GoReact is designed from the ground up to meet critical privacy and security needs for your organization. This page outlines specific elements of those compliance requirements.
In addition to the information below, the following links offer useful resources relating to our use of Amazon’s world-class infrastructure.
For more about Amazon’s security and business continuity, see: http://aws.amazon.com/security
For more about Amazon’s standards compliance, see: http://aws.amazon.com/compliance/
GoReact videos are stored in Amazon’s secure cloud service, the largest and most respected cloud provider in the world. Amazon employs a wide breadth and depth of security measures for its cloud servers. GoReact utilizes Amazon’s primary security infrastructures, including two-factor authentication for all users.
Users are authenticated at https://goreact.com using email and password credentials, or via a learning management system (ie. Canvas, Blackboard, etc.).
All GoReact authentication and page requests are passed to and from the user’s browser via TLS/SSL, and all GoReact-stored data is encrypted both in transit and at rest in the database.
System data auditing capabilities include user references, creation, modification, and deletion dates which are kept for courses, feedback sessions, media and other relevant data entities.
User specific data we receive from LMS integrations
GoReact follows the standard LTI spec. For more information on the required and recommended fields in this spec, see the IMS Global Learning Tools Interoperability® Implementation Guide. When the GoReact tool is integrated, GoReact receives the following user specific information:
For a description or copy of SSAE16 audit credentials report, please see http://aws.amazon.com/compliance/soc-faqs/
GoReact.com is required to maintain current PCI compliance (Payment Card Industry Data Security Standard) in connection with processing of user credit cards. As part of this compliance, we undergo an extensive third-party security and penetration test every calendar quarter to ensure our site is secure.
View our PCI security certificate from SecurityMetrics.
The U.S. Family Educational Rights and Privacy Act (FERPA) is designed to protect student identity and academic information from unauthorized disclosure to third parties. GoReact complies with all relevant provisions as follows:
GoReact.com is compliant with U.S. Health Insurance Portability and Accountability Act (HIPAA) requirements for security and privacy of Protected Health Information (PHI), which for GoReact’s purposes could include conversations that healthcare providers may have about a patient’s care as part of a recording in the GoReact system.
If you require a Business Associates agreement in order to use GoReact in a clinical setting, please contact us at email@example.com.
GoReact.com is compliant with U.S. Children’s Online Privacy Protection Act (COPPA) requirements for handling capture and use of images of children under 13 in the GoReact system. Key elements include:
If you have additional questions regarding GoReact security or privacy, please contact us at goreact.com/support at any time.
Hosting: GoReact accounts may now be provisioned from an EU-based hosting center, ensuring customer data never leaves the EU region. If you are an EU area customer and require EU-based hosting, please contact your GoReact account executive before creating an account in GoReact. EU-hosted customers will access our service via GoReact.eu or via their LMS.
GoReact.com is designed to comply with applicable software accessibility requirements of Section 508 of the U.S. Rehabilitation Act. The system is designed to work with native accessibility tools within Windows and Mac operating systems as well as the enhanced functions included in modern web browsers. This includes screen readers like JAWS®. Additionally, GoReact uses the latest AI technology to accurately display real-time closed captions.
For details related to our Section 508 compliance, please see our Voluntary Product Assessment Template (VPAT).
GoReact.com is also designed to comply with the Web Content Accessibility Guidelines (WCAG) version 2.1, levels A and AA.
For more about WCAG 2.1 compliance, see: Web Content Accessibility Guidelines (WCAG) 2.1