'

Compliance

GoReact is designed from the ground up to meet critical privacy and security needs for your organization. This page outlines specific elements of those compliance requirements.

In addition to the information below, the following links offer useful resources relating to our use of Amazon’s world-class infrastructure.

For more about Amazon’s security and business continuity, see: http://aws.amazon.com/security

For more about Amazon’s standards compliance, see: http://aws.amazon.com/compliance/

Private Video System

All videos on GoReact.com are private by default, viewable only by the presenter and associated instructors. Additional sharing options are controlled by the instructor or administrator of the account.For additional information on our privacy practices, please see our Privacy Policy.

Secure Video Storage

GoReact videos are stored in Amazon’s secure cloud service, the largest and most respected cloud provider in the world. Amazon employs a wide breadth and depth of security measures for its cloud servers. GoReact utilizes Amazon’s primary security infrastructures, including two-factor authentication for all users.

Data security

Users are authenticated at https://goreact.com using email and password credentials, or via a learning management system (ie. Canvas, Blackboard, etc.).

All GoReact authentication and page requests are passed to and from the user’s browser via TLS/SSL, and all GoReact-stored data is encrypted both in transit and at rest in the database.

System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback sessions, media and other relevant data entities.

User specific data we receive from LMS integrations

GoReact follows the standard LTI spec. For more information on the required and recommended fields in this spec, see the IMS Global Learning Tools Interoperability® Implementation Guide. When the GoReact tool is integrated, GoReact receives the following user specific information:

  • School ID (tool_consumer_instance_guid): Unique alphanumeric code sent from LMS (D2L receives the code from us)
  • School Name (tool_consumer_instance_name): Name of your school
  • Course ID (context_id): Unique alphanumeric code generated and sent from LMS
  • Course Name (context_title): Name of your course
  • Assignment ID (resource_link_id): Unique alphanumeric code generated and sent from LMS
  • Assignment Name (resource_link_title): As entered during assignment set up
  • Outcome Possible (lis_outcome_service_url): As entered during assignment set up (not all integrations send this in the payload)
  • User Name (lis_person_name_full): Name in LMS
  • User Email (lis_person_contact_email_primary): User’s email from LMS
  • User ID (user_id): Unique alphanumeric code generated and sent from LMS
  • User Role (roles): Role in LMS course

SOC and SSAE

GoReact maintains SOC 2 Type 2 compliance. You’re entrusting GoReact with your data, and we take that responsibility very seriously. If you would like to inspect our SOC 2 Type 2 report please request access by viewing our Whistic profile here.

For a description or copy of our cloud providers SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/

PCI Compliance

GoReact.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards. As part of this compliance, we undergo an extensive third-party security and penetration test every calendar quarter to ensure our site is secure.

View our PCI security certificate from SecurityMetrics.

FERPA Compliance

The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties. GoReact complies with all relevant provisions as follows:

  • Student account information is private in the system, viewable only by authorized instructors and IT administrators. Such permissions must be explicitly granted within GoReact.
  • Student grading information is viewable only to authorized instructors, reviewers, IT administrators, and to the individual student themselves.
  • Authorized GoReact staff may access the account information solely for the purpose of providing service and support to the instructor and students. Such access is limited to authorized service and support staff only. Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the User Terms.

HIPAA Compliance

GoReact.com is compliant with U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements for security and privacy of Protected Health Information (PHI), which for GoReact’s purposes could include conversations that healthcare providers may have about a patient’s care as part of a recording in the GoReact system.

GoReact’s hosting infrastructure meets all HIPAA security requirements related to restrictions on accessibility of the information (see the Security section above). In addition, all video storage in the system is private and access-controlled as described in the Privacy section above. See our Privacy Policy for more information.

If you require a Business Associates agreement in order to use GoReact in a clinical setting, please contact us at legal@goreact.com.

COPPA Compliance

GoReact.com is compliant with U.S. Children’s Online Privacy Protection Act (COPPA) requirements for handling capture and use of images of children under 13 in the GoReact system. Key elements include:

  • The service is not directed to children under 13.
  • Children under 13 years of age are expressly prohibited by our User Terms from creating their own account.
  • Users (teachers, administrators, etc.) who post videos that include children under 13, such as classroom observations, are doing so for purposes directed to adults
  • Videos in the system are private by default, as described above.
  • Parents of any child captured in any GoReact video may request removal of any video of their child by directly contacting GoReact.

For more information, see the COPPA references in our User Terms and Privacy Policy as well as the COPPA Frequently Asked Questions posted by the FTC. You may find that FAQs D-1, D-2, and F-4 are particularly relevant.

Please note that the above does not constitute legal advice, and you should contact your legal counsel for guidance in this area. If you have additional questions regarding GoReact security or privacy, please contact us at goreact.com/support at any time.

CCPA Compliance

GoReact.com is compliant with the California Consumer Privacy Act (CCPA), including all applicable consumer rights in control of their personal data. Please see CCPA-specific rights and terms in our Privacy Policy.

EU Privacy Shield and GDPR Compliance

Regulatory:  Both GoReact.com and GoReact.eu are compliant with the European Union’s General Data Protection Regulation (GDPR) and UK GDPR requirements for security and consent related to user data and content, including the right to be deleted. You may review your rights and recourse as an EU/UK user in our Privacy Policy.

Hosting:  GoReact accounts may now be provisioned from an EU-based hosting center, ensuring customer data never leaves the EU region. If you are an EU area customer and require EU-based hosting, please contact your GoReact account executive before creating an account in GoReact.  EU-hosted customers will access our service via GoReact.eu or via their LMS.

Accessibility

GoReact.com is designed to comply with applicable software accessibility requirements of Section 508 of the U.S. Rehabilitation Act. The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers.  This includes screen readers like JAWS®.  Additionally, GoReact uses the latest AI technology to accurately display real-time closed captions.

For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT).

GoReact.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.1, levels A and AA.

For more about WCAG 2.1 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.1

AI Integration

GoReact’s AI Assistant engages with AI to provide more, better feedback to participants. Because the data processed by our AI partner is covered by all of the same data protection agreements, processes, and policies which apply to all other data in our system, our compliance posture and commitment to privacy and security in these areas remains unchanged, including FERPA, COPPA, HIPAA, and GDPR.

For more technical and compliance details on the AI Assistant, please see the AI Assistant FAQ.