Last Updated and Effective: December _4_, 2020
1. Who Is Collecting Your Personal Data?
Social Cipher LLC ("us," "we," or "our") aims to follow the best practices in software development for children. We use data to provide services and to improve our products constantly as we learn from our users and how they learn and engage with our products.
2. What Personal Data Do We Collect?
When you provide it to us, we collect information that identifies you (“Personal Data”), such as your:
● Name (of educators/counselors, as well as of parents and their children if the parents submit them)
● Email address (of educators/counselors, as well as of parents if the parents submit it)
● Payment information
● Content of your email messages to us
When you visit the Site, we collect data from the device or browser through which you access the Site (“Log Data”), such as:
● Your internet protocol (“IP”) address
● Browser type
● Browser version
● Statistics on your activities on the Site (such as the date and time of visits, the pages viewed, time spent at the Site)
● Information about how you came to the Site
Much of this Log Data does not identify you personally. However, we may associate this Log Data with your Personal Data. When we do, we will treat any such combined data as Personal Data until such time as it can no longer be associated with you or used to identify you.
Personal Information You Provide
During the registration process, the person creating accounts provides information.
School Accounts. When teachers, counselors, and other individuals in a school register, they provide information that may include a name, school name, district name, school email address, position, and password.
When a teacher or counselor uses our game, they are able to add students in order to keep track of their developmental progress. For these accounts, we ask individuals to enter the students’ first name and first initial of last name, or a student ID number.
Parent and Counselor Accounts (non-School Accounts). We also support accounts being created for children by their parents and/or other counselors. Parents or counselors provide information including their name, email, username, and password.
Information During Purchasing. There are no in-app purchases available or accessible to children. If someone decides to purchase our product, which is done via the website dashboard, users may also provide credit card information and their billing zip code.
Information Collected Automatically
During the registration process, the person creating accounts provides information. We also automatically receive information based on our website and game services.
IP Address. We collect your IP address when you login to our services, in order to provide more specific location-based services that we offer now or in the future. For example, connecting you to the closest game server.
Usage Data. We also collect information about what you’re doing with our product, in order to improve the experience and provide accurate assessment data. This includes when you log into the game or website, when you log out of the game, and data on what you accomplish and do within the game via analytics tracking.
Contract & Payment. We use Braintree (a PayPayl service) to collect payment information, when necessary, which includes customer name, credit card information, billing zip code, and contact information. None of this includes any child’s personal identifying information.
Children’s Privacy and Parental Consent
We are set up for use by schools, counselors, and parents, following applicable laws.
The school or district assumes responsibility to verifying parental consent to use our products. There are multiple ways teachers or schools can obtain parental consent:
1. Obtain consent as part of a school-wise technology consent process you already have in place;
2. Obtain individual consent from parents to use our products;
3. Teachers in the United States may agree to act as the parent’s agent and provide consent on their behalf for students to use our products solely in the educational context as provided by the Federal Trade Commission.
Family Educational Rights and Privacy Act (FERPA)
Teachers, schools, or districts using our products maintain ownership of their Student Records (as defined in the Family Educational Rights and Privacy Act (FERPA)).
Each educator has access to a dashboard that allows them to create, update, review, modify, and delete accounts.
Educators are encouraged to safeguard access to accounts, and notify us if there is any unauthorized use of a password or account registered to them. Students using our products using an educator account will only be able to create or access their accounts with a class code provided by the teachers.
We encourage educators to notify parents if they use our products. If you are the parent or guardian of a student using our products with their teacher, you can request login information from your child or their teacher. You are encouraged to use this information to view your child’s progress at any time. Parents have the right to request that we delete personal information or make changes to records at any time.
Parents & the Children's Online Privacy Protection Act (COPPA)
We limit the use of a child’s information to educational uses authorized by the school.
In addition, School account administrators can review children’s personal information and request to have it deleted. We may still retain information for up to 30 days to provide customer support and prevent accidental deletion. Please keep in mind that after deletion, recovery of account progress will be impossible.
School account administrators can also request that there is no further use of the child’s information.
Counselor/Mental Health Professional, Parent and Child Registration without Schools.
We also allow parents and counselors/mental health professionals to use our product outside of schools. We provide a way for parents to sign up and add their children, providing their consent in the process.
In order for a child to use the Services, a counselor or other mental health professional, a teacher or a parent must create an account. This account safeguards the work you create, allows you access your work across multiple devices, and allows multiple related people to use the Services on the same device. When you (parents and teachers) create an account, register with us, send us an email, or provide other information with us in any other way, we will collect and store the information you share. You do not have to share this information with us, but without it, you may not be able to access certain features or participate in certain aspects of the Services.
The Services may enable you to input first names or nicknames for student and children players, which allow you to set up multiple profiles on a single device. The Apps will track each child’s play data separately to provide personalized activities and levels for each profile. With such an account, we provide to you additional services, such as multiple profiles, your child’s progress reports and additional resources. The Profile Names, zip code level location, along with birth month and year, will be collected in order to personalize your reports.
The Services will collect student play data thru persistent identifiers that are then linked to individual student nicknames or first names (not full names). This allows us to provide progress reports. Information collected from our Services is used for internal purposes to provide and improve the Services and for use and benefit of the students, schools, and parents only. We rely on teachers and schools to obtain parental consents if and when they are necessary.
When it becomes necessary to collect personal information from children under 13, we will only do so after obtaining verifiable parental consent, as defined under COPPA, or as otherwise permitted under COPPA. We confirm that the parent is the one giving consent with credit card confirmation.
This information is only retained where the minor’s parent or legal guardian has provided and/or approved that information during the registration process.
Such information is not shared with third parties and is only used internally. A child’s usage information, such as analytics collected through gameplay, is only shared in an aggregated anonymous manner and never in a way that could personally identify the minor.
If you would like to delete your account (or that of your students or children) and all related account information, please send an email to firstname.lastname@example.org. We may still retain information for up to 30 days to provide customer support and prevent accidental deletion. Please keep in mind that after deletion, recovery of account progress will be impossible.
3. How Do We Use Your Personal Data?
We use your Personal Data for the purposes for which you provided it, including to provide customer service to you. We may also use your Personal Data or Log Data to administer our internal business activities, including to:
● Improve our products and supporting materials (e.g., the Companion app)
● Market to adults only (e.g., sending a marketing email to someone who has abandoned their shopping cart)
● Track player progress and offer progress and reporting for counselors, teachers and parents
● Design and arrange the Site content and functionality in the most user-friendly manner;
● Better understand customer trends and requirements and visitors to the Site;
● Create non-personally identifiable data to be used for marketing;
● Detect unauthorized activity on this website;
● Manage your account; and
● Provide a service that is reliable, responsive, and efficient.
In addition, we may use third-party services and advertising networks, such as Google Display Network or Google Analytics, that collect, monitor, and analyze Log Data to deliver online behavioral advertising that serves ads to you on our behalf on other sites throughout the Internet. We may also contract with third-party vendors to send direct mail or catalogs to customers whom we think may be interested in our products or services.
4. How Do We Share Your Personal Data?
No Sale of Personal Data
We will not sell your Personal Data to third parties, including third party advertisers. There are, however, certain circumstances in which we may disclose, transfer, or share your Personal Data with certain third parties.
Sharing Personal Data With Affiliates, Successors, and Agents
○ marketing agencies;
○ database service providers;
○ backup and disaster recovery service providers;
○ email service providers; and
○ payment processors.
Sharing Data Through Social Media
We work with social media sites like Facebook, YouTube, Instagram, and Google, and with application developers who specialize in social commerce so you can connect to us, share your interests, express opinions about products and services, purchase our products, and generate interest in our products and services among members of your social networks.
Using these integrated tools enables you to share your Personal Data with other individuals or the public, depending on the settings that you have established with social networking websites. If you use third party social media features available on our Site, we or the third party may collect or share your data, including your Personal Data.
If you do not want us to be able to access information about you, including Personal Data, from Third Party Sites, you must limit data collection and disclosure in the privacy settings on the Third Party Sites. We reserve the right to remove the Personal Data or other data of any person for any reason we, in our sole discretion, deem appropriate.
Legally Compelled Disclosure of Personal Data
We may disclose your Personal Data if required to do so by law or in our good faith belief that such action is necessary to:
● comply with a legal obligation;
● protect or defend our rights, interests, or property, or that of third parties;
● prevent or investigate possible wrongdoing in connection with the Site;
● act in urgent circumstances to protect the personal safety of users of the Site or the public; or
● protect against legal liability.
Additional Protections and Information for School Accounts
We collect a bare minimum of personally identifiable information (Personal Information as defined below) from the parents and teachers as necessary for students to establish an account. For school accounts and school-based services, a school administrator or educator signs up for a school account, whereupon we collect the administrator’s or educator’s name, email address, school name and city. An educator sets up student nicknames or first names and accessibility options. Students are only identified by a nickname or first name and then associated with the teacher for their work through the Services (student first names and their work on the Services are collectively, “Student Data”).
This Site may be accessible to children, but the Site is targeted for parents and adults and is not intended for children under age 13. For the most part, when children use our Apps, we do not require any Personal Information from them, and we have taken steps so that information about a child/student requested from a parent/teacher is non-Personal Information such as a nickname or child’s first name and last initial only.
Collection of Personal Information that is directed to children under 13 (“Children’s Platforms”) is governed by the principles of the Children's Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect the online privacy of children under the age of 13. We will obtain parental consent before collecting any Personal Information on our Services, unless the request for information falls within an exception that would be permitted under COPPA. We do not condition a child’s participation in our Services on the disclosure of more Personal Information than is reasonably necessary to participate in an activity.
Parents may contact us at email@example.com to review, update or delete any of their children’s personal information that we may have collected and to elect for us not to collect any additional personal information from their children.
5. What Are Your Rights About The Processing Of Your Personal Data?
You have the right to withdraw your consent to the processing of your Personal Data at any time, subject to exceptions defined by law. If you change your privacy preferences in the future, that will not limit the lawfulness of any processing performed based on your prior consent. To withdraw consent, please email us at firstname.lastname@example.org and specify what you would like us to do. You may have additional rights, under the laws of your jurisdiction, with which we comply.
To stop email communications from us, you can also follow the unsubscribe instructions set forth at the bottom of our promotional e-mail messages. You may also access and correct some of your Personal Data by logging into your online account, if you have one. If you choose to limit our use of your Personal Data, you may not have access to certain functionality of the Site, such as services, product information, or opportunities.
FOR CALIFORNIA RESIDENTS
Under California law, California residents are entitled to ask us for a notice describing what categories of personal customer information we have shared with third parties or corporate affiliates for direct marketing purposes in the past 12 months. If you are a California resident and would like a copy of this notice, please email us at email@example.com. In your request, please specify that you want a “California Privacy Notice.” We are not responsible for notices that are not labeled or are sent improperly. Please allow up to thirty days for this notice to be provided.
FOR NEVADA RESIDENTS
We do not sell Personal Information, however, if you would like to exercise your right to opt out of any possible, future sales of your Personal Information, or request that we delete your Personal Information, please send this request to firstname.lastname@example.org.
FOR EUROPEAN UNION RESIDENTS
We respect your privacy rights and provide you with reasonable access and rights to the Personal Data (as this term is referred to for individuals located in the countries of the EU, UK or Switzerland pursuant to the European Directives 95/46/EC and 2002/58/EC (EU General Data Protection Regulations Legislation, also known as GDPR)) that you may have provided through your use of the Products. If you live in the European Economic Area (EEA), and wish to access, amend, delete, or transfer any Personal Data we hold about you, you may contact us as set forth in the “Who We Are. Contact Us” section below.
You may update, correct, or delete your Personal Data and preferences at any time by request to us at the email below. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Services.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at the email below. You also have a right to lodge a complaint with data protection authorities.
Where we transfer your Personal Data outside the European Economic Area (EEA), we rely on approved standard EU Model Clauses so these transfers are conducted in accordance with applicable laws and using adequate and appropriate safeguards.
To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please email us at email@example.com.
We collect your Personal Data to perform our services for our customers, and to provide customer service to you. We process Personal Data you submit to us to provide customer service to you, based on your consent, which you provide by checking the box prompt before submitting your data to us.
Unless subject to an exemption under the GDPR, you have the following rights:
● Consent: You have the right to withdraw your consent to the processing of your Personal Data at any time.
● Access: You have the right to access a copy of your Personal Data that we hold about you.
● Accuracy: You have the right to correction of any inaccurate or out of date Personal Data.
● Portability: You have the right to our transmission of your Personal Data directly to another data controller, where possible and applicable.
● Deletion: You have the right to delete your Personal Data when we no longer need it.
● Object: You have the right to object to the processing of your Personal Data, where applicable.
● Restriction: You have the right to restrict further processing of your Personal Data, where there is a dispute as to the accuracy or processing.
● Complaint: You have the right to lodge a complaint with the Information Commissioner’s Office.
To exercise any of these rights, please email us at firstname.lastname@example.org with the phrase “Privacy Opt-out” in the subject line and specify what you would like us to do (for example, Send me my data, Correct my data, Delete my data, Restrict use of my data, etc.). To stop email communications from us, you can also follow the unsubscribe instructions set forth at the bottom of our promotional e-mail messages. You may also access and correct some of your Personal Data by logging into your online account, if you have one. If you choose to limit our use of your Personal Data, you may not have access to certain functionality of the Site, such as promotions, product information, or opportunities.
You have the right to file a complaint with the Data Protection Authority in your jurisdiction if you have concerns about how we process your Personal Data. You may do so through the following links:
FOR RESIDENTS OF OTHER COUNTRIES
6. OPT OUTS; REMOVAL OF CONTENT.
We permit all users to request an Opt out from receiving marketing emails, texts, or other marketing communications from us on a going-forward basis please submit a written request to the address below. In your request, please specify that “Opt Out Request.” We will try to comply with your opt-out request as soon as reasonably practicable. Please note that if you opt out as described above, this will apply to marketing messages from us only. We will not be able to remove your Personal Information from the database of any third parties to whom you have previously authorized us to share such information. Please also note that we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
In addition, Adult Users may contact us at any time to request that we provide for their review, or delete from our records, any information they have provided about child/student users associated with their account. This includes the ability to request that we discontinue any further collection or use of their child/student’s information.
We will delete an account and all content associated with the account if the account has not been accessed for more than 7 years. An inactive account will not be automatically deleted, so that students can return to the game during their learning experience and retain their customized character and learning progress. Prior to deleting an abandoned account, we will notify the account owner associated with the account by email and provide an opportunity for them to log in and prevent deletion.
If you would like us to remove publicly visible content posted by you, please send an email with “Content Removal” in the subject line to email@example.com and include a description of the content and its location.
If we delete content, please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforcement of our agreements.
GENERAL & DATA SECURITY
The security of your personal information is important to us, and we employ physical, technical, and administrative security measures designed to safeguard the information collected by the Services. We use industry standard SSL (secure socket layer technology) encryption to transfer PII. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to buildings and files.
Account holders create a password in the registration process. You can help protect against unauthorized access to your Account and PII by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.
We are committed to maintaining the security and confidentiality of your and your children’s information, including, but not limited to, any student data, which we receive through School Accounts. Some of the precautions we take include (a) limiting access to student data; (b) requiring employees to sign confidentiality agreements upon hiring; (c) conducting employee privacy and data security training and education; and (d) protecting information with commercially reasonable technical, contractual, administrative, and physical security safeguards.
Please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit on or through the Services and you do so at your own risk. All Information, including your personally identifiable information, may be maintained on servers or databases located outside your state or country or to a jurisdiction where the privacy laws may not be as protective as those in your location.
If you are located outside of the United States, please be advised that we process and store information in the United States and your use of our Services constitutes your consent to and understanding of this processing.
CHANGES TO THIS POLICY: GENERAL
7. How We Secure Your Personal Data
We secure your Personal Data by: keeping Personal Data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting Personal Data from loss, misuse, unauthorized access and disclosure, alteration, and destruction; and ensuring that appropriate technical measures are in place to protect Personal Data. However, no network, server, database, or Internet or e-mail transmission is ever fully secure or error free. Therefore, you should take special care in deciding what Personal Data you send to us electronically.
8. How Long Will Keep Your Personal Data?
We will retain your Personal Data as long as necessary to carry out the function for which you provided it to us, including maintenance of your account. You may close your account, unsubscribe to emails, and otherwise limit our use of your Personal Data by contacting us. However, unless you also request deletion of your Personal Data, we may retain it for 5 years from the date we last received confirmation of your Personal Data. Even if we delete your Personal Data, it may persist on backup or archival media for 5 years.
What Are Cookies?
A cookie is a piece of information that is placed on your web browser or device when you access and/or use the Site. Cookies store text and can later be read back by the Site or third parties. Cookies can remember the information you access on one webpage to simplify your subsequent interactions with the Site or to use the information to streamline your transactions on related webpages.
● monitor and analyze how you use the Site;
● remember your preferences to make your online experience easier and more personalized;
● route Site traffic to effectively distribute the Site workload across servers; and
● test new features.
How You Can Manage Cookies?
You can manage cookies through your web browser's option settings. You may be able to be notified when you are receiving new cookies and disable or delete cookies. Please refer to your web browser's help section for information on whether you can and how to do this.
Many of the third party technologies that enable targeted banner advertising also allow you to opt out. Such third party service providers include Adroll, Rubicon, Google, Media Math, Perfect Audience, Quantcast, Retargeter, and Yahoo! among others.
You can control your preferences directly with each such third party service provider. You can learn more about cookies at the following third-party websites:
● All About Cookies: http://www.allaboutcookies.org/; and
● Network Advertising Initiative: http://www.networkadvertising.org/.
Note that if you disable, delete, or refuse to accept cookies, you may not be able to use some features of the Site and/or some of our pages might not display properly.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not currently respond to DNT signals. Therefore, please be advised that third party web analytics companies may collect information about your online activities over time and across our website and other online properties.
● Third Party Sites: Any data you disclosed on websites not operated or controlled by us (“Third Party Sites”), even though we may provide links to them on the Site or in our emails. We are not responsible for the policies and practices employed by, or the content of, Third Party Sites. We suggest contacting those sites directly for information about their privacy policies and practices.
● Non-Personally Identifiable Data: Any non-personally identifiable data we collect, including, without limitation, Log Data, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Site, the time of your usage, and aggregated personally identifiable information, but only to the extent the foregoing cannot be used to specifically identify you.
● Aggregated Personal Data: Any aggregated Personal Data that cannot be used to identify you will be treated as non-personally identifiable data.
We do not intentionally or knowingly collect any Personal Data from children under the age of eighteen (18), except as described herein, nor do we target our emails to them. Children under the age of eighteen (18) should not submit any Personal Data through the Site. We encourage parents and legal guardians to monitor their children's use of the Internet and instruct them to never provide Personal Data through the Site. If you believe a child under the age of eighteen (18) may have provided Personal Data to us through the Site, please contact us at firstname.lastname@example.org, and we will use reasonable efforts to delete it from the Site and our files.
12. How You Can Resolve A Privacy Dispute?
13. How You Can Contact Us?