Clever

Security

How Clever thinks about security and privacy

By Liz Allen on

Here at Clever, we think a lot about security and privacy. We support millions of students, half of the schools in the country, and have over 250 application partners—so, we closely track trends and legal requirements for both applications and districts.

We follow federal laws like FERPA and COPPA, in addition to the many state laws that have been passed in recent years. The federal laws are 44 years and 19 years old respectively. Because of the age of the laws and the speed of technological development, states pass additional laws (91 in 3 short years!), creating a complicated web of legal requirements.

Universal SSO and our security approach

By Cat Kamireddy on

At Clever, it’s important we always use a “privacy by design” approach when releasing new features. In other words, we want to design our products with privacy in mind from day one—and on equal footing with core considerations like usability.

Setting the bar even higher

By Cat Kamireddy on

At Clever, we have a clear commitment to student data privacy with three straightforward policies:

1. We only collect personal information schools choose to share with us
2. We only share data when schools instruct us to
3. Schools always own their data

We recently updated our terms and privacy policy to make that third commitment even stronger.

Open sourcing our policies

By Mohit Gupta on

Student data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal.

About five months ago, we were made aware of aspects of our privacy policy that did not clearly and explicitly match our intentions.

Clever and “Shellshock”

By Dan Carroll on

Recently, a critical security issue was discovered and disclosed to the larger community. This issue, nicknamed Shellshock, could have allowed an attacker to take control of certain systems using specially crafted HTTP requests. The vulnerability came from a flaw in Bash, a tool used by the majority of Internet web servers, including some of Clever’s machines.