At codeSpark (“codeSpark” “We” or “Us”) we care very much about your privacy. As creators of apps for children, we aim to follow the best practices as specified by the “Know what’s inside” program and the kidSAFE Seal Program, and comply with The Children’s Online Privacy Protection Act (COPPA). To learn more about COPPA, please reference this simple one-page informational guide from the kidSAFE Seal Program: www.kidsafeseal.com/knowaboutcoppa.html.
A few key points upfront:
In the course of providing our Services, We collect certain information. Some of the information is the information you voluntarily provide to us, like an email address. Other information We collect automatically as you use the Services, like your login in activities. We only collect your information in furtherance of our legitimate interest of providing you with the Services, and internally to evaluate our efforts to improve the Services, and we do not sell this information.
Automatic Collection: Like most digital companies, we may use common technologies such as cookies and other technologies to better understand users’ interactions with the Services. These technologies help us keep track of user behavior, tell us which parts of our Services people have visited and are using, and facilitate and measure the effectiveness of activities. If you use any of our Services, we may also collect data related to the device on which the App is loaded. In particular, for analytics, we are using third party services of Mixpanel and Google Analytics. They store this data securely and do not share it with anyone else. We are using a restricted version of their analytics product designed for use with apps for children, meaning that the anonymous data created from our Apps isn’t used anywhere else in their system, it’s only for us to improve the apps, including information on App crashes, usage time, games played and problems missed.
Volunteered: In order for you to use the Services, a teacher or parent must create an account. This account safeguards the work you create on codeSpark, allows you access your work across multiple devices, and allows multiple related people to use the Services on the same device. When you (parents and teachers) create an account, register with us, send us an email, or provide other information with us in any other way, we will collect and store the information you share. You do not have to share this information with us, but without it, you may not be able to access certain features or participate in certain aspects of the Services.
The Services may enable you to input first names or nicknames for student and children players, which allow you to set up multiple profiles on a single device. The Apps will track each child’s play data separately to provide personalized activities and levels for each profile. Only parents or educators may sign up for a parent or school account by entering through a parental gate. When you sign up for a parent account, we collect and verify the parent’s email address so we can notify you about your child(ren)’s activities when using the Apps. With such an account, we provide to you additional services, such as multiple profiles, your child’s progress reports and additional resources. The Profile Names, zip code level location, along with birth month and year, will be collected in order to personalize your reports.
The Services will collect student play data thru persistent identifiers that are then linked to individual student nicknames or first names (not full names). This allows us to provide progress reports. Information collected from our Services is used for internal purposes to provide and improve the Services and for use and benefit of the students, schools, and parents only. We rely on teachers and schools to obtain parental consents if and when they are necessary.
Educational Use; Student Data. We collect a bare minimum of personally identifiable information (Personal Information as defined below) from the parents and teachers as necessary for students to establish an account. For school accounts and school-based services, a school administrator or educator signs up for a school account, whereupon we collect the administrator’s or educator’s name, email address, school name and city. An educator sets up student nicknames or first names and accessibility options. Students are only identified by a nickname or first name and then associated with the teacher for their work through the Services (student first names and their work on the Services are collectively, “Student Data”). The Services allow the students to create games and interact with the Services but only in a de-identified way. Students who use the story telling feature can submit pictures or text, so long as those features do not involve any Personal information, and those pictures and text features are not made publically accessible. With respect to student data in particular, We commit to protect student data additionally as follows
Publicly Posted: If you post information on public areas of the Site, which are intended for grown-ups only (i.e. comments or blog), that information is visible to and may be collected, stored and used by anyone. We recommend you be cautious about giving out Personal Information to others or sharing such information in public or online forums. We are not responsible for the actions of any third parties with whom you share any Personal Information.
Credit Cards: You can become a subscriber by purchasing a subscription to the Services within the Apps, where allowed by the App marketplace partners. When You subscribe to our Services, the order process may request a credit card or other payment information (i.e. PayPal). Order information is done through the Sites or via iTunes and Android App Stores directly and we do not collect or process or store any of your Personal Information or credit card information during the billing process ourselves. We use a third party service provider to process payments made on our Sites. Sales made via the app itself are processed through the marketplace partners directly (i.e. iTunes or Google Play), so your credit card information is not collected and retained by Us.
We collect and use your information to provide the Services, to provide support for the Services, to respond to user requests and inquiries, to maintain a record of our dealings with users, to facilitate your use of and our administration and operation of the Services; and to evaluate how to improve our offerings.
Personally identifiable information, or Personal Data as such term is defined by GDPR below (“Personal Information”), is information that can identify you or your child individually, such as an individual’s full name or physical mail address. Your Personal information may be shared as follows:
If you give us permission, we may share the Personal Information of an adult account holder (teachers and parents) with third parties who might send you marketing and promotional information.
We may also disclose the Personal Information of an adult account holder (teachers and parents) if permitted or required by law or where we believe such action is necessary in order to protect or defend our interests or the interests of our users or business partners.
This Site may be accessible to children but the Site is targeted for parents and adults and is not intended for children under age 13. For the most part, when children use our Apps, we do not require any Personal Information from them, and we have taken steps so that information about a child/student requested from a parent/teacher is non-Personal Information such as a nickname or child’s first name and last initial only. We may give teachers the option to provide a parent’s email address for each student user so that we can inform parents of their child’s activities when using our Apps.
Collection of Personal Information that is directed to children under 13 (“Children’s Platforms”) is governed by the principles of the Children's Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect the online privacy of children under the age of 13. We will obtain parental consent before collecting any Personal Information on our Services, unless the request for information falls within an exception that would be permitted under COPPA. We do not condition a child’s participation in our Services on the disclosure of more Personal Information than is reasonably necessary to participate in an activity.
The Services contain a story creation tool that allows kid coders to create personalized, interactive stories. The story creation tool enables kid coders to include recorded voices, upload photos, and type in speech bubbles to bring characters to life. Users can also share their interactive stories in the Kid Community space in our Services. The Kid Community is only available to users of our Services. In order to enable these stories to be shared in our Kid Community and across devices of a user’s account, we will store this content on our servers. These photos, voices and typed words that users provide may constitute Personal Information (for example, a child’s voice) and will be stored on our servers as part of making the tool available and functional in our Services.
Prior to making stories available in the Kid Community, story creations are submitted first to our moderator. A trained moderator will review content to avoid the posting of images, text or voices or other content that identifies a child or that reveals other personally identifying information (such as a complete home address) of student/child users. Our moderator will also review materials and remove other unacceptable content such as anything obscene, profane or harassing. While we will make efforts to monitor the story creation content in our Services, we also recommend that you talk to your child about what you are comfortable with them sharing via photo, voice and typing on this space. We ask that teachers and parents also monitor player usage for any unacceptable or personally identifiable information.
Parents and teachers may also at any time turn off the ability to utilize the uploading of photos, voice and words in story creation, by going into the parent portal settings.
Parents may contact us (at email@example.com) to review, update or delete any of their children’s personal information that we may have collected and to elect for us not to collect any additional personal information from their children.
Under California law, California residents are entitled to ask us for a notice describing what categories of personal customer information we have shared with third parties or corporate affiliates for direct marketing purposes in the past 12 months. If you are a California resident and would like a copy of this notice, please submit a written request to the codeSpark, 130 W. Union Street, Pasadena, CA 91103. In your request, please specify that you want a “California Privacy Notice.” We are not responsible for notices that are not labeled or are sent improperly. Please allow up to thirty days for this notice to be provided.
We respect your privacy rights and provide you with reasonable access and rights to the Personal Data (as this term is referred to for individuals located in the countries of the EU, UK or Switzerland pursuant to the European Directives 95/46/EC and 2002/58/EC (EU General Data Protection Regulations Legislation, also known as GDPR)) that you may have provided through your use of the Products. If you live in the European Economic Area (EEA), and wish to access, amend, delete, or transfer any Personal Data we hold about you, you may contact us as set forth in the “Who We Are. Contact Us” section below.
You may update, correct, or delete your Personal Data and preferences at any time by request to us at the email below. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Services.
At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at the email below. You also have a right to lodge a complaint with data protection authorities.
Where we transfer your Personal Data outside the European Economic Area (EEA), we rely on approved standard EU Model Clauses so these transfers are conducted in accordance with applicable laws and using adequate and appropriate safeguards.
To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us via the details provided in the “Who We Are. Contact Us” section below.
We permit all users to request an Opt out from receiving marketing emails, texts, or other marketing communications from us on a going-forward basis please submit a written request to the address below. In your request, please specify that “Opt Out Request.” We will try to comply with your opt-out request as soon as reasonably practicable. Please note that if you opt out as described above, this will apply to marketing messages from us only. We will not be able to remove your Personal Information from the database of any third parties to whom you have previously authorized us to share such information. Please also note that we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
In addition, Adult Users may contact us at any time to request that we provide for their review, or delete from our records, any information they have provided about child/student users associated with their account. This includes the ability to request that we discontinue any further collection or use of their child/student’s information.
If you would like us to remove publicly visible content posted by you, please send an email with the words “Content Removal” in the subject line to firstname.lastname@example.org and include a description of the content and its location.
If we delete content, please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforcement of our agreements.
The security of your personal information is important to us, and we employ physical, technical, and administrative security measures designed to safeguard the information collected by the Services. We use industry standard SSL (secure socket layer technology) encryption to transfer PII. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to buildings and files.
Account holders create a password in the registration process. You can help protect against unauthorized access to your Account and PII by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.
We are committed to maintaining the security and confidentiality of your and your children’s information, including, but not limited to, any student data, which we receive through School Accounts. Some of the precautions we take include (a) limiting access to student data; (b) requiring employees to sign confidentiality agreements upon hiring; (c) conducting employee privacy and data security training and education; and (d) protecting information with commercially reasonable technical, contractual, administrative, and physical security safeguards.
Please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit on or through the Services and you do so at your own risk. All Information, including your personally identifiable information, may be maintained on servers or databases located outside your state or country or to a jurisdiction where the privacy laws may not be as protective as those in your location.
If you are located outside of the United States, please be advised that we process and store information in the United States and your use of our Services constitutes your consent to and understanding of this processing.