NOTICE: We have updated our Privacy Policy effective May 31, 2023. We did this primarily (1) to notify Users about our COPPA, FERPA, and California Student Privacy certifications issued by iKeepSafe (please see below for more information); (2) to create more consistency in how we explain our student data practices across this Privacy Policy, our Terms of Use, and our Client Agreements; and (3) to add language about new laws that may apply to you. We believe the rights and obligations of Users and Apptegy did not materially change as a result of this update. However, we encourage you to review the updated Privacy Policy below, which applies to all Users of the Services on a going-forward basis.
*** *** ***
Last updated: May 31, 2023
Thank you for choosing Apptegy, Inc. (collectively, including our subsidiaries and other affiliates, “Apptegy,” “we,” “us,” or “our”). The privacy and security of personal information is very important to us. We want you to understand what personal information we collect about you, how we collect that information, how we use it, and what your rights are with respect to what we do. This Privacy Policy (“Policy”) explains those things.
The key points are:
- “Personal information” means any information about an identifiable individual, or any information that may be used to identify an individual when combined with other readily available information. Examples include your name, your email address, or your IP address;
- The personal information we collect about you, how we collect it, and how we use it depends on your relationship with us;
- We collect and use personal information only to provide and improve our Services (as defined below);
- We do not sell or attempt to monetize your personal information with third parties; and
- You have rights and choices that govern how we will handle personal information about you.
The list of key points above is only a summary. Please review the full Policy to find additional information and to better understand our practices, policies, and obligations, and your rights related to the same.
PLEASE REVIEW THIS POLICY CAREFULLY. We have attempted to provide transparent explanations of our practices and policies so you can make a meaningful decision about whether to use the Services.
BY USING THE SERVICES IN ANY WAY, INCLUDING USING THE SERVICES AS AN END USER OR ONLY AS A VISITOR, YOU AGREE TO BE BOUND BY EVERYTHING IN THIS POLICY. Please note that using our Services is your choice. If you do not consent to the collection, use, or disclosure of personal information as described in this Policy, you should not use our Services.
We may change this Policy from time to time in our discretion. Please see Section 12 below for more information.
If you have questions about this Policy, please contact us at any of the following:
- By email at privacy@apptegy.com;
- By telephone at 1-888-501-0024; or
- By mail at Apptegy Inc., c/o Data Protection Officer, 2201 Brookwood Drive, Suite 115, Little Rock, AR 72202.
1. WHO AND WHAT DOES THIS POLICY APPLY TO
This Policy applies to you and all other Users of the Services. “Users” include:
- users that have a direct business relationship with us (“Clients”);
- individual users that are invited or added to the Services by a Client under the Client’s account with us (for example: teachers, students, parents, and guardians invited or added to the Services by their education institution) (“End Users”); and
- individuals that only visit the public parts of the Services that do not require a log-in or an invitation from a Client (for example: individuals browsing the Sites) (“Visitors”).
For the sake of clarity, references to “Users” and “you” in these Terms refer to you as a User individually and to all Users collectively, unless expressly set out otherwise. Please note that End Users may access and use the Services through the separate website and/or mobile application of a Client, and this Policy applies whether you use the Services directly via our products or via a Client website or application. In this Policy we call education institutions and organizations “Schools.”
This Policy applies to all of our products and services, including new or additional products and services that we may develop or offer in the future. This includes but is not limited to:
- our websites, including www.apptegy.com, www.thrillshare.com, and www.edurooms.com (collectively, the “Sites”);
- our Thrillshare platform (“Thrillshare”), which collectively includes:
- our Media platform (“Media”),
- our Engage platform (“Engage”),
- our Rooms platform (“Rooms”); and
- any other platforms or tools that we choose to add to Thrillshare; and
- any website and/or mobile application that provides access to and use of any of the foregoing
(collectively, including the Sites, Thrillshare, Media, Engage, Rooms, and all services related to the foregoing, the “Services”).
If you are a California resident, see the California Privacy Notice for California consumers in Section 5.
If you are a European Union or United Kingdom resident, see the EU and UK Privacy notice in Section 6.
If you are a Canadian resident, see the Canadian Residents notice in Section 7.
This Policy applies in conjunction with the Terms of Use (“Terms of Use”) for the Services, accessible at https://www.apptegy.com/terms-and-conditions. The Terms of Use applies to all Users and for all Services generally, except as expressly set out in the Terms of Use.
2. WHAT We Collect and How We Collect It
What information we collect about you and how we collect it depends on our relationship with you. Specifically:
- If you are a Client (for example: a School that is our Client), then an explanation of what information we collect about you and your End Users, and how we collect it, can be found below in the section 2.A titled “Personal Information from Schools and Under School Accounts”; or
- If you are an End User (for example: a teacher, staff, student, parent, or guardian added to the Services by a School), then information we collect about you is provided either (1) by the School that added you to the Services and manages your use of the Services, (2) by you when you use the Services, or (3) by another End User using the Services under the account of your School. An explanation of what information we collect about you and how we collect it can be found below in the section 2.A titled “Personal Information from Schools and Under School Accounts”; or
- If you are a Visitor (for example: an individual browsing a public part of the Sites that does not require a log-in or an invitation from a Client) and you do not use the Services as an End User, then an explanation of what information we collect about you and how we collect it can be found below in the section 2.B titled “Visitor Personal information.”
Please note that our Clients are Schools and other government entities. We do not currently offer or provide Client accounts to individuals, including End Users or Visitors. This means that Apptegy does not have direct relationships with individual end users of the Services. However, the Services allow Clients to create individual user accounts for the End Users that the Client wants to authorize under its Client account (for example: teachers, staff, students, parents, and guardians associated with the School). All End User accounts are controlled and managed by the Client that creates them. In this Policy we call the individual End User accounts created by Schools “School-Created User Accounts.” We collect limited personal information from or about individuals outside of School-Created User Accounts. This means that nearly all personal information we collect and use is provided either (1) by Schools adding or managing their End Users on the Services, or (2) by End Users using the Services under School-Created User Accounts. Please continue reading below for more information.
2.A Personal Information from Schools and Under School Accounts
As stated above, nearly all of the personal information that we collect is provided to us either by a School on behalf of the End Users associated with the School, or by End Users using our Services under School-Created User Accounts.
