The Company is located in the United States and may offers services to individuals or schools in other countries. The Company has reviewed each country’s relevant privacy rules and regulations and has detailed below its efforts to comply with relevant laws.
To reach the Company’s data protection and chief privacy officer, please email firstname.lastname@example.org.
The Company Properties are intended to be used by schools and families, which may include the collection of personal information of children under the age of 13.
Accounts will never include any pop-up ads or other advertisements directed to children. In addition, users cannot access external links and will never be prompted to visit a third-party website or mobile application.
Information We Collect
When you interact with us through the Company Properties or the Service, we may collect Personal Data and other information from you, as further described below. Users of the Services include Child Users (any child under age 18 who uses the learning portion of the Services) and Adult Users (including parents and legal guardians of Child Users, teachers, and school administrators), collectively referred to as Users.
Personal Data That You Provide: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, register for access to the Company Properties or Service or use the Company Properties or Service.
To sign up for the Company Properties or the Service as an Adult User for an Individual Account, you will provide some or all of the following information:
a username for your child
Child’s first name and last name
your child’s age
To sign up for the Company Properties or the Service as a School Account, the Adult User will provide some or all of the following information:
Email address for main contact at school
School administrator name
Teachers first names and last names
In the School Subscription Plan, the subscribing school shall create a master account, which shall be managed by a single administrator appointed by the school. The school administrator shall then invite each teacher to create a classroom account. The teacher can invite each student’s parent or guardian to create an account on behalf of the student to be associated with the school and classroom.
Upon creation of the MagicPolygon Account, you will have the option to use the services, by creating voice recordings and uploading pictures. The voice recordings created by any user, including children, and any picture books that they create by uploading pictures are stored on our server, which is the Amazon Web Services S3 storage located at US East (Ohio) and US East (N. Virginia). We encourage all Adult Users to use the App with the Child User and to view and monitor any content created or uploaded by them. If you would like to review all content saved by your Child Users, you can access this content by reviewing the uploaded files in the App through your MagicPolygon Account.
In addition, you may be asked to create a password to access your account on the Company Properties or through the Service. It is your responsibility to keep your password secure and not share it with anyone.
You may also provide us with the email addresses of your contacts (“Contact Email Address”). In doing so, and at your request, we will send emails to each of your contacts to invite them to download the Company App, company information and activate the account. We will not utilize the Contact Email Address for any other purpose. Only your contact can accept the invitation and activate the account..
Other Information We Collect
From Your Activity: We may collect or receive information regarding: (1) IP address, which may consist of a static or dynamic IP address and will sometimes point to a specific identifiable computer or mobile device; (2) browser type and language; (3) referring and exit pages and URLs; (4) date and time; and (5) details regarding your activity on the App, such as search queries and other performance and usage data.
About Your Mobile Device: We may collect or receive information regarding: (1) type of mobile device;
(2) advertising Identifier (“IDFA” or “AdID”); (3) operating system and version (e.g., iOS, Android or Windows);(4) carrier; and (5) network type (WiFi, 3G, 4G, LTE).
Non-Identifiable Data: When you interact with the Company Properties, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Company may store such information itself or such information may be included in databases owned and maintained by Company affiliates, agents or service providers. The Services may use such information and pool it with other information. It is important to note that no Personal Data is available or used in this process.
Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Company Properties and the Service, Company may conduct research on its customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Company may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. Company may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
Device Identifiers: The Company Properties or the Service, through its third-party providers, may collect device-specific information when you access the Service using a mobile device. Device information may include unique device identifier, media access control address, network information, and hardware model, as well as non-personally identifiable usage and traffic data and information about how the device interacts with the Company Properties or the Service. This type of data enables Company and third parties authorized by Company to figure out how often individuals use parts of the Company Properties or the Service and learn more about our users’ demographics and Internet behaviors, so that we can analyze, operate and improve our products and services.
WHAT ARE COOKIES?
A cookie is a small text file which is sent to your computer or mobile device (referred to in this policy as a “device”) by the web server so that a website can remember some information about your browsing activity on the Company Properties and Service. The Cookie will collect information relating to your use of the Company Properties or the Service, information about your device such as the device’s IP address and browser type, demographic data and, if you arrived at the Company Properties via a link from third party site, the URL of the linking page.
