We understand that your BIRS data is about real children and school personnel. While it must be accurate and accessible for analysis, we know your data is subject to privacy rules enforced by your school administration, government regulations and possibly other grantors and sponsoring organizations.
We will not share, sell nor loan any BIRS data — yours or that belonging to any other school — to anyone.
We ask our customers to provide contact information so we can call or email them as required to resolve billing questions or to respond to software bug reports.
All users are asked to provide their name, email, and their workplace telephone number for the same reason. Your program administrator provides that information when your user account is set up.
We store your personal information in our database, where it is subject to the same security and backup regimen as the BIRS behavioral data.
Only we have access to your personal information and we only use it to contact you to help with a problem.
And we never sell, share, nor loan your personal data to anyone.
Having said all that, it is possible that a credible authority, such as a law enforcement agency, might someday serve documents requiring us to release your data to them. We will, of course, obey legitimate legal orders and if not prohibited to do so, will notify you of any such request.
When you log into your account, our server asks your browser to create a "cookie" on your computer. A "cookie" is an oddly named file that contains only a unique, numeric identifier. We use the identifer to connect you to your user account and distinquish you from everyone else who might be logged in.
When you click the "Save" button on the Incident Report data entry form or when you request the "Next" page on an Incident Report listing, for example, the browser sends us that unique number so we know you have logged in and are authorized to perform the task.
If we didn't do this, you would have to enter your username and password EVERY TIME you press a "Save" button or ask for a new listing page. The cookie is refreshed every few uses with a new number, in effect re-logging you in to our system and making it very hard for anyone to easedrop on your connection and try to impersonate you.
Each time you request a page, our servers record the request in a log file. The information logged includes the Internet Protocol (IP) address of the network on which you are working. We do not correlate your IP address with your cookie unique identifyer, so you are still effectively annonymous when your page request is logged.
We use the log data to give us insight into how our customers use our site and to determine, in aggregate, how many people use our website at peak times throughout the week. This helps us allocate resources to both give you quick responses and keep our cost to your school as low as possible.
We use Google's website tracking service, Google Analytics to provide information about the volume and frequency of visits to our website. Under no circumstances is your individual identity revealed to us. Google may be able to correlate your visit to our website with your visits to other websites, but if they do, they don't tell us about it.
We also use Google's Gmail service to handle our emails. Anything you say to us in your email you say to Google as well and is subject to their terms of service and privacy rules.
We do all we can to help you abide by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules. The data you enter is stored in a secure (meaning "locked and guarded" and "disaster resistant") server complex. It also is encrypted (scrambled) when it is transmitted between your computer and our servers and back so even if someone is eavesdropping, all that would be displayed would be gibberish.
However, to be fully HIPAA compliant, you must obey one simple rule: NEVER, ever use real names for children or staff members. Always use "code names", such as "C33" or "AAA". Remember: No Personally Identifiable Information!