FetchKids Security and Privacy Protocols

FetchKids is very secure and follows industry standards and best practices for privacy and security: 

  1. Best practices PHP OOP (object-oriented programming) with secure rest API connection to mobile devices using JSON web token authentication and separated mobile and web UI APIs for greater security. 
  2. All data stored in the Oracle Autonomous Database which is physically located in the US. The Oracle Autonomous Database is constantly maintained and patched with the latest security patches automatically by Oracle. Only TLS encrypted private connections with the database can be established.
  3. Database uses Transparent Data Encryption technology for data at rest with Oracle-Maintained security keys. Both database and database backup are encrypted.
  4. Database uses serverless technology thus no user including Fetchkids tech teams has access to the database server which is managed and secured internally by Oracle.
  5. Transmission Security: All communication between the servers and mobile apps is secured using modern TLS (Transport Layer Security) cryptographic protocols.
  6. All domains secured with SSL (secure sockets layer) certificates. 
  7. Security Management: All system and mobile applications components are kept up-to-date to prevent any software vulnerabilities. The mobile apps are kept up-to-date with their vendor’s (Apple, Google) privacy and security guidelines.
  8. Information Access Management.  We limit disclosure of student data to the “minimum necessary,” Access to student data is allowed only when deemed appropriate based on the user’s role (role-based access).
    1. Generic or test IDs must not be created or enabled on production systems unless specifically authorized by the relevant Information Asset Owners.
    2. Authentication information such as passwords, security logs, security configurations are adequately secured against unauthorized or inappropriate access, modification, corruption or loss.
    3. Privileged access rights typically required to administer, configure, manage, secure and monitor IT systems are reviewed periodically (at least twice a year) by our Information Security team.

 

FetchKids Location and GPS Privacy

  1. Parent Pickup Arrival Time: GPS coordinates are transmitted in real-time to provide accurate arrival data.
  2. GPS Data De-Identified: GPS coordinates are associated with users in our database but that information is not identifiable by the mapping services FetchKids uses.  All GPS data is private and only used by FetchKids to provide accurate arrival time information. No data is sold or used for advertising purposes by FetchKids or the mapping services.
  3. No Location Data Storage: No GPS location data is stored or gathered after a pickup is completed. It is only transmitted to FetchKids while the pickup is in progress. After the pickup is confirmed, the data is no longer available to FetchKids or the mapping services. 
  4. Parent Location Privacy: Privacy is maintained during the drive to school because the parent location is not shown on the FetchKids school map until the parent is within a 1-mile radius of the school.   If the parent is outside of the radius, only the arrival time is transmitted to FetchKids.