Privacy Policy

Last updated: Aug 14, 2024

Securly, Inc. (“Securly,” “we,” “our” or “us”) recognizes the importance of privacy. This Privacy Policy describes how we collect, store, use and disclose, or otherwise process (collectively “process”) information, including personal information.

Securly Collects different information about different types of users and uses that information for different purposes, as described in this Privacy Policy. If you are a Student, Parent, or Educator, see Section 1 for a description of the processing of data collected through Securly’s software products and services (“Services”). If you are an adult visiting our website, see Section 2 for a description of the processing of data collected through Securly’s website, www.securly.com (the “Site”).

Section 1: For Students, Parents, and Educators using our Services

How Securly processes information collected through our Services

This section of the Privacy Policy covers data from Students, Parents, and Educators as they interact with Services, including

• Cloud-based web filtering (such as Filter);
• cyber-bullying and self-harm detection (such as Aware and Observe);
• Student wellness monitoring tools (such as Rhithm);
• AI generated data analysis (such as Discern);
• digital classroom management tools (such as Classroom, Pass, Flex, and Visitor);
• at School and take-home policies for School issued devices (such as MDM); and
• the Parent mobile app (such as Home)

Additionally, this policy covers all Services previously offered by Rhithm and Eduspire Solutions that link to this Policy.

When Securly’s customers—schools, districts, or other educational institutions that are its customers (collectively “Schools”)—install and use Securly Services, we collect information about the Schools’ students (“Students”) and their parents or guardians (“Parents”), as well as teachers, officials, and other School employees (collectively “Educators”).

Information collected via the Services, is processed by Securly as a data processor or service provider on behalf of Schools. The Schools are the controllers of any personal information collected through the Services. This information will be treated in accordance with this section of this Privacy Policy as well as our Terms of Use and is also subject to the policies and practices of the School on whose behalf we are processing the information.

To provide the Services for which Schools contract with us, Securly collects personal information from Students for the sole use and benefit of the Students and the School in the educational context as authorized by Schools, and for no other commercial purpose.

a. Applicable Federal Law

We are committed to complying with the Federal Educational Rights and Privacy Act (“FERPA”) at 20 U.S.C. 1232g (34 CFR Part 99), the Children's Online Privacy Protection Act (“COPPA”), 15 U.S.C. 6501-6506, in all applicable respects with regard to the collection, use, disclosure, and retention of Student Information.

FERPA

Under FERPA, when Schools contract for Securly Services, Securly functions as a School Official, which has a legitimate educational interest in Students’ education records. In accordance with FERPA, Securly (i) performs an institutional service or function for which the School would otherwise use employees; (ii) remains under the direct control of the School regarding the use and maintenance of education records; and (iii) agrees to use Student Information from education records only for the purposes for which the disclosure was made, e.g., to promote School safety and the physical security of Students, and will not disclose Student Information from education records for any other purpose. “Student Information” includes any information about a Student that is linked to that Student’s identity. Anonymized and aggregated Student data is not Student Information.

COPPA

Under COPPA, parental consent is required to collect personal information online from children under 13. When Schools use our Services, the School consents on behalf of Parents to the collection and use of personal information from Students as part of signing up to use the Services.

b. Consent

By contracting for the Services, Schools provide consent for Securly to collect and use personal information, anonymous information, and aggregate information about Students as a School Official on behalf of the School. Schools are responsible for confirming that they are authorized to consent to the collection and use of this information and to obtain any necessary consents from the Parent or Student.

In order to use Securly Services, Schools must consent to the collection and use of Student Information Use of the Services, and any dispute over privacy, is subject to this Policy and our Terms of Service including its applicable limitations on damages and resolution of disputes. This Policy is incorporated by reference into the Terms of Service.

Student Information will not be used for any purpose unrelated to the provision the Services without consent. Securly may, however, use aggregated or anonymized Student data for the improvement of its Services. Consent for the processing of Student Information may be withdrawn by a School, Parent, or eligible Student at any time. However, withdrawing consent may result in Students’ inability to continue using some or all of the Services.

Parents and Educators who are adult users of the Services consent to collection of their own personal information through their use of the Services.

c. Types of Information Collected by the Services

The Services may collect information directly from Schools, Students, Parents, Educators, third parties, and directly from use of the Services. Such information may include, but is not limited to, Student Information, which includes identifiable information about the Student’s online activity, social media usernames and activity, electronic communications, and general web browsing activity.

