At codeSpark (“codeSpark” “We” or “Us”) we care very much about your privacy. As creators of apps for children, we aim to follow the best practices as specified by the “Know what’s inside” program and the kidSAFE Seal Program, and comply with The Children’s Online Privacy Protection Act (COPPA). To learn more about COPPA, please reference this simple one-page informational guide from the kidSAFE Seal Program: www.kidsafeseal.com/knowaboutcoppa.html.

We strive to be upfront, so there are no hidden surprises. This Privacy Policy describes the ways in which codeSpark. Inc. (collectively, “Company” or “We”) collects, uses and discloses information about users of the codeSpark websites (the “Site”), game applications (“Apps”) and online products and services that link to this policy (collectively, the “Services”). By using the Services you agree to the handling of your information in accordance with this Privacy Policy.

A few key points upfront:

  • During registration we ask only for the barest minimum of information from an adult teacher or parent. From our children student users (under 13), the Services will never require full names or addresses; we ask only for a generic user name, which can be a nickname or a first name.
  • With respect to all student data, our practices are particularly strict, as we describe below.
  • Other than the fees for purchasing a subscription for the Services, where applicable, there are no in app purchases needed to play.
  • We are compliant with FERPA and COPPA
  • You have the right to request a copy to review and delete the information We have collected about you at any time.
  • The Services do not include any pop up ads or other third party advertisements.

WHAT KIND OF INFORMATION WE COLLECT

In the course of providing our Services, We collect certain information. Some of the information is the information you voluntarily provide to us, like an email address. Other information We collect automatically as you use the Services, like your login in activities. We only collect your information in furtherance of our legitimate interest of providing you with the Services, and internally to evaluate our efforts to improve the Services, and we do not sell this information.

Automatic Collection: Like most digital companies, we may use common technologies such as cookies and other technologies to better understand users’ interactions with the Services. These technologies help us keep track of user behavior, tell us which parts of our Services people have visited and are using, and facilitate and measure the effectiveness of activities. If you use any of our Services, we may also collect data related to the device on which the App is loaded. In particular, for analytics, we are using third party services of Mixpanel and Google Analytics. They store this data securely and do not share it with anyone else. We are using a restricted version of their analytics product designed for use with apps for children, meaning that the anonymous data created from our Apps isn’t used anywhere else in their system, it’s only for us to improve the apps, including information on App crashes, usage time, games played and problems missed.

Volunteered: In order for you to use the Services, a teacher or parent must create an account. This account safeguards the work you create on codeSpark, allows you access your work across multiple devices, and allows multiple related people to use the Services on the same device. When you (parents and teachers) create an account, register with us, send us an email, or provide other information with us in any other way, we will collect and store the information you share. You do not have to share this information with us, but without it, you may not be able to access certain features or participate in certain aspects of the Services.

The Services may enable you to input first names or nicknames for student and children players, which allow you to set up multiple profiles on a single device. The Apps will track each child’s play data separately to provide personalized activities and levels for each profile. Only parents or educators may sign up for a parent or school account by entering through a parental gate. When you sign up for a parent account, we collect and verify the parent’s email address so we can notify you about your child(ren)’s activities when using the Apps. With such an account, we provide to you additional services, such as multiple profiles, your child’s progress reports and additional resources. The Profile Names, zip code level location, along with birth month and year, will be collected in order to personalize your reports.

The Services will collect student play data thru persistent identifiers that are then linked to individual student nicknames or first names (not full names). This allows us to provide progress reports. Information collected from our Services is used for internal purposes to provide and improve the Services and for use and benefit of the students, schools, and parents only. We rely on teachers and schools to obtain parental consents if and when they are necessary.

Additional Protections and Information for School Accounts

Educational Use; Student Data. We collect a bare minimum of personally identifiable information (Personal Information as defined below) from the parents and teachers as necessary for students to establish an account. For school accounts and school-based services, a school administrator or educator signs up for a school account, whereupon we collect the administrator’s or educator’s name, email address, school name and city. An educator sets up student nicknames or first names and accessibility options. Students are only identified by a nickname or first name and then associated with the teacher for their work through the Services (student first names and their work on the Services are collectively, “Student Data”). The Services allow the students to create games and interact with the Services but only in a de-identified way. Students who use the story telling feature can submit pictures or text, so long as those features do not involve any Personal information, and those pictures and text features are not made publically accessible. With respect to student data in particular, We commit to protect student data additionally as follows

  • Student data collected from our Services is evaluated and used only to provide the Services and for use and benefit of the students, schools, and parents only. ACCORDINGLY, CODESPARK WILL NOT, USE ANY STUDENT DATA IN ANY WAY OTHER THAN IN CONNECTION WITH THE PERFORMANCE OF THE SERVICES.
  • We commit to maintaining the confidentiality and security of all student data in accordance with all applicable state and U.S. federal regulations, including, without limitation, the Family Educational Rights and Privacy Act (“FERPA”).
  • CodeSpark will not sell or lease any student data for any advertising, marketing, or other purposes.
  • We will keep student data only as long as it continues to be part of our providing the Services and to maintain a record of our means to communicate with users. Once a teacher or school terminates its subscription or goes inactive, we will retain those records for not longer than 24 months from termination or inactivation.
  • We will delete, or if requested by the educational institution, transfer to the educational institution, all respective student data within 90 days) or a shorter time if required by applicable law) following termination of our agreement with the educational institution

Third Party Analytics: This Site uses third party services to assist us with marketing to previous visitors to our Sites, including Google’s services which enable re-marketing on the Google search results pages or websites in Google’s networks. The Services use cookies or web beacons to serve ads based on someone’s prior web browsing history to then show ads and other reminders that you visited. The Services also collect information about your internet browsing, such as your ISP, the browser you used to visit our Sites and whether you have Flash installed. Any such data collected will be used in accordance with this privacy policy.

