- Privacy Pledge
- California Privacy Rights
- Usage Policy
- Acceptable Use Policy
- EU Data Protection and GDPR Compliance
- Copyright Protection
- Legal FAQs
Integrity is at the heart of all we do; it defines us.
- Chris Caren, CEO of Turnitin
Last Updated: 18th September 2020
Why we collect personal data
Protecting your data
We endeavor to keep your personal data safe and secure at all times. Depending on the Turnitin solution used, personal data is processed either:
1) both in Europe and in the United States, in the case of most products
2) entirely within the United States, in the case of most Gradescope users
3) entirely within Canada except for text recognition performed on handwritten formulas, which requires some data processing within the US, in the case of Gradescope users at certain Canadian Universities.
In all of the cases above, we have robust technical and organizational safeguards in place to protect such personal data. Passwords are required to access your personal data, so please remember to keep your password confidential. Even with the best security systems, it is impossible to guarantee 100% protection from hackers and unauthorized third parties who capture information provided over public networks.
When a paper is submitted to any of Turnitin’s products with the exception of Gradescope, it is compared against a vast, secure proprietary database of licensed source material, including millions of periodicals, academic journals, books, and web pages. Turnitin also maintains a separate repository of student papers. Each institution (at the discretion of his or her school administrator) can determine whether or not to include student papers in the repository and whether or not to give students the option to opt out. We can remove student papers from the standard repository at the request of a school administrator.
When a teacher, professor, or other representative acting on behalf of a school or other institution uploads data to Gradescope, this may include personally identifiable information about students. We may then collect an email address and password from these students, which is combined with student information received from the teacher and/or school. We use the personal information we collect to operate, maintain, and provide the features and functionality of Gradescope, to analyze our offerings and functionality, and to communicate with our users: teachers, schools, students and website visitors. We retain user data on the Gradescope service only as long as necessary to deliver our services. Data associated with a given account is retained until the account owner or an institution, on behalf of the account owner, submits a deletion request.
As a global company, one area of ongoing debate and development concerns the mechanisms put in place to monitor cross-border data transfers. For example, the Safe Harbor regime was dissolved as a global legal framework, and the new EU-US/EU-Swiss Privacy Shield has taken its place. Turnitin is fully committed to going through any reviews and certifications needed to meet new rules and requirements, no matter how complex. We have recently undergone an external audit to ensure that we uphold best practices for data privacy and protection and meet our customers’ evolving needs.
What’s most important
EU-US & Swiss-US Privacy Shield
Turnitin has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks. We are committed to processing all personal data received from EU member countries and Switzerland, respectively, in accordance with the applicable Privacy Shield Framework. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the Privacy Shield website. See: www.privacyshield.gov Under the Privacy Shield Frameworks, Turnitin is responsible for processing the personal data it receives, under each Privacy Shield Framework, as well as transfers to a third party acting on its behalf. Turnitin complies with the Privacy Shield principles for all onward transfers of personal data from the EEA, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Turnitin is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (for issues pertaining to Privacy Shield). In situations where public authorities make lawful requests for information, such as to meet national security or law enforcement requirements, Turnitin may be required to disclose personal data. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based, third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Model Contract Clauses
Where necessary, for data transfers outside the EEA, we utilise the Model Contractual Clauses of the EU Directive 95/46/EC, which meet the adequate mechanism requirements of all EU members, including Germany, Switzerland and Austria. In each case, we put in place appropriate technical and organisational measures to protect personal data.
2. Personal data
Because we provide education services, we are vocal advocates for safeguarding student data and privacy and want to make sure that parents, educators, and schools know this, which is why we took the Student Privacy Pledge, put forth by the Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA).
Data We Collect
When an institution’s administrator or instructor creates an account with us, we ask for their personal data such as name, email, phone, and job title, so that we can correctly administer their account and provide them with the best customer service.
The type of information we request is connected to a specific purpose, namely to:
Verify your identity and connection with a specific institution or company, to determine your eligibility to use our services or mobile application “Turnitin Feedback Studio”;
Download content from our website, such as demos, whitepapers, or webcasts;
Provide receipt and confirmation of successful data uploads;
Send important messages about our service, such as any changes to functionality;
Send system emails, including account setup and password retrieval information, as well as digital receipts when you submit papers to the Turnitin Database; and
Provide additional product and service support as needed.
When you use our services, the type of device you use and the version of your operating system is automatically collected. Turnitin collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. Turnitin works with its clients to help them provide notice to their customers concerning the purpose for which personal data is collected.
Putting You in Control
We always give you the choice to opt out of email communication, with the exception of system emails, such as digital receipts and password reset information. In the context of processing student papers, Turnitin has no direct relationship with the individuals whose personal data it processes. Turnitin acknowledges that you have the right to access your personal information. An individual who seeks access or would like to correct, amend, rectify or erase data, or should direct his/her query to the institution that is Turnitin’s customer (the ‘data controller’). If the customer requests that Turnitin erases the data, we will respond within 30 calendar days. If you are an individual user who has questions or would like to make changes to your personal data, please contact the institution through which you use our service. Upon lawful request, Turnitin will provide information about any personal data we process. At any time, customers may access, correct, change completely or anonymize the personal data that you have provided us by following these steps:
Log in to your account using your username and password;
Click the “User Info” link on the navigation bar to open your user profile and view or make changes to your personal data; OR
For Gradescope, click the ‘Edit Account’ link under your Account menu; and
If you have any trouble or would like for us to make changes for you, please email email@example.com or, for Gradescope-related requests, firstname.lastname@example.org. To honor a change request, we will need the exact information you want changed, as well as information sufficient for us to identify the type of communication you received from us. Our Customer Support can also provide you with information about whether we hold, or process on behalf of a third party, any of your personal data. We respond to requests within 30 calendar days.
We may disclose your personal data in order to comply with a subpoena, court order, or similar legal process or government request when we are required by law to do so. If Turnitin is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal data, and choices you may have regarding your personal data. We will only disclose your personal data to a third party with your prior consent.
3. Tracking technologies
Social Media Features & Widgets
Our Site includes social media features, such as the Facebook “Like” button, the “Share This” widget, or interactive mini-programs that run on our site. These features may collect your IP address, record which pages you visit on our site, and set a cookie to enable the feature to function properly. These features and widgets are sometimes hosted by a third party. Your interactions with these features are governed by the Privacy Pledge of the company providing the specific feature.
We do not serve ads on our site. We partner with a third party to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads on other sites, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you and to improve site functionality.
Our Site offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal data from our blog or community forum, email us at email@example.com. In some cases, we may not be able to remove your personal data, in which case we will let you know if we are unable to do so and why. You may also post a comment on our blog with the use of a third-party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login into the third-party application if you want the personal data that was posted to the comments section removed. To learn how the third-party application uses your information, please review their privacy policies.
We always give you the choice to opt out of email communication, with the exception of system emails, such as digital receipts and password reset information.
You have the opportunity to opt-out of receiving communications from us when we first request your personal data;
You can opt out of receiving further communications by visiting our email preferences page; and
You can modify your personal data anytime by logging in to your account, selecting “User Info,” (“Edit Account” on Gradescope) and making changes as desired.
You may also contact us at firstname.lastname@example.org and ask that we make changes on your behalf, but to honor your request, we will need the exact information you want changed, as well as information sufficient for us to identify the type of communication you received from us. Anytime you provide personal data to us, you determine whether or not we may disclose such information in a personally identifiable form to a third party or use it for purposes different from the purposes for which it was originally collected or subsequently authorized.
5. Transfer to third parties
Turnitin may transfer personal data to companies that help us provide our service. These companies are authorized to use your personal information only as necessary to provide these services to us. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our clients. Our website includes links to other websites whose privacy practices may differ from ours. If you submit personal data to any of those sites, your information is governed by their privacy statements.
We endeavor to keep your personal data safe and secure at all times. Our data is stored in the EU, USA and Canada with robust physical, digital, and procedural safeguards in place to protect your personal data, including the use of SSL encryption, redundant servers and data centers, and sophisticated perimeter security. We continuously audit for security vulnerabilities and make software patching a priority. Passwords are required to access your personal data, so please remember to keep your password confidential. Even with the tightest security systems, no one can guarantee protection from hackers and unauthorized third parties who capture information provided over public networks.
(certified November 2019)
Cyber Essentials accredits a company’s IT infrastructure ensuring that its firewalls, secure configurations, user access control, malware protection, and patch management are of a high enough standard to protect any data within the company. Turnitin obtained the Cyber Essentials certification at the request of several international customers. Turnitin successfully completed a third-party audit of the effectiveness of our basic security controls.
SOC 2 Compliance
SOC2 is an audit of a company’s readiness to protect their user’s privacy and the security of their data. The company must show protections for both the data itself and the physical security of the locations it is stored. Turnitin obtained the SOC2 certification to demonstrate our commitment to security, privacy, and availability. To obtain this certification, over 160 controls aligned to the SOC2 criteria were designed for Turnitin and audited for effectiveness. Turnitin successfully satisfied 100% of the controls audited. We are in the process of obtaining SOC2 certification for our Gradescope product.
7. Data Integrity
We take every possible step to make sure that the personal data in our systems is relevant for its intended use, accurate, complete, and current. Turnitin will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. You may stop using the services at any time. You do not need to specifically inform Turnitin when you stop using the Services. To request account deletion, please submit such a request directly to your academic institution, and an administrator will then make this request to us on your behalf. All requests from academic institutions must be made via email to email@example.com for non-Gradescope accounts or firstname.lastname@example.org for Gradescope accounts and are required to come from the email address registered to the administrator account.
The Turnitin database includes academic papers submitted by students and educators, as well as licensed source material sourced from the Internet. When a teacher wants to check a student paper for plagiarism, a coded engine compares it to other content in the database to check for matches. The software leaves all judgment about intellectual property up to the instructor. In the instance where a paper indicates a strong match to content submitted to another institution, instructors may find it necessary to request to view the matching paper. This request can either be accepted or denied by an institution. Any paper information must be passed from instructor to instructor via email, and therefore, outside of the Turnitin product.
You will at all times retain 100% ownership of your intellectual property rights. Turnitin does not ever assert or claim copyright ownership of any works submitted to or through our service. Your property is YOUR property. We do not, and will not, use your intellectual property for any purpose other than to deliver, support, and develop our services, which are designed to protect and strengthen your copyright.
8. Changes to this policy
EU DATA PROTECTION COMPLIANCE
We work with customers all over the world, and processing your personal data lawfully in order to earn your trust is our top priority. We understand that data protection is essential for good customer service. At Turnitin, our objective is to operate transparently, with accountability, and consistently with the EU and US regulatory environment so that our valued customers feel secure and in control.
Turnitin is fully committed to the following practices to protect your data:
We will never sell your data;
We will never use your data for targeted advertising/profiling;
We secure your data with strong encryption and security best practices in SOC2 certified data centers;
We respect local privacy laws and work with legal experts to stay abreast of changes;
When we collect data, we use it for a specific, stated purpose, to improve your experience and our service to you;
If we need to send any of your data to a third-party, such as a language translation service provider, we require a contractual agreement that they handle and secure your data with the same high level of protection and care that we deliver; and
We respect your right to retain ownership and control of your data, so that you can modify, update, or delete it as needed.
We currently meet the most stringent data protection laws across jurisdictions and are proactively reviewing every aspect of how we handle data and investing in operational measures to ensure that we continue to meet our customers’ requirements. Today, Turnitin uses Model Contractual Clauses to meet varying, specific needs across the European Union (EU) for data privacy and protection. These are standardized contracts to certify that any data that is transferred out of the EU is adequately protected. This prevents our customers from having to request any additional authorization to use our service. We are in good standing with all standards used to ensure that data is fully protected and are able to meet very specific requirements as needed. For example, in the EU (including in Germany, Austria, and Switzerland) we abide by Directive 95/46/EC to meet data protection requirements. The steps we take to maintain the integrity and confidentiality of personal data include:
We strongly recommend that institutions provide notice to students that the Turnitin service, depending on the Turnitin solution used, involves data transfer to the United States, and we recommend that consent is obtained from the student as soon as possible;
Universities are free to inspect or audit our services any time;
All student work and any associated personal data is encrypted and kept secure at all times; and
Students can keep their identity secret by using a pseudonym or their student number and by submitting their work in formats that contain little if any identifying metadata.
General Data Protection Regulation
The GDPR has legal effect in all EU Member States from 25 May 2018. The Data Protection Directive (Directive 95/46/EC) has been replaced by the GDPR. Although it is a regulation and immediately effective in all EU Member States, there are certain regulations within the GDPR that Member States will be able to legislate upon at a national level for specific reasons, therefore this policy may change accordingly from time to time.
The Legal Basis for Processing Personal Data
Turnitin primarily relies upon Article 6(1)(e) of the GDPR for its legal basis to process such data. Pursuant to this provision of GDPR, Turnitin relies upon the official authority of the Data Controller (the institution that is Turnitin’s customer) to process student data in such a way that anti-plagiarism checks may be made to satisfy the institution that the student’s work is their own.
Article 6(1)(f) of the GDPR also provides Turnitin with a lawful basis for processing. This is that it is in the legitimate interests of the Data Controller to process such data at their discretion.
Consent is not the primary basis for processing upon which Turnitin relies. However, the End-User Licence Agreement which Turnitin utilises with students will continue to be in place as a matter of best practice and transparency.
Key Aspects of the GDPR
The following are some notable aspects of the GDPR:
The GDPR applies to all personal data processed;
The GDPR makes it clear that when processing the personal data of EU nationals, data processors outside the EEA (including the US) must adhere to the GDPR and process only for lawful reasons;
The GDPR requires much more accountability when processing personal data. Privacy must be embedded into everything (services, software, systems, and processes) by design and by default;
Individuals’ rights have been strengthened; and
To export data outside the EEA, EU Model Contractual Clauses will be favored, which Turnitin uses. Adherence to the EU/US and Swiss/US Privacy Shield is an EU recognised adequate measure for the legal transfer of data outside the EEA. Turnitin is Privacy Shield certified. See: www.privacyshield.gov
For more information on GDPR, visit go.turnitin.com/gdpr
California Privacy Rights
Notice For California Residents
California residents have certain rights with respect to their personal information, as described below. Before we may fulfill your requests, we are required by law to verify your identity in order to prevent unauthorized access to your data.
Education Platform: In the case of rights requests in relation to our education platforms, this may require us to confirm your identity with your education institution.
Website: In the case of rights requests in relation to our website, this may require us to confirm your identity by asking you to verify certain information previously provided by you, or other method as practicable.
WE DO NOT AND WILL NOT SELL YOUR PERSONAL INFORMATION IN CONNECTION WITH OUR EDUCATION PLATFORMS.
Right to Know and Access Information:
You may access information we maintain about you using the methods provided below. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business. This may include what personal information we collect, use, or disclose about you. We may not fulfill some or all of your request to access as permitted by applicable law.
Deletion of Information:
You may request that we delete your personal information. Depending on the scope of your request, we may refrain from granting your request, as permitted by applicable law. For example, we may be legally required to retain your information in our business records. You may submit a deletion request using the methods provided below.
California residents may use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a California resident to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the resident and have sufficient access to their laptop, desktop, or mobile device to exercise these rights digitally. If you are an authorized agent trying to exercise rights on behalf of a Turnitin user, please contact us at the contact information below with supporting verification information, which includes a valid Power of Attorney in the State of California, proof that you have access to the consumer’s interface, and proof of your own identity.
To Exercise Your Rights
Turnitin education platforms are used at the discretion of the education institution customer. In addition, we are obligated under FERPA to remain under the direct control of the education institution customer with respect to our use and maintenance of student data that is part of the education record. As such, to exercise your rights in relation to your use of the Turnitin platforms, please contact your education institution. We will work with them to facilitate your request.
2101 Webster St Ste 1800 Oakland CA. 94612 USA
+1 866 816 5046 x241
Please note that your exercise of the above rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will try to comply with your request as soon as reasonably practicable. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if we reject your request and notify you of any reasons we are unable to honor your request.
Categories of Personal Information we collect
Depending on how you use our platforms, we may collect some or all of the following:
- Identifiers such as a real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name, and, if you are the purchaser, your billing address
- Personal information limited to your name under subdivision (e) of California Business and Professions Code Section 1798.80
- Internet or other electronic network activity information regarding your interaction with our platforms.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
- Online identifier
- Internet Protocol address
- Personal information limited to your name under subdivision (e) of California Business and Professions Code Section 1798.80
- Internet or other electronic network activity information related to your use of our website
- Inferences drawn from your use of our website to create a profile reflecting your interests in our products.
- If you choose to schedule a call with Turnitin, we will collect Identifiers such as a real name, work email, phone number.
- If you choose to send us an inquiry regarding our products, we will collect your professional or employment related information, such as your job title, institution name.
Categories of sources from which the Personal Information is collected
We collect the Personal Information directly from you or from your educational institution.
We collect the Personal Information directly from you.
Business or commercial purpose for collecting or selling Personal Information
We collect your Personal Information to provide the services and for the following business purposes:
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Sending you marketing communications if you have consented to receive such information.
- Undertaking internal research for technological development and demonstration.
We collect your Personal Information to operate the website, respond to your requests and for the following business purposes:
- Maintaining or servicing the website and providing customer service.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Sending you marketing communications
Categories of third parties with whom we share Personal Information
We do not share your Personal Information with “third parties” as the term is defined in CCPA. That is, we do not share your Personal Information with individuals or organizations to use for their own commercial purposes.
We may share your Personal Information – specifically your IP address, device ID or similar online identifier, with certain third parties, such as advertising networks. This information is used to personalize advertising you see after you’ve visited our website.
Specific pieces of Personal Information we have collected
- The Customer’s primary account representative: first and last name, email address and institution name and billing address.
- Teachers: first and last name, school name, email address, IP Address, device ID.
- Students: first and last name, school name, email address, student identification number (optional), IP Address, device ID
- Internet Protocol address, device ID
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with our website.
- If you choose to provide it: first and last name, work email, phone number
** By using our site(s) and related services, you agree to be bound by law to these terms and conditions. If you do not agree, please leave this site. **
These terms and conditions are in addition to any other agreement you may have with Turnitin, including any agreement governing your use or your organization’s use of Turnitin products or services (e.g. the Turnitin Registration Agreement).
If there is a conflict between these terms and conditions and any other separate agreement, the separate agreement shall govern, except that in relation to personal data issues the GDPR section of this document shall at all times apply.
At a high level, we’re asking you to agree to please use our site(s) and services for their intended purpose and do not violate any laws or allow anyone else to use our sites for illegal activity (i.e. fraud, spam, defamation, distributing viruses, or any other socially unacceptable conduct).
The Legal Agreement
By agreeing to these terms, Turnitin grants you a nonexclusive license to use the Site for your personal, non-commercial use. You agree to NOT use the Site for any purpose that is unlawful or prohibited by these terms and conditions.
You may not reverse engineer, deconstruct, disassemble or decompile any software or technology underlying the Site or provided through the Site, except to the extent permitted by applicable law.
The contents of the Site may not be distributed, modified, reproduced, or used, in whole or in part, without the prior written consent of Turnitin. You may download content from the Site to any single computer, provided you keep intact all copyright, trademark, and other proprietary notices. Any use of these materials on any other website or networked computer environment for any purpose is prohibited.
You may not frame or utilize framing techniques to surround or enclose any portion of the Site without Turnitin’s express written consent.
If you breach any of these terms and conditions, you will no longer be authorized to use the Site.
We suggest that you keep a copy of these terms and conditions for your future reference. Please note that we may revise these terms and conditions at any time, and it is your responsibility to periodically read through these Terms and Conditions and know that when you use the Site, you are bound by the most current Terms and Conditions.
For your convenience, we have made our policies and terms available on our homepage and at every point where we request your personal information.
The Site is owned and operated by Turnitin. All of the associated services, content, data, information, and other materials on or directly accessible from the Site are also owned by Turnitin or its subsidiaries, affiliates, licensors, and/or vendors. The Site is protected by United States and international copyright and trademark laws. Any copies that you make of material or other content provided through the Site must contain the same copyright and other proprietary notices that appear with the material or content. Any rights not expressly granted by these Terms and Conditions or any other agreement with Turnitin are reserved by Turnitin and/or its vendors and licensors.
If you are a student submitting work for review in connection with a class you are taking, know that you retain copyright ownership; the content of your submission is used solely for the purpose of performing educational services.
Turnitin may (but is not obligated to) monitor areas of the Site for user Communications, such as chat rooms, bulletin boards, and other user forums. Turnitin will have no liability, however, related to the content of any such Communications. Turnitin does retain the right to remove, at its discretion, Communications that include any material deemed abusive, defamatory, obscene, or otherwise inappropriate.
You may not frame or utilize framing techniques to use, surround or enclose any portion of the Site without Turnitin’s express written consent.
This Site is controlled and operated by Turnitin from its offices within California in the United States of America. It makes no claim that the materials are appropriate for use in other locations. Those who choose to access the Site from other locations do so on their own initiative and are responsible for compliance with local or national laws, if and to the extent local or national laws are applicable.
Any software from this Site is subject to United States export controls and, potentially, the import laws of your jurisdiction. No software from this Site may be downloaded or otherwise exported or re-exported to any person or entity on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Commerce Department’s Table of Denial Orders or otherwise prohibited by United States export control laws. By downloading or otherwise using Software from this Site in any manner whatsoever, you represent and warrant that you are not on any such list or located in, under the control of, or a national or resident of any such country.
Any use of downloaded software by the U.S. Government, including but not limited to any Educational Institutions under its jurisdiction or under the corresponding States’ jurisdiction, is subject to ‘restricted rights’ as that term is defined in FAR 52.227-19(c)(2) or DFAR 252.227.7013(c)(1) (if used in a defense related agency).
Turnitin, LLC and other names of Turnitin products and/or services including on the Site are the trademarks and service marks of Turnitin. Turnitin’s trademarks and service marks may not be used in connection with any product or service that is not Turnitin, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Turnitin.
All other trademarks, service marks, and logos used on the Site belong to their respective owners. Turnitin does not make any claims to the marks of others that might appear on the Site.
Your License to Us
Turnitin may, but is not obligated to, monitor or review any areas of the Site where user Communications may be made available, including, but not limited to, chat rooms, bulletin boards, and other user forums. Turnitin, however, will have no liability related to the content of any such Communications, whether or not arising under the laws of copyright, defamation, privacy, obscenity, or otherwise. Turnitin retains the right to remove, in its sole discretion, Communications that include any material deemed abusive, defamatory, obscene, or otherwise inappropriate.
Acceptable Use Policy
So that everyone can enjoy the Site, Turnitin reserves the right to suspend anyone’s access to the Site who violates this policy and the following provisions. Please do NOT:
restrict any other user’s enjoyment of the Site.
engage in unlawful, threatening, abusive, libellous, defamatory, pornographic, profane, or otherwise offensive actions.
carry out or encourage criminal conduct, give rise to civil liability, or otherwise violate any law.
violate or infringe upon the rights of any third party, including, without limitation, patent, copyright, trademark, privacy, or any other proprietary right.
distribute anything that contains a virus or other harmful component.
distribute anything that contains false or misleading indications of origin or statements of fact. Turnitin reserves the right to disclose information as necessary to satisfy any legal requirement, including regulations, government requests, court orders, or subpoenas. Turnitin also reserves the right to edit or remove any information, in whole or in part, that it deems objectionable, disruptive to the Site, or in violation of these terms. In other words: please be respectful of others. Thank you.
The Site contains hyperlinks to third-party websites. That does not mean that Turnitin endorses or recommends that site or that third party’s products or resources, nor does it indicate affiliation with or sponsorship of that third party. Turnitin is not responsible for any software, data, or other information available from any third-party site. When you visit a third-party site, even if it’s linked from Turnitin, you are responsible for complying with that third party’s terms and conditions of use. You acknowledge that Turnitin bears no liability for any damage or loss from your access to, use of, or reliance on any third-party site, software, data, or other information.
Accuracy and Integrity of Information
Although Turnitin makes every attempt to ensure the integrity and accuracy of the Site, it makes no guarantees as to the correctness of the Site. It is possible the Site may include typographical errors, inaccuracies, or other errors, and that unauthorized additions, deletions, and alterations could be made to the Site by third parties. If you find any error, please notify Turnitin so that it can be corrected. Information contained on the Site may be changed or updated without notice.
THE SITE AND ALL INFORMATION AND SERVICES AVAILABLE THROUGH THE SITE ARE PROVIDED “AS IS,” WITH ALL FAULTS, AND “AS AVAILABLE.” Turnitin DOES NOT WARRANT THAT THE SITE WILL MEET YOUR REQUIREMENTS, OR THAT ANY RESULTS OR COMPARISONS GENERATED BY THE SITE WILL BE COMPLETE OR ACCURATE. Turnitin DOES NOT WARRANT THAT ACCESS TO THE SITE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE SITE WILL BE CORRECTED. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, Turnitin DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, NON-INFRINGEMENT, CONFORMITY TO ANY REPRESENTATION OR DESCRIPTION, MERCHANTABILITY, QUALITY OF INFORMATION, QUIET ENJOYMENT, AND FITNESS FOR A PARTICULAR PURPOSE.
Limitation of Liability
This Site and its services are provided “as is.” Turnitin does not guarantee that the Site will meet all of your requirements or expectations. There may be errors or interrupted service. To the fullest extent permissible by law, Turnitin disclaims all representations and warranties, express or implied, including, but not limited to, non-infringement, conformity to any representation or description, merchantability, quality of information, quiet enjoyment, and fitness for a particular purpose.
IMPORTANT: Neither Turnitin, nor its licensors or suppliers, will be liable for any loss or damage under any circumstances resulting from use of this Site or associated services. That means that you agree to be responsible for any damage or loss linked to using this Site or Turnitin services. This limitation does not apply to the extent that it is prohibited by law. If you are dissatisfied with this Site or related services, please stop using the Site. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.
You agree to indemnify and defend Turnitin from any claim (including attorney fees and costs) arising from your (a) use of the Site, (b) violation of any third-party right, or (c) breach of any of these Terms and Conditions. You agree to cooperate as reasonably required in the defence of any claim. Turnitin reserves the right, at its own expense, to assume the exclusive defence and control of any matter otherwise subject to indemnification under this section and, in any event, you agree not to settle any such matter without Turnitin’s prior written consent.
In accordance with the Digital Millennium Copyright Act (17 U.S.C. 512), Turnitin, LLC is registered with the United States Copyright Office as a Service Provider. Any notifications of claimed copyright infringement must be sent to our Copyright Agent:
Chief Financial Officer
2101 Webster St
Oakland, California 94612
Phone: +1 510-764-7600
Turnitin respects and works hard to protect the intellectual property of others, and we ask our users to do the same. If you believe that your work has been copied in a way that constitutes copyright infringement, please provide Turnitin’s Copyright Agent the following information:
An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest;
A description of the copyrighted work that you claim has been infringed;
A description of where the material that you claim is infringing is located on the Site;
Your address, telephone number, and email address;
A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law;
A statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
Except as provided below, these terms and conditions constitute the entire agreement between Turnitin and you (pertaining to this Site and Turnitin services).
The parties agree that any and all disputes, claims, or controversies arising out of or relating to these terms and conditions that are not resolved by mutual agreement shall be submitted to final and binding arbitration, pursuant to the United States Arbitration Act, 9 U.S.C. Sec. 1 et seq. The arbitration shall take place in Alameda County, California, unless the parties otherwise agree in writing. Within fourteen (14) days thereafter, the arbitrator shall arrive at a final decision, which shall be reduced to writing, signed by the arbitrator, and mailed to each of the parties and their legal counsel. All decisions of the arbitrator shall be final, binding and conclusive on the parties and shall constitute the only method of resolving disputes or matters subject to arbitration pursuant to this the United States Arbitration Act, 9 U.S.C. Sec. 1 et seq. The arbitration shall take place in Alameda County, California, unless the parties otherwise agree in writing. Within fourteen (14) days thereafter, the arbitrator shall arrive at a final decision, which shall be reduced to writing, signed by the arbitrator, and mailed to each of the parties and their legal counsel. All decisions of the arbitrator shall be final, binding and conclusive on the parties and shall constitute the only method of resolving disputes or matters subject to arbitration pursuant to this Agreement; provided, however, nothing shall prohibit the parties from seeking injunctive relief and/or other equitable remedies in a court of competent jurisdiction. The arbitrator or a court of appropriate jurisdiction may issue a writ of execution to enforce the arbitrator’s judgment. Judgment may be entered upon such a decision in accordance with applicable law in any court having jurisdiction thereof.
General Data Protection Regulation (GDPR)
This section applies where the GDPR applies to Turnitin’s processing of the personal data of data subjects in the EU. References to ‘Articles’ or ‘Chapters’ in this section are to the corresponding Articles or Chapters in the GDPR and italicised terms correspond to the definitions in the GDPR. This section is binding on Turnitin. The controller hereby grants to Turnitin a general written authorisation to engage other processors in the provision of the services. Turnitin shall inform the controller of any intended changes to the processors allowing the controller the right to object to such changes.
The following information applies:
Subject matter of the processing: Processing of submissions (student or academic work or proposed published texts) and their associated personal data pursuant to the purpose described below.
Duration of the processing: Storage of the content of submissions is indefinite unless instructed otherwise by the controller.
Nature of the processing: Collection, storage, retrieval, use (including, but not limited to, refining the algorithms behind AI-based features such as text matching, handwriting recognition, and automated answer grouping).
Purpose of the processing: To: 1. allow academic institutions / publishers to detect potential plagiarism in the academic / publishing sectors; 2. streamline grading, letting teachers / instructors provide faster and better feedback to students while producing detailed assignment and question analytics
Type of personal data: First name, surname, school name, email address (academic), student ID number (if provided by controller), billing information, phone number, account name and password, and content.
Categories of data subjects: Students, account administrators, teachers / instructors, authors.
Obligations of the controller: The controller is obliged to comply with its general obligations under the GDPR, in particular to process the personal data it collects in accordance with Articles 5 and 6, and to comply with Articles 13, 14, 24, 30 and 32, and to comply with any actionable rights of the data subject.
Rights of the controller: The controller may exercise its rights against the processor under the GDPR, in particular under Articles 28 and 32.
Turnitin, as processor, confirms that it:
(a) processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
(b) ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
(c) takes all measures required pursuant to Article 32;
(d) respects the conditions referred to in paragraphs 2 and 4 of Article 28 for engaging another processor and shall, in the event that it engages another processor in the delivery of the service, ensure that the processor adheres to the same data protection obligations in accordance with paragraph 3 of Article 28;
(e) taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III;
(f) assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor;
(g) at the request of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data; and
(h) makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
If you have questions, please email email@example.com.
EU Data Protection and GDPR Compliance
We work with customers all over the world, and your trust is our top priority. We understand that data protection is essential for good customer service. At Turnitin, LLC, our objective is to operate transparently and consistently with the EU regulatory environment so that you, our valued customers, feel secure and in control.
Turnitin, LLC, which includes iThenticate and the Gradescope service, is fully committed to the following practices to protect your data:
We will never sell your data.
We will never use your data for targeted advertising.
We secure your data with strong encryption and security best practices.
We respect local privacy laws and work with legal experts to stay abreast of changes.
When we collect data, we use it for a specific, stated purpose, to improve your experience and our service to you.
If we need to send any of your data to a third party, such as a language translation service provider, we require a contractual agreement that they handle and secure your data with the same high level of protection and care that we deliver.
We respect your right to retain ownership and control of your data, so that you can modify, update, or delete it as needed.
We currently meet the most stringent data protection laws across jurisdictions and are proactively reviewing every aspect of how we handle data and investing in operational measures to ensure that we continue to meet our customers’ requirements as data protection rules are reformed.
Today, Turnitin uses Model Clauses to meet varying, specific needs across the European Union (EU) for data privacy and protection. These are standardized contracts to certify that any data that is transferred out of the EU is duly protected. This prevents our customers from having to request any additional authorization to use our service.
We are in good standing with all standards used to ensure that data is fully protected and are able to meet very specific requirements as needed. The steps we take to maintain the integrity and confidentiality of personal data include:
We strongly recommend that institutions provide notice to students that the Turnitin service involves data transfer to the United States (with the exception of Gradescope as used by certain Canadian universities), and we recommend that consent is obtained from the student as soon as possible.
Universities are free to inspect or audit our services any time.
All student work and any associated personal information is encrypted and kept secure at all times.
Students can keep their identity secret by using a pseudonym and by submitting papers in formats that contain little if any identifying metadata.
The 1995 laws that have been governing how personal data is protected in the EU were developed before smartphones and social media dominated our lives. For the past several years, negotiations have been underway to unify and simplify the laws and guidelines used to determine what obligations companies have to protect data crossing borders in the EU.
EU data protection timeline
1995: The Data Protection Directive creates the framework for personal data protection laws in each of the EU Member States.
2000: Safe Harbor decision to accommodate data transfers outside EU.
2012: The European Commission proposes a draft of the General Data Protection Regulation (GDPR).
2014: The European Parliament votes on amended GDPR draft.
2015: The European Council agrees on the final terms of GDPR. Safe Harbor is declared invalid.
2016: Final GDPR version published. EU-US Privacy Shield becomes the new mechanism for transatlantic data transfers.
2018: GDPR regulations take effect, repealing 95/46/EC.
2020: The California Consumer Privacy Act (CCPA) goes into force.
Key differences in data protection rules
Turnitin fully and proactively supports the transition to simplified, more uniform application of the law as it applies to data protection in and outside of Europe. Following are some notable changes:
The 1995 Directive had different interpretations for each member state, whereas the intent of the GDPR is to provide a regulatory tool that works at the EU level. So, the expectation is that there won’t be as many variations needed, and that data protection applies to all.
There used to be ambiguity about what companies could do with personal data vs. anonymous identifiers. Germany doesn’t typically recognize anonymous data. New regulations apply to ALL data collected, with the intent being to make it harder to profile people.
The GDPR makes it more clear that the U.S. must play by the EU’s rules and obtain valid, opt-in consent, using clear language, to use personal information.
The GDPR requires much more accountability when processing information. Privacy must be embedded into everything (services, software, systems, and processes) by design and by default. The expectation is that the ability to erase data will be mandatory as well.
Under the GDPR, public authorities and companies that depend on processing personal information will be required to hire a data protection officer (DPO), who will be responsible for making sure that legal data processes are upheld.
Individuals’ rights are being strengthened. For example, cookie policies now should be much more clearly communicated and obvious.
End users must be notified of data breaches within 72 hours. Under the 1995 Directive, there are no uniform rules applied across the EU.
To export data, model clauses will be favored, which Turnitin uses. Different model clauses can be used to meet specific privacy requirements.
The EU/US and Swiss/US Privacy Shield Frameworks prescribe measures for the legal transfer of data outside of the EEA.
Turnitin agrees that students should own the copyright to their original work. A common misconception is that students relinquish their ownership rights when they submit work to Turnitin. This simply isn’t true!
Students who submit work to Turnitin retain the copyright to the work they created. For Turnitin services other than Gradescope, a copy of submitted papers is retained in a Turnitin database archive to be compared with future submissions - a practice that helps protect and strengthen copyright ownership. Student work that is submitted to Gradescope isn’t currently retained in the Turnitin source database, but this will change in the future with additional product integration. A U.S. District Court judge ruled that archiving student papers to assess the originality of newly-submitted papers constitutes a fair use under the U.S. Copyright Act, provides “a substantial public benefit” and helps protect the papers from being exploited by others. Read the summary judgement.
The summary judgment was unanimously affirmed by a U.S. Court of Appeals. Read the published decision.
How does Turnitin protect my privacy?
Turnitin is committed to protecting the privacy and security of our users and their information. We maintain extremely high levels of privacy and security through the use of SSL encryption, redundant servers, sophisticated firewalls, multiple data centers, and privacy and security audits. With a security system that has never been breached and a student privacy pledge of the highest standards, instructors and students can use Turnitin with an unsurpassed level of confidence.
Who owns student work once it is submitted to Turnitin?
Students retain the copyright of work submitted to the Turnitin service, which includes the Gradescope service. The Turnitin user agreement entitles Turnitin to use the works as part of the plagiarism prevention system under the principles of fair use. Turnitin’s use of student papers under fair use was settled in a United States District Court of Law in 2007 and affirmed upon appeal in 2009.
Does Turnitin archive student work?
Turnitin archives student papers by default only for the purposes of textual comparison. Institutions may choose to not have their papers archived in the service.
The fair use defense codified in Section 107 of the Copyright Act has been recognized as an “equitable rule of reason.” In considering whether a use is a fair use, courts often analyze whether the use is beneficial to society as a whole (as part of a determination of whether a use is transformative) and whether the user has “clean hands.” The District Court and Fourth Circuit both held that the archiving of student works in the educational context is a fair use. In so holding, the courts did not find that Turnitin’s use of student works was in any respect unethical.
How does Turnitin comply with privacy regulations of different countries?
As a US company with high standards for security and privacy, Turnitin is designed to comply with many of the data protection requirements of other countries, including informed consent, access rights of submitting students, and technical and organizational measures to maintain the integrity and confidentiality of personal data.
Am I bound to the Turnitin click-through agreement? What if I’m a minor?
Yes. The United States District Court for the Eastern District of Virginia found that the online click-through agreement on the Turnitin site is an enforceable agreement, even against minors. Parental consent or the consent of a guardian is required for a minor to set up an account with Turnitin and the agreement is therefore binding.
Can a teacher compel me to submit my work to Turnitin if I attend private school? Public school?
Yes in both cases.
If you attend a private school you have agreed to abide by the school’s policies.
With respect to public school, as the United States District Court for the Eastern District of Virginia has recognized in rejecting four students’ claim that they were improperly compelled to submit their papers to Turnitin or face a failing grade, “Schools have a right to decide how to monitor and address plagiarism in their schools and may employ companies like Turnitin to help do so.”
Does Turnitin share information with third-party services?
Turnitin integrates with third-party services such as the Educational Testing Service and Language Weaver where student information may be shared in order to deliver a part of these services. No personally identifiable information such as name, email or school is sent by Turnitin to third-party services for purposes other than the provision of the Turnitin services.
Does Turnitin comply with FERPA (Family Educational Rights and Privacy Act)?
Yes. The Turnitin service is compliant with and helps institutions comply with FERPA, including: Turnitin expects and suggests that institutions comply with FERPA’s notice requirements regarding the use and disclosure of directory and non-directory education records so that students and parents are aware that the school may engage services like Turnitin.
Institutions are free to inspect or audit our services to assure themselves that all information is used only for the purposes of assisting instructors.
Data is kept secure at all times and are only used for purposes of assisting the instructor in assessing the assignment. Users may submit their paper using a pseudonym and in formats that contain little, if any, identifying metadata. This reduces our chance of collecting and processing personal data.
Does Turnitin comply with COPPA (Child Online Privacy Protection Act)?
Under the Children’s Online Privacy Protection Act (“COPPA”), consistent with the position of the Federal Trade Commission (FTC), we rely on our education institution customers to obtain the necessary parental consents prior to collecting only the minimally required personal information from students under age 13. As with all the students we serve, any such information is used only for providing the services to the educational institutions. We comply with all COPPA requirements, and partner with our education institution customers to ensure that parents are always able to exercise their rights under all applicable laws and regulations.
Who can I contact at Turnitin if I have privacy concerns?
We are always ready to answer any question or concerns you may have. Please write to us at firstname.lastname@example.org.