A few examples of when this may happen include:
- a School creates School-Created User Accounts for teachers, staff, parents, guardians, and students under the School’s Client account, and includes personal information in the School-Created User Accounts;
- a School administrator, under her or his School-Created User Account, uses the Services to update School-Created User Accounts, and includes personal information in her or his updates;
- a School principal, under her or his School-Created User Account, uses the Services to publish a communication via Thrillshare Media that includes personal information;
- a School teacher, under her or his School-Created User Account, uses the Services to send classroom communications via Thrillshare Rooms that includes personal information;
- a School student, under her or his School-Created User Account, uses the Services to upload and submit classroom content and assignments via Thrillshare Rooms that includes personal information;
- a parent or guardian of a School student, under her or his School-Created User Account, uses the Services to communicate with a teacher via Thrillshare Rooms, and includes personal information in her or his communications; or
- a School staff member interacts with Apptegy team members to request technical support for the School’s Client account, and includes personal information in her or his communications.
In all of these instances, (i) the School determines and controls what personal information it provides to us for its School-Created User Accounts, (ii) the School determines and controls what personal information can be provided to us by End Users using the Services under the School-Created User Accounts; and (iii) the School determines and controls how personal information is and can be used once it is collected from the School and End Users under the School’s Client account. In other words, the School determines and controls the purpose, scope, and means for all personal information collected under or in connection with the School’s account. This means the School is the data controller of the personal information collected by us in connection with the School’s account and the School-Created User Accounts associated with the School.
Because of that, if you are an End User, your School is the party that is primarily responsible for the personal information we collect about you. And your School is the party responsible for determining the purpose, scope, and means of the personal information we collect about you, and whether and how it is used via our Services. We use that information only on behalf of and under the direct control of the School, and not for our own purposes.
We implement safeguards to protect against the loss, disclosure, alteration, or misuse of personal information that is in our care or custody. We protect all personal information in our care or custody with at least the degree of care that would be exercised by a prudent person given the sensitivity of the personal information. Please continue reading below for more information about our security practices.
In all of these circumstances, Apptegy is only a data processor. This means we only carry out and process, via our Services, the activities of and instructions of your School (and End Users using the Services under School-Created User Accounts).
Simply put: when we process activities and instructions from a School that include personal information about you (or by you or another School-Created User Account under a School account), we are not responsible for the disclosures made or the use of your personal information by the School (or School-Created User Account under the School account). It is your School that has the responsibility to protect your privacy in these instances.
Please note that the privacy and security policies of your School may differ from our policies. In those cases, our policies will not overrule or change the separate policies of your School, and our policies will not impact or change your School’s separate agreements with and obligations to you. Instead, the privacy and security policies of your School govern your personal information and your rights with respect to your School, and not our policies. As such, you are required to work with your School directly with respect to your personal information. For example, if you request a copy of the personal information we hold about you in order to provide the Services, we will direct you to your School for that information.
Even though we are not primarily responsible for your personal information in these circumstances, we still want you to understand what personal information we might collect about you as the data processor providing the Services and how we collect it.
Schools (and End Users under School-Created User Accounts) typically use our Services to publish, upload, manage, store, and/or send communications, messages, announcements, videos, assignments, materials, electronic signature requests, and other content, documents, and information. Thrillshare Media is typically used when the activity is relevant to the School and its End Users generally; Thrillshare Rooms is typically used when the activity is relevant to a particular subset of the School’s End Users – usually a classroom or group at the School.
However, personal information may be collected for or as a result of any of the activities permitted on the Services. As explained above, Schools (and End Users under School-Created User Accounts) make these choices and are responsible for them.
Specifically, the following personal information may be collected in connection with the Services:
-
Personal information provided by Schools. We collect personal
information that Schools use to create and manage School-Created User
Accounts. We also collect personal information that Schools include in
the communications, messages, announcements, videos, assignments,
materials, electronic signature requests, and other content, documents,
and information published, uploaded, managed, stored, and/or sent via
the Services. Some of this information may contain personal information;
and some personal information may be about you. For example: personal
information included in announcements made via Media, or personal
information included in messages in Rooms. As noted above, however, we
only collect this information when provided by Schools and End Users
using the Services under School-Created User Accounts (for example:
teachers and staff). Personal information provided by Schools may
include:
- Name
- Phone number
- Email address
- Gender
- Age/birthday
- School year/classification
- Race/ethnicity
- Disability
- Language
- Attendance information
- Classes, groups, and subjects taught or participated in
- Activities/clubs participated in
- Information recorded in assignments
- Information recorded in consents and data collection forms
- Grading and assessment information
- Achievements/awards
- Dietary requirements
- Transportation preferences
- Communication preferences
- Parent(s) and guardians(s) for which a student User is associated
- Student(s) for which a parent or guardian is associated
- Other information a School uploads
-
Personal information provided by End Users. We collect personal
information that End Users under School-Created User Accounts include in
the communications, messages, announcements, videos, assignments,
materials, electronic signature requests, and other content, documents,
and information published, uploaded, managed, stored, and/or sent via
the Services. Some of this information may contain personal information;
and some personal information may be about you. For example: personal
information included in announcements made via Media, or personal
information included in messages in Rooms. As noted above, however, we
only collect this information when provided by Schools and End Users
using the Services under School-Created User Accounts (for example:
teachers and staff). Personal information provided by End Users may
include:
- Name
- Phone number
- Email address
- Gender
- Age/birthday
- School year/classification
- Race/ethnicity
- Disability
- Language
- Attendance information
- Classes, groups, and subjects taught or participated in
- Activities/clubs participated in
- Information recorded in assignments
- Information recorded in consents and data collection forms
- Grading and assessment information
- Achievements/awards
- Dietary requirements
- Transportation preferences
- Communication preferences
- Parent(s) and guardians(s) for which a student User is associated
- Student(s) for which a parent or guardian is associated
- Other information an End User uploads
-
Personal information from use of the Services. We automatically
collect information about how the Services are used by End Users under
School-Created User Accounts (for example: teachers, staff, students,
parents, and guardians). We may also collect information connected with
support and technical help for the Services. Some of this information
may contain personal information; and some personal information may be
about you. Personal information from use of the Services may include:
- IP addresses used to access the Services
- Web browsers and operating systems used to access the Services
- Makes, models, and device IDs used to access the Services
- General geographic location (but not precise geolocation) of access to the Services
- Time zone and language of access to the Services
- Pages on the Services that are viewed
- Features and functions of the Services that are used and how they are used
- Information provided during or in connection with a customer support request
- Other information about how Users interact with the Services
-
Personal information provided for accounts. We collect
information that Schools and End Users provide for the creation,
administration, and management of Client accounts and School-Created
User Accounts. Some of this information is voluntary. However, please
note that certain information is required to use and enjoy the Services.
