Xello Privacy Policy

This Privacy Policy applies to visitors to the Xello website (“Visitors”) or users (as defined below) of the Xello platform, website, or any other website or application of Xello that links to this Privacy Policy (collectively, the “Services”). By visiting the website or using the Services, you acknowledge you have read this Privacy Policy and understand that your personal information shall be processed in accordance with this Privacy Policy. We promise to limit the use of your personal information collected through the Services to the purposes described in this Privacy Policy and Terms of Service.

Illustration of woman, arms crossed with a thought bubble containing a secured padlock

Welcome to Xello!

Xello is provided by Anaca Technologies Ltd. (“Anaca” doing business as, and hereinafter “Xello,” “we,” “our”), located at 1867 Yonge Street, Suite 700, Toronto, Ontario, M5S 1Y5, Canada.

We are committed to protecting your personal information and satisfying all applicable legal requirements, including the Children’s Online Privacy Protection Act (“COPPA”), the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and the Family Educational Rights and Privacy Act (“FERPA”), through our compliance with this Privacy Policy. We agree to comply with all applicable laws concerning our collection and use of your personal information. If any translated version of this policy conflicts with the English version, the English version shall prevail.

For purposes of this Privacy Policy and our Terms of Service:

“Student Personal Information” means information that may, alone or in combination with other available information, be reasonably used to identify a current or former Student and shall be referred to as “Student Personal Information.” Student Personal Information may include, but is not limited to, FERPA Records.    

Capitalized terms that are not defined in this Privacy Policy shall have the meaning set forth in the Terms of Service.

How We Collect Information

We will only collect, use, maintain and share your information in a manner allowed by applicable law.

Information Provided by Schools and Districts and Educators

Schools and Districts that use the Services provide certain information about their students (“Students”) and their teachers, counselors and administrators (“Educators”)  to create accounts.  Educators, Students, parents or guardians of a Student, or authorized administrator of a School account, and School each is a “User” and are collectively referred to herein “Users.”

Schools and Districts may provide the following Student Personal Information:

  • Student ID, First Name, Last Name, Gender, Date of Birth, Current Grade, Current School, and Next Year School;
  • Student email address, as an optional part of the account creation process
  • For Schools and Districts that implement Course Planner information about courses Students have taken, including Course Codes, Course Names, Date Courses Completed or Grade Level Completed, Final Grades, Credits Achieved, and the Term Achieved
  • For Schools and Districts that implement e-Transcript services, Student transcript data for submission to colleges and universities.

Schools and Districts may provide Educator name and email address or Educators, when creating their own accounts, will be required to provide an email address as well as first and last name.  Educators may submit support requests or User Content.

We may collect the following information from a School or Authorized Administrator to set up and administer a School account:

  • Authorized Administrator contact information as well as information about his/her School relevant to purchasing and setting up accounts such as School’s name, address, billing address, and number of students.
  • Support requests and any other information submitted by a School or Authorized Administrators.

Information Provided by Students

With the Services, Students discover the unique pathway that’s right for them using an investigative, discovery-based learning process. As they gain self-knowledge through assessments and reflection, Students can save careers, schools, programs, and experiences to form a vibrant, visual roadmap that’s easy to update and share.

Given the purpose of the Services, Students may provide a variety of information including certain Student Personal Information in the Services.  Students may provide information such as email address, phone number, mailing address, personal avatar, education goal, favorite clusters, interests, skills, test scores, work experiences, volunteer experiences, high school course plan, future readiness plans, and any other information or User Content that Students choose to provide.

Information Provided by Visitors

We may collect the following information directly from Visitors:

  • Requests for Information: If you submit a request for information or otherwise contact us, we collect your request and your identifying contact information (including name, email address, phone number and address).
  • Support Requests: If you submit a support request or question, we receive your request/question and your associated identifying contact information.

Automatically Collected Information

When a User uses the Services or a Visitor visits the Xello website, we collect information about how such individuals interact with the Services (e.g., the pages viewed, the links clicked, and other actions taken on the Services) and usage of the Services over time. Our servers automatically collect other information about Users or Visitors that may include web request, Internet Protocol (“IP”) address, browser type, and mobile device information. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Services. We do not allow any third-party advertising networks to collect information about Users of the Services.

How We Use Information

We use the information we collect, including Student Personal Information and User Content, to  help Students create a successful future.

Specifically, we use such information to:

  • provide, improve and analyze the Services;
  • respond to questions, comments, and requests for information or provide customer support;
  • comply with applicable law or legal process.
  • detect, investigate and prevent activities that may be a violation of our Terms of Service or law
  • administer, troubleshoot and secure the Services;
  • as directed by a School or District that has licensed the Services.

We do not sell or rent Student Personal Information or the User Content provided in the Services. Nor do we disclose or provide any of the Student Personal Information or User Content provided to third parties for any purpose except as described in this Privacy Policy or directed by a School.

In addition, we do not use, sell, or rent Student Personal Information or User Content for the purpose of advertising.

We use and share de-identified and aggregate information for a variety of purposes including improving the design, features, and functionality of the Services, for marketing purposes, for general business purposes, and for administrative purposes.

In addition to the above, we use School or School Authorized Administrator information to send information about features on the Services or changes to our policies and communicate with Schools about the Services, including your account, transactions with us and security alerts.

How We Share Information

We may permit certain trusted third parties to track usage, as well as analyze information such as the source address that a page request is coming from, your IP address or domain name, the date and time of the page request, the referring website (if any), and other parameters in the URL. This is collected in order to better understand usage of our website and the Services and enhance the performance of and maintain and operate the Services. We may also use trusted third parties to host portions of the Services infrastructure, operate various features of the Services, store content, send emails, and store data on our behalf.

We may also disclose personal information in certain special cases, including the following:

  • We are required to do so by law or as ordered by a court.
  • To detect, investigate and prevent activities that may be a violation of our Terms of Service or law.
  • To resolve a technical problem or secure the Services.
  • As directed by a School or District that has licensed Xello.

We may also share personal information or User Content in connection with a merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company. In these circumstances, we will only share such information with a company that has agreed to data privacy standards no less stringent than our own and after providing advanced notice to you with an opportunity to opt out of our sharing of such information.

Third-Party Services

Certain third-party products or services (such as single sign on for test preparation services) may be available for Schools to choose to integrate within or use within the Services.  A School is not required to use such additional products in the Services.  Before electing to use such third-party services, Schools should review the terms, policies and practices of the third-party products and services to understand their terms and policies with respect to any personal information, including Student Personal Information, they may collect.  We strive to make available third-party services that will be useful to Schools, but we are not responsible for their practices, including with respect to personal information.

How We Protect Information

We are committed to protecting personal information, including Student Personal Information, and User Content submitted to the Services. We have numerous systems in place to safeguard against security breaches, denial of service attacks, and destruction of data. These measures include physical security and backups, employee restriction to data, and a comprehensive security breach policy.

All traffic transmitted to and from the Services is safely encrypted using Secure Socket Layers (SSL). We use industry-standard hashing mechanisms for sensitive data, such as passwords, and all backups are securely encrypted. Network infrastructure is monitored 24/7 by an intrusion detection system, while all servers use virus protection with full antivirus pattern updates. We maintain a detailed, and frequently tested, disaster recovery plan that includes multiple layers of redundancy in addition to a robust backup strategy.

Our employees who require access to personal information, including Student Personal Information, to perform their function must complete a criminal background check and sign a non-disclosure agreement prior to employment.

Your Choices

Information Provided by Schools and Districts

Information provided by Schools and Districts is controlled by such educational institution. If you have any questions about reviewing, modifying, or deleting the personal information they have provided us, please contact your educational institution directly.

Schools may update account information and modify the Services by signing in to the administrator account or by contacting us.

Information Provided by Students

The Services offer a robust set of tools and features which allow Students to edit or delete Student Personal Information and User Content that they have added.

Students may also request changes or deletions to Student Personal Information and User Content provided by emailing us at privacy@xello.world. We will respond to your request, when permitted by law, within 30 days.  Please note, this request may be referred to the School for instruction.

Users can update their individual notification preferences for the Services to control certain service-related messaging. Other service-related messaging (such as password reset communication) cannot be disabled.

Data Retention

Following termination or deactivation of a School’s account, we will retain personal information and User Content for a period of 90 days. Should the School decide to renew their contract within this 90-day period, your account and all related information will be restored. At the end of 90 days, or earlier at the request of the School, we will delete or transfer (and direct any subcontractors to delete or transfer) to School with rights in the information: Student Personal Information (including FERPA Records), personal information of Educators, and User Content in our or our subcontractor’s possession. Notwithstanding the foregoing,  we may retain any such information as required by or to demonstrate compliance with applicable law.

At any time upon termination of an agreement or otherwise at their discretion, School can request we delete all Student Personal Information and User Content. We will follow these instructions within 30 days of receipt.

Children’s Privacy

Students are not allowed to create their own accounts in the Services. Student accounts are created under the direction of School or Educators. Only Educators provided access by the School in the Services have access to that Student’s personal information and content.

In the United States, we are required under the Children’s Online Privacy Protection Act (“COPPA”) to obtain verifiable parental consent in order to collect, use, or disclose personal information from Children under the age of 13. As provided for by COPPA, we rely upon the School to obtain parental consent for the online collection of personal information from Children who are Students of such School.

Changes to Our Privacy Policy

We may modify or update this Privacy Policy from time to time, so you should review this page periodically. If we make a material change to this Privacy Policy with respect to how we collect and use personal information, we will provide at least 30 days’ prior written notice School and Users by email to the email address specified in the applicable account. Schools are responsible for ensuring that we have an up-to-date, active, and deliverable email address to provide such notice to School and for periodically visiting this Privacy Policy to check for any changes. Similarly, Schools that license the Services for their Students will be notified by email of material changes to our Privacy Policy at least 30 days prior to any changes.

How to Contact Us

If you have any questions regarding this Privacy Policy, please email us at privacy@xello.world.