GoReact is designed from the ground up to meet critical privacy and security needs for your organization. This page outlines specific elements of those compliance requirements.
In addition to the information below, the following links offer useful resources relating to our use of Amazon's world-class infrastructure.
For more about Amazon's security and business continuity, see: http://aws.amazon.com/security
For more about Amazon's standards compliance, see: http://aws.amazon.com/compliance/
Private Video System
Secure Video Storage
GoReact videos are stored in Amazon's secure cloud service, the largest and most respected cloud provider in the world. Amazon employs a wide breadth and depth of security measures for its cloud servers. GoReact utilizes Amazon's primary security infrastructures, including two-factor authentication for all users.
Users are authenticated at https://goreact.com using email and password credentials, or via a third-party single sign-on as configured by the customer. Examples include authentication via organizational credentials (CAS, OAuth) or via a learning system such as Blackboard or Canvas.
All GoReact authentication and page requests are passed to and from the user's browser via TLS/SSL, and GoReact-stored password is encrypted at rest in the database.
System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback sessions, media and other relevant data entities.
User specific data we receive from LMS integrations
GoReact follows the standard LTI spec. For more information on the required and recommended fields in this spec, see the IMS Global Learning Tools Interoperability® Implementation Guide. When the GoReact tool is integrated, GoReact receives the following user specific information:
- School ID (tool_consumer_instance_guid): Unique alphanumeric code sent from LMS (D2L receives the code from us)
- School Name (tool_consumer_instance_name): Name of your school
- Course ID (context_id): Unique alphanumeric code generated and sent from LMS
- Course Name (context_title): Name of your course
- Assignment ID (resource_link_id): Unique alphanumeric code generated and sent from LMS
- Assignment Name (resource_link_title): As entered during assignment set up
- Outcome Possible (lis_outcome_service_url): As entered during activity set up (not all integrations send this in the payload)
- User Name (lis_person_name_full): Name in LMS
- User Email (lis_person_contact_email_primary): User's email from LMS
- User ID (user_id): Unique alphanumeric code generated and sent from LMS
- User Role (roles): Role in LMS course
SOC and SSAE
For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/
GoReact.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards. As part of this compliance, we undergo an extensive third-party security and penetration test every calendar quarter to ensure our site is secure.
View our PCI security certificate from SecurityMetrics.
The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties. GoReact complies with all relevant provisions as follows:
- Student account information is private in the system, viewable only by authorized instructors and IT administrators. Such permissions must be explicitly granted within GoReact.
- Student grading information is viewable only to authorized instructors, reviewers, IT administrators, and to the individual student themselves.
GoReact.com is compliant with U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements for security and privacy of Protected Health Information (PHI), which for GoReact's purposes could include conversations that healthcare providers may have about a patient's care as part of a recording in the GoReact system.
If you require a Business Associates agreement in order to use GoReact in a clinical setting, please contact us at firstname.lastname@example.org.
GoReact.com is compliant with U.S. Children's Online Privacy Protection Act (COPPA) requirements for handling capture and use of images of children under 13 in the GoReact system. Key elements include:
- Videos in the system are private by default, as described above.
- Parents may request removal of any video of their child by directly contacting GoReact.
If you have additional questions regarding GoReact security or privacy, please contact us at goreact.com/support at any time.
GoReact.com is designed to comply with applicable software accessibility requirements of Section 508 of the U.S. Rehabilitation Act. The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers.
For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT).
GoReact.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.0, levels A and AA.
For more about WCAG 2.0 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.0