Information the Services Collect Directly

When the Services are used, we collect Students' mobile device ID; device name and model; and operating system type, name, and version of School issued devices.

Information the Services Collect Automatically

In order to provide our Services and to understand a Student's activity while using our Services, we may automatically collect the following information about a Student through cookies, web beacons, and other technologies: information regarding a Student's personal computing device, browser type, browser language, operating system, Internet Protocol (“IP”) address, and the actions a Student takes while using the Services including while online (such as the web pages viewed or blocked, the length of time a Student visited a website, links clicked, and messages sent or posted).

When Students use the Services on a personal computing device, we may use geolocation information to determine their current location. Such information is specific to the device only and is not specific to any Student. We may also use elements of a Student’s usage and analytics information (such as IP address) to determine their generalized location.

Student Information Collected from Social Networking Sites

If Students use Facebook, X, or other social networking sites, Securly will collect Students’ activity on those sites (“Social Networking Activity”), including posts to Students’ Facebook, Twitter, or Google+ accounts, and other messaging activity for purposes of providing the Services, including, as applicable, for detection of cyber-bullying or self harm protection. Securly will collect Students’ Social Networking Activity even if Students have chosen not to make that activity public. We store Students’ Social Networking Activity with other information that we collect from Students.

d. How the Services Use Student Information

We use Student Information in the following ways:

• To provide Services to Schools including to respond to customer service and technical support issues and requests. If a Student runs into technical errors while using the Services, we may request School permission to obtain a crash report along with certain logging information from the computing device utilized by the Student documenting the error. This may include information regarding the device's Operating System version, hardware, and browser version (and .NET version information in case of Windows systems).
• To log Students’ online activities on behalf of Schools, including the information a Student distributes, displays, or shares, to provide Schools and Parents with alerts, reports, and logs regarding the same. Such reports may include class or School-wide Student activity reports, to allow Schools to conduct comparative analyses of Students.

We do not use Student Information in the following ways:

• We do not collect Student Information for the purpose of sale of such information in any way or for building commercial Student profiles, or for any other commercial purposes not related to the provision of the Services.
• We do not use Student Information for advertising.

We may use aggregate or de-identified Student Information for the following purposes:

• To monitor and analyze the Services and for technical administration;
• To better understand how Students access and use our Services;
• To improve and analyze our Services, such as by refining the types of activities that trigger (or do not trigger) an alert; and
• For other research and analytical purposes related to the Services.

e. How the Services Share Student Information

Service Providers. We may disclose Student Information to third-party vendors, service providers, contractors, or agents (collectively “Service Providers”) who perform contractually defined functions on our behalf. We may engage Service Providers to perform Services (e.g., hosting) that may involve their access, use or storage of Student Information on our behalf. Service Providers have limited access to databases of Student Information solely for the purpose of helping us provide the contracted Services, and we have put in place contractual and other organizational safeguards requiring them to take steps to ensure a proper level of protection for Student Information. These third parties are contractually bound to treat Student Information in accordance with our privacy and security policies and commitments. Except as explained above, we do not disclose or transfer Student Information to third parties except for authorized educational/School purposes or as directed by the Schools that have engaged us to provide Services. We prohibit Service Providers from using Student Information for any purpose other than providing the contracted service.

Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer Student Information we have collected to the other company, provided the successor entity is subject to equivalent privacy and security commitments as Securly and the information disclosed continues to be used for only educational/school purposes.

In Response to Legal Process. We may disclose Student Information to comply with the law, a judicial proceeding, court order, subpoena, or other legal process. In particular, many states have laws that require specific categories of persons, or any person, to report certain matters pertaining to child safety to relevant state or local authorities. These matters may include any reasonable suspicion of child abuse or neglect or the presence of child sexual abuse material. We may therefore be required by law to report information from certain alerts to relevant state or local authorities in these states.

To Protect Us and Others. We also may disclose Student Information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Student Policy, or as evidence in litigation in which Securly is involved.

With Schools and Parents. In compliance with COPPA and FERPA, Schools and Parents are able to log in to view information about their Students’ use of certain Services.

Aggregate and De-Identified Information. We may also use and share aggregate or de-identified information about students or children with third parties for research and analytical purposes.

f. Information Students Share with Third Parties

Students may be able to voluntarily share their Student Information with third parties, including Social Networking Activity, while using the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that Students may provide to third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. Please consult their respective privacy policies. We have no control over how any third-party site uses or controls the information that it collects directly from Students.

g. Security of Student Information

The security of Student Information is important to us. We have implemented a security program that is reasonably designed to protect the Student Information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented technical, contractual, administrative, and physical security steps and other organizational safeguards designed to protect personal information. This includes the use of authentication technologies, encryption where appropriate, and a securely configured network.

