GoReact is designed from the ground up to meet critical privacy and security needs for your organization. This page outlines specific elements of those compliance requirements.
In addition to the information below, the following links offer useful resources relating to our use of Amazon's world-class infrastructure.
For more about Amazon's security and business continuity, see: http://aws.amazon.com/security
For more about Amazon's standards compliance, see: http://aws.amazon.com/compliance/
Private Video System
Secure Video Storage
GoReact videos are stored in Amazon's secure cloud service, the largest and most respected cloud provider in the world. Amazon employs a wide breadth and depth of security measures for its cloud servers. GoReact utilizes Amazon's primary security infrastructures, including two-factor authentication for all users.
Users are authenticated at https://goreact.com using email and password credentials, or via a learning management system (ie. Canvas, Blackboard, etc.).
All GoReact authentication and page requests are passed to and from the user's browser via TLS/SSL, and all GoReact-stored data is encrypted both in transit and at rest in the database.
System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback sessions, media and other relevant data entities.
User specific data we receive from LMS integrations
GoReact follows the standard LTI spec. For more information on the required and recommended fields in this spec, see the IMS Global Learning Tools Interoperability® Implementation Guide. When the GoReact tool is integrated, GoReact receives the following user specific information:
- School ID (tool_consumer_instance_guid): Unique alphanumeric code sent from LMS (D2L receives the code from us)
- School Name (tool_consumer_instance_name): Name of your school
- Course ID (context_id): Unique alphanumeric code generated and sent from LMS
- Course Name (context_title): Name of your course
- Assignment ID (resource_link_id): Unique alphanumeric code generated and sent from LMS
- Assignment Name (resource_link_title): As entered during assignment set up
- Outcome Possible (lis_outcome_service_url): As entered during activity set up (not all integrations send this in the payload)
- User Name (lis_person_name_full): Name in LMS
- User Email (lis_person_contact_email_primary): User's email from LMS
- User ID (user_id): Unique alphanumeric code generated and sent from LMS
- User Role (roles): Role in LMS course
SOC and SSAE
For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/
GoReact.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards. As part of this compliance, we undergo an extensive third-party security and penetration test every calendar quarter to ensure our site is secure.
View our PCI security certificate from SecurityMetrics.
The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties. GoReact complies with all relevant provisions as follows:
- Student account information is private in the system, viewable only by authorized instructors and IT administrators. Such permissions must be explicitly granted within GoReact.
- Student grading information is viewable only to authorized instructors, reviewers, IT administrators, and to the individual student themselves.
- Authorized GoReact staff may access the account information solely for the purpose of providing service and support to the instructor and students. Such access is limited to authorized service and support staff only. Consent for this limited use of their account information is granted by each student user upon signup with required acceptance of the User Terms.
GoReact.com is compliant with U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements for security and privacy of Protected Health Information (PHI), which for GoReact's purposes could include conversations that healthcare providers may have about a patient's care as part of a recording in the GoReact system.
If you require a Business Associates agreement in order to use GoReact in a clinical setting, please contact us at firstname.lastname@example.org.
GoReact.com is compliant with U.S. Children's Online Privacy Protection Act (COPPA) requirements for handling capture and use of images of children under 13 in the GoReact system. Key elements include:
- Videos in the system are private by default, as described above.
- Users (teachers, administrators, etc.) who post videos that include children under 13, such as classroom observations, are required by our User Terms to obtain parent/guardian permission prior to posting.
- Parents may request removal of any video of their child by directly contacting GoReact.
- Children under 13 years of age are expressly prohibited by our User Terms from creating their own account.
If you have additional questions regarding GoReact security or privacy, please contact us at goreact.com/support at any time.
GoReact.com is compliant with the European Union's General Data Protection Regulation (GDPR) requirements for security and consent related to user data and content, including the right to be deleted. If you are an EU area customer and require the EU Standard Clauses in connection with your GoReact contract, please contact your account executive.
GoReact.com is designed to comply with applicable software accessibility requirements of Section 508 of the U.S. Rehabilitation Act. The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers.
For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT).
GoReact.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.0, levels A and AA.
For more about WCAG 2.0 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.0