisk Teaching's Privacy Policy here.

How do I get a Data Sharing Agreement from Brisk Teaching?

Brisk Teaching has signed the National Data Privacy Agreement with Arkansas, California, Illinois, Massachusetts, Maine, Missouri, New Hampshire, Ohio, Rhode Island, Texas, Vermont, Washington, and Wisconsin. Your district can sign on to your state’s agreement via Exhibit E through the Student Data Privacy Consortium Website (instructions). For districts in the state of New York, we review and sign EdLaw 2d agreements, and have agreements in place with the following Boards of Cooperative Educational Services (BOCES): CiTi, Ulster, and Warren Saratoga Washington Hamilton Essex.

If your district is in a state where we do not have a state-level Data Privacy Agreement in place, reach out to privacy@briskteaching.com, and our privacy team will work with you to sign an agreement.

Service Providers
What data does Brisk Teaching share with third parties? 

Brisk Teaching works with service providers to operate and improve Brisk Teaching and Brisk Boost. These trusted vendors help us with a variety of tasks, ranging from web hosting and analytics to software engineering. In order to enable our Service Providers to perform these functions we may need to provide them with access to personally identifiable user (student, educator) information stored in Brisk Teaching systems. For example, we securely store Brisk Teaching and Brisk Boost data in databases managed by Amazon Web Services. For our current list of service providers, please email privacy@briskteaching.com

We take this type of information sharing extremely seriously and require all the service providers who have access to student personal information to comply with strong privacy and security terms.  Brisk Teaching only enters into agreements with service providers who agree to be contractually bound to, at a minimum, materially similar data protection obligations as are imposed on Brisk Teaching by applicable state and federal laws and contracts.