Effective: November 1st, 2021
In this document “Personal Data” shall apply to Personal Data of individual Service users who are not child registrants. References to “Children’s Personal Data” shall only apply to Personal Data of child users of the Services. General references to “data” or “information” shall apply to all users.
Company gathers Personal Data and Children’s Personal Data when you or your child access the Services and when you or your child use Company’s Services. This policy does not apply to the practices of companies that Company does not own or control, or to individuals that Company does not employ or manage.
How is children’s Personal Data treated?
The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under 13 years of age. Moreover, the EU General Data Protection Regulation (the “GDPR”) requires that data controllers obtain consent from the holders of parental responsibility over children who are under 16 years of age before such controllers knowingly collect and process Personal Data from such children.
We do not knowingly collect or solicit Personal Data from a child under the age of 13 (if such child is located in the United States) or a child under the age of 16 (if such child is located in the European Economic Area or United Kingdom) (in each case, a “Child under the Age of Consent”) without obtaining verifiable consent from that child’s parent or guardian (such consent, “Parental Consent” and such individual, “Parent ”), except for the limited amount of Personal Data we need to collect in order to obtain Parental Consent (“Required Information”). Until we have received Parental Consent, we will only use Required Information for the purpose of obtaining Parental Consent. Parental Consent is further described below in the “Data about Children” section.
If you are a Child under the Age of Consent, you may not register for the Services or otherwise disclose any Personal Data to us before we obtain Parental Consent, except that you may share Required Information solely for the purpose of the Company obtaining Parental Consent. You may only interact with the Services under an account created by your Parent who has provided Parental Consent.
If you believe that a Child under the Age of Consent has provided us with Personal Data (beyond the Required Information) without our obtaining Parental Consent, please contact us at Info@xplorro.com. We do not condition participation in our Services on disclosure of more Personal Data from a Child under the Age of Consent than is reasonably necessary for that child’s participation in the Services, and we do not retain Personal Data from Children under the Age of Consent any longer than is reasonably necessary in order to fulfill the purpose for which it was disclosed.
If you are a Parent of a user of our Services who is a Child under the Age of Consent, you may contact us at any time (email@example.com) to ask that (a) we stop collecting Personal Data from such user, (b) we delete any Personal Data already collected from such user (although note that we may further retain and use Anonymized Data as set forth the “Data that is Not Personal Data” section below), or (c) we stop disclosing Personal Data collected from such user to third parties, but continue to allow for collection and use of Personal Data collected from such user in connection with the Services.
If you are a child and your parent has signed up for the Service, you understand that your parent may be able to view all data within or associated with the account, including without limitation progress reports and usage data that tracks your performance on games, assessments, and other tests available through the Services.
What Personal Data Does Company Collect?
The Personal Data you provide is used for such purposes as providing you the services, answering questions, sending product updates, and communicating with you about Company’s products and services, including specials and new features. The Children’s Personal Data you provide shall only be used for creating your individual account (which will allow you to receive progress reports that include tracking your child’s performance and progress). You can choose not to provide us with certain data, but then you may not be able to take advantage of many of our special features.
We collect the following types of data from our customers:
Data about Children
We collect certain information about children such as screen name and gender directly from Parents when such Parents set up an account.
If you are a teacher or a school administrator, you may also provide a full name for each applicable child to be able to track progress and distinguish students. Therefore, you may choose to provide a different identifier instead of a child’s name for this purpose. You may also provide us with a username and a password for each of the student accounts.
It is reasonable to expect that either the parent or the student will provide basic information like the child’s name to facilitate the Interactive Learning Sessions.
Parental Consent: Xplorro obtains verifiable parental consent before collecting Personal Data from your child
Contact and Payment Information
We collect your email address, account password, zip code, phone number, credit card and/or other payment information and any other information necessary for us to provide our services. If you are a teacher or a school administrator, we also collect your school’s name from you in order to provide you school level features and prevent misuse of our services meant for teachers and schools.
We also offer parents and teachers the ability to sign up for the services using their existing Google account. If you choose to sign up for the Services using one of these accounts, we will receive your full name from the service provider managing that account.
Additionally, you may also provide us with additional Personal Data when you contact us for product or technical support like an alternate communication method which we will use to answer your queries and process your requests.
We may also send parents and teachers practice reminders through email. These notifications are intended for grown-ups only. You can opt-out from these notifications or modify the frequency of these notifications at any time through unsubscribe option in the mailer.
We receive and store certain types of information whenever you interact with our Services or use our Services. Company automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.
We also record data around children’s usage of the Services such as their activities, their performance on games and activities, in order to send you reports and recommend the most appropriate games and activities.
