Community

For the year of 2022, Instructure has not received any government requests.  ... View more

Instructure is committed to being transparent about government requests received for customer data. We publish a Transparency Report twice a year disclosing the number of government requests for customer data Instructure receives globally.  Government requests are subject to applicable laws and regulations when requesting customer information from Instructure.  ... View more

Instructure provides several ways for users of our products to update or delete their personal data we process and store. For more information about how we handle a user’s personal data, please see our Product Privacy Notice which can be found here: https://www.instructure.com/policies/privacy. Updating Personal Data: Users may change some of their personal information by editing their product profile. Users may also request that we modify their  information by emailing us at privacy@instructure.com or submitting a support ticket in the product.  For any other updates, please contact your institution directly, or submit a helpdesk request directly through the product. Deletion of Personal Data: For Canvas LMS, Canvas Studio, Canvas Catalog, Canvas Credentials, Canvas Free for Teacher, Impact, Mastery Connect Free for Teacher, and Mastery Connect products:  Users can request to have their data deleted by the following methods: Emailing privacy@instructure.com   Submitting a support ticket through the product Requesting data deletion directly to the users’ institution  For requests sent directly to the Instructure privacy team (privacy@instructure.com), the process is outlined below. Our privacy team will ask the requestor to validate certain information to ensure we have the correct user identified and the correct institution identified. We request this information to identify the user  in our systems and to confirm the request: User name Email addressed used in our products Institution the user account was set up through Confirmation from the user that they are requesting full deletion of their personal information Once we receive a response from the user, we will forward the request to our customer support team. Our support team will send the deletion request to the institution identified for instructions on how to action the request. The institution will process the users request according to their deletion policy, or Provide us permission to delete the user’s personal data directly from our product For Portfolium and Canvas ePortfolios:  If a user wishes to delete their account, they can perform this action directly in Portfolium.  The user should navigate to the "Privacy" tab under "Account Settings" and click "Disable Account."  Once your account has been disabled, you can request deletion of your account by selecting "Permanently Delete" from the “disable” account screen.   After requesting deletion, the user has fifteen (15) days to change their mind before we cannot undo the deletion request. For more detailed information please see this Community article: https://community.canvaslms.com/t5/Portfolium-Network/How-do-I-permanently-delete-my-Portfolium-account/ta-p/1373 Deleting Mobile Application’s Cache and Data: The Canvas mobile applications, just like any other application (even web pages in the web browser), store data on the local device for various reasons. This data is mostly utilized for performance and speed benefits, but data may also be used for other things, such as distance learning considerations to prepare the applications for offline usage. Users can find the instructions here: https://community.canvaslms.com/t5/The-Product-Blog/Delete-the-mobile-application-s-cache-and-data/ba-p/519012. Why does Instructure have to contact my institution to delete my data? For most of our products, we store and process personal data on behalf of the institution that set up the user's account. The institution is the organization that controls the data, therefore deletion requests must be approved by the user’s institution. For information on your institution’s deletion policy, please contact them directly.  ... View more

Instructure, Inc. (and our subsidiaries) may on occasion receive a request from a law enforcement or other government agency seeking access to data belonging to a customer. This policy explains the process that we follow if we receive such a request. Our goal is always to protect your data, while complying with applicable laws. Transparency of our privacy practices is paramount at Instructure. Unless prohibited by law, Instructure always notifies a customer when we receive a legally binding and valid request for a customer’s data, including a government request. We notify an affected customer of that request or any direct access to customer data by a law enforcement or other government agency, unless we are explicitly prohibited from doing so by law We believe our customers should have as much control as possible over their data. Instructure is not the owner of our customers’ data, and we strongly believe that any government agency seeking access to our customer’s data should address its request directly with that customer. Accordingly, if we receive a government request for customer data, unless prohibited by law, we try to refer the request to the affected customer so that the customer can work with the government agency directly to respond. We do not disclose customer data to government agencies unless compelled to do so by law. We will challenge requests we deem unlawful. We review each government request for customer data on a case-by-case basis and only comply if the request is legally binding and valid. When reviewing the lawfulness of a government request, we take into account all applicable laws, including the laws of other jurisdictions. We require government agencies to follow the required legal process under applicable laws, such as issuing their request via a subpoena, court order, or search warrant. Where we believe a government request for our customer’s data is invalid or unlawful, we try to challenge it. If we are required to disclose customer data to government agencies, we ensure the transfer is necessary and proportionate and provide the minimum amount of information possible, based on a reasonable interpretation of the request. If prohibited by law from notifying the affected customer, we try to get that legal restriction waived. If we receive a government agency request for data, and we are prohibited by law from notifying our customer, we use best efforts to request that the confidentiality requirement be waived in order for us to notify the appropriate data protection authorities. We keep a record of the actions we have taken to waive any applicable confidentiality requirements. ... View more