We have implemented procedures limiting the dissemination of Student Information to such designated Service Providers and Securly employees only as are reasonably necessary to carry out that Service Provider's or employee's specific role.

Please be aware that despite our best efforts, no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We cannot guarantee that our Services will always be perfectly secure, and we are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

If we learn of a security breach that undermines the integrity and confidentiality of Student Information, we will notify affected customers in accordance with applicable law, contractual obligations, and industry practices. With the school's permission, we may also post a notice on the Securly website or elsewhere on the Service. Depending on the jurisdiction, affected teachers and students may be entitled by law to receive a written notice of a security breach.

h. Your Rights to Review, Delete and Control Our Use of Student Information

We will make reasonable efforts to keep Student Information accurate and up-to-date, and we will provide Students, Parents, and Educators with mechanisms to review, update, and correct Students' personal information as appropriate and/or desired.

Schools will control the Student Information we have collected and have all rights to review it, to delete it, and to tell us to no longer use it.

Notwithstanding the foregoing, Student Information will be deleted in all cases, including personal information held by our Service Providers, when a School instructs us that it is no longer needed for the purpose for which it was collected. All retained Student Information will remain subject to the terms of this Policy.

If we learn we have collected personal information about a Student without proper consent, we will delete that information as quickly as possible.

You can make a request to exercise Student Data rights by contacting us at support@securly.com or calling 1 (855) 732-8759 (ext. 101). We will review your request and respond accordingly.

i. Securly Classroom

Securly Classroom imports data using Google APIs to make the data available to Students and Educators through the Securly Classroom application. Chrome OS data is imported to allow Students and Educators to view and manage Chrome devices. Domain information is imported (OU list) to display and allow Schools to move devices between OUs and activate Lost Mode in Securly Classroom. User profile data is imported to provide class roster information to teachers and recognize Students based on their email address. User profile data also provides user photos in Securly Classroom. Classroom APIs are accessed to provide roster information and to allow teachers to access Classwork for use in managing classes.

The sole purpose for accessing all data from the Google domain is to provide the Securly Services to the School. No data is shared with any outside organization for any reason. The data is used exclusively to provide Schools the management services of the Securly products to which they subscribe.

Securly Classroom does not transfer information received from Google APIs to any application outside of products that are part of Securly’s integrated suite of applications. The use of all information received through the APIs will adhere to the Google API Services user Data Policy, including the Limited Use requirements.

j. Securly Filter

Securly Filter uses YouTube APIs to enable schools and parents to see titles and thumbnails of YouTube URLs for videos or channels. To the extent schools permit Students to access YouTube content, Students may be sharing personal information with YouTube. YouTube’s collection and use of that data is subject to YouTube’s Terms of Service (https://www.youtube.com/t/terms) and the Google Privacy Policy at http://www.google.com/policies/privacy. As explained in section f. above, we have no control over how YouTube uses the information that it collects directly from Students.

k. Parent and Educator Data

To the extent that Parents or Educators interact with the Services, we may collect some minimal personal information about those individuals. This information is often combined with Student Information and is typically limited to name and contact information.

We may use information about Parents or Educators to communicate about your account and use of our Services. Parents or Educators who opt-out of receiving emails about recommendations or other information may still receive transactional e-mails, such as about your account or any services you have requested or received from us.

Section 2: For adults visiting the Securly Site

How Securly processes information collected through our Site

This Section of the Privacy Policy describes how Securly collects and processes data from adults who interact with our Site. Nothing in this Section of the Privacy Policy describes the processing of Student data. For the purposes of this Privacy Policy, visitors to the Site are referred to as Site Visitors.

Site Visitors are adults. The Site is not directed to children under the age of 18, and we do not knowingly collect personal information from children under the age of 18 on the Site. If we discover that we inadvertently collected information from a child under the age of 18 through the Site, we will promptly delete it. By visiting our Site, Site Visitors acknowledge that you have been given this notice about how your information, including personal information, will be handled as described in this Policy. Your use of the Site, and any dispute over privacy, is subject to this Policy and our Terms of Use including any applicable limitations on damages and resolution of disputes. The Terms of Use are incorporated by reference into this Policy.

We process Site Visitors’ personal information as set forth in this Section of the Privacy Policy or otherwise with Site Visitors’ consent or as permitted or required by law. W e base our processing of Site Visitors’ personal information on consent, Site Visitors may withdraw your consent at any time. However, withdrawing consent may result in our inability to continue providing Site Visitors with access to the Site.

With respect to Site Visitors’ personal information, Securly, Inc. and Securly Ltd. are the controllers of Site Visitors’ personal information.

We may collect information about Site Visitors, including personal information (as defined by applicable privacy law), directly from Site Visitors, from third parties, or automatically though Site Visitors’ use of the Site. We may combine certain information we collect from these various sources.

a. Information We Collect Directly from Site Visitors

We collect information (including personal information) from Site Visitors directly as set out below.

• Account and Registration Information. We collect personal information from Site Visitors who sign up for an account with us, including name and email address. We may also ask or allow Site Visitors to submit additional account information, such as phone number, student name, student school, location of school. Site Visitors may browse parts of our Site without creating an account.
• Communication. We collect personal information from Site Visitors who communicate with us, including a Site Visitor’s name and email address. We may also ask or allow Site Visitors to submit additional account information, such as a phone number. Site Visitors may browse parts of our Site without creating an account.
• Customer Support. We collect personal information Site Visitors provide when submitting a request through our Site, such as an email address, or if Site Visitors otherwise contact our customer support services via email, phone, or chat, related to an inquiry or complaint. We keep a copy of such records in our customer files.
• Newsletters and Updates. Site Visitors can also sign up to receive emails and offers from us by submitting a name, email address, and zip code or area code. For information on how to opt-out of receiving newsletters and updates via email please see below.
• Other Information We Collect Regarding Site Visitors’ Usage of Our Site. We collect personal information about your use of our Site, such as your purchase history, online related activity such as sites visited, online searches and videos watched, email content, email address, and geolocation information.

b. Information We Collect from Third-Party Sources

We may also collect information about Site Visitors from third parties, which we combine with the information we have collected via the Site.

Information We Collect Automatically

We automatically collect information about Site Visitors through the use of our Site, including Site Visitors’ IP addresses (“Usage Data”). For more information, please see the Cookie and Other Tracking Mechanisms Section further below.

c. Purposes and Legal Bases of Use for Processing Site Visitor Information

We process Site Visitors’ personal information for the following legal bases:

Performance of Contract: We process Site Visitors' personal information as necessary to enter into or carry out the performance of a contract with you, for example creating your customer account and processing your payments, or with a school or other institutional customer.

Our Legitimate Business Interests. We process Site Visitors' personal information in furtherance of our legitimate business interests, which are not overridden by Site Visitors' interests and fundamental rights, including:

• Performance of contracts with customers and other parties
• Implementation and operation of support services for our business operations
• Improving our Site and services, developing reports, and similar purposes
• Customer relationship management and improving our Site and services, including other forms of marketing and analytics
• Fraud detection and prevention, including misuse of our Site or services
• Physical, IT, and network perimeter security
• Internal investigations
• Mergers, acquisitions, and reorganization, and other business transactions, including related negotiations

Compliance with Laws. We process Site Visitors’ personal information to comply with our legal obligations, including those in the area of labor and employment law, social security, and data protection, tax, and other corporate compliance laws, and/or to defend against legal claims.

With Your Consent: We process Site Visitors’ personal information where we have Site Visitors’ consent. For example, for some forms of direct marketing, or for the setting of certain cookies, the GDPR, where it applies, and other applicable laws give Site Visitors the right to withdraw consent, which Site Visitors can do at any time by contacting us using the details set out at the end of this Policy.

Vital Interest. In addition, in rare cases we may process Site Visitors’ personal information where necessary to protect the vital interests of any individual.

d. How We Use Site Visitor Information

Providing and Improving Services. To maintain and improve our services; to develop new features, products, or services; to perform technical operations, such as updating software; to authenticate a Site Visitor as a valid user; to prevent fraudulent activity on our platform; and for other customer service purposes.

Responding to requests. To respond to Site Visitors’ inquiries, fulfill orders and requests.

Personalizing Content and Ads. We may use the information we collect about Site Visitors to personalize the information and content we display to Site Visitors, including to tailor the content and information that we may send or display to Site Visitors, and to otherwise personalize Site Visitors’ experiences, including providing more relevant ads.

Marketing and Communications. We may use information about Site Visitors to send product or service updates; to respond to inquiries; to provide news, special offers, promotions, and other information we think may interest Site Visitors; and for other informational, marketing, or promotional purposes. Our communications with Site Visitors may include communications via email. Site Visitors may opt-out of such communications at all times by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If Site Visitors opt-out of receiving emails about recommendations or other information, but subscribe to our services, we may still send Site Visitors transactional e-mails, such as about any account or services the Site Visitor has requested or received from us. We do not use personal information of Students or children for any marketing purpose.

Research and Analytics. We may use information about Site Visitors to analyze how Site Visitors interact with our Site; to monitor and analyze usage and activity trends; and for other research, analytical, and statistical purposes.

Protecting Our Legal Rights and Preventing Misuse. We may use information about Site Visitors to protect the Site and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use or this Policy.

Complying with Legal Obligations. We may use information about Site Visitors to comply with the law or legal proceedings. For example, we may disclose information in response to subpoenas, court order, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.

General Business Operations. We may use information about Site Visitors to consider and implement mergers, acquisitions, reorganizations, and other business transactions, and, where necessary, to administer our general business, accounting, recordkeeping, and legal functions.

Aggregate, De-identified or Anonymous Data. We may also use information about Site Visitors to create and use aggregate, anonymous and de-identified data to assess, improve and develop our business, products, and services, and for similar research and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify and could not be used to identify a particular individual.

e. How We Disclose Site Visitor Information

In general, we disclose Site Visitors’ personal information we collect as follows:

Affiliates. We may share Site Visitors’ personal information with our affiliates, whose handling of personal information is subject to this Policy.

Service Providers. We may disclose the information we collect from Site Visitors’ to our third-party vendors, service providers, marketing partners, third parties, contractors or agents who perform functions on our behalf so we can provide you with the Site. These may include companies that send emails to our customers and prospective customers; help us track email response rates, views, and forwards; provide advertisements about products of interest to Site Visitors; and collect data about how Site Visitors, customers, and prospective customers interact with our products over time.

Business Transfers. We may disclose Site Visitor information to another entity in connection with an acquisition or merger, sale or transfer of our assets, bankruptcy proceeding or as part of any other similar business transfer, including during negotiations related to such transactions.

In Response to Legal Process. We also may disclose the information we collect from Site Visitors in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

To Protect Us and Others. We also may disclose the information we collect from Site Visitors where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which we are involved.

Aggregate and De-Identified Information. We may share aggregate or otherwise de-identified information about Site Visitors with third parties for marketing, advertising, research, or similar purposes.

f. Use of Cookies and Other Tracking Mechanisms on the Securly Site

We and our third-party service providers may use cookies, log files, Web beacons and other tracking mechanisms to track information about your use of our Site. These technologies are not used on our Services. We may combine this information with other personal information we collect from Site Visitors (and our third-party service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to a Site Visitor’s computer’s hard drive through the web browser for record-keeping purposes. Some cookies allow us to make it easier for Site Visitors to navigate our Site, while others are used to enable a faster login process or to allow us to track Site Visitors' activities on our Site. There are two types of cookies: session and persistent cookies.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, Site Visitors can edit browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Site Visitors who disable cookies will be able to browse certain areas of the Site, but some features may not function. Please keep in mind that without cookies Site Visitors may not have access to certain features on this Site, including certain personalized content.

Clear GIFs, Pixel Tags and Other Technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on a Site Visitor's computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags) in connection with our Site to, among other things, track the activities of Site Visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers may also use clear GIFs in HTML e-mails to you, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Site. We use these tools to help us improve our Site, performance, and Site Visitors’ experience. These entities may use cookies and other tracking technologies to perform their services.

Geolocation Information. We may use geolocation information related to Site Visitors for the purpose of administering our Site.

Do-Not-Track Signals. Our Site does not currently respond to do-not-track signals. For more information about do-not-track signals, please click here. Site Visitors may, however, disable certain tracking as discussed in the Cookies and Other Tracking Mechanisms section above (e.g., by disabling cookies).

g. Interest-Based Advertising for Site Visitors

We may work with third parties such as network advertisers to assist us in displaying advertisements on third-party websites, and to evaluate the success of our advertising campaigns. We may use information about Site Visitors for these purposes.

