Parents' Bill of Rights forData Privacy and Security
Effective April 22, 2026
This Bill of Rights is adopted pursuant to New York Education Law §2-d and 8 NYCRR Part 121 by I Can Tell Time (“Provider”) in connection with its mobile application made available to educational agencies in New York and elsewhere. Educational agencies may publish this page as-is or link to it from their district website to satisfy operator-listing obligations.
Part I — Parents' Bill of Rights
In accordance with NY Education Law §2-d, each parent has the following rights with respect to their child's data:
- 1A student's personally identifiable information cannot be sold or released for any commercial purpose.
- 2Parents have the right to inspect and review the complete contents of their child's education record maintained by the educational agency.
- 3State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices — including but not limited to encryption, firewalls, and password protection — must be in place when data is stored or transferred.
- 4A complete list of all student data elements collected by the State Education Department is available at nysed.gov, and may be obtained by writing to: Office of Information & Reporting Services, New York State Education Department, Room 865 EBA, 89 Washington Avenue, Albany, New York 12234.
- 5Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234. Complaints may also be submitted using the form available at the following website: nysed.gov/data-privacy-security/report-improper-disclosure.
- 6Parents have the right to be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student's PII occurs.
- 7Educational agency workers that handle PII will receive annual training on applicable federal and state laws, regulations, educational agency's policies and safeguards, which will be in alignment with industry standards and best practices to protect PII.
- 8Educational agency contracts with vendors that receive PII will address statutorily required data privacy and security requirements.
Part II — Supplemental Information
Pursuant to NY Education Law §2-d(3) and 8 NYCRR §121.3, Provider is required to disclose the following supplemental information to parents and eligible students:
1. Exclusive purposes for which the data will be used
I Can Tell Time ("Provider") does not receive student personally identifiable information ("PII") under its default deployment. The application runs on-device, stores learner progress locally, and does not transmit student activity to Provider. To the extent any PII is ever provided to Provider (for example, an educator's email address for support), the exclusive purposes are (a) providing the I Can Tell Time application service, (b) responding to support requests, and (c) complying with applicable law. Provider does not and will not use PII for targeted advertising, to build profiles on students for any non-educational purpose, or to sell or rent PII.
2. How the educational agency ensures any subcontractors, persons or entities with access to PII will abide by data protection and security requirements
Provider does not use any subcontractor, subprocessor, or third party to process student PII under its default deployment. If this changes, Provider will (a) execute a written agreement with the subcontractor that imposes data protection and security obligations no less protective than those in Provider's Data Privacy Agreement with the educational agency, and (b) update the Schedule of Data published at icantelltime.com/schools/data-privacy before the change takes effect.
3. When the agreement expires and what happens to the PII upon expiration
The Data Privacy Agreement between Provider and the educational agency remains in effect for as long as Provider provides the I Can Tell Time service to the educational agency, unless terminated earlier. Upon expiration or termination, Provider shall delete or return any PII in its possession within sixty (60) days, unless retention is required by law. Because no student PII is typically held by Provider, in most cases there is no PII to delete.
4. Where the PII will be stored and the security protections taken to ensure the PII will be protected
Student progress data is stored locally on the student's device and is never transmitted to Provider's servers. To the extent any PII (for example, an educator contact address) is held by Provider, it is stored on encrypted infrastructure located in the United States. Security protections include encryption in transit (TLS 1.2+), encryption at rest (AES-256 or equivalent), multi-factor authentication for employee access, and annual privacy training for personnel.
5. How parents, students, eligible students, teachers or principals may challenge the accuracy of the PII that is collected
Requests to challenge the accuracy of any PII held by Provider, or to inspect or correct such PII, may be directed to hello@icantelltime.com. Provider will respond within thirty (30) calendar days and will coordinate with the educational agency to resolve the request.
6. Whether the data is encrypted in motion and at rest
Yes. Any PII transmitted to Provider is encrypted in motion using TLS 1.2 or higher. Any PII retained at rest on Provider-controlled systems is encrypted using AES-256 or equivalent industry-standard encryption.
Contact
Questions or requests regarding this Bill of Rights, the Supplemental Information, or data privacy generally can be directed to Provider's data privacy contact:
Email: hello@icantelltime.com
Complaints regarding possible breaches of student data may also be directed to the Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany NY 12234.