How Edlink Handles School Data

Edlink helps create integrations between learning institution data providers (read: LMS, SIS, and IAM providers) and third-party edtech products. For the integrations to work properly, learning institution technology administrators need to grant Edlink access to their data platform (don’t worry, we can place product licensing rules in place to limit oversharing data). Edlink then makes the data available to the third-party product approved by the school administrator.

Due to the sensitivity of school data, we take several precautions to make sure that only authorized applications have access. It's important for our clients and their partner schools to understand how we use and protect data.

No, Edlink does NOT share any data with advertisers. We do not sell or monetize any data we collect. Edlink does not allow behavioral tracking or create marketing profiles based on user activity. We also do not show advertisements to our users.

Only the following groups of people have access to a learning institution’s data:

  • The IT administrators of the learning institution who have connected a data source(s) to Edlink;
  • Edlink developers and customer service agents; and,
  • Edlink clients who have a signed Master Services Agreement to use Edlink as an integration partner AND who have been specifically granted access by a learning institution’s IT administrators.

As part of the integration setup process, learning institution IT administrators connect their data source provider (read: LMS, SIS, or IAM) to Edlink. The administrators of the data source provider for their learning institution’s instance are the only ones who can connect to Edlink. Why? Because the admin account for the learning institution will be the only type of account that has access to configure the integration to establish a connection. Other lower-level accounts don’t have this access. The learning institution’s IT administrator can then review which permissions an edtech product requests. Learning institution IT admins may deny the integration if they are not comfortable with the requested permissions.

If the admin does accept the requested permissions, the edtech product will be able to access the selected data from the learning institution’s data source.

Learning institutions may revoke access to their data sources at any time through the Edlink Dashboard. Per GDPR, individuals may request the deletion of their data by emailing Edlink at privacy@ed.link.

Edtech products (read: Edlink clients) CANNOT access the data for any learning institution that has not authorized their product. Edtech developers (read: Edlink clients) CANNOT access specific data if those specific permissions have not been authorized by the IT administrator. Edtech developers (read: Edlink clients) CANNOT increase the amount of data or functionality of their product without authorization from the IT administrator.

Edlink may also use anonymized data to help improve services for client developers and learning institutions. Edlink may also use anonymized data for reporting or for the creation of marketing materials. All personally identifiable information will be removed to create anonymized data.

How is that data protected?

Edlink's systems are all hosted by Google Cloud platform, primarily in the US-Central Zone (Iowa). While the learning institution’s IT administrator is first connecting to Edlink, there are regions of places where to store their data.

Access to Edlink databases are password protected and can only be accessed by Edlink developers. Third-party product developers (read: Edlink clients and their developers) can only access data that they have been authorized to access (by permissions from the learning institution's IT administrator) through the Edlink Dashboard and Edlink API.

Developers have to agree to our Terms & Conditions and Additional Developer Terms before being allowed to publish applications in the Edlink Dashboard. Developers who do not follow these terms will have their access to Edlink (and access to permissioned data through Edlink) immediately revoked.

In the event that an Edlink client suffers from a data breach, Edlink will immediately notify the associated learning institution. In addition, Edlink will disable any active connections between the learning institution’s data source(s) and the Edlink client to minimize their exposure. Edlink will not reconnect until the client notifies us that it is safe to reconnect.

Edlink complies with all federal student and child privacy laws, including FERPA and COPPA.

*article last updated | 11.15.23


More Questions?

If you need additional information on how data safeguards or how we handle school data, please email us at accounts@ed.link or contact us at our support page. You may also view all of our legal documents and policies here.