Seesaw takes protecting your security and privacy seriously and we've put a number of measures in place to protect the integrity of your information.
- We have a robust set of Privacy Principles designed to clearly communicate our privacy promises to our teachers, families, and students.
- Seesaw uses TLS 1.3 security at the network level to ensure account information and journal content is transmitted securely. Seesaw requires TLS 1.2 at a minimum; TLS 1.0 and 1.1 are not supported.
- Personally identifiable information (PII), like names, email addresses, phone numbers, messages, journal content, stored in Seesaw is encrypted at rest.
- Multi-Factor Authentication provides an extra layer of sign-in security. MFA helps keep out anyone who shouldn't have access to your account by requiring a verification code (sent via email) in addition to your password before your account can be accessed.
- Passwords are salted and hashed using PBKDF2.
- Seesaw routinely conducts 3rd party security audits to verify the security and integrity of our systems and internal controls.
- The Seesaw application is penetration and security tested by an independent third party annually.
- Password requirements for new accounts and password resets follow the guidelines of the Cybersecurity Infrastructure and Security Agency.
- Data is stored in access-controlled data centers operated by industry-leading partners with years of experience in large-scale data centers with 24/7 monitoring.
- User information is stored redundantly and backed up in geographically distributed data centers. We utilize multiple distributed servers to ensure high levels of uptime and to ensure that we can restore availability and access to personal data in a timely manner.
- We have adopted an internal data access policy that restricts access to personally identifiable information to a limited number of employees with a specific business need (such as for technical support).
- Employees undergo a background check before beginning employment at Seesaw, sign a nondisclosure agreement, and immediately lose access to all internal systems and data when terminated.
- We routinely monitor our systems for security breaches and attempts at inappropriate access.
- We use encrypted QR codes for family and student access to journal content.
- Seesaw has taken the Student Privacy Pledge.
- Seesaw has signed the National Data Privacy Agreement.
- When transferring Personal Information outside of the EU, UK, or Switzerland we rely on standard contractual clauses (“SCCs”), one of the legally recognized transfer mechanisms by the ECJ. Our Data Processing Agreement contains the SCCs drafted by the European Commission, which outlines the collection, use, and retention of Personal Information from the European Union, the United Kingdom, and Switzerland transferred to the United States. Customers can review and sign a copy of our Data Processing Agreement here.
Report a vulnerability
If you believe you have found a security vulnerability on Seesaw, please let us know right away. We will investigate all reports and do our best to quickly fix valid issues.
You can submit your report by emailing your findings to firstname.lastname@example.org. Seesaw has a bug bounty program with HackerOne, a platform for ethical disclosure of security vulnerabilities, where your report will be triaged as soon as possible.
For other security questions, please reach out to our Support team.
For more information visit our Privacy Center.