What Sources does the company collect information from?
Categories of Sources of Personal Data
We collect Personal Data about you from the following categories of sources:
- When you provide such information directly to us
- When you create an account or use our interactive tools and Services.
- When you voluntarily provide information in free-form text boxes through the Services or through responses to survey questionnaires.
- When you send us an email or otherwise contact us.
- From the government or other sources.
- Teacher or School Administrator
- As noted above, teachers or school administrators may provide a child’s name or other identifier for purposes of tracking progress and distinguishing students. Teachers or school administrators may also provide us with a username and a password for each of the student accounts.
- We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
- We may use vendors to obtain information to generate leads and create user profiles.
- Advertising Partners
- We receive information about you from some of our vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements, or communications.
- Social Networks
- If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.
How does the Company Use the Information it Collects?
Our Commercial or Business Purposes for Collecting Personal Data
- Providing, Customizing and Improving the Services
- Creating and managing your account or other user profiles.
- Processing orders or other transactions; billing.
- Providing you with the products, services, or information you request.
- Meeting or fulfilling the reason you provided the information to us.
- Providing support and assistance for the Services.
- Improving the Services, including testing, research, internal analytics, and product development.
- Personalizing the Services, website content and communications based on your preferences.
- Doing fraud protection, security and debugging.
- Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the “CCPA”).
- Marketing the Services
- Marketing and selling the Services.
- Advertising our products and services; measuring and improving the effectiveness of advertisements
- Corresponding with You
- Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Xplorro or the Services.
- Sending emails and other communications according to your preferences or that display content that we think will interest you including reports, new features, and promotional offers.
- Meeting Legal Requirements and Enforcing Legal Terms
- Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities.
- Protecting the rights, property, or safety of you, Xplorro or another party.
- Enforcing any agreements with you.
- Responding to claims that any posting or other content violates third-party rights.
- Resolving disputes.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Will Company Share any of the Information it Receives?
Your Personal Data and Children’s Personal Data is an integral part of our business. We neither rent nor sell your Personal Data or Children’s Personal Data to anyone. We share your Personal Data and Children’s only as described below. We never share that Children’s Personal Data with any third party other than service providers. A child’s usage data (i.e. performance on tests, games, etc. available on the Services) is shared through aggregated, anonymous comparisons, but never in a way that could personally identify the child. In addition, we do not offer students chat rooms or community features that allow the sharing or posting of Children’s Personal Data in a public forum.
We employ APIs of other companies and people to perform tasks on our behalf and may need to share your information with them, including Personal Data or Children’s Personal Data, to provide products or services to you. Examples include sending billing receipts and weekly progress reports and providing user services. Unless we tell you differently, these companies do not have any right to use Personal Data or Children’s Personal Data we share with them beyond what is necessary to execute tasks at hand. We will also require that these companies agree to protect the security of the information we share with them. For any privacy inquiries related to how these companies may handle your information on our behalf, please use the contact information of Xplorro at the bottom of this page, and we will respond to all such inquiries.
We disclose your information to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers: These parties help us provide the Services or perform business functions on our behalf. They include:
- Hosting, technology, and communication providers.
- Security and fraud prevention consultants.
- Support and customer service vendors.
- Product fulfillment and delivery providers.
- Payment processors.
- Our payment processing partner Stripe, Inc. (“Stripe”) collects your voluntarily provided payment card information necessary to process your payment.
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
- Companies that track how users found or were referred to the Services.
- Companies that track how users interact with the Services.
Advertising Partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include:
- Ad networks.
- Marketing Providers
Parties You Authorize, Access, or Authenticate. They include:
- Third parties you access through the services.
- Social media services.
- Other users.
Sharing with Affiliated Businesses
In the event that Xplorro is involved in a merger, reorganization, dissolution, sale of business or assets or similar event, information disclosed to or collected by may be transferred to Xplorro’s successor, or to the purchaser of such assets, as applicable. You will be notified via email and a prominent notice on our website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
Children are not allowed to enter or upload User Submissions. No Children’s Personal Data will ever be displayed to any third party through a User Profile. Email addresses are used to add new User Submissions to user profiles and to communicate through User Submissions. Users’ email addresses will not be directly revealed to other users by Company.
We may send offers to you on behalf of other businesses. However, when we do so, we do not give the other business your name and address and such communications will not be sent to child users. If you do not wish to receive these offers, please unsubscribe using the instructions provided in the email, the account management tools on the website, or by sending an email with your request to firstname.lastname@example.org
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
Protection of Company and Others
We may release Personal Data to protect the rights, property, or safety of the Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user (“Anonymized Data”). We may use such Anonymized Data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
With Your Consent
Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and you will be able to prevent the sharing of this information.
Is Personal Data and Children’s Personal Data Secure?
The security of your Personal Data is important to us. To prevent unauthorized access, disclosure, or improper use of your information, and to maintain data accuracy, we’ve established physical, technical, and administrative safeguards to protect the Personal Data we collect. In particular:
- We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We perform application security testing; penetration testing; conduct risk assessments; and monitor compliance with security policies.
- When you enter any information anywhere on the Service, we encrypt the transmission of that information using secure socket layer technology (SSL) by default.
- Xplorro’s database where we store your Personal Data is encrypted at rest, which converts all Personal Data stored in the database to an unintelligible form.
- We ensure passwords are stored and transferred securely using encryption and salted hashing.
- Xplorro’s Website and the Service is hosted by third-party service providers at separate facilities, with whom we have a contract providing for enhanced security measures.
- We restrict access to Personal Data to authorized Xplorro employees, agents or independent contractors who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Company endeavors to protect user information to ensure that user account information is kept private, however, Company cannot guarantee the security of user account information. Your Personal Data or Children’s Personal Data is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Data or Children’s Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.
If Xplorro becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant country and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred and steps Xplorro is taking to address the breach.
Data Deletion & Retention
We store your Personal Data for as long as it is necessary to provide products and Services to you and others, including those described above. Personal Data associated with your account will be kept until your account is deleted unless we no longer need the data to provide products and services.
Please note that we may have to retain some information after your account is deleted, to comply with legal obligations, to protect the safety and security of our community or our Service, or to prevent abuse of our Terms.
Deleting Your Account
You have the right to ask us to delete your account at any time. You can do so by contacting us at email@example.com. In case a parent wants to get a child’s classroom account deleted, please contact the child’s school.
Student Data Protection Policy: We will not retain a student’s Personal Data for any longer than is necessary for educational purposes, legal or contractual obligations, or to provide the Service for which we receive or collect the child’s Personal Data. Additionally, we only keep a child’s Personal Data for as long as his or her student account is active, unless we are required by law or the child’s school to retain it, need it to ensure the security of our community or our Service or to enforce our Terms.
Please note that some content will not be deleted given various compliance and record-keeping obligations schools have. Please contact your (or your child’s) school if you would like this content deleted. If the school determines that the request should be implemented, they may submit a request to us
What happens when an account is deleted: Xplorro de-identifies or deletes any Personal Data tied to the accounts, including emails, usernames. device token, device identifiers, IP addresses. Some information may persist in backups that we maintain, for a reasonable amount of time. Xplorro retains de-identified usage information about the accounts unless we contractually obligated to delete such information.
When a teacher or school administrator deletes an account from within their Xplorro dashboard, the deleted accounts are kept in a recoverable state for 14 days before the deletion actually takes place. This is done so that any erroneous deletions on the user’s part can be recovered and accounts may be restored.
Please note that after an account is deleted from our systems, it is not possible for us to restore the account or any Personal Data associated with it.
During the time that you use your services, you will receive emails from us, which includes emails around new features and updates, practice reports and reminders, promotional offers, and account related emails.
You may opt-out from receiving emails from within your Xplorro account, or by using unsubscribe links included in the emails themselves. Opting out from certain types of emails may prevent us from providing you key portions of the services, such as providing progress reports that explain your child’s performance and progress using the Services.
Please note even if you subscribe, we will still need to send certain essential emails till the time you have an account with us. These may include payment related emails, important legal or security related updates.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
- The categories of Personal Data that we have collected about you.
- The categories of sources from which that Personal Data was collected.
- The business or commercial purpose for collecting or selling your Personal Data.
- The categories of third parties with whom we have shared your Personal Data.
- The specific pieces of Personal Data that we have collected about you.
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third-party recipient.
You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following method:
- Email us at: firstname.lastname@example.org
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Personal Data Sales Opt-Out and Opt-In
We will not sell your Personal Data, and have not done so over the last 12 months. To our knowledge, we do not sell the Personal Data of children under 16 years of age.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
If we make material changes in the way we use Personal Data or Children’s Personal Data, we will notify you by posting an announcement on our Services, or by email and, if necessary, obtain prior verifiable parental consent.
Schools signed up for a membership will be notified in advance of any material changes to privacy policies, including practices around new or additional data collection, or new ways of using the data that may lessen your privacy and rights.
Questions or Concerns
If you have any questions or concerns regarding privacy on our Services, please send us a detailed email at email@example.com.