Privacy Policy
Introduction
This ASU Pocket™ / My Skills Pocket (“App”) Privacy Statement provides information about Pocket’s online information gathering and dissemination practices.
In addition to the information in this Privacy Statement, Pocket’s Terms of Use set forth requirements that you must follow when using Pocket.
We encourage you to periodically review this Privacy Statement, as well as any information linked from this Privacy Statement, because we may update it from time to time.
Information Pocket Collects from Users
1. We do not intentionally collect data from users under 13 years of age. If data for a user under 13 years of age has been inadvertently collected, please notify us at MySkillsPocket@asu.edu.
2. Our mobile app collects analytics data, including:
- Device information: model, operating system version, and hardware specifics.
- Anonymized and aggregated data regarding user interactions, specifically app usage, session duration, and screens visited.
3. The App may collect the following personal information:
- General Information: Name and email address
- Educational Information: Educational records
- Besides the personal information noted above, the App does not collect any personal information directly from users, except for establishing proof of identity through user-initiated authentication with single-sign-on providers offered by partner institutions via One Time Passcodes (OTPs) delivered to an email address the user provides. During this exchange, the App retrieves the minimum necessary data to identify the user; typically a unique identifier like an email address or unique ID.
4. In addition to the personal information above, after users have established their identities with the App, it may use its integration with its partner institutions to reference specific data about organization affiliations and learning outcomes for the user, such as:
- Learner identification and academic and professional affiliations;
- Badges issued by the organization;
- Completed academic programs and previously held employment positions; and
- Completed academic and training classes.
Methods of Collection
During onboarding, the user is prompted to complete a single-sign-on flow that requires the user to explicitly authorize the App to verify their identity and access the data necessary for issuing credentials. This data is accessed by the pocket servers via an API offered by a secure on-premise integration agent. Please note that the App does not store your Personal Information.
Purpose of Collection
1. Information collected from the App is used to analyze user behavior, improve the app's performance, and enhance the user experience.
2. Information collected from partner institutions is used to generate verifiable credentials which are sent to the user’s mobile application.
3. Any other personal information collected to provide you the App services.
Use of Information
The analytics information collected from the App is primarily used for analyzing user behavior, evaluating app performance, and enhancing the user experience. We may process and store the collected information to generate insights and reports, identify trends, and make informed decisions to improve our app's functionality.
Information retrieved from the authorized partner’s system of record is processed by our cloud services specifically and exclusively for the purpose of generating verifiable credentials and delivering them to the user’s mobile app.
We do not share any personal information or collected data with third parties unless explicitly authorized by you or as required by law.
Data Security
The App prioritizes the security of user information and has implemented robust measures to safeguard it against unauthorized access, data breaches, and other security risks. Both the mobile application itself and the cloud services powering it adhere to industry-standard security practices.
Despite these measures, it's important to note that no system or method of transmission over the internet can guarantee absolute security. We continuously monitor and update our security practices to stay current with evolving threats and ensure the protection of user information.
User Rights
In general, the user may see the entirety of the information held by the App from within the mobile app. They may use the “Reset wallet” option within the app to request immediate deletion of their records in the cloud, and to trigger deletion of their local application’s data at the same time. Please note that if the user does not press the “Reset wallet” button and just deletes the application on their phone, the underlying credential source data in the systems of record will not be deleted.
Any inaccuracies in the data held by the partner institutions should be reported to the partner institution, as the App is entirely dependent on the partner’s system of record for all the credential source data. Administrators of the App account for the partner institution may also investigate and correct any inaccuracies in data entered directly into the App’s cloud management dashboard.
Cookies
Our mobile app utilizes analytics cookies provided by Firebase Analytics, Google Analytics, and Datadog Real User Monitoring (RUM). These technologies serve specific purposes such as analyzing user interactions, measuring app performance, and improving user experiences. This data is sent directly from the application to the analytics service HTTPS, ensuring encryption and security during transmission.
Data Retention
The Pocket cloud service stores underlying data for the time sufficient to authoritatively identify a user and to issue them verifiable credentials to reflect their achievements and learning outcomes. As explained above, this data is deleted immediately if and when the user deletes their account from the mobile app.
Disclosure of Information
The App does not disclose confidential information we collect online to individuals or entities not affiliated with ASU, except in the limited circumstances described below. Non-confidential information may be disclosed or distributed pursuant to federal laws, state laws, including Arizona’s public records laws, and ASU and Arizona Board of Regents (ABOR) policies. These laws and policies explain what information may be shared or disclosed. They also explain what information is protected as confidential.
Student Records. Certain records of students are protected by the federal Family Educational Rights and Privacy Act (FERPA), Arizona law, and ASU Policy. Information about students’ access to their education records and protection of education records is available in ASU’s Student Services Manual in Section 107-01. This policy also provides information on students’ rights to limit access to their directory information. ASU may disclose confidential student information with the consent of the student, under subpoena or court order, or in other limited circumstances as permitted by FERPA and other applicable laws.
Employee Records. Access to ASU personnel records is governed by ABOR Policy 6-912, ACD 811, SPP 1101, and Arizona law.
Public Records Laws. ASU may be required to provide access to ASU records to third parties pursuant to Arizona’s public records laws ARS §§ 39-121 through 39-161. Additional information about Arizona’s public records laws is available at ogc.asu.edu/public-records/.
Court Order or Public Safety. ASU may be required to disclose confidential information pursuant to a valid court order or lawfully issued and served subpoena, search warrant, or other legal order. In addition, ASU may disclose confidential information to law enforcement if ASU believes that disclosure is necessary to protect ASU, to protect the health or safety of individuals, or if law enforcement believes that ASU’s resources have been used in the commission of a crime.
Contractors. ASU may contract with non-ASU service providers to provide services and information through ASU’s websites and technology network. ASU may provide information, including personal information collected on our technology network; to non-ASU service providers to assist ASU deliver classes, programs, products, information, and services. ASU also contracts with non-ASU service providers to perform analysis, research, and administrative activities for ASU. ASU requires non-ASU service providers to protect personal information on our behalf.
Contact Information
If you believe the App has not adhered to this Privacy Statement, please contact ASU Pocket / My Skills privacy team at MySkillsPocket@asu.edu. We will use reasonable efforts to address your concerns; although there may be circumstances where we cannot assist.
Changes
We will publish on our website and on our App any changes we make to this Privacy Statement.
Effective: 01.25.2024