Campuswire’s View on User Privacy

As a team building an internet company, it’s easy to look back wistfully on the earlier days of the internet.

It was the wild, wild west — with just a handful of apps on the App Store, and a few million sites on the web, the only precondition for success was that you built something people actually wanted. Easy enough.

Today’s internet is a crowded place and, even if you build something useful, there’s no guarantee anyone will ever hear about or use your creation.

But building an internet business today does have its advantages. Whilst early internet companies like Facebook, and others, scramble to retroactively introduce privacy protections for their users and make fundamental, necessary, privacy-centric changes to their business models, we have the benefit of knowing to be thoughtful about privacy from the ground up.

How we think about Privacy at Campuswire

For us at Campuswire, protecting user privacy is a must.

Ed-tech companies are regulated by federal laws, namely the Family Education Rights and Privacy Act (FERPA), which is basically education’s own analog to HIPPA, designed to protect the privacy of student educational records.

Unfortunately, FERPA is mostly misunderstood by companies, institutions and end users alike.

Part of the reason for this is FERPA wasn’t written with the internet in mind, and applying its principles, in a modern, tech-enabled context, can be challenging.

To be FERPA compliant, we had to first understand how the data flowing through our system mapped to the guidelines established in FERPA, and treat that data accordingly.

The basics of our approach to protecting user data are simple:

1. We clearly classify all user data in our system.
2. We create clear ownership rules for all data in our system.
3. We never sell user data, or any kind of data, to third parties, for any reason.

A fourth and important point is that we’ll try our best to educate users about our privacy policies, beginning with our publishing of this essay.

Additionally, we’ve just published our internal Data Classification Policy which outlines our approach to protecting user data in more detail — we hope you’ll give it a read.

It’s written using simple language and incorporates lots of actual examples of Campuswire data, and how that data is classified according to the policy.

In the coming days, we’ll update our Terms and Conditions to more explicitly reference our Data Classification Policy and, over time, we’ll build out tools to give users more control over their data.

How our approach to Privacy affects our business model

Obviously our stance on user privacy has implications for our business model.

Lots of ink has been spilled on how data is “the new oil” (read: the world’s most valuable resource) so it goes without saying that, from a revenue perspective, monetizing user data would be one of the options we considered.

After all, we wouldn’t be the first ed-tech company to make money by doing so and, given many users’ expectation that internet services are always free, there’s a certain allure to a monetization model that doesn’t include ever charging users.

But, as the old adage goes: if you’re not paying for the product, you _are_ the product, not the customer.

So, we decided to implement a product-driven business model, like Dropbox or Trello, where users can use a basic version of Campuswire for free, but will have to upgrade to our premium plan to access our more advanced features.

We’re building Campuswire because we think the world needs a software company dedicated to optimizing the world’s teaching and learning, not wholesale data harvesting.

The arc of a business’ focus always bends towards its customers — for us, this means it’s important that our users and our customers are one and the same, so that our interests are well-aligned.

A product-driven business model means we get to come into the office every day and think “what can we build that’ll add so much utility to Campuswire that more of our users will upgrade to pro?”.

Our approach to monetization definitely deserves its own essay but, in short, we believe that product-driven business models, as opposed to data-driven or advertising-driven business models, are the best monetization paths for ed-tech companies that want to take user privacy seriously.

It’s good to see that folks are beginning to be thoughtful about user privacy, particularly in ed-tech, and we hope this trend continues.

If you’re interested in discussing privacy in ed-tech, feel free to reach out to me at tade@campuswire.com.