Privacy Overview

We are committed to protecting the privacy of our users.

For VitalSource—and our educational and large business customers—data privacy and security has always been a priority. Our goal is to provide our customers with the tools to support our mutual commitment to user privacy.

This page offers our educational and corporate customers a quick reference and answers to frequently asked questions on how we handle privacy and comply with global privacy regulations. The information on this page is meant as a quick reference. For full details, please refer to our full privacy policy here.

As a global company with users in over 240 countries, we monitor and support dozens of privacy regulations. To learn more about how we support privacy regulations in your region, see the Global Regulations section below.


Frequently Asked Questions

Do you ever sell user data?

Do you transfer user data?
Yes, usually we transfer data to give users the service they request, with a few exceptions. For example, when a student accesses VitalSource content via a learning management system (LMS) or virtual learning environment (VLE), we share data with the LMS/VLE to match the student with his or her assigned content. We encourage review of our privacy policy to understand when we transfer data and what use cases apply.

What kind of data are you collecting?
You should read the privacy policy for the full details, but generally, we collect data such as name and email. In educational settings, we sometimes collect student ID and role (student or instructor, for example). We also collect usage and engagement data as you use our products.


Global Regulations

To comply with student data regulations in British Columbia and Nova Scotia, we can deploy our zero-data (PII) integration. If your institution uses our platform for Inclusive Access, we host your PII in Canada.

European Union
We are committed to protecting user privacy and are compliant with the General Data Protection Regulations (GDPR) that come into effect on 25th May 2018. Key principles from GDPR related to your rights, deletion, and transfer of your data outside the European Union have been incorporated into our global privacy policy.

United States
In the US, Verba and VitalSource power hundreds of Inclusive Access programs, wherein students gain access to their required course materials on or before the first day of class. The following is a summary of how we handle student privacy in Inclusive Access scenarios within the US.

Student Data
To power your Inclusive Access program, Verba Connect needs the following data for each student enrolled in each Inclusive Access course:

  • First name
  • Last name
  • Student ID
  • Email address

A student, or the student’s institution, may provide this data. If a student already has a VitalSource Bookshelf account, that student can use that account to participate in Inclusive Access.

How We Use Student Data
Verba Connect uses student data to provide the Inclusive Access program, including:

  • Providing access to course materials
  • Generating student charges and refunds for course materials
  • Sending program information to enrolled students
  • Honoring student preferences (such as opt-out and opt-in decisions)

Student Data and Third Parties
Verba shares limited student data with publishers and content distributors for the sole purpose of providing access to Inclusive Access course materials, or revoking such access if a student drops a course. A publisher or content distributor only receives data for students enrolled in courses in which its content is being used.

How We Handle Family Educational Rights and Privacy Act (FERPA)
FERPA is a law that allows an institution to disclose Personally Identifiable Information (PII) from a student’s education records to others under certain circumstances, including (but not limited to) disclosing:

  • Information to third parties that have legitimate educational interests such as providing services to the institution, where the third parties are subject to certain limitations
  • Information to school employees, agents, and other officials with legitimate educational interests
  • Limited information known as “directory information”
  • With consent

FERPA permits third parties with legitimate educational interests who receive such PII to re-disclose that information to additional third parties who also have a legitimate educational interest in the information.

For more information, you can find the FERPA regulations here and FAQs here.

Disclosing Student Data to Verba
Verba provides student access to course materials. Under FERPA, institutions may disclose student data to Verba, as Verba has a legitimate educational interest in receiving that information to facilitate this access and provide its services to institutions and their students. When Verba receives PII from an institution, Verba uses such data for purposes of providing its services to institutions and students, and only discloses such information as permitted under FERPA.

For More Information
If you’re interested in reviewing our full privacy policy, you can read it here. If you have additional questions, please contact us at