This policy applies to all team members — employees and contractors — who may come across sensitive data created in the course of our work.
Sensitive data includes personally identifiable information (PII) or any information shared in confidence between one or more users (for instance, feedback on a submission from a teacher or mentor or an answer to a reflection question). By default, Pathwright only requires minimal personal data from users: a first name, last name, and email address are all that’s required to use Pathwright.
Customers may use Pathwright to collect other sensitive data at their discretion and according with their own internal policies. For example, they may create learning paths that include surveys, projects, or reflection questions that collect private information. However, customers are prohibited from collecting:
Pathwright isn’t responsible for how our customers use data they collect, but we are responsible for how we secure it from unauthorized access.
Access to sensitive data is only granted to team members who need it to perform their role. All members are expected to abide by the following:
Password Policy
If you have access to user data, you must use a password that meets the minimum requirements: