Reports  Clients  Testimonials  Resources  Order  FAQ  About



Posted and effective February 9, 2024.

You can see our Privacy Policy update history here.


Acadamigo Privacy Policy

Acadamigo respects your privacy and strives to keep all of your data safe and secure. We do not sell, rent, or lease any data to third parties.

What We Do and How We Do It

Here's a simple summary of our service, practices, and policies:

  1. We do not interact with students.

  2. Schools send us their IB diploma results in the form of CSV files downloaded from the IB.

  3. We use those files to produce our IB Score Reports, which are visualizations and statistical analyses of a school's IB results, saved as PDF files.

  4. Schools use Dropbox or Google Drive to send us their files, and we use those services to send our reports back to schools.

  5. We also use Dropbox and Google Drive to store school data and our work, including backups. Those accounts are protected with strong passwords and two-factor authentication.

  6. Our local hard drives are fully encrypted using AES-256 technology and strong passwords.

  7. If a school would like to delete all student names before sending us their files, or would like us to do so as soon as we receive their files, that's fine.

  8. If a school would also like to remove all personal codes before sending us their files, or would like us to do so as soon as we receive their files, that's fine as well (although in that case we will not be able to produce our diploma predicted vs. awarded displays).

  9. We typically retain data so that schools do not have to resend it each year. We will delete all data from a school, at their request, unless it must be retained to meet our legal obligations, resolve disputes, or enforce our agreements.

  10. Occasionally, we anonymously aggregate results from our client schools in order to analyze and report on trends. For example, "How Accurate are Teacher Predictions of IB Scores?" We do these sorts of analyses and write-ups as a service to our clients and the broader IB community. If a school would like, we can exclude their data from such aggregations.

Data Privacy Framework

Acadamigo complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Acadamigo has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

Acadamigo has also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.

If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Acadamigo’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, Acadamigo may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under the Onward Transfer Principle, Acadamigo remains responsible and liable for any personal data from the EU, the UK (or Gibraltar), or Switzerland that we share with third parties for external processing on our behalf.

If you have questions or concerns regarding our privacy practices, please contact us at support@acadamigo.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Acadamigo commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States.

If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

In the event that your concern still hasn't been sufficiently addressed, you may be entitled to a binding arbitration under DPF and its Principles, described more fully at https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

EU Standard Contractual Clauses

Our Agreement for Professional Services includes the EU Standard Contractual Clauses and, when applicable, the UK Addendum.

Dropbox and Google Workspace

We use Dropbox and Google Workspace (Drive, Sheets, Docs, etc.) to provide a secure mechanism for you to transfer data to us, for us to transfer our reports back to you, and as a place for us to store your data and our work. By using our service, you consent to our use of Dropbox and Google Workspace to store and transfer your data.

Both Dropbox and Google comply with the General Data Protection Regulation and are certified by the Data Privacy Framework. You can find their certifications by visiting https://www.dataprivacyframework.gov/list.

Sharing with Third Parties, Use of Personal Information, and Choice

We do not disclose personal information to any third party other than agents who are performing tasks on our behalf, under our instructions and under contract, in order to provide our service to our clients. Currently, the only such agents are Dropbox and Google, as explained in the prior section.

We do not use personal information for any purpose that is materially different from the purpose(s) for which it was originally provided to us, or subsequently authorized, by our clients.

In the unlikely event that we someday wish to share personal information with a third party who is not an agent, or wish to use personal information for a purpose that is materially different from the purpose(s) for which it was originally provided to us, or subsequently authorized, by our clients, we will assume that our clients have opted-out of such sharing or use, and we will contact them, requesting their permission. At such time, we will provide them with a clear, conspicuous, and readily available mechanism to exercise choice.

Data Provided by Schools

Acadamigo does not offer or provide any products or services for students, and we do not collect personal data from them directly.

Schools send us data that they themselves have collected or that they have obtained from the IB.

That data typically includes only the IB-related information found in the Candidate, Subject, and Component CSV files and School Statistics PDFs downloaded from the IB.

Those files include:

Student names, IB registration numbers, IB personal codes, IB category, IB exam subjects and subject components for which the students were registered (including level and language), IB exam sessions (year and month), predicted, awarded, raw, moderated, and scaled IB marks, scores, and grades (including EE/TOK points), IB diploma outcomes and requirement codes, and IB school numbers.

