Search

    Branching Minds Data Privacy Practices and Compatibility

    Built for schools. Backed by security. Ready to integrate.
    Branching Minds Data Privacy Practices and Compatibility
    Branching Minds Security

    Branching Minds Prioritizes the Security and Privacy of Your Data

    We know that privacy is tremendously important to our partners. At Branching Minds, we are serious about our data-safeguarding responsibilities. We have implemented multiple security measures to protect PII from unauthorized disclosure.

    A high-level summary of our security practices is included in our privacy policy, accessible here. We also understand the importance of transparency in our use of emerging technologies—read our AI policy to learn more.

    These practices include the following:

     

    SOC 2 Type 2

    The Branching Minds application maintains a current SOC 2 Type 2 report available from our Trust Center.

    NIST CSF
    Alignment

    The Branching Minds platform development and operations is aligned with the NIST Cybersecurity Framework 2.0 backed by an annual internal audit.

    Data
    Encryption

    All data on Branching Minds systems is encrypted in transit and at rest using modern, supported algorithms.

    File Transfer Protocol

    Data is securely transferred to Branching Minds using Secure File Transfer Protocol (SFTP) over TLS using modern ciphers only.

    Anti-Malware/
    EDR

    Our virtual servers, containerized workloads, and employee computers are scanned for malware using advanced EDR and next-generation anti-malware systems and are monitored 24/7 by MDR.

    Intelligent Threat Protection/
    Intrusion Detection

    Our cloud-based systems are constantly scanned in real time for advanced security threats using AI-based security tools. Security personnel investigate and resolve real-time alerting systems.

    Mobile Device Management

    We utilize next-generation Mobile Device Management (MDM) technologies to ensure our team’s computers and mobile devices are protected, patched, encrypted, and can be remotely protected if lost or stolen.

    Cloud Provider

    We store all of our data and host Branching Minds at secure off-site facilities managed by industry-leading Amazon Web Services (AWS) at their secured data centers in the United States. These data centers are housed in nondescript facilities and physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or AWS. All physical access to data centers by AWS employees is logged and audited routinely. All access to the information within Branching Minds stored on these servers is encrypted.

    Firewalls

    Our systems are logically segmented within AWS. Firewalls and Virtual Private Clouds (VPCs) protect and enforce that segmentation and are regularly reviewed and updated as required. Our applications and APIs are protected with advanced Web Application Firewalls (WAFs) with automated, adaptive rulesets.

    Cloud Security Posture Management

    Branching Minds utilizes Cloud Security Posture Management (CSPM) to ensure our production and development cloud environments are protected against inadvertent insecure misconfigurations. 

    Cloud Audit
    Data

    Detailed, searchable information on all API calls and user actions in our infrastructure is captured and retained in an immutable form. We alert on this data to provide real-time security visibility.

    Security
    Audits

    Branching Minds conducts automated and manual internal security audits and code reviews on a regular basis.

    Penetration
    Testing

    Branching Minds code undergoes regular penetration testing by a contracted, independent 3rd party. Findings are prioritized and remediated in a timely manner. For access to the latest report, please visit our Trust Center.

    Secure Programming Practices

    Branching Minds software developers utilize secure programming practices to reduce the possibility of introducing vulnerabilities to our application (like those identified by OWASP and SANS) that could lead to security breaches.

    Code Scanning

    Branching Minds utilizes automated code-scanning software integrated into our deployment/code pipelines to ensure vulnerabilities in code are identified and prioritized for remediation before code is deployed. The system can halt a deployment if an insecure configuration is detected.

    Secrets Management

    Application and system secrets are securely generated, stored, and retrievable programmatically from cloud-based secrets managers that utilize Hardware Security Modules (HSMs).

    Account
    Protection

    Each user of Branching Minds is required to create an account with a unique account name, password, and multi-factor identification provider. We have enabled advanced, behavior-based and location-based account protection with our identity provider.

    Facility
    Security

    Branching Minds is located inside the continental United States. Physical access is protected by electronic access devices, with monitored security and fire/smoke alarm systems.

    Data
    Retention & Management

    All PII provided to Branching Minds will be destroyed or anonymized (per terms) upon termination of our relationship with the school or district, or when it is no longer needed for the purpose for which it was provided, per the terms of any contracts with that school or district.

    Backups and Disaster Recovery

    Branching Minds utilizes multi-layered, multi-region backups and our disaster recovery and business continuity plans are tested and updated regularly through the use of simulated disaster scenarios.

    Staff Training and Background Checks

    All employees and contractors undergo initial and regular training on security best practices. All employees and contractors with access to PII or who work onsite undergo background checks.

    Third-Party
    Vendor Monitoring

    All Branching Minds sub-processors are vetted initially and at regular intervals (or qualifying events) as well as being monitored internally on an ongoing basis to ensure they utilize industry-standard privacy and security protections.

    Password Protection

    All Branching Minds employees utilize an encrypted password storage system to safeguard sensitive login information.

    DNS Security

    All Branching Minds domains, including branchingminds.com, are DNSSEC compliant with DNSSEC enabled.

    HSTS Preload

    Our domain, branchingminds.com, is on the HSTS Preload list, instructing users of all popular browsers to only connect to any URL under branchingminds.com using HTTPS only.

     

    We Utilize Best Practices to Destroy Your Data Once It’s No Longer Needed

    Branching Minds employs United States Department of Education best practice recommendations for data destruction using the following processes for data destruction: 

    Unless otherwise requested by your district, all PII provided to Branching Minds will be destroyed upon termination of our relationship with you (typically during September of the school year following the school year in which your LEA opts to terminate our relationship), or when it is no longer needed for the purpose for which it was provided.

    Data is destroyed using the National Institute of Standards and Technology (NIST) clear method sanitization that protects against non-invasive data recovery techniques.

    Sensitive data will not be disposed of using methods (e.g., file deletion, disk formatting, and one-way encryption) that leave the majority of data intact and vulnerable to retrieval.

    The individual who performs the data destruction signs a certification form describing the destruction.

    Occasionally, non-electronic media used within Branching Minds may contain PII. When these documents are no longer required, the non-electronic media is destroyed in a secure manner (most typically using a shredder) that renders it safe for disposal or recycling.

    Branching Minds is Designed from the Ground Up to Support FERPA Compliance

    Branching Minds is built from the ground up to help schools meet FERPA compliance standards through strict access controls and role-based permissions.

    Restricted access to individually identifiable student and personnel data based on defined system roles to meet all FERPA requirements.

    • Branching Minds is designed to give administrators flexibility to limit staff access to student information and to ensure that student and staff data is protected in accordance with all FERPA requirements.
    • After the initial onboarding process, teacher users have access to students listed on their class rosters, as reported by their student information system, while manager users have access to all students at their school (or district). Teacher users can then either request or be assigned students whom they do not initially have access to. In addition, teacher users and manager users can be assigned to multiple schools within a district.
    • Branching Minds utilizes a permission system to ensure that student data is accessible to teacher users who are working with that student. Conversely, administrators, depending on their access level, can see all data at the campus and district levels.

    Restricted access to individually identifiable student progress to staff members involved in educational support planning for the student and defined administrators.

    By default, Branching Minds restricts teacher user access to only those students who appear on their official school roster (as provided to Branching Minds through the student information system). Manager users (typically those coordinating RTI/MTSS, such as campus and district administrators, counselors, and specialists, such as school or district psychologists), who are defined explicitly by the district during implementation planning and onboarding, have access to all students at their school/district. Teacher users can then either request or be assigned students whom they do not initially have access to by manager users. Both types of users may be assigned to multiple schools by manager users, as necessary.

    Student Privacy Pledge

    Proudly Certified

    Branching Minds and Data Privacy

    To learn more about our data privacy practices or request a copy of our latest SOC 2 report, please visit our Trust Center or use the form below to contact us. 

    Contact Us