⚾ COPPA — Children's Online Privacy Protection Act
MoveWell is committed to full compliance with the Children's Online Privacy Protection Act (COPPA), which protects the privacy of children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
What We Collect
- Student Data: We collect only the minimum student information necessary for educational purposes — typically a student ID or username assigned by the school or district. We do not collect a child's name, address, email, phone number, or other personal identifiers directly.
- Teacher/Administrator Data: Teachers and administrators provide their own contact information when creating accounts. This information is used solely for product communications and support.
- Usage Data: We may collect anonymized, aggregated data about how students interact with lesson content (e.g., time spent on activities, assessment completion) for educational quality improvement purposes.
How We Use Student Data
- To deliver curriculum content and track student progress within the MoveWell platform
- To generate teacher-accessible reports on student engagement and performance
- To improve lesson content and platform functionality
Parental Rights
Parents or guardians of children under 13 may review, request deletion of, or refuse further collection of their child's personal information. To exercise these rights, contact the child's school or district administrator, who is the primary point of contact for student data matters under COPPA.
Key COPPA commitment: MoveWell does not use student data for advertising, profiling, or commercial purposes. Student data is never sold to third parties. Parental consent is obtained through the school district, which acts as the COPPA-authorized intermediary.
⚾ FERPA — Family Educational Rights and Privacy Act
MoveWell operates as a "school official" under the Family Educational Rights and Privacy Act (FERPA). We process student educational records on behalf of and under the direct instructions of schools and districts, in accordance with FERPA's "school official" exception (34 CFR § 99.31(a)(1)).
Our FERPA Commitments
- Educational Purpose Only: Student data collected through MoveWell is used solely for educational purposes related to health and physical education instruction.
- No Independent Use: We do not use student data for any purpose other than providing services under our contract with the school or district.
- No Disclosure: We do not disclose student information to any third party except as required by our contract with the school or district, or as required by law.
- Subcontractor Compliance: Any subcontractors or vendors who access student data on our behalf are bound by the same FERPA obligations.
- Audit Rights: Schools and districts may audit our data practices upon reasonable notice.
Parent and Student Rights Under FERPA
FERPA grants parents and eligible students (generally students 18 and older) the right to:
- Inspect and review their child's or their own educational records
- Request amendments to records believed to be inaccurate
- Consent to disclosures of personally identifiable information (subject to exceptions)
- File complaints with the U.S. Department of Education regarding alleged failures to comply with FERPA
Requests to exercise FERPA rights should be directed to the school or district, which is the FERPA "school official" with direct authority over student records.
⚾ SOPPA — Student Online Personal Protection Act (Illinois)
MoveWell is in full compliance with the Illinois Student Online Personal Protection Act (SOPPA), which governs how ed-tech companies handle student data in Illinois. This compliance applies to all Illinois schools, districts, and students using MoveWell.
SOPPA Requirements We Satisfy
- Data Collection Disclosure: We publicly disclose what student data we collect, how it is used, and with whom it is shared. This document constitutes our primary disclosure.
- No Advertising or Profiling: MoveWell student data is strictly prohibited from use in targeted advertising, commercial purposes, or student profiling.
- Data Breach Notification: In the event of a data breach, we will notify the affected school or district within 30 days of discovery, in accordance with SOPPA requirements.
- Subcontractor Disclosure: All subcontractors with access to student data are listed in our Data Processing Agreement (available upon request from your district).
- Data Retention: Student data is retained only for the duration of the contract and is deleted within 60 days of contract termination, or upon school/district request.
- Data Security: All student data is encrypted at rest and in transit using industry-standard encryption (AES-256, TLS 1.2+).
- FERPA & COPPA Alignment: Our SOPPA commitments are consistent with our FERPA and COPPA obligations, ensuring that Illinois students receive the same protections as students nationwide.
Data Processing Agreement
Illinois districts are required by SOPPA to have a signed Data Processing Agreement (DPA) with all ed-tech vendors. If your district requires a DPA to be executed before using MoveWell, please contact us and we will provide our standard template for review by your district's legal counsel.
Illinois Districts: If you are a Chicago Public Schools (CPS) or other Illinois district evaluating MoveWell, we can provide our SOPPA-compliant DPA for legal review. Contact us at your district's procurement contact information.
⚾ Data Collection & Use Practices
Student Data We Collect
- Student username or ID (as assigned by the school/district)
- Grade level and class/period assignments
- Lesson completion status and assessment scores
- Activity engagement data (time on task, completion rates)
Student Data We Do NOT Collect
- Student full name, home address, or phone number
- Student email address
- Student biometric or health data beyond what is necessary for fitness assessment activities
- Student social security number
- Student photos or video (unless explicitly provided by district for specific programs)
Teacher/Administrator Data
Teachers and administrators who create MoveWell accounts provide their name and work email address. This information is used to:
- Provide access to the MoveWell platform
- Send product updates and important service notifications
- Respond to support requests
⚾ Data Retention & Deletion
Student data is retained for the duration of the contract between MoveWell and the school or district. Upon contract termination, all student data is deleted within 60 days.
Schools and districts may request immediate deletion of student data at any time by submitting a written request to MoveWell. Deletion requests are processed within 14 business days.
Aggregate, de-identified data used for product improvement purposes does not constitute student personally identifiable information and may be retained after individual data deletion.
⚾ Data Security
MoveWell employs industry-standard technical and organizational measures to protect student data, including:
- AES-256 encryption at rest for all stored data
- TLS 1.2+ encryption in transit for all data communications
- Role-based access controls — staff access to student data is limited to personnel with a legitimate educational need
- Regular security audits and vulnerability assessments
- SOC 2 Type II compliance in progress (expected by Q3 2026)
⚾ Contact Us
For questions about this privacy policy, data deletion requests, or to request a Data Processing Agreement, please contact your school or district administrator directly. For general inquiries:
Email: privacy@movewell.app
Mail: MoveWell, Inc. — Student Privacy Office
All inquiries will be responded to within 14 business days.
Note for Districts: Before contracting with MoveWell, your district may wish to conduct its own privacy impact assessment. We fully support this process and will provide documentation, evidence of security controls, and interview time with our technical team upon request.