In addition to Cookies, the Company Properties or the Service may use web beacons. Web beacons allow us to count the number of users who have visited or accessed the Company Properties or the Service and to recognize users by accessing our cookies. We may employ web beacons to facilitate administration and navigation of the Company Properties or the Service, to track the actions of users of the Company Properties or the Service, to compile aggregate statistics about usage and response rates on the Company Properties or the Service, and to provide an enhanced online experience for visitors to the Company Properties or the Service. We may also include web beacons in HTML-formatted e-mail messages that we send to determine which e-mail messages were opened. A web beacon is often invisible because it is only 1 x 1 pixel in size with no color. A web beacon can also be known as a web bug, 1 by 1 GIF, invisible GIF and tracker GIF.
WHAT ARE THE DIFFERENT TYPES OF COOKIES AND HOW DO WE USE THEM?
Essential - These are Cookies which are essential for the running of the Company Properties and Services. Without these Cookies, parts of the Company Properties and Service would not function. These Cookies do not track where you have been on the internet and do not gather information about you that could be used for marketing purposes.
Examples of how we may use essential Cookies include:
Setting unique identifiers for each unique visitor, so that website numbers can be analyzed.
Functional – These Cookies are used to remember your preferences on the Company Properties and Services and to provide enhanced, more personal features. The information collected by these Cookies is usually anonymized, so we cannot identify you personally. Functional Cookies do not track your internet usage or gather information which could be used for selling advertising.
Examples of how we may use functional Cookies include:
Gathering data about visits to the Company Properties and Services, including numbers of visitors and visits, length of time spent on the site, pages clicked on or where visitors have come from.
Eliminating the need for returning users to re-enter their login details.
Analytical Performance - Analytical performance Cookies are used to monitor the performance of the Company Properties, for example, to determine the number of page views and the number of unique users on the Company Properties and Services. We use this information to improve user experience or identify areas of the Company Properties and Services which may require maintenance. The information is anonymous (i.e. it cannot be used to identify you and does not contain personal information such as your name and email address) and it is only used for statistical purposes.
Examples of how we may use analytical Cookies include:
Measuring users’ behavior
Analyze which pages are viewed and how long for and which links are followed to better develop the Company Properties and Services
Third Party Cookies - You may notice on some pages of the Company Properties and Services that Cookies have been set that are not related to us. When you visit a page with content embedded from, for example, YouTube or Facebook, these third party service providers may set their own Cookies on your device. We do not control the use of these third party Cookies and cannot access them due to the way that Cookies work, as Cookies can only be accessed by the party who originally set them. Please check the third party websites for more information about these Cookies.
HOW CAN YOU MANAGE OR OPT OUT OF COOKIES?
Cookies, including those which have already been set, can be deleted from your hard drive. You can also change the preferences/settings in your web browser to control Cookies. In some cases, you can choose to accept Cookies from the primary site, but block them from third parties. In others, you can block Cookies from specific advertisers, or clear out all Cookies. Deleting or blocking Cookies may reduce functionality of the Company Properties and the Services. To learn more about how to reject Cookies, visit www.allaboutcookies.org or go to the help menu within your internet browser. If you experience any problems having deleted Cookies, you should contact the supplier of your web browser.
If you do not want us to deploy cookies in the App, you can opt out by setting your mobile device to reject cookies. You can still use the App if you choose to disable cookies, although your ability to use some of the features may be affected.
Opting out of Analytical Performance Cookies
If you would like to opt out of Analytics Cookies, please do so by clicking on the links below:
Google Analytics: https://tools.google.com/dlpage/gaoptout
FURTHER INFORMATION AND CONTACT DETAILS
If you have any questions about or if you would like more information on the Cookies that we use and their purposes, please contact us at the email address set forth below.
Our Use of Your Personal Data and Other Information
The Company Properties may use the information collected in the following ways:
To operate and maintain the Company Properties;
To register your MagicPolygon Account;
To authenticate you when you log into your MagicPolygon Account;
To send you promotional information, such as newsletters. Each email promotion will provide information on how to opt-out of future mailings;
To send you administrative communications, such as administrative emails, confirmation emails, technical notices, updates on policies, