Compliance

Recent Updates – June 2023:

  • We are WCAG2.1 Level AA compliant and continually strive to exceed these standards. See the Accessibility section below for more information.
  • We have completed our second round of VAPT Audit in May 2023
  • We are SOC2 compliant and are currently engaged with an auditor to complete an external SOC2 Type 2 audit by the end of December 2023

MyGooru Compliance

MyGooru is compliant with important federal and state regulations designed to safeguard data. We are committed to being a trusted partner to help schools, institutions, and learning providers meet their compliance obligations under applicable laws. 

Our mission is based on the belief that education is a human right. This core belief translates to an incredibly high bar that we set when it comes to privacy, security, accessibility, ownership of data, and interoperability of systems. 

In these endeavors, our aim is not compliance for its own sake, but rather to further our mission to provide the best education to anyone, no matter who the learners are, where they live, what technology they have available, and what differing abilities they may have. All the while ensuring that the rich data that is required to support a truly personalized learning experience is kept private and safe.

IMS Global Certificate
GDPR Compliant Image

Overview

Learning is highly personal, and adaptive learning applications require an ever-deeper understanding of the learner to provide the required personalization. These same tools and data that can personalize learning can be nefariously used in other applications too, most easily within advertising, where a knowledge of the best way to introduce new ideas to an individual is highly sought after. At Gooru we recognize these risks and have chosen to address them by setting an incredibly high bar when it comes to data privacy and ownership. In short, you, as a learner, own and have full control of your data.

The Bar We Have Set

  1. You own your data
  2. You have full control over what data you choose to share, for how long, and with whom.
  3. You have the right to be forgotten

Detailed Compliance Information

  • Learners and Institutions own their data. All data that is generated in the tenancy of an institution is owned by the institution. Learners’ proficiency, portfolio, preferences, and their metrics such as grit, perseverance, motivation, etc. are owned by the learners
  • Users and Institutions grant permission to Gooru to use the data generated by the users in their tenancy  to curate content and to personalize pathways and make reroute recommendations for the learners
  • Gooru adheres to GDPR compliance requirements. 
  • MyGooru provides the users the ability to determine how their data is managed within Navigator, determine who has access to their data, and request deletion of data (“right to be forgotten”).
  • Gooru adheres to privacy requirements defined under FERPA and COPPA. As per FERPA School Official exception, school districts are authorized to share student data with Gooru
  • MyGooru requires minimal data about learners that are deemed Personally Identifiable Information. MyGooru requires only First Name, Last Name, Email id, and Year of birth at the time of sign-in, and only First Name, Last Name and a reference id for the user via roster sync with institutions’ SIS
  • We do not use or disclose learner data collected through MyGooru for behavioral targeting of advertisements to learners.
  • We require that our vendors and service providers are bound through a written contract to maintain the same level of privacy protections as we do in our agreements
  • Gooru is IMS Global’s TrustEd certified.

Read Gooru’s privacy policy here: https://goorulearning.com//privacy-policy/

Overview

Gooru implements robust access control, authentication, data integrity, and content protection both in the hosting infrastructure of its applications and also within the application. Gooru adheres to the highest industry standards in maintaining the security of data both at rest and in transit.

The Bar We Have Set

  1. We will follow best practices to ensure security 
  2. We will adhere to the highest industry standards
  3. We will design and develop with security in mind

Detailed Information

  • Gooru is SOC2 compliant for its data security. SOC2 Type 2 external audit will be completed by December 2023
  • Confidentiality—only individuals with authorization can access data and information assets.
  • Integrity—data systems are kept intact, accurate, and complete, IT systems are kept operational.
  • Gooru Navigator supports 99.9% availability.

Overview

Gooru’s mission is to support the human right to education. With that mission, MyGooru is designed to support life-long learning for all types of learners including users with various accessibility needs. Our goal is to develop a tool that anyone, no matter their ability, to be able to locate themselves and find a path to any learning destination. While we don’t have control of the content being used, we do track the accessibility of content so that if a learner does require it we are able to provide the most suitable content that is available.  

The Bar We Have Set

  1. Provide a WCAG2.1 level AA / Section 508 compliant Navigator tool
  2. Assess content for accessibility and always promote the most suitable content
  3. To create incentive mechanisms for content creators to generate accessible content.

Detailed Information

MyGooru, as a platform currently is WCAG Level A and Level AA compliant. Here are the specific compliance measures we meet: 

  • 1.1.1 – Non-text Content
Level A
  • 1.3.1 – Info and Relationships
Level A
  • 1.3.2 – Meaningful Sequence
Level A
  • 1.3.3 – Sensory Characteristics
Level A
Level A
Level A
Level A
Level A
  • 2.2.1 – Timing Adjustable
Level A
  • 2.2.2 – Pause, Stop, Hide
Level A
  • 2.3.1 – Three Flashes or Below Threshold
Level A
  • 2.4.1 – Bypass Blocks
Level A
Level A
Level A
  • 2.4.4 – Link Purpose (In Context)
Level A
Level A
Level A
Level A
  • 3.2.2 – On Input
Level A
  • 3.3.1 – Error Identification
Level A
  • 3.3.2 – Labels or Instructions
Level A
Level A
  • 4.1.2 – Name, Role, Value
Level A
Level AA
  • 1.3.5 – Identify Input Purpose
Level AA
  • 1.4.3 – Contrast (Minimum)
Level AA
  • 1.4.4 – Resize Text
Level AA
Level AA
Level AA
  • 1.4.11 – Non-Text Contrast
Level AA
  • 1.4.12 – Text Spacing
Level AA
  • 1.4.13 – Content on Hover or Focus
Level AA
Level AA
  • 2.4.6 – Headings and Labels
Level AA
  • 3.1.2 – Language of Parts
Level AA
  • 3.2.3 – Consistent Navigation
Level AA
  • 3.2.4 – Consistent Identification
Level AA
  • 3.3.3 – Error Suggestion
Level AA
  • 3.3.4- Error Prevention (Legal, Financial, Data)
Level AA
  • 1.4.6 – Contrast (Enhanced)
Level AAA

 

Content Accessibility

Gooru does not create content itself, but MyGooru includes tools to support any content that addresses accessibility needs

Overview

Learners and Institutions own their data. Gooru Navigator aggregates data from the tools that schools, districts, and institutions already use to build a Data Lake. The data in Data Lake is owned by the school or district.

The Bar We Have Set

  1. You own your data
  2. You have full control over what data you choose to share, for how long, and to whom.
  3. You have the right to be forgotten

Detailed Information

  • All data that is generated in the tenancy of an institution is owned by the institution. Learners’ proficiency, portfolio, preferences, and metrics such as grit, perseverance, motivation, etc. are owned by the learners. 
  • Users and Institutions grant permission to Gooru to use the data generated by the users in their tenancy  to curate content and to personalize pathways and make reroute recommendations for the learners

Learn more about Navigator