Clever Engineering Blog — Always a Student

Open Sourcing our Policies

By Mohit Gupta on

Student Data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal.

About five months ago, we were made aware of aspects of our privacy policy that did not clearly and explicitly match our intentions. Our policy included a standard legal clause that allowed for changes to the policy without notification or consent from our schools. We didn’t intend to leave schools exposed in this way, but we knew that a responsible rewrite of our policy would take months of work with lawyers. How could we respond with something more satisfying than “we’ll get to it?”

Technology to the rescue. Tracking changes over time is something we do frequently at Clever – we use diffs1 to review code, specifications and write-ups on Github. Most of the tools and libraries we create are open source, meaning anyone can contribute an improvement, problem, or idea. In fact, Clever is open source by default, meaning we only make a tool or library’s source code private if we can justify that it needs to be private.

We decided to bring the same philosophy to our Privacy Policy and Terms of Service for a few reasons:

  1. Schools and privacy advocates are concerned that companies may silently eliminate privacy protections over time. We will never do this at Clever, and by making our policies open source, our changes will be transparent.
  2. We loved the public feedback on our policies, but found it hard to have a productive conversation through Twitter. With open source policies, the tools make it easy to receive and respond to feedback.
  3. By putting our policies online, we allow others to use our policies as a starting point for their own work (a fork2, in open source terms).

So we put our policies in a repository on Github, and put our improvements there first. The feedback and response we have gotten around these changes is thrilling, and we’re just getting started. You can look at recent changes in our Privacy Policy in the Pull Request submitted for the most recent changes.

If you work at an EdTech company with a privacy policy, we’d love for you to join us in “Open Sourcing” your policies. To do that:

  1. Create your own repository named policies or fork ours.
  2. Add your current policies to the repository:
    • Include Terms of Service, Terms of Use, Privacy Policy and other policy documents that relate to schools, students, and teachers using your service.
    • Protip: The HTML to Markdown converter makes it easy to generate plain text versions of your existing policies.
  3. Use Git branches and Pull Requests to manage changes in your policies.
  4. Let everyone know by tweeting your repository with the hashtag #opensourceprivacy

Please feel free to reach out to us @Clever if you have any questions or if we can help you open source your policies.

Thanks Bill for pushing us to be better, and EFF’s TOSBack.org for the ideas.

Mohit


1. diff: short for difference. compare (files) in order to determine how or whether they differ.

2. fork: A fork is a copy of a repository. Forking a repository allows you to freely experiment with changes without affecting the original project.