EduCloud@CiTi Privacy Policy


Privacy Notice
Effective Date: September 2, 2020

This privacy notice discloses the privacy practices for Oswego County BOCES (CiTi BOCES) and our cloud based services provided by or related EduCloud websites where this privacy policy appears, including users accessing such websites through content provided via emails from EduCloud (collectively, the “website”). This website is intended for users from the United States. This privacy notice applies solely to information collected by this website, except where stated otherwise.

We have adopted these practices to protect you, the students, and the school district, and to comply with applicable legal requirements. Use of this website requires district acceptance of the practices outlined in this statement.

Two types of personally identifiable information are used on this website: your personal data and student data.

Information Collection, Use, and Sharing

Your Personal Data

Collection: CiTi BOCES collects information from you as you use this website. For example, you must enter certain personally identifiable information, including your name and email address. We use this information to verify your identity, provide access to cloud based services, prevent unauthorized access to your account and to contact you in connection with your use of this website.

In addition to the information you provide, CiTi BOCES collects information about your use of this website through tracking, cookies, and log files, as described in our general Terms of Use statement.

Protection: Because you enter your personal data, you control its accuracy. If you discover that your personal data is inaccurate or if it changes, you may make corrections by notifying us at or 315-963-4303. We will not share your personal data collected through this website with third persons without your consent. However, your personal data will be available to authorized users from your school district who have permission from the school district to access it. We will not use your personal data collected through this website for any purpose other than providing you with access to this website and the associated services. We will use the same security to protect your personal data that we use to protect student data collected through this website.

Student Data

As you use this website, you will enter student data or interact with student data that has already been entered. Federal law (the Family Educational Rights and Privacy Act, "FERPA") allows a school district to release student records to an organization that is "conducting studies for, or on behalf of, educational agencies or institutions for the purpose of developing, validating, or administering predictive tests... [or] improving instruction." However, FERPA requires limitations on disclosure of those records and implementation of appropriate security measures to protect those records. To help your school district comply with FERPA, CiTi BOCES has adopted certain practices, and requires that educators using this website fulfill certain responsibilities to safeguard student data. The following statement explains our practices and your responsibilities regarding the student data you enter on this website.

Student Data Security and Confidentiality Statement

Purposes of Data Entry: You control what student data is entered on this website. Student data entered on this website should be limited to information that is relevant to the legitimate educational purpose of improving student performance. We will not ask you to enter, and you are instructed not to enter, data about students that is not relevant to this legitimate educational purpose. Therefore, only a minimum amount of personally identifiable student data required for the setup of the system is requested.

We require student first name, last name, date of birth, and identification number for systems supporting student educational services. Not all EduCloud services require the use of any personally identifiable information. Additional data, not specific to the student, is also required to complete system setup, including but not limited to staff first and last name, email, and school name. Student demographic data, for the purposes of optional disaggregated reporting, is requested separately from the initial setup data and is obtained only with written permission from your district.

Use, Disclosure, and Storage: We will use the student data to provide the services to your school district. We will not keep the student data after you or the school district instructs us to delete it. You may not disclose or otherwise use the student data entered on this website for any unauthorized purposes.

We will only disclose student data to authorized employees or representatives of the school district, and will not knowingly disclose the student data to any third person without express written authorization. When, at the request of the district, we acquire assessment or other information, including personally identifiable student data, from a third party source we treat that information with the same confidentiality and security safeguards as though it were provided directly by the district. Additional agreements may be required by the third party to authorize transmission of data to CiTi BOCES.

Your district may from time to time request that CiTi BOCES provide student data to third parties of its choosing. We will do so with written authorization, which acknowledges that CiTi BOCES is providing that data as your district's agent and that once the data is received by the third party, CiTi BOCES no longer has any control over the use or disposition of the data.

We may also use aggregated data in our research, product development, and marketing. That aggregated, non-personally identifiable data (e.g., summary or statistical data) may be shared with third parties. However, we do not use personally identifiable student data to market any products or services directly to students or their parents.

In the event that CiTi BOCES wishes, from time to time, to release aggregated data that identifies your school or school district by name, CiTi BOCES will enter into a separate agreement with you to authorize release and publication.

Data Quality: You are responsible for keeping the student data that you enter accurate, complete and up-to-date. If you recognize that student data is inaccurate, incomplete, or out-of-date, you are responsible for correcting it. If you experience problems making corrections to student data, please notify us at or 315-963-4303 and we will assist you with making corrections.

Security Safeguards: We are committed to protecting student data against unauthorized access, destruction, use, modification or disclosure. Protecting student data requires efforts from us and from you. We will implement reasonable and appropriate safeguards when collecting student data from you and when storing that student data in our database and you will observe our security safeguards and exercise reasonable caution when using this website.

Specific institutional and technological security safeguards include:

  1. All information collected is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon next to the web address in your web browser, or looking for "https" at the beginning of the address of the web page.
  2. Information stored on our servers is encrypted at rest at all times and is kept in a secure environment.
  3. Only CiTi BOCES employees who are authorized to handle student data are able to access the Data Management System.
  4. Only school district employees and representatives that the district authorizes as school officials are permitted to access the system. It has a hierarchical permissions system. This means:
    1. General users will only be able to see data they are given access to.
    2. Authorized district-level employees, such as an Instructional Coordinator, Superintendent, and/or Counselors will be able to see all data across the district.
  5. Each authorized school official is given login credentials valid for the length of your district’s subscription to the service. You must safeguard your login credentials, and not permit any unauthorized access to student data entered or kept in CiTi BOCES’ system.
  6. Upon written request by the district, CiTi BOCES will destroy any student data for districts who no longer participate in a CiTi BOCES web service. CiTi BOCES will provide written verification that the data has been destroyed as requested.
  7. If a district has not used any CiTi BOCES product for a period of two years, CiTi BOCES will provide written notice that the student data pertaining to their district will be destroyed, unless the district requests the records be kept. Upon destruction, CiTi BOCES will provide written verification that the data has been destroyed.
  8. CiTi BOCES uses industry standard server and network hardware and software to ensure that data is protected from unauthorized access or disclosure.

When you use this website, you consent to our privacy practices and agree to accept the responsibilities outlined in this statement.


We use "cookies" on this website. A cookie is a piece of data stored on a user's hard drive to help us improve your access to our website and identify repeat visitors to our website. For instance, when we use a cookie to identify you, you would not have to log in more than once, thereby saving time while on our website. Usage of a cookie is in no way linked to any personally identifiable information on our website and is always encrypted while stored on a user’s hard drive.


This website may contain links to other websites. These links may be added by EduCloud to support the educational purposes of the service provided. They may also be added by you the user. Please be aware that we are not responsible for the content or privacy practices of such other websites. We encourage our users to be aware when they leave our website and to read the privacy statements of any other website that collects personally identifiable information.

Notification of Changes

CiTi BOCES will notify current registered users of any changes to its privacy statement in writing and make available an amended Privacy Statement on its home page.

Other Provisions as Required by Law

Numerous other provisions and/or practices may be required as a result of laws, international treaties, or industry practices. It is up to you to determine what additional practices must be followed and/or what additional disclosures are required.

Please contact with questions about this privacy statement via telephone at 315-963-4303 or email at