Skip to main content
PIPEDA Compliance

Socrative's compliance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

Brinna Smith avatar
Written by Brinna Smith
Updated over a month ago

As a Canadian owned and operated company, Socrative is compliant with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). See below for details on how our Privacy and Security practices meet the requirements of PIPEDA’s ten principles.

1. Accountability

Socrative provides a publicly available Privacy Policy for reference by all users of our platform. This policy is written in plain language and detail the personal data collected for each user type, the legal basis for processing of personal data, and users’ rights with respect to their personal data. See Socrative’s Privacy Policy here.

2. Identifying purposes

We only collect personal information that is necessary to provide our Services. Examples are the collection of first and last name, username and password in order to create an account, the collection of student work to facilitate assessment activities with a teacher, or collection of application metadata to support the provision of our Services or necessary troubleshooting. Where possible, we have made the collection of additional personal data optional in order to minimize collection that is unnecessary.

3. Consent

As per Socrative’s Terms & Conditions of Service, users consent to the collection and use of their personal data by using our applications. In the case of minors (as defined by the regional laws of the user), it is the responsibility of their educational institution to collect consent from parents prior to use of our applications. We then rely on implied consent to process additional data as users interact with the Service. See more information on consent collection here.

4. Limiting collection

Personal data is collected from users only when necessary to provide our Services. While additional data may be collected, such as email addresses for students, it is optional to provide and does not impact core use of the Services when not provided. All personally identifiable information entered into Socrative is also not visible to Showbie Inc. as it is encrypted both in transit and at rest. We do not engage in any data profiling or automatic processing.

5. Limiting use and disclosure

Data used by our platforms, as well as accessed by our internal team, is limited to only that which is necessary. We operate on the principle of least privilege to ensure that access to and use of user personal data is restricted to specific individuals with a legitimate business need for such information. Similarly, data shared with our sub-processors is limited to only that which is required to perform their services. See further information about Socrative’s sub-processors.

6. Accuracy

As a data subject, you have the right to access information from your data controller in a commonly-used, electronic format, free of charge, within a reasonable timeframe. Requests to access data for the purposes of review, revision or deletion can be made directly to your educational institution (the data controller), or via Showbie Inc. (the data processor) using this form. Note that changes to student information must be requested by teachers or admins—we will not make changes to student information that are requested by students or parents. If you are a student or parent and want to make changes to student information, please have your/your child's teacher submit a request on behalf of you/your student using the form linked above.

7. Safeguards

We strive to ensure the highest level of security for our users and follow industry-wide best practices for data management and encryption. Showbie Inc. is compliant with ISO 27001, SOC 2, and aligns with the NIST CSF at a Tier 3 level. See more information about security practices for Socrative here.

8. Openness

We maintain a Privacy & Compliance hub, as well as a Security Centre hub, our Help Centre website to provide transparency to users about the user data we collect, the legal basis for processing user data, the details of data accessed by any sub-processors, and security measures in place to protect user data. The resources available on our Help Centre are written and maintained by our Privacy and Security teams and updated regularly to reflect our evolving policies and practices and commitment to growth.

9. Individual access

Users may edit personal information within their account profiles at any time (with the exception of usernames in Showbie). Users may also submit requests to review, revise or delete their data at any time using the following form:
Socrative Personal Data Request Form

All requests to review personal information will receive a response within 14 days. Any additional request can be sent to privacy@socrative.com.

10. Challenging compliance

You have the right to make a complaint to a supervisory authority. In Canada, you can contact the Office of the Privacy Commissioner of Canada. For a list of Supervisory Authorities in Europe, please see this list on the European Commission’s website.

Did this answer your question?