Some of this information may contain personal information; and some
personal information may be about you. Personal information provided for
accounts may include:
- Contact details
- User ID
- School ID
- Profile information
- Contact address
- Contact phone number
- Email address
- Log-in Information
- Password
- Billing/Payment Information
- Communication preferences
- Employment position (for School employee and contractor Users)
- Other information a School or User uploads
- Other information necessary or helpful to provide the Services to the Client
-
Personal information from third parties. We collect certain
information from third parties to measure and improve our Services, and
to improve the experience of our Clients and Users. For example, we
collect information about how our marketing and promotional campaigns
have performed (see Section 4 for more information about marketing and
advertising activities). Some of this information may contain personal
information; and some personal information may be about you. Personal
information from third parties may include:
- Analytics and usage data
- IP addresses
- Pages on the Services that are viewed
As explained above, the personal information we collect from Schools and End Users is under the direct control of the School, and we only collect personal information that is reasonably necessary to provide the Services requested by the Client and its End Users. This means that, with respect to any specific Client and its End Users, the types and scope of personal information actually collected by us will depend on the Services being used by the Client and its End Users. Not all categories will be collected or received for every individual.
Except as set out in these policies, we do not collect or scrape additional personal information from the computers, contacts, email accounts, or other personal sources of Users.
Please note that while we have attempted to provide full and fair notice of the personal information that may be collected in connection with our Services, the list above is not exhaustive. We may in some instances collect personal information other than what is set out in the table above. In those circumstances, we will ensure we have appropriate authority or consent for that collection.
If you are an End User and have questions or requests about personal information or rights under your School’s Client account or your School-Created User Account, please address your questions and requests directly to your School. If you contact us regarding these questions and requests, we will direct them to your School. If you are a Client and have questions or requests about personal information or rights under your Client account, please contact us by any of the methods set out above in the introduction to these policies or below in the section 10 titled “Contact Us.”
2.B Visitor Personal Information; Generalized and Anonymous Information about All Users
If you are a Visitor (for example: an individual browsing a public part of the Sites that does not require a log-in or an invitation from a Client), we collect limited personal information from and about you. We automatically collect information about how the public parts of the Services are used by Visitors. For example, we collect information about the individual pages that are viewed, the features and functions that are used and how they are used, and other information about how Visitors interact with the Services. We also collect information about what web browsers, devices, and IP addresses are used to access the Services, and the general geolocation of that access (but not precise geolocation). Some of this information may contain personal information (for example: IP addresses). Please also note that if you choose to contact us (for example: send us a message via the email or chat function on the Sites), we collect the personal information that you give us (for example: name, phone number, email address, IP address, and anything you include in the body of your message). In these circumstances, you control what information you provide us. If you choose to not provide certain information, parts of the Services may not be available to you or may not function as intended (for example: you may be required to provide certain personal information to send a communication to us). If you have questions or requests about your personal information or rights as a Visitor, please contact us by any of the methods set out above in the introduction to these policies or below in the section 10 titled “Contact Us.”
We may collect and use generalized, anonymous information about all Users. This information cannot be used to identify you or isolate your personal information. If you have questions or requests about your personal information or rights in connection with our collection of generalized, anonymous information, please contact us by any of the methods set out above in the introduction to these policies or below in the section 10 titled “Contact Us.”
3. How We Use and Disclose Your Information
We use and disclose personal information solely for the purpose of providing and improving our Services to and for our Clients and Users. We do not sell or otherwise monetize personal information by selling or sharing it with third parties. Specifically, we use and disclose personal information in the following ways:
- To provide and operate our Services: We may use and disclose personal information when we are directed or instructed to do so by a Client or an End User under a School-Created User Account. A few examples of when this may happen include: when a School uploads information to setup its Client account, or when a School creates, maintains, and updates School-Created User Accounts, or when an End User posts a communication on the Services that includes personal information;
- As you direct or consent: We may use and disclose personal information when you direct or instruct us to do so, or otherwise provide your consent (for example: when you choose to include personal information in materials you upload to the Services, or when you include personal information in a support request to us);
- To enable and transmit social media messages: We may use and disclose personal information to enable and transmit social media messages via the Services (for example: when an End User uses the Services to publish a communication to Facebook, Twitter, and other social media channels);
- To enable and transmit email messages: We may use and disclose personal information to enable and transmit email messages via the Services (for example: when a School uses the Services to send an email message to students);
- To enable and transmit SMS/MMS/Mobile messages: We may use and disclose personal information to enable and transmit SMS/MMS and other mobile messages via the Services (for example: when a School uses the Services to send an SMS message to parents and guardians);
- To enable and transmit voice and VOIP messages: We may use and disclose personal information to enable and transmit voice/VOIP and other audible messages via the Services (for example: when a School uses the Services to send a voice message to parents and guardians);
- To maintain security and availability of the Services: We may use and disclose personal information to ensure the security and availability of the Services (for example: when we perform system and database evaluations and tests);
- For legal purposes: We may use and disclose personal information (i) to comply with applicable laws, regulations, court orders, legal processes, or to respond to any government, agency, or regulatory request, (ii) to detect or otherwise manage fraud, security, or technical issues, (iii) to protect the safety, rights, or property of any person, the public, or Apptegy, or (iv) to enforce our rights arising from agreements with Clients and Users, including our Terms of Use, and for billing and collection purposes;
- To contact you about Services: If you are a School or a teacher or staff member with a School-Created User Account, we may use and disclose personal information to contact you about other Apptegy Services that may be of interest to you. We will not contact School-Created User Accounts that we know are parents, guardians, or students about other Apptegy Services;
- To contact you about resources and events: If you are a School or a teacher or staff member with a School-Created User Account, we may use and disclose personal information to contact you about other Apptegy resources and events that may be of interest to you (for example: webinars and the publication of new educational materials). We will not contact School-Created User Accounts that we know are parents, guardians, or students about other resources or events;
- For account servicing and maintenance: We may use and disclose personal information to help us service, maintain, and support User accounts (for example: billing or technical support, and product updates);
- To measure and improve client engagement: We may use and/or disclose personal information to help us measure and improve engagement with Users (for example: we use Google Analytics to help us understand how our users use our Services – you can read more about how Google uses our information here: https://www.google.com/intl/en/policies/privacy/ and you can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout; we also use Pendo to help us understand how our users use our Services – you can read more about how Pendo uses our information here: https://www.pendo.io/legal/privacy-policy/); and
- For corporate business purposes: We may use and disclose personal information (a) to our current or future parent company, affiliates, subsidiaries, and other companies under common control and ownership, or (b) to a buyer or other successor in connection with, or during negotiations for, a merger, acquisition, reorganization, or other sale or transfer of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
We may use and disclose personal information with and to third parties when it is necessary to provide the Services or for our business (for example: to complete any of the foregoing activities; or when we need to process payments from Clients; or when we translate content that includes personal information from English into other languages; or when we comply with appropriate security standards). When we use and disclose personal information with third parties, the third parties are not allowed to access or use personal information of Users, unless it is needed to do their particular work with us. We will limit the personal information we provide to third parties as much as possible, and we will condition our sharing of that personal information on strict confidentiality restrictions and security instructions as often as possible.
