As we wrap up this school year and look to the next, it is a good time to review what we do for the privacy of our users and the security of information that is sent.
BusWhere was designed and built from the ground up for the K-12 schools, so student privacy is built in and paramount. Unfortunately every year there are reports of breaches and security threats, and it is part of our responsibility to plan for the security of information that is entrusted to us.
We have four security models for inviting users to BusWhere:
- Private (Invitation): Users must be explicitly invited by an administrator. At any time an administrator may instantly remove any user’s access to a single bus or to all buses. At that point the user will not be able to see any routes or bus movement in the system.
- Private (Rule): An administrator sets up a rule for who is allowed access, eg via a student ID match or a whitelisted domain. In this case as well, an administrator may remove an individual’s access.
- Public (Code): An institution with public routes that still doesn’t want “just anyone” to view its routes can set up an access code to distribute to its riders. Only riders who enter that code will be able to view routes on the system. This limits the “casual downloader” from viewing routes but allows maximum flexibility for sharing access without requiring users to create accounts.
- Public (Open): Anyone can view routes. Useful for municipal and other public systems.
We are careful which student information we require and store. For each family participating in BusWhere, parents are asked for their information (first, last, email, phone number) in order to validate and verify who has access, but we do not ask for or store student information such as grade, age, name, etc. This means BusWhere does not have sensitive information about your child that could be hacked or stolen.
For schools with RFID- or software-based rider tracking enabled, parents can provide a first name, nickname, or even anonymized name (Smith Child #1) as they prefer. This allows maximum control by parents as to which information is even stored in BusWhere in the first place.
Only invited administrators can make change to the account, and these too can be removed instantly if needed. Administrators can also set up a user as an “Observer”, with read-only access to bus locations and all routes — but these observers cannot see parent / user information or see which parents have been invited to which routes.
Administrators can also control which information parents can view. In the “limited access” view, parents can view only their stop, the ETA at their stop, and the current position of the bus. This provides the information parents need to plan their day but does not provide unnecessary information about the route or location of the other stops. This mode is optional and may easily be turned on or off for a school.
Questions or concerns about privacy and security can be directed to firstname.lastname@example.org.