Publicly Posted: If you post information on public areas of the Site, which are intended for grown-ups only (i.e. comments or blog), that information is visible to and may be collected, stored and used by anyone. We recommend you be cautious about giving out Personal Information to others or sharing such information in public or online forums. We are not responsible for the actions of any third parties with whom you share any Personal Information.

Credit Cards: You can become a subscriber by purchasing a subscription to the Services within the Apps, where allowed by the App marketplace partners. When You subscribe to our Services, the order process may request a credit card or other payment information (i.e. PayPal). Order information is done through the Sites or via iTunes and Android App Stores directly and we do not collect or process or store any of your Personal Information or credit card information during the billing process ourselves. We use a third party service provider to process payments made on our Sites. Sales made via the app itself are processed through the marketplace partners directly (i.e. iTunes or Google Play), so your credit card information is not collected and retained by Us.

HOW DO WE USE THE INFORMATION WE COLLECT?

We collect and use your information to provide the Services, to provide support for the Services, to respond to user requests and inquiries, to maintain a record of our dealings with users, to facilitate your use of and our administration and operation of the Services; and to evaluate how to improve our offerings.

WHEN DO WE SHARE OR DISCLOSE YOUR INFORMATION

Anonymous Information. Anonymous or aggregated information that does not identify you personally, like combined usage and metrics information, referring website addresses, and “aggregate” information may be shared with others, including developers, potential investors, marketers, and business partners. Anonymous information helps us understand trends and user needs so that we can better design new products and services and refine existing products and services to serve our customers better. We may de-identify information including student data received in connection with providing the Services and use such data as described in this Privacy Policy.

Personally identifiable information, or Personal Data as such term is defined by GDPR below (“Personal Information”), is information that can identify you or your child individually, such as an individual’s full name or physical mail address. Your Personal information may be shared as follows:

Personal Information may be shared with a vendor who is helping us make the Services available and functional under contract and with safeguards. These include third-party vendors, technical agents, subcontractors, and our affiliates and consultants who assist us in performing functions to operate our Services. These functions include, for example, web site hosting, maintenance, data analysis, customer support, email delivery services, infrastructure services, customer service, technical agents, analytics and metrics services. These third parties will be restricted in the way they can use your Personal Information and will need to keep your information confidential and secure and otherwise in accordance with this Privacy Policy.

We may also share Personal Information in a confidential and secure way during due diligence or in preparation for or after a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization or liquidation. If codeSpark or its assets is purchased, all associated data and information will be transferred, provided the acquirer will be required to honor the terms of our then current privacy policy, as such may be updated from time to time.

If you give us permission, we may share the Personal Information of an adult account holder (teachers and parents) with third parties who might send you marketing and promotional information.

We may also disclose the Personal Information of an adult account holder (teachers and parents) if permitted or required by law or where we believe such action is necessary in order to protect or defend our interests or the interests of our users or business partners.

CHILDREN’S PRIVACY

This Site may be accessible to children but the Site is targeted for parents and adults and is not intended for children under age 13. For the most part, when children use our Apps, we do not require any Personal Information from them, and we have taken steps so that information about a child/student requested from a parent/teacher is non-Personal Information such as a nickname or child’s first name and last initial only. We may give teachers the option to provide a parent’s email address for each student user so that we can inform parents of their child’s activities when using our Apps.

Collection of Personal Information that is directed to children under 13 (“Children’s Platforms”) is governed by the principles of the Children's Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect the online privacy of children under the age of 13. We will obtain parental consent before collecting any Personal Information on our Services, unless the request for information falls within an exception that would be permitted under COPPA. We do not condition a child’s participation in our Services on the disclosure of more Personal Information than is reasonably necessary to participate in an activity.

The Services contain a story creation tool that allows kid coders to create personalized, interactive stories. The story creation tool enables kid coders to include recorded voices, upload photos, and type in speech bubbles to bring characters to life. Users can also share their interactive stories in the Kid Community space in our Services. The Kid Community is only available to users of our Services. In order to enable these stories to be shared in our Kid Community and across devices of a user’s account, we will store this content on our servers. These photos, voices and typed words that users provide may constitute Personal Information (for example, a child’s voice) and will be stored on our servers as part of making the tool available and functional in our Services.

Prior to making stories available in the Kid Community, story creations are submitted first to our moderator. A trained moderator will review content to avoid the posting of images, text or voices or other content that identifies a child or that reveals other personally identifying information (such as a complete home address) of student/child users. Our moderator will also review materials and remove other unacceptable content such as anything obscene, profane or harassing. While we will make efforts to monitor the story creation content in our Services, we also recommend that you talk to your child about what you are comfortable with them sharing via photo, voice and typing on this space. We ask that teachers and parents also monitor player usage for any unacceptable or personally identifiable information.

Parents and teachers may also at any time turn off the ability to utilize the uploading of photos, voice and words in story creation, by going into the parent portal settings.

Parents may contact us (at privacy@codespark.com) to review, update or delete any of their children’s personal information that we may have collected and to elect for us not to collect any additional personal information from their children.

CALIFORNIA PRIVACY RIGHTS

Under California law, California residents are entitled to ask us for a notice describing what categories of personal customer information we have shared with third parties or corporate affiliates for direct marketing purposes in the past 12 months. If you are a California resident and would like a copy of this notice, please submit a written request to the codeSpark, 130 W. Union Street, Pasadena, CA 91103. In your request, please specify that you want a “California Privacy Notice.” We are not responsible for notices that are not labeled or are sent improperly. Please allow up to thirty days for this notice to be provided.

EUROPEAN UNION, UK AND SWITZERLAND ADDITIONAL NOTICE

We respect your privacy rights and provide you with reasonable access and rights to the Personal Data (as this term is referred to for individuals located in the countries of the EU, UK or Switzerland pursuant to the European Directives 95/46/EC and 2002/58/EC (EU General Data Protection Regulations Legislation, also known as GDPR)) that you may have provided through your use of the Products. If you live in the European Economic Area (EEA), and wish to access, amend, delete, or transfer any Personal Data we hold about you, you may contact us as set forth in the “Who We Are. Contact Us” section below.

You may update, correct, or delete your Personal Data and preferences at any time by request to us at the email below. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Services.

At any time, you may object to the processing of your Personal Data, on legitimate grounds, except if otherwise permitted by applicable law. If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact us at the email below. You also have a right to lodge a complaint with data protection authorities.

INTERNATIONAL TRANSFERS

Where we transfer your Personal Data outside the European Economic Area (EEA), we rely on approved standard EU Model Clauses so these transfers are conducted in accordance with applicable laws and using adequate and appropriate safeguards.

To find out more about how we safeguard your information (including obtaining a copy of such safeguards) in relation to transfers outside the EEA, please contact us via the details provided in the “Who We Are. Contact Us” section below.

OPT OUTS; REMOVAL OF CONTENT.

We permit all users to request an Opt out from receiving marketing emails, texts, or other marketing communications from us on a going-forward basis please submit a written request to the address below. In your request, please specify that “Opt Out Request.” We will try to comply with your opt-out request as soon as reasonably practicable. Please note that if you opt out as described above, this will apply to marketing messages from us only. We will not be able to remove your Personal Information from the database of any third parties to whom you have previously authorized us to share such information. Please also note that we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.

In addition, Adult Users may contact us at any time to request that we provide for their review, or delete from our records, any information they have provided about child/student users associated with their account. This includes the ability to request that we discontinue any further collection or use of their child/student’s information.

If you would like us to remove publicly visible content posted by you, please send an email with the words “Content Removal” in the subject line to privacy@codespark.com and include a description of the content and its location.

If we delete content, please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforcement of our agreements.

GENERAL & DATA SECURITY

The security of your personal information is important to us, and we employ physical, technical, and administrative security measures designed to safeguard the information collected by the Services. We use industry standard SSL (secure socket layer technology) encryption to transfer PII. Other security safeguards include, but are not limited to, data encryption, firewalls, and physical access controls to buildings and files.

Account holders create a password in the registration process. You can help protect against unauthorized access to your Account and PII by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your Account.

SCHOOL ACCOUNTS

We are committed to maintaining the security and confidentiality of your and your children’s information, including, but not limited to, any student data, which we receive through School Accounts. Some of the precautions we take include (a) limiting access to student data; (b) requiring employees to sign confidentiality agreements upon hiring; (c) conducting employee privacy and data security training and education; and (d) protecting information with commercially reasonable technical, contractual, administrative, and physical security safeguards.

Please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit on or through the Services and you do so at your own risk. All Information, including your personally identifiable information, may be maintained on servers or databases located outside your state or country or to a jurisdiction where the privacy laws may not be as protective as those in your location.

If you are located outside of the United States, please be advised that we process and store information in the United States and your use of our Services constitutes your consent to and understanding of this processing.

CHANGES TO THIS POLICY: GENERAL

We reserve the right to change this Privacy Policy at any time, and will do so by posting changes to this Privacy Policy on the Site. If we make material changes to our handling of personally identifiable information previously collected from you, we may notify you more prominently and obtain your prior consent, including parental consent where necessary.

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California applicable to agreements made and performed in California, excluding the application of the conflict of laws provisions. This Privacy Policy is subject to the Terms of Service which terms are incorporated herein by reference.

WHO WE ARE. CONTACT US:

codeSpark
130 W. Union Ave
Pasadena, CA 91103
626.585.6900
privacy@codespark.com

Effective: August 20, 2019.