Some examples of third parties that may receive personal information as a necessary part of providing the Services are Amazon Web Services (hosting provider), Google (communications, translations, analytics), Zoom (communications), Salesforce (Client relationship management), Pendo (analytics), AppSignal (product performance management), IMImobile (text messaging facilitator), and Intercom (Client support). For a list of third parties with whom we share personal information, please contact us by email at privacy@apptegy.com.
Please note that some personal information provided by Schools and End Users on the Services may be viewable by the public generally (for example: a School message posted on Facebook via Thrillshare Media); and some personal information provided by Schools and End Users on the Services may be viewable by other Users (for example: a message posted on a group message via Thrillshare Rooms where other School-Created User Accounts in the Room have permission to view). As explained above, Schools and End Users under School-Created User Accounts make those choices and are responsible for them.
When we use and/or disclose personal information for legal purposes or in connection with our corporate business purposes, we will limit the personal information we provide as much as possible, and we will condition our sharing of that personal information on strict confidentiality restrictions and security instructions as often as possible.
Please note that we will not use or disclose information (whether personal or otherwise) about individual students collected from Schools or School-Created User Accounts for the purpose of commercial marketing or targeted advertising.
We may use and disclose anonymized or generalized (non-identifiable) aggregated information with third parties for various reasons, including to promote and improve our Services. In these circumstances, we will take appropriate measures to de-identify (and prevent any party from re-identifying) any information used or disclosed in this way.
4. ADVERTISING AND MARKETING; TRACKING; OPT-OUT
As explained above, if you are a School or a teacher, administrator, or staff member under a School-Created User Account, we may use your information for limited advertising and marketing purposes, including to contact you about Services that we believe may be of interest to you, and to promote other Apptegy resources and events. We will not contact End Users that we know are parents, guardians, and students with respect to the foregoing.
Our marketing communications will include instructions for how to opt-out of these communications or change your communication preferences. You may also contact us by email at privacy@apptegy.com to manage your marketing communication preferences at any time. Please note that certain information is required to use parts of the Services as intended (for example: to receive the communications sent by your School).
Please note that End User accounts are controlled and managed by the Client that added the End User to the Services (for example: the School that is your employer or that you attend as a student). In some instances, End Users that want to manage, change, disable, or deactivate their account or account preferences must contact the Client that invited or added them to the Services. Please see our Terms of Use for more information.
We use cookies, beacons, and other similar tracking technologies. These are small text files containing an identifier (a string of letters and numbers) that are sent by a website server to your browser when you visit a website and are stored in your browser. We only use these technologies for the purpose of providing and improving our Services for our Users. A few examples include: we use cookies that are necessary for the Services to function (for example: to remember your cookie preferences), to personalize the Services and to recognize you when you return to the Services (for example: to remember your language preferences), to help us measure and improve engagement with Users (for example: to analyze the usage trends and patterns for our different products), and to promote Services that we believe may be of interest to you. We do not use the technologies for third party targeted marketing or advertising purposes. In some cases, you may manage the use of cookies for our Services by adjusting your individual browser settings. You may learn more about managing cookies here: https://www.aboutcookies.org/. Please note that our Services do not currently process “do not track” features offered by some browsers and devices. Please also note that if you do not allow certain cookies, then the Services may not function properly.
We will not use or disclose information (whether personal or otherwise) about individual students collected from Schools or School-Created User Accounts for the purpose of commercial marketing or targeted advertising.
5. CALIFORNIA PRIVACY NOTICE
This California Privacy Notice describes how we as a business collect, use, disclose, and otherwise process personal information of individual residents of the State of California within the scope of the California Consumer Privacy Act of 2018 (“CCPA,” as amended by the California Privacy Rights Act of 2020, and its implementing regulations).
This California Privacy Notice applies only to individual users of our Services who are residents of the State of California, and only where we act as a “business” with or for that individual. For example, this section may apply for California residents who use our Services as a Visitor. For applicable Users, this section is a supplement to the other parts of this Policy.
However, if you are an End User using the Services under a School-Created User Account, this section does not apply to you because we do not act as a business with or for individual End Users. In these instances, as explained in more detail in section 2 above, the privacy and security policies of your School govern your personal information and your rights. Even though this section does not apply to individual End Users, below we have included the categories of personal information that might be collected at the direction of your School. Not all categories will be collected or received for every End User. We are providing this extra information as a courtesy and for information purposes only, and it does not change our obligations under the CCPA. As explained in section 2 above, personal information of End Users is under the direct control of the School, and we only collect End User personal information that is reasonably necessary to provide the Services requested by the Client.
As explained above, we collect limited personal information about individual Users with whom we have a direct “business” relationship. Not all categories will be collected or received for every individual. Under these circumstances, we may collect or receive (and may have collected or received during the 12-month period prior to the effective date of this Privacy Policy) the following categories of personal information:
- Identifiers. Apptegy collects identifiers (for example: name, address, phone number, email address, and other similar identifiers) from you, from your device or browser, and from our third party business relationships. For End Users, identifiers may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Online activity and device information. Apptegy collects online activity and device information (for example: IP address, browser and device data, browsing history, search history, usage data, analytics information) from you, from your device or browser, and from our third party business relationships. For End Users, online activity and device information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Communications. Apptegy collects communications (for example: content of communications with us, “contact us” submissions, emails, logs) from you, from your device or browser, and from our third party business relationships. For End Users, communications may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Geolocation. Apptegy collects general geolocation information (for example: location data from device or IP address) from you, from your device or browser, and from our third party business relationships. For End Users, general geolocation may be collected at the direction of your School depending on the Services being used by your School and its End Users. We do not collect precise geolocation.
- Biometric information. Apptegy does not collect biometric information (for example: hair color, height, voice, facial recognition). For End Users, verification data from your device provider and/or browser may be collected at the direction of your School depending on the Services being used by your School and its End Users to authenticate your login to the Services under the School’s account.
- Characteristics of protected classifications under CA law. Apptegy does not collect characteristics of protected classifications (for example: age, race, gender, disability). For End Users, protected classification information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Employment or professional information. Apptegy does not collect employment or professional information (for example: your School employer). For End Users, employment or professional information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Audio, visual, or similar sensory information. Apptegy collects audio, visual, or similar sensory information (for example: photographs, voice and video recordings of calls with us (where permitted by law)) from you. For End Users, audio, visual, or similar sensory information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Commercial information. Apptegy collects commercial information (for example: information related to Services you have accessed or purchased, purchasing history and tendencies) from you, from your device or browser, and from our third party business relationships. For End Users, commercial information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Other personal information. Apptegy collects other personal information (for example: any information about you that is included in user generated content) from you, from your device or browser, and from our third party business relationships. For End Users, other personal information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Inferences. Apptegy collects inferences (for example: information that could be used to create a user profile reflecting your preferences, attitudes, behavior, and similar characteristics) from you, from your device or browser, and from our third party business relationships. For End Users, other inferences may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Financial information. Apptegy does not collect financial information (for example: credit card and debit card numbers, account numbers) except for Client payment information. For End Users, financial information may be collected at the direction of your School depending on the Services being used by your School and its End Users.
- Sensitive personal information. Sensitive personal information (for example: social security numbers and other government-issued identifiers; precise geolocation) is not collected.
Please also see section 2 above for more information about the personal information we collect. We may in some instances collect personal information other than what is set out in the table above (for example: for legal purposes or when you include information in communications with us that we don’t ordinarily collect).
We may use your personal information for the purposes described in section 3 above (How We Use and Disclose Your Information). This includes:
- To provide and operate our Services;
- As you direct or consent;
- To maintain security and availability of the Services;
- For legal purposes;
- To contact you about Services, resources and events (we will not contact School-Created User Accounts that we know are parents, guardians, or students);
- For account servicing and maintenance;
- To measure and improve client engagement; and
- For corporate business purposes.
Please see section 3 above for additional information.
As also discussed in section 3 above, we may disclose personal information to the following categories of third parties for a business purpose:
- Our third party vendors to provide, promote, or improve our Services. We may use and disclose personal information with third parties when it is necessary to provide the Services or for our business (for example: when an End User uses the Services to post a social media, SMS, email, or voice communication that includes personal information; or when we need to process payments from Clients; or when we translate content that includes personal information from English into other languages; or when we need help to ensure compliance with appropriate security standards).
- Social media messaging vendors who enable the delivery of social media messages. We may use and disclose personal information with third parties to enable and transmit social media messages via the Services.
- Email vendors who enable the delivery of email messages. We may use and disclose personal information with third parties to enable and transmit emails via the Services.
- Mobile messaging vendors who enable the delivery of mobile messages. We may use and disclose personal information with third parties to enable and transmit SMS/MMS/Mobile messages via the Services.
- Voice/VOIP and other audible messaging vendors who enable the delivery of voice/VOIP and audible messages. We may use and disclose personal information with third parties to enable and transmit voice/VOIP and audible messages via the Services.
- Third parties at your direction. We may use and disclose personal information with third parties at your direction or with your consent (for example: third parties you choose to interact with via the Services).
- Third party analytics and performance vendors. We may use and disclose personal information with third parties to measure and improve client engagement (for example: we use Google Analytics and Pendo to help us understand how our users use the Services).
- Third party security and technology vendors. We may use and disclose personal information with third parties for servicing and maintaining the Services (for example: to help us with security measures, billing, or technical support).
Please also see section 3 above for more information about how we may disclose personal information. We may in some instances disclose personal information with third parties for other purposes than what is set out in the table above (for example: in connection with our corporate business purposes or for legal purposes).
Please note that we do not sell or otherwise attempt to monetize your personal information with third parties. However, under the CCPA, some of our activities may be considered “sales” of information or cross-context behavioral advertising . For example, we may disclose “identifiers” (see above) with our third party business partners, or use tracking technologies as described above, to help us promote Apptegy and our Services to Users that are Visitors. We do not promote Apptegy or our Services through cross-context behavioral advertising to End Users and School-Created User Accounts (for example: students, parents, and guardians).
Please note that, as stated above, we will not sell or share personal information about individual consumers under the age of legal majority for the purpose of commercial marketing or targeted advertising. For more information about our practices and policies for children’s personal information, please see section 8 below and our Terms.
For more information about our California Student Privacy Certification for practices relating to the personal information of children, please see section 8 below.
We keep the personal information we collect about you for as long as is needed and appropriate for your use of the Services as set out in our Terms and this Privacy Policy. We dispose of the information we collect in accordance with our data retention policies and procedures. Please see section 9 below for more information.
If you are a qualifying California resident under CCPA, we provide the following rights with respect to your personal information when we act as a “business” with or for you (subject to certain limitations in the CCPA):
- Right to know. Upon verifiable request we will provide you with the following information about your personal information over the prior 12 months: (1) the specific pieces and categories of personal information we have collected about you; (2) the categories of sources from which we have collected your personal information; (3) our business purposes for collecting, selling, and sharing your personal information; (4) the categories of third parties with which we have shared your personal information; (5) the categories of personal information we have disclosed about you for a business purpose; and (6) if applicable, categories of personal information we have sold or shared about you, and the categories of third parties to which the personal information was sold or shared, for cross-context behavioral advertising.
- Right to delete. Upon verifiable request we will delete personal information we have collected about you and will direct our service providers to do the same, subject to certain exceptions in the CCPA.
- Right to opt out of sales and sharing to third parties for cross-context behavioral advertising. We do not sell your personal information to third parties. Notwithstanding that, you have the right to direct us to not sell or share your personal information to third parties for cross-context behavioral advertising. In addition, we have provided our users with a link to submit this request, found here: www.apptegy.com/donotsellmypersonalinformation. Please note that if you are not logged into an account when you submit an opt-out request, your request will only be associated with the that browser. Please also note that if you opt-out from cross-context behavioral advertising, you may still receive ads about Apptegy but they will not be tailored to you.
- Right to correct. Upon verifiable request we will correct any personal information that we have collected about you that is incorrect.
- Limit use and disclosure of sensitive personal information. We do not collect sensitive personal information. Notwithstanding that, you have the right to limit our use and disclosure of sensitive personal information to certain purposes in accordance with the CCPA.
- Right to not be subject to discrimination for enforcing your CCPA rights. You will not be discriminated against by us for your exercise of CCPA rights. We will not refuse the Services, change pricing, or provide a different quality of Services because of your exercise of CCPA rights. However, please note that in some instances, exercising certain CCPA rights may cause us to be unable to provide you with our Services because certain parts of the Services require personal information to function.
Please note, as explained above at the beginning of section 5 and in section 2.A, this section does not apply to you if you use our Services as an End User with a School-Created User Account or under an account of a School. In these instances, please contact your School about your personal information and your rights.
Please note that we will need to verify your identity before processing CCPA and other California requests, which may require us to request and obtain additional information from you. To do so, we may ask that you provide us with your first name, middle name, last name, email address, phone number, and address. We may also ask you to provide answers to questions about yourself to help verify your identity. We may also use or rely on third-party identity services to help us with identification verification and defend against fraudulent requests. We will use that information only to review and address your requests. We reserve the right to decline or limit requests in certain circumstances – for example, when we are unable to verify your identity or locate information in our systems, or when you have previously made two CCPA requests in the prior 12 months, or as otherwise permitted by applicable law.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your CCPA and other California rights. Before accepting such a request from an agent, we will require the agent to provide us with proof that you have authorized it to act on your behalf, and we may also need you to verify your identity directly with us.
Please note that we will also comply with valid requests from California residents that have an established business relationship with us under California’s “Shine the Light” law.
We do not provide financial incentives related to the collection, use, or disclosure of personal information.
If you have questions, or would like to exercise any of your rights under the CCPA, please contact us at any of the following:
- By email at privacy@apptegy.com;
- By telephone at 1-888-501-0024; or
- By mail at Apptegy Inc., c/o Data Protection Officer, 2201 Brookwood Drive, Suite 115, Little Rock, AR 72202.
6. EUROPEAN UNION AND UNITED KINGDOM PRIVACY NOTICE
If you are an individual resident of the European Union or the United Kingdom, you have certain rights with respect to your personal information, including under the General Data Protection Regulation (“GDPR”) and the GDPR as transposed into the law of the United Kingdom (“UK GDPR”). This includes, among other rights, the right to be informed and request access to the personal information about you that we have collected via our Services. You may also have the right to ask that your personal information be corrected, updated, or deleted.
Please note that we will comply with valid requests from residents of the European Union and the United Kingdom subject to relevant legal exemptions. Please also note that we will need to verify your identity before processing any such requests, which may require us to request and obtain additional information from you. We will use that information only to review and address your requests. We reserve the right to decline or limit requests in certain circumstances – for example, when we are unable to verify your identity or locate information in our systems, or as otherwise permitted by applicable law.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under this section. Before accepting such a request from an agent, we will require the agent to provide us with proof that you have authorized them to act on your behalf, and we may also need you to verify your identity directly with us.
If you use our Services under an account of a School, please contact your School about your personal information and your rights. Otherwise, if you have questions, or would like to exercise any of your rights under the GDPR, UK GDPR, or any similar right, as an individual user under an individual account, please contact us, care of our Data Protection Officer, at any of the following:
- By email at privacy@apptegy.com;
- By telephone at 1-888-501-0024; or
- By mail at Apptegy Inc., c/o Data Protection Officer, 2201 Brookwood Drive, Suite 115, Little Rock, AR 72202.
You may also contact the data protection authority of your jurisdiction.
7. CANADIAN RESIDENTS
If you are a Canadian resident, this section applies to you.
Consent: By submitting personal information to us, or our service providers and agents, you consent to the collection use, disclosure, and transfer of your personal information in accordance with this Privacy Policy and as permitted or required by law. You may withdraw your consent at any time to the collection, use, disclosure, or transfer of your personal information time by contacting us at privacy@apptegy.com. If you withdraw your consent (or if you decide not to provide certain personal information), you acknowledge that we may not be able to provide you, or continue to provide you, with certain products, services, or information that may be of value to you.
Retention of Personal Information: The personal information that you provide will be retained by us in accordance with applicable laws. However, we will take reasonable steps to destroy or permanently de-identify personal information we hold if it is no longer needed for the purposes for which it was collected.
Access and Correction: We will take reasonable steps to ensure the personal information we hold is accurate, complete and up-to-date. Upon your written request, and subject to certain exceptions provided by law, we will inform you of the existence, use, and disclosure of your personal information and give you access to that information. We may charge a minimal fee for providing such access to you. If you believe that the personal information that we hold about you is not accurate or complete, you may write to us at privacy@apptegy.com. If you are able to establish that the information is not accurate or complete, we will take reasonable steps to delete and/or correct the information so that it is accurate, complete, and up-to-date. In order to facilitate a request to correct or update information, we may ask you to provide additional information to confirm your identity. Any such information will only be used for the purpose of confirming your identity and will not be retained by us.
Interest-Based Advertising: To opt-out of interest-based advertising, and to find information about how to block or limit cookies, visit AdChoices, the Canadian self-regulatory program for online interest-based advertising, administered by the Digital Advertising Alliance of Canada (“DAAC”).
Canada’s Anti Spam Law (“CASL”)
We will only send you commercial electronic messages (“CEMs”) where we have your express or implied consent to do so. Your consent to receive CEMs is implied where we have an existing business relationship with you, or you have reached out to us and made an inquiry within a certain time frame. You may unsubscribe from receiving CEMs at any time, by clicking the unsubscribe button on an email or following the direction provided in a text message. This paragraph only applies to CEMs that are sent by Apptegy on its own behalf. CEMs sent by customers using the Services are the sole responsibility of the particular customer.
8. CHILDREN’S AND STUDENT DATA PRIVACY
Protecting children’s and students’ privacy is especially important to us. We participate in the iKeepSafe COPPA Safe Harbor program. We have been granted the iKeepSafe COPPA Safe Harbor seal signifying that our Site and Thrillshare, as well as the software that runs the Site and Thrillshare, have been reviewed and approved for having policies and practices surrounding the collection, use, maintenance, and disclosure of personal information from children consistent with the iKeepSafe COPPA Safe Harbor program guidelines. COPPA protects the online privacy of Children under the age of 13.
We also participate in the iKeepSafe FERPA Certification and California Student Privacy Certification programs. We have been granted the iKeepSafe FERPA Certified seal and the California Student Privacy Certification seal signifying that our Site and Thrillshare, as well as the software that runs the Site and Thrillshare, have been reviewed and approved for having policies and practices surrounding the collection, use, maintenance, and disclosure of personal information from children consistent with the iKeepSafe FERPA Certification and California Student Privacy Certification program guidelines.
For additional information please visit https://ikeepsafe.org/certifications/ or email IKeepSafe Safe Harbor program at privacy@ikeepsafe.org.
We do not intentionally request, collect, store, or use personal information from or about any child under the age of legal majority for our own use. We only request, collect, store, and use personal information about children as is necessary to provide the Services to our Clients and Users, and only as requested by the Client, as explained more fully in this Policy and in our Terms of Use. If we learn that we have unintentionally collected personal information from or about a child other than as set out in this Policy and in our Terms of Use, we will delete that information as soon as reasonably practicable. Please see our Terms of Use for more information about the limited circumstances when children may use the Services.
As explained above, our Clients are often Schools. In providing the Services to Schools we may receive student data from or about children as a necessary part of providing the Services to the Client. We may receive student data from a School directly (for example: student data about the students attending the School) or from End Users using our Services under a School-Created User Account (for example: a teacher, student, parent, or guardian using the Services set up by their School). The student data we receive may include educational records and other personal information about students. When we receive student data in connection with providing the Services for a Client, we collect, use, and maintain it under the direct control of the Client and only as is necessary to provide the Services requested by the Client and its End Users. Apptegy does not disclose student information to third parties except as reasonably necessary to support the internal operations of the Services, as further set out in Section 3 above.
Please see Section 2.A above (Personal Information from Schools and Under School Accounts) for more information about student information provided by and collected from Schools and End Users using Services under a School account, including children under the age of 13.
If you are an End User using the Services under a Client account (for example: a student, parent, or guardian using a School-Created User Account), and you have questions or requests about the personal information of a student or want to review the personal information of a student that has been collected by Apptegy, please contact your School directly.
Apptegy respects and values the privacy of student data, and we work hard to protect it. When a law or regulation creates direct obligations for Apptegy about student data privacy, we comply with it. For example, Apptegy collects, uses, and maintains student data in accordance with the Family Educational Rights and Privacy Act (“FERPA”) and the Children’s Online Privacy and Protection Act (“COPPA”), and only as is set out in this Policy and the Terms of Use. When a law or regulation creates obligations for a Client about student data privacy, we work with the Client to allow the Client to comply. For example, through the Services, Apptegy collects, uses, and maintains student data under the direct control of the Client as is required under FERPA.
Without limiting the generality of the foregoing, Apptegy relies on the Client to obtain the required legal consents from End Users invited or added to the Services by the Client, including parents, guardians, and students. Our Clients consent, as agents for and on behalf of the children, parents, and guardians invited or added to the Services by the Client, to Apptegy’s collection, use, and storage of personal information about or from the children. We rely on our Clients’ consent per the previous sentence for the purposes of complying with COPPA, and we are authorized to presume that Clients have obtained and will maintain all required parent or guardian consent for Apptegy’s collection, use, and disclosure of information for any children under the age of thirteen (13) that are invited or added to the Services under Client accounts. This is because, as explained above, our Clients are the Schools; we do not have direct relationships with individual End Users of the Services. As such, if you are a School and invite or add children to use the Services under your Client account, or if you allow the End Users under your account to provide personal information for or about children, you represent and warrant that you are consenting as agents for and on behalf of your End Users (as set out above) or have obtained and will maintain all required consents from students, parents, and guardians, as applicable, for Apptegy’s collection, use, and storage of personal information from or about any children under your account, including children under the age of thirteen (13).
PLEASE NOTE that some or all of the information we collect about or from End Users may not be private as to the individual User. For example, for Users of Rooms, information shared by a User via a message feature of Rooms will be visible to Client, as the party providing access to the Services to its Users. In some circumstances, information provided by or about a child may be available or visible to other individual Users. For example, for Users of Rooms, information about a child that is posted in the group messaging tool in a child’s Room may be visible to other individual Users that are also authorized users for the same Room. Apptegy will collect, use, and disclose such information in accordance with this Privacy Policy and our Terms.
PLEASE NOTE while many parts of the Services do not require personal information to function as intended, and we will not collect more personal information than is reasonably necessary to support the internal operations of the Services, we encourage parents and guardians to monitor their child’s use of the Services, particularly Rooms, and to assist us by instructing them to never provide personal information on the Services, particularly including Rooms, without your permission.
PLEASE NOTE that if you discover or are made aware of any activity or information on the Services that is or may be connected to the abduction or sexual exploitation of a child, you should contact law enforcement authorities immediately. Please see the National Center for Missing and Exploited Children (NCMEC) (www.missingkids.org/education) for more information and resources related to abduction and child sexual exploitation prevention.
As discussed above, we may use and disclose personal information with and to third parties when it is necessary to provide the Services or for our business. For a list of third parties with whom we share student data or child personal information, please contact us by email at privacy@apptegy.com or visit www.apptegy.com/privacy-policy/service-providers.
9. SECURITY OF INFORMATION; DATA TRANSFERS AND RETENTION
Personal information is very important to us, and we continuously work to keep it secure and to improve our practices. We maintain administrative, technical, and physical controls and practices that we believe are reasonable to safeguard against the unauthorized access and use of personal information. For example, we conduct periodic system evaluations, maintain system and security certifications, manage and log system access, and perform and maintain regular backups. We use industry-accepted encryption practices to protect personal information during transfer and at rest. Our employees and contract personnel receive privacy and security training, and are bound by our personal information policies. Finally, we work to stay informed about industry requirements and changing standards. Notwithstanding the foregoing, we cannot and do not guarantee the total security of your information in all circumstances.
If we become aware of a security incident, we will comply with applicable law. We will notify impacted Clients of verified security incidents as soon as practicable, and respond to them, in accordance with your Client Agreement (as defined in the Terms of Use) and applicable law. If you are an impacted End User (for example: a teacher, staff, student, parent, or guardian added to the Services by a School), we will notify you of verified security incidents, and respond to them, in accordance with the instructions of the Client that added you to the Services (for example: the School that is your employer or that you attend as a student) and applicable law. If you are an impacted Visitor and you do not use the Services as an End User (for example: an individual browsing a public part of the Sites that does not require a log-in or an invitation from a Client), we will notify you of verified security incidents, and respond to them, in accordance with applicable law.
We are based in the United States. Your information will be accessed, transferred, processed, and stored in the United States. We also have offices and personnel in locations outside of the United States, including Mexico. In some circumstances your information may be accessed, transferred, processed, or stored outside of the United States when that is reasonably necessary to provide, operate, or maintain the Services (for example: to process information updates for School-Created User Accounts; or to provide maintenance and support for parts of the Services). We maintain administrative, technical, and physical controls and practices that we believe are reasonable to safeguard the access, transfer, processing, and storage of personal information in and to all locations where we do business. By using the Services, or providing us with any information, you are consenting to the access, transfer, processing, and storage of your information, including personal information, in the United States and in the other locations where we do business.
How we retain and delete personal information from or about you depends on our relationship with you. Specifically:
- If you are a Client (for example: a School), we will retain and delete personal information we collect from or about you and your End Users according to your instructions, and in accordance with your Client Agreement (as defined in the Terms of Use) and applicable law. When you are no longer a Client (for example: if your Client Agreement ends), we will delete personal information associated with your Client account in accordance with your Client Agreement and applicable law, and as soon as reasonably practicable after the termination of your Client relationship. If you are a Client and have questions or requests about retaining or deleting personal information associated with your Client account, please contact us by any of the methods set out below in the section 10 titled “Contact Us”; or
- If you are an End User (for example: a teacher, staff, student, parent, or guardian added to the Services by a School), we will retain and delete personal information from or about you according to the instructions of the Client that added you to the Services (for example: the School that is your employer or that you attend as a student) and applicable law. If you are an End User and have questions or requests about retaining or deleting personal information under your School’s Client account or your School-Created User Account, please direct those questions and requests directly to your School. If you contact us regarding these questions and requests, we will direct them to your School; or
- If you are a Visitor and you do not use the Services as an End User (for example: an individual browsing a public part of the Sites that does not require a log-in or an invitation from a Client), then we may retain personal information we collect pursuant to this Policy for as long as permitted under applicable law. If you are a Visitor and have questions or requests about retaining or deleting personal information associated with you, please contact us by any of the methods set out below in the section 10 titled “Contact Us.”
10. CONTACT US
If you have questions about our policies or any related matter, please contact us at any of the following:
- By email at privacy@apptegy.com;
- By telephone at 1-888-501-0024; or
- By mail at Apptegy Inc., c/o Data Protection Officer, 2201 Brookwood Drive, Suite 115, Little Rock, AR 72202.
11. THIRD PARTY FUNCTIONALITY AND TOOLS
We use third party providers for various aspects of our Services. For example, Schools (or End Users under School-Created User Accounts) may use the Services to post a communication to a Facebook or Twitter account, or to translate a communication from English to another language. In addition, there may be links or references on our Services to products and services that are offered by third parties. By using any part of the Services that incorporates or is made available by a third party, you will also be subject to the third party practices and policies associated with the third party services that you use. Please note that these third party practices and policies may be materially different than our practices and policies, especially with respect to privacy and security. Please note that we are not responsible for the practices and policies of any third party, including privacy and security practices and policies. If you choose to access or use any third party product or service, you do so at your own risk.
For additional information about our third party providers and partners, please see our Terms of Use, accessible at www.apptegy.com/terms-and-conditions.
12. MISCELLANEOUS
We may change this Policy from time to time in our discretion. The most current version will always be at the following link: https://www.apptegy.com/privacy. We encourage you to review it regularly. Any changes will be effective immediately upon us posting the updated Policy. If we make updates or changes, we will give notice by updating the posted date for this Policy. In some cases and in our sole discretion, we may provide additional notice (for example: by a pop-up or banner notice on the Services, or by sending you an email notification). By continuing to use the Services after changes are effective, you will be bound by the revised Policy. If you do not agree with any updates to the Policy, you may not continue to use the Services. Notwithstanding the foregoing, if we make updates or changes that materially change User rights with respect to personal information, or reduce the level of protection for personal information, we will comply with applicable law. We will provide you with advance notice on the Services and, if required by applicable law, request your consent. For impacted Clients, we will also provide notice to you via the contact information you have provided to us. Please return to this page periodically to ensure you are familiar with the most current version of the Policy.
Please feel free to contact us with respect to any question about this Privacy Policy at:
- 1-888-501-0024
- privacy@apptegy.com
- Apptegy, Inc., 2201 Brookwood Drive, Suite 115, Little Rock, Arkansas 72202
Effective: May 31, 2023