ClassDojo is subject to the Electronic Communications Privacy Act (“ECPA”) which affords privacy protections to individuals, including requiring the U.S. government to seek heightened legal process in order to access the data of our users. Because ClassDojo is subject to ECPA, we are potentially subject to Section 702 of FISA.
What is the risk for ClassDojo to receive Section 702 FISA Requests?
ClassDojo is extremely low risk for receiving any Section 702 FISA request given the type of platform and communities it connects (teachers, students and families), as well as the type of data that it processes. For full background, ClassDojo has never received a Section 702 FISA request to date. Of note, since we founded ClassDojo, we have received fewer than 10 U.S. governmental requests for any type of legal process (outside of Section 702) to obtain user data from the ClassDojo services.
What measures will ClassDojo take if it were to be served with a FISA 702 request?
If ClassDojo were to receive a Section 702 FISA request and was also unable to demonstrate full compliance with the European Commission’s Standard Contractual Clauses (“SCCs), ClassDojo would inform the relevant data exporter.
In addition, ClassDojo has implemented the technical and organization measures set forth in our Security Whitepaper located here: https://www.classdojo.com/security/ These measures include encryption of personal data in transit and at rest.
ClassDojo does not voluntarily cooperate with any U.S. government agency—and has not been compelled by any U.S. government agency—to provide data pursuant to Executive Order (EO) 12.333 and has encrypted data at rest and in transit in order to prevent any attempts to obtain its data through other surveillance activities.
Transfer Impact Assessment:
Additionally, if you would like to receive a copy of our Transfer Impact Assessment (“TIA”), please email firstname.lastname@example.org. The “Supplemental Measures” listed within the TIA are measures in place prior to the recently announced and enhanced U.S. Government safeguards, which will be implemented in connection with the new Privacy Framework (but can be used for any transfer mechanism).
Still have questions? Get in touch! Email us at email@example.com