Some schools send us additional student information to be used when producing their reports, including such things as gender, university outcomes, EAL status, inclusive arrangements, etc.

We accept this data from each school for the express purpose of providing our service, at their request, of producing our IB Score Reports, which are visualizations and statistical analyses of a school's IB results.

With respect to the personal information of students, the school is the data controller, and we are a data processor, serving the school.

Our Websites

Acadamigo.com and IBScoreReports.com (hereafter "our websites") do not collect any personal data. Our websites do not use cookies, Google Analytics, or any other tracking mechanisms.

Our websites do not contain any third-party advertisements. They do have a few links to third-party sites, none of which promote other products or services.

Email

If you send us an email, you are obviously sharing some personal information with us, such as your email address, your name as it appears on your email account, the IP address from which the email originated, and similar information regarding anyone you include in the email exchange. We will respond to your initial and subsequent emails and may send several follow-ups to ensure that we're being responsive.

If you are a client or have written us asking for information about our services, we may use your contact information to send reminder emails about ordering reports or to further inform you of the services we provide. We may also send surveys to clients to gather feedback about our services.

We will retain emails for as long as needed to provide contracted services. We will also retain and use emails as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you no longer wish to receive communication from us, please let us know at support@acadamigo.com. We will honor your request as soon as possible.

Client List and Testimonials

Our websites contain a list and map of schools that have ordered our reports. You can see the current list and map HERE. We also display unsolicited testimonials after receiving permission from the individuals who wrote them. You can see the testimonials HERE. Upon request by the appropriate individual, we will remove from our websites the name of any school or testimonial. If you have any questions or concerns, please contact us at support@acadamigo.com.

Data Protection

We strive to keep your personal information safe and secure at all times.

We maintain reasonable and appropriate physical, electronic, and procedural safeguards to help protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

We encourage schools to send us their data files by sharing a Dropbox or Google Drive folder with us.

Both Dropbox and Google participate in the EU-U.S. Data Protection Framework, the UK Extension to the EU-U.S. Data Protection Framework, and the Swiss-U.S. Data Protection Framework. They also comply with the privacy and security requirements of many other countries and agencies. If you would like to check their compliance with particular legislation or their certification with a particular agency, please visit their websites or contact them directly.

Our accounts with Dropbox and Google are protected with strong passwords and two-factor authentication. We encourage our clients to use the same methods to prevent breaches on their end. We are not responsible for the security of our clients' systems.

Our local hard drives are fully encrypted using AES-256 technology and strong passwords.

Unfortunately, no set of security safeguards is guaranteed to be impenetrable.

If you have any questions about the security of your personal information, please contact us at support@acadamigo.com.

Data Retention, Right of Access, and Deletion

Our reports analyze and display five years of data, and most of our client schools order new reports each year. So that schools only need to send us their most recent data files each year, we retain the data that we have received from schools, as well as the reports that we have produced for them. We will delete a school's data and their reports upon request, after confirmation from the appropriate individual.

We will retain school data for as long as needed to provide contracted services. We will also retain and use school data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Under the Data Privacy Framework, residents of the EU, the UK (and Gibraltar), and Switzerland may request to review the personal information we maintain about them, and to correct, amend, or delete that information where it is inaccurate. To make such requests, please contact us at support@acadamigo.com. We will respond to your request within 30 days. We may limit or deny access to personal data in cases where, in our reasonable judgment, the burden or expense would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated, or as otherwise permitted by the Data Privacy Framework Principles.

We do not interact with students. If a student were to contact us requesting access or seeking correction or deletion of his or her data, we would direct the student to our client, the school. We would also notify and work with the school to reach an acceptable agreement that keeps everyone in compliance with all applicable laws and regulations.

Changes to our Company

If we are involved in a merger, acquisition, partnership, or sale of our assets, emails and client contact information may be transferred as part of that deal. We will not, however, transfer any student data, including IB Score Reports already produced, without explicit consent from the relevant school.

Changes to this Policy

We may revise this Privacy Policy from time to time. The most current version will always be posted here with an updated revision date.

Contact

If you have any questions about Acadamigo, our Privacy Policy, or the services we offer, please contact us at support@acadamigo.com.