Compliance: Privacy, Security, and Accessibility

Follow

GoReact is designed from the ground up to meet critical privacy and security needs for your organization.  This page outlines specific elements of those compliance requirements. 

In addition to the information below, the following links offer useful resources relating to our use of Amazon's world-class infrastructure.

For more about Amazon's security and business continuity, see: http://aws.amazon.com/security

For more about Amazon's standards compliance, see: http://aws.amazon.com/compliance/

Private Video System

All videos on GoReact.com are private by default, viewable only by the presenter and associated instructors. Additional sharing options are controlled by the instructor or administrator of the account.For additional information on our privacy practices, please see our Privacy Policy.

Secure Video Storage

GoReact videos are stored in Amazon's secure cloud service, the largest and most respected cloud provider in the world.  Amazon employs a wide breadth and depth of security measures for its cloud servers. GoReact utilizes Amazon's primary security infrastructures, including two-factor authentication for all users.

Data Security

Users are authenticated at https://goreact.com using an email and password credentials, or via a third-party single sign-on as configured by the customer. Examples include authentication via organizational credentials (CAS, OAuth) or via a learning system such as Blackboard or Canvas.

All GoReact authentication and page requests are passed to and from the user's browser via TLS/SSL, and GoReact-stored password are encrypted at rest in the database.

System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback sessions, media and other relevant data entities.

SOC and SSAE

For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/

PCI Compliance

GoReact.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards.  As part of this compliance, we undergo an extensive third-party security and penetration test every calendar quarter to ensure our site is secure.

View our PCI security certificate from SecurityMetrics.

FERPA Compliance

The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties.  GoReact complies with all relevant provisions as follows:

  • Student account information is private in the system, viewable only by authorized instructors and IT administrators.  Such permissions must be explicitly granted within GoReact.
  • Student grading information is viewable only to authorized instructors, reviewers, IT administrators, and to the individual student themselves.
  • Authorized GoReact staff may access the account information solely for the purpose of providing service and support to the instructor and students. Such access is limited to authorized service and support staff only.  Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the Terms of Use.

HIPAA Compliance

GoReact.com is compliant with U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements for security and privacy of Protected Health Information (PHI), which for GoReact's purposes could include conversations that healthcare providers may have about a patient's care as part of a recording in the GoReact system. 

GoReact's hosting infrastructure meets all HIPAA security requirements related to restrictions on accessibility of the the information (see the Security section above). In addition, all video storage in the system is private and access-controlled as described in the Privacy section above. See our Privacy Policy for more information.

If you require a Business Associates agreement in order to use GoReact in a clinical setting, please contact us at legal@goreact.com

COPPA Compliance

GoReact.com is compliant with U.S. Children's Online Privacy Protection Act (COPPA) requirements for handling capture and use of images of children under 13 in the GoReact system. Key elements include:

  • Videos in the system are private by default, as described above.
  • Users (teachers, administrators, etc.) who post videos that include children under 13, such as classroom observations, are required by our Terms of Use to obtain parent/guardian permission prior to posting.
  • Parents may request removal of any video of their child by directly contacting GoReact.
  • Children under 13 years of age are expressly prohibited by our Terms of Use from creating their own account.

For more information, see the COPPA references in our Terms of Use and Privacy Policy.

If you have additional questions regarding GoReact security or privacy, please contact support@goreact.com at any time.

Accessibility

GoReact.com is designed to comply with applicable software accessibility requirements of Section 508 of the U.S. Rehabilitation Act. The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers.

For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT).

GoReact.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.0, levels A and AA. 

For more about WCAG 2.0 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.0

 

Have more questions? Submit a request

Comments

Powered by Zendesk