We are dedicated to safeguarding the information within our systems by adhering to industry best practices and guidelines, including those set by the National Institute of Standards and Technology (NIST) and the Center for Internet Security. Our security measures encompass robust encryption protocols, continuous monitoring, and regular assessments (the latest of which was conducted by an independent agency in 2024) to ensure the integrity, confidentiality, and availability of our data. We are committed to maintaining the highest level of security to protect against emerging threats and ensure the safety of the institutions' and their students' information.

The MAP platform is hosted in a secure FERPA-compliant, Microsoft Azure cloud environment, and the following best practices for data governance are in place:

• Security protocols are utilized, and MAP SSL certificate and data encryption routines protect all student personal identifiable information (PII).
• The Server Firewall has been configured to secure both the QA Training and Production platforms; database and network security access have been configured.
• MAP Administrator and Ambassador accounts have been configured to give or restrict access to the platform.
• A security governance framework is in place to ensure that procedural, personnel, physical, and technical controls remain effective through the platform's lifetime and in response to changes in threat and technology developments.
• The MAP platform uses the Microsoft Azure Antimalware, which runs in real-time and provides protection that helps prevent, identify, and remove viruses, spyware, and other malicious software.
• MAP has embedded a security validation routine that alerts users when they are accessing copies of student documentation containing personal identifying information.

Mapping Articulated Pathways (MAP)

Last Updated: 02/28/2025

INTRODUCTION

This Privacy Notice explains how ITPI ("We","Us") collects, uses, shares, and protects personal data when you use our Azure-hosted application Mapping Articulated Pathways ("The Application"). We are committed to protecting your privacy and handling your data in an open and transparent manner.

INFORMATION WE COLLECT

Information You Provide to Us

• Account information (name, email address, contact details).
• Profile and role information you choose to add to your account.
• Content and data you upload, provide, or create while using the Application.
• Communication data when you contact our support team.

Information We Collect Automatically

• Usage data (features accessed, buttons clicked, actions taken).
• Log data (IP address, browser type, device information).
• Performance data (crash reports, load times).
• Session variables and similar tracking technologies.

HOW WE USE YOUR INFORMATION

We use your personal data for the following purposes:

• Providing and maintaining the Application and its functionalities.
• Improving and optimizing the Application's performance and user experience.
• Detecting and preventing security incidents and protecting against malicious activities.
• Communicating with you about the Application, including updates and support.
• Complying with legal obligations and enforcing our terms.

DATA STORAGE AND RETENTION

Azure Data Centers:

Your data is stored in Microsoft Azure data centers located in "West US and East US".

Data Retention:

We retain your personal data for as long as necessary to fulfill the purposes described in this notice, unless a longer retention period is required by law. When data is no longer needed, it is securely deleted or anonymized.

DATA SHARING AND DISCLOSURE

We may share your information with:

• Microsoft as our cloud service provider (subject to appropriate safeguards).
• Third-party service providers who help us operate our Application (e.g., analytics, customer support).
• Law enforcement agencies or other public authorities when required by law.

We do not sell your personal data to third parties.

INTERNATIONAL DATA TRANSFERS

We do not transfer your personal data outside USA or the regions where our Azure data centers are located, we implement appropriate safeguards in accordance with applicable data protection laws, including:

• Standard Contractual Clauses approved by the state of California.
• Data Transfer Impact Assessments.
• Additional technical and organizational measures as necessary.

YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

• Access and obtain a copy of your data.
• Correct inaccurate data.
• Delete your personal data.
• Data portability (receive your data n a structured, commonly used format).
• Withdraw consent (where processing is based on consent).
• Exercise such other rights and choices as may be afforded to you under applicable US state privacy laws and regulations.

To exercise these rights, please contact us using the details provided in the Contact Us Section.

DATA SECURITY

The security, integrity, and confidentiality of your data are extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods, including:

• Encryption of data in transit and at rest.
• Access controls and authentication mechanisms.
• Regular security assessments and audits.
• Microsoft Azure's comprehensive security controls.
• Withdraw consent (where processing is based on consent).
• Staff training on data protection and security.

CHILDREN'S PRIVACY

The Application is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes through the Application or via email.

AZURE-SPECIFIC PRIVACY INFORMATION

Microsoft as a Data Processor.

Microsoft acts as a data processor for any personal data processed through our Azure-hosted Application. For information about Microsoft's data processing activities and compliance commitments, please visit Microsoft's Trust Center(https://www.microsoft.com/en-us/trust-center).

Azure Monitoring and Diagnostics.

The Application uses Azure monitoring and diagnostic services to maintain performance and security. These services collect technical data about the Application's operation that may include limited personal data such as IP addresses>.

CONTACT US

If you have questions or concerns about this Privacy Notice or our privacy practices, please contact:

Data Protection Contact:

Alex Campos

ITPI - Chief Technology Officer.

