Is Pathwright GDPR compliant?
Yes, we wrote a separate article about GDPR compliance here.
How do you secure the content in my Pathwright account?
Every Pathwright account is secured under an SSL (Secure Sockets Layer) certificate for every single page in your school. You'll notice the "https" in your URL as opposed to "http." The "S" stands for "secure:" Hyper Text Transfer Protocol Secure (https).
This is provided automatically for every account, and you do not need to take any extra steps to enable it. This is a plus, since Google automatically gives your site a small boost on SEO (Search Engine Optimization) ranking if your site is secure.
SSL is the same encryption that banks use, and it encrypts any data shared between a web browser and web server. A secure connection ensures that any data taken from a site is confidential. Data is encrypted in transit, but is not encrypted at rest.
Due to this protocol, all material embedded in your account (videos, surveys, etc) needs to be hosted under https as well. If you want to use a resource not hosted under https, use a hyperlink that opens the content in a new browser tab or window.
Do I own the content I post on Pathwright?
We require that you grant Pathwright permission to display your content online (otherwise we would not have the legal rights to host your content).
We will not use or profit from your content in any way without your permission and you control who has access to your courses.
Do I need copyright permission to post a resource I do not own online?
If you plan to post content online that you did not create and is not public domain, then you will most likely need to secure permission to use it.
You are responsible to make sure that you own the material or have permission to use it before offering the course.
How do I prevent learners from downloading my content?
There's no easy way for learners to download anything from your course other than files that you explicitly make available for download.
Learners will not be able to cleanly print content from the course - except for the documents you attach for download - unless you enable printing.
If you plan on embedding PDFs, we recommend using Scribd. You will have control over reader permissions, and you can turn off the ability to copy and paste from the document or to download it.
Can I add my own custom user agreement or copyright notice?
How can I monitor who has access to my account?
You can see who has created a member account in your school any time by going to Community from the Dashboard or main menu. You can revoke any member's access to a single course or to your entire school.
If you would like all admins to receive a notification each time a new member joins, we can enable that setting for you on the back end. Send us a message or email firstname.lastname@example.org to get this set up.
How can I verify my users' identity?
If your school membership should be limited to those you invite:
Be sure to keep all courses private.
Ask us to turn on notifications that send to all admins when a new member joins the school or set up a custom notification using Zapier and the Trigger "New school member." If anyone joins your school who should not be there, revoke their access under Community from your Dashboard or main menu. If anyone joins with the wrong email, ask them to update their email under their account settings.
If it is very important that your users sign up with a specific email, create accounts for your members automatically using the "Create member" Action in Zapier.
If your courses are public:
Offer courses on a schedule and close the courses at the end.
Schedule a video call with your learners. Use the meeting to discuss their work in the course and give feedback and ask to see a valid ID.
If you suspect anyone of sharing their password, revoke their access under Community.
What if my learners share their passwords?
A single user account can only track progress for one person. It would not be an ideal user experience if multiple individuals tried to share. You can revoke a user's access at any time if you suspect abuse.
What data does Pathwright collect?
Here's the data we collect for all users:
User first name, last name, email address, and password (password is encoded)
Metadata on user interaction
Passwords are encrypted and stored securely with the same encryption that banks use. As the school administrator, you will have access to your learners' names, email addresses, and progress data.
We will not sell or share your learners' contact information with other organizations. Secure information, like credit card numbers, is not stored. We do not collect physical addresses or phone numbers from learners.
We comply with Payment Card Industry Data Security Standards (PCI/DSS).
The rest is contingent on your use of Pathwright and individual learner choices. For example...
If you have learners enrolled in scheduled classes in Pathwright, then we store their course enrollments and schedules.
If learners optionally update their profile with their location, bio, or other personal data, we store that data as text.
If they upload a profile picture, we store the image.
If you use our native assessments in your Pathwright courses, then we store those assessment answers and scores and overall course grades.
If you use discussions or private feedback in your courses, we store those communications.
If you sell your courses via Stripe (a third-party payment processor), we send metadata about payments to Stripe, but that information is only stored for your convenience and not used by Stripe.
Do you back up my content? How secure is it?
Pathwright is a web-based platform, so you won't need to download or update any software; we host everything in the cloud.
We have all Pathwright content backed up on Amazon's servers, which scale based on usage. Amazon uses more than one server to back up your school, and they store our data in several facilities and on multiple devices in each facility. By doing this, they provide 400 times the durability of a typical disk drive. Data is stored in Amazon RDS.
We run backups daily.
However, please note that Pathwright does not have version control and we cannot retrieve unsaved or overwritten content.
If you'd like to back up your course content, you are able to make your own backups by copy/pasting your content and saving it outside of Pathwright.
You can also make duplicates of your courses for extra redundancy. See how to copy a course.
What happens to data after cancellation?
By default, we'll keep all your data intact when your account becomes inactive. Data (either an individual's data or an entire Pathwright account) may be permanently deleted with 30 days upon request by account owner. Send us a message or email email@example.com to request account deletion.
How does Pathwright ensure compliance with FERPA, COPPA, and other applicable privacy regulations?
We do not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13, we will take steps to delete the information as soon as possible. Please contact us at firstname.lastname@example.org if you believe we have any information from or about a child under the age of 13.
Parents are welcome to set up accounts for children under 13 using their own (the parent's) email address and a pseudonym. They should leave the optional profile picture blank (or use a neutral image).
Is Pathwright ADA/WCAG compliant?
Our goal is to be fully ADA/WCAG compliant and we are actively working towards that. Some aspects will also depend on your use of the platform (whether you have entered alternate text for images, provided captions or transcripts for videos, etc.).
You can go ahead and build your courses in an ADA compliant way now.