06 March 2017
• What information we collect and why we collect it.
• How we use that information.
Information we collect
We collect information in order to provide the curbi service to our users. This includes the device usage details that a user sees for their managed devices and specific details about the managed devices.
We also collect system-wide information like general usage patterns to help us tune the performance of curbi.
We do not collect student-specific information in any way. While devices can be named as "Amy's iPhone" we don't specifically collect student information or create student profiles.
We collect information in two ways:
- Information you give us. curbi requires you to create an account and provide a small amount of information so that we can provide a good service. We store all that information securely and safely and never share it with anyone.
- Information we get from your use of curbi. We collect information about how you use curbi, like the sites that your managed devices visit. This information includes:
- Device information - We collect device-specific information (such as your hardware model, operating system version, and mobile network information including phone number) for your managed devices.
- Usage information - When you use curbi we automatically collect details on which sites your managed devices visit and the apps being used.
We do not collect device location information.
How we use information we collect
We use the information we collect to provide, maintain, protect and improve curbi, to develop new features, and to protect curbi and our users. We also use this information to offer you tailored suggestions and alerts – like when a device is unenrolled from curbi.
When you contact Systemic, we will keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
Systemic processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.
Your access to your information
All data that we collect about you and your device usage is accessible to you through the curbi management app. You do not see low-level system logs that curbi generates but these are used for system operations only.
You can update your personal information at any time through the curbi management app. If you don't have access to this app you can contact us at any time to update your information at email@example.com.
Information we share
We do not directly collect student information and therefore can never share student information with other organizations.
We do not share personal information with companies, organizations and individuals outside of Systemic unless one of the following circumstances apply:
- For system functionality - in some limited cases we need to provide limited personal information to trusted third parties in order to make curbi work. At this stage, this is limited to providing email address and name to MailChimp who manage our email lists.
- For payments - we use BrainTree Payments to process credit card payments. We don't store or see your credit card details at all. Your credit card details are held only with Braintree Payments and we receive details about the payment when you pay. Braintree Payments also doesn't know anything about your curbi account.
- For legal reasons - We will share personal information with organizations or individuals outside of Systemic if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Systemic, our users or the public as required or permitted by law.
We will never sell personal information about our users or their managed devices.
curbi does not use advertising to raise revenue in any way. No curbi information is shared with any advertiser.
We may share aggregated, non-personally identifiable information publicly and with some partners – like universities and researchers. We may share non-personally identifiable information publicly to show trends about the general use of curbi.
curbi usage device and usage details are purged after 12 months of account inactivity. We do retain basic account details to allow users to reactivate dormant accounts.
We work hard to protect curbi and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
- All curbi communications are encrypted using SSL.
- We constantly review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Systemic employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined, dismissed or prosecuted if they fail to meet these obligations.
Should you have any complaints about how we handle your information, please contact us at firstname.lastname@example.org.
Your complaint will be assessed against the Australian Privacy Principles as specified in the Commonwealth Privacy Act, 1998. You will be provided a response within 7 days.