Email: alex.campos@theinfotechpartners.com

Address: PO Box 292

Highland, CA 92346

MAP Project Manager:

Calvin Gloria

Veterans Resource Center

Email: Calvin.Gloria@norcocollege.edu

Address: 2001 Third Street

Norco, CA 92860

Welcome to the Mapping Articulated Pathways (MAP) Platform, a system developed and administered to support Credit for Prior Learning (CPL) across the California Community Colleges. By accessing or using the MAP Platform, you agree to be bound by the following Terms of Service. If you do not agree with any part of these terms, you may not access or use the platform.

1. Purpose

The MAP Platform facilitates the evaluation and documentation of prior learning for the purpose of awarding college credit. It enables faculty, staff, and authorized administrators to manage CPL articulations, student submissions, and approval workflows in a secure, compliant environment.

2. Authorized Use

Use of the MAP Platform is restricted to:

• Authorized personnel from participating California Community Colleges
• Individuals with legitimate educational interests as defined by FERPA
• Platform administrators and contracted service providers supporting MAP operations

Users agree to access only data and features relevant to their institutional roles and responsibilities.

3. Data Collection and Use

MAP collects or receives from users the following categories of information, including but not limited to:

• Student Data: Name, date of birth, email, phone number, student ID, academic history, CPL requests, Credit by Exam/Portfolio Review scores, supporting documentation (e.g., military transcripts, certificates), etc.
• System Data: Log activity, approval records, audit trails

All data is used solely for CPL-related purposes by you and your institution's authorized users. In the case of Student Data, it is provided either by you, your institutional users, or by the students themselves. Data may not be used for any commercial, unrelated academic, or non-authorized research activities. Data will never be shared or changed by the MAP team or contracted service providers supporting MAP operations without express consent from your institution's authorized user(s).

MAP document parsing routines make every effort to redact personally identifiable information (PII) from uploaded documents but cannot guarantee complete redaction. Institutions and their users are solely responsible for managing user access and ensuring appropriate handling of PII in accordance with FERPA and applicable privacy regulations. By uploading documents to MAP, institutions acknowledge their responsibility for securing and managing any sensitive information contained within those documents.

MAP implements administrative, technical, and physical safeguards designed to protect data from unauthorized access, disclosure, or misuse. Data retention and deletion policies are governed by institutional agreements and applicable law.

4. Privacy and FERPA Compliance

The MAP Platform complies with the Family Educational Rights and Privacy Act (FERPA) and applicable California law. Key privacy provisions include:

• Role-based access limited to authorized users
• Encryption of all personally identifiable information (PII) in transit and at rest
• Student rights to review, correct, or withdraw their data via their home institution
• Consent verification for student-submitted materials
• No redisclosure of student data without explicit authorization

5. Access Controls and Confidentiality

Data access is restricted to:

• Authorized MAP team members and designated service providers
• Authorized personnel at participating colleges, with access limited to their own students' data

All users agree to maintain strict confidentiality and follow institutional and system-level policies for safeguarding student records. Accessing or disclosing any data without proper authorization is strictly prohibited.

6. Security Practices

MAP's technical infrastructure and policies align with leading industry frameworks, including the Center for Internet Security (CIS) Controls v8.1 and Microsoft Azure Cloud Security Framework.

Security features include:

• Real-time threat monitoring
• Secure coding practices
• Regular vulnerability scans and penetration testing
• Multi-factor authentication (2FA)
• Enforced separation between MAP data and unrelated systems

7. Data Retention and Disposal

Student data is retained only for as long as necessary to support CPL processing, compliance, and reporting. Secure data disposal practices are followed when data is no longer needed, in accordance with regulatory and institutional retention schedules. Your institution's data is solely yours and can be updated or removed by you and your institution's authorized users at any time.

8. Incident Response and Breach Notification

In the event of a suspected data breach, MAP administrators will:

• Notify affected parties within 24 hours
• Cooperate fully with institutional and system-level incident response teams
• Take immediate action to mitigate risk and prevent recurrence

9. Audit and Oversight

The MAP Platform maintains detailed audit logs of access and activity to ensure accountability. Participating institutions and system administrators may review these logs for compliance purposes. Platform usage is subject to periodic reviews and quality assurance evaluations.

10. Termination of Use

Accounts may be suspended or terminated if a user is found in violation of these Terms, misuses student data, or attempts unauthorized access.

11. Limitation of Liability

The MAP Platform is provided "as is." Neither the platform administrators nor affiliated service providers will be held liable for indirect, incidental, or consequential damages arising from use or inability to use the platform, except where required by law.

12. Modifications

These Terms may be updated periodically to reflect changes in law, policy, or platform capabilities. Continued use of the platform after an update constitutes acceptance of the revised terms.

13. Contact

For questions or concerns about these Terms or your access to the MAP Platform, contact: map@rccd.edu, www.map.rccd.edu