KidRewards Security Whitepaper

KidRewards, operates the services offered on kidrewards.org (the "KidRewards Website"), including the KidRewards platform (the "KidRewards Platform"), and any associated mobile applications (the "KidRewards Apps") or products and services that Company may provide now or in the future (collectively, the "Service").

Protecting data privacy and security is a top priority for KidRewards. Our Privacy Policy and Student Data Privacy Addendum solidify the commitments that KidRewards and schools make to each other, including our security and privacy commitments. Capitalized terms not defined in this document, such as "Student Data", are defined in our Student Data Privacy Addendum. We regularly evaluate our policies and practices to improve security and to keep up with the latest practices of the security industry.

This document is designed to provide technical readers, such as Chief Information Officers or Chief Technology Officers at school districts, additional clarity and specifics about our security commitments. While this document is written for technology experts who often play a key role in assessing our policies, we recognize that data security is just as important to families, teachers, and students as it is to school officials. Additionally, should you have security or privacy questions, please reach out to our team at contact@gmail.comkidrewards.org

Infrastructure Security

Encryption

Access to the KidRewards Service occurs via encrypted connections

(HTTP over TLS, also known as HTTPS) which encrypt all data before it leaves the KidRewards Service's servers and protects that data as it transits over the internet. We use HTTP Strict Transport Security to ensure that pages are loaded over HTTPS connections.

Network Security

Network access to the KidRewards Services infrastructure is highly restricted.

Patching

We use automated processes to regularly install security updates on the infrastructure that powers the KidRewards Services, these processes include:

Backups and Availability Control

We have a data backup and recovery capability that is designed to provide a timely restoration of the KidRewards Services, with minimal data loss, in the case of catastrophic failure. These backups are encrypted and stored in multiple availability zones. Additional technical and organizational measures to ensure that Student Data are protected against accidental destruction or loss (physical/logical) include:

Physical Security

Physical Access Controls

Technical and organizational measures to prevent unauthorized persons from gaining access to the data processing systems available in premises and facilities (including databases, application servers and related hardware), where Student Data are Processed*, include:

Virtual Access Control

Technical and organizational measures to prevent data processing systems used for Student Data from being used by unauthorized persons include:

Disclosure Control

Technical and organizational measures to ensure that Student Data cannot be read, copied, modified or deleted without authorization during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities Student Data are disclosed, include:

Entry Control

Technical and organizational measures to monitor whether Student Data have been entered, changed or removed (deleted), and by whom, from data processing systems, include: