Privacy Policy

Rampant Strategy, LLC ("Rampant Strategy", the "Company", "we", or "us") takes your privacy very seriously and we have numerous technical and operational measures in place to ensure that our customer data is protected. This Privacy Policy informs you of our privacy practices, the way your information is collected online, and how that information is used.

This Privacy Policy applies to Rampant Strategy's website, domain, and all services, applications, and products (all regarded collectively as the "Services"), unless superseded by a separate written agreement.

The Services may include links to third-party applications, products, services, or websites for your convenience and information. If you access those links, you will leave the Rampant Strategy website. The privacy policy for those websites and services may be different than Rampant Strategy's Privacy Policy. We encourage you to review the privacy policy of any site you interact with before allowing the collection and use of your personal information.

Rampant Strategy may make changes to this Privacy Policy. Privacy Policy changes that significantly affect how the Company uses personal information will be communicated to users by email notification. Minor changes in the policy, which do not significantly affect how the Company uses personal information, will be posted on our website. Please refer to the Privacy Policy for any updates.

Rampant Strategy collects and uses information provided by you to better serve you, to personalize your experience, and to conduct the primary learning objectives of the Services. Rampant Strategy collects the names, email addresses, and other data used by your school, institution, or organization to uniquely identify you. If using an LMS (Learning Management System), the name of the institution associated with the LMS will be collected as well. We also collect the type of device and the type of web browser used to access the Services as well as IP addresses. These are stored in temporary logs.

Some information collected is used to authenticate user accounts. Rampant Strategy also uses email addresses to communicate with users about pending tasks within the system and updates that will affect the user experience.

As a result of your participating in the Rampant Strategy Services, data will also be generated in each account that may include:

• Assignments, surveys, and rubrics generated by instructors.
• Learner content, including work products, reviews, and ratings generated in response to the instructor prompts.
• As applicable in each use case, user feedback, group member evaluations, ratings and grades generated by both instructors and learners.

All personal data that is collected will be subject to this Privacy Policy and data will only be collected, stored, or distributed in reliance on the Privacy Policy.

Rampant Strategy stores certain information from your browser using cookies. A cookie is a piece of data stored on the user's computer tied to information about the user. By default, we use a persistent cookie that stores your login ID (but not your password) to make it easier for you to login when you come back to Rampant Strategy.

In some use cases, learners and instructors may purchase services directly on the Rampant Strategy website using credit card transactions. Rampant Strategy uses Stripe as its secure payment gateway service provider. Rampant Strategy does not view, collect or archive credit card or other financial data administered through the Stripe gateway.

The information collected by Rampant Strategy is shared with learners and instructors for achieving the primary educational objectives. In addition, Rampant Strategy may use this information to better understand user requirements, help Rampant Strategy deliver a consistent and personalized experience, and improve service and support.

All data collected by Rampant Strategy is stored within industry standard (AES-256) encrypted databases and log files. Furthermore, sensitive password data is hashed using modern password hashing. Email is not considered secure communication, and we don't recommend that you send sensitive information by email.

Rampant Strategy will maintain an archival copy of user data for approximately four years to allow users to establish baseline performance and compare learning outcomes against prior results. If an instructor wishes to delete course data, deleting that data erases it entirely from the server.

Rampant Strategy may disclose on its website and elsewhere the names of schools, institutions and organizations at which Rampant Strategy services have been or are being used.

Unless specifically described elsewhere in this Privacy Policy, Rampant Strategy will not share the personal information provided, or that is generated by Rampant Strategy, with any third parties, unless to:

• Improve educational outcomes by integrating with learning management systems, publishers and other educational providers that support LTI standards as defined by 1EdTech, as authorized by you or your school, institution, or organization.
• Respond to duly authorized information requests of police and governmental authorities.
• Investigate and help prevent security threats, fraud or other malicious activity.

Rampant Strategy is liable in appropriate cases of onward transfers to third parties.

Rampant Strategy will not offer goods and services to users from any unrelated third parties and will not sell your data to anyone.

You have the option of opting-out of sharing personal data: (i) disclosed to a third party (including authorized learning management systems, publishers, or other educational providers) (ii) used for a purpose different from the purpose for which it was originally collected (as described above in "How We Share Information"). To exercise this option, please contact support@rampantstrategy.com and ask that your account be deleted.

Please be sure to communicate and seek approval with your school, institution or organization before deleting your account. When you delete your account, all data associated with your account is deleted. If you delete your account, any reviewing data that you provided until that time remains, but is anonymized with no personal identifying information remaining in the system.

For further questions on opting out of sharing data with authorized third parties or deleting your account, please contact support@rampantstrategy.com. Where use of personal information is required by an institution for participation in a course, we will work with that institution to comply with any individual's choices for limiting use or disclosure of personal information.

Peer grading, as done by Rampant Strategy, is not considered to be "sharing" of grades and is permitted under FERPA (Family Education Rights and Privacy Act) regulations. (Owasso Independent School District No. I-011 v. Falvo, 534 U.S. 426, 2002.)

You have the right to access your data and update your personal identifying information at any time. You may also delete your data by deleting your account, but please be sure to check with your school, institution, or organization before materially changing or deleting any data. For further questions on accessing or deleting your data, please contact us at support@rampantstrategy.com.

Residents of certain US states (including California, Virginia, Colorado, and Connecticut) may have additional rights regarding their personal information, including the right to access, correct, delete, and opt out of the sale of personal data. Rampant Strategy does not sell personal data. To exercise any of these rights, please contact support@rampantstrategy.com.

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using our Services, you consent to this transfer. Users in the United Kingdom and European Economic Area have additional rights under applicable data protection laws, including the right to access, correct, delete, and port their personal data, as well as the right to restrict or object to certain processing. To exercise any of these rights, please contact support@rampantstrategy.com.

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, Rampant Strategy will notify affected users and any known affiliated schools or institutions via email within 12 hours of becoming aware of the breach. The notification will include:

• Company contact information.
• A general description of the breach incident and an explanation of what happened.
• The types of personal information believed to be compromised.
• The date and time of the breach, if known, or best estimate.
• Whether the notification was delayed as a result of law enforcement.
• Steps we have taken to mitigate the situation and advice on how affected individuals can best protect themselves.

Rampant Strategy notifies users about its adherence to privacy principles through this Privacy Policy and requires that users see and accept the Privacy Policy as part of the Terms of Service required to create an account.

Rampant Strategy may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have any questions about this Privacy Policy, please contact support@rampantstrategy.com.