Site Visitors may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and choices regarding information used by these companies, including how to opt out of ad networks operated by NAI and DAA members, please visit their respective websites:

Canada: http://youradchoices.ca
EU: http://youronlinechoices.eu
US: http://aboutads.info; https://optout.networkadvertising.org/

Opting out of participation in the ad networks does not opt Site Visitors out of being served advertising. Site Visitors may continue to receive generic or “contextual” ads on our Site, for example, based on the particular website that you are viewing (i.e., contextual advertising). Site Visitors may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs. Please note that opt-out mechanisms are cookie based; so, if Site Visitors delete cookies, configure browsers to block or reject cookies, or use another device, the opt-out will no longer be effective.

h. Security of Site Visitor Personal Information

The security of Site Visitors’ personal information is important to us. We have implemented a security program designed to protect the information we collect through our Site from loss, misuse, unauthorized access, disclosure, alteration, and destruction. However, given the nature of information security, there is no guarantee that our Site will be 100% secure.

We encourage Site Visitors to help protect the security of personal information. For instance, Site Visitors should never give out personal credentials when using the Site. Furthermore, Site Visitor are responsible for maintaining the security of any personal computing device using the Site. We are not responsible for any lost, stolen, or compromised passwords or for any activity on Site Visitor accounts via unauthorized password activity.

i. International Transfers

If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”), and we process your personal information in a jurisdiction that the relevant regulator has deemed to not provide an adequate level of data protection (a “third country”), we rely upon legal measures to adequately protect your personal information. These measures include standard contractual clauses approved by the European Commission or another method approved by the European Commission as providing adequate safeguards for the protection of personal information when transferred to a third country. You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EEA; you may request such details by contacting us as set forth in the “Contact us” section below.

j. No Automated Decision-Making

k. Data Subject Rights

If you live in the EEA or other jurisdictions, including Australia, California, Canada, the United Kingdom, and certain other jurisdictions, you may have certain data subject rights. These rights vary, but they may include the following:

• Right of access: You can ask us to: confirm whether we are processing your personal information; give you a copy of that information; provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your information from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.
• Right to rectify and complete personal information: You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
• Right of erasure: You can ask us to erase your personal information, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see ‘Objection’ below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary: for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
• Right of restriction: You can ask us to restrict (i.e., keep but not use) your personal information, but only where: its accuracy is contested, to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal information following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
• Right to object to our use of your personal information for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
• Right to object for other purposes: You have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
• Right to (data) portability: You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but only where our processing is based on your consent and the processing is carried out by automated means.
• Right to withdraw consent: You can withdraw your consent in respect of any processing of personal information which is based upon a consent which you have previously provided.
• Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
• Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.

You can make a request to exercise these rights by contacting us at support@securly.com or calling 1 (855) 732-8759 (ext. 101). We will review your request and respond accordingly. The rights described herein are not absolute.

You will not have to pay a fee for the disclosure of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for disclosure is manifestly unfounded or excessive. We will not provide disclosure of your personal data more than twice in any 12-month period.

Individuals who submit requests for access or erasure of personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until such individual’s identity is verified.

You may designate an authorized agent to submit a request on your behalf by providing that agent with your written permission. If an agent makes a request on your behalf, we may still ask that you verify your identity directly with us before we can honor the request.

Agents who make requests on behalf of individuals will be required to verify the request by submitting written authorization from the individual. We will not honor any requests from agents until authorization is verified.

We do not sell personal information, and we will not discriminate on the basis that you have exercised any of your rights under the California Consumer Privacy Act.

l. Retention

We will generally keep Site Visitors’ personal information only for as long as it remains necessary for the identified purposes for which it was collected or as authorized or required by law. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated data, account recovery, or if required by law.

We will retain Students’ and Educators’ data as directed by Schools for their purposes.

All retained personal information will remain subject to the terms of this Policy.

m. Changes to this Policy

This Policy is current as of the date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to personal information, we will endeavor to provide you with notice in advance of such change by prominently highlighting the change on our Site or make other appropriate notice to you.

n. Links

When you visit our Site and leave to go to another linked site, we are not responsible for the content or availability of the linked site. Please be advised that if you enter into a transaction on the third-party site, we do not represent either the third party or you. Further, the privacy and security policies of the linked site may differ from ours.

o. Shine the Light

Under California Civil Code Section 1798.83, Californians are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. Californians who wish to request further information about our compliance with this statute or who have questions, more generally, about our Privacy Policy and our privacy commitments and our Site should contact us as set out in the “Contact Us” section above.

p. Contact Us

If you have any questions, comments, or concerns about the privacy aspects of our Site or services or would like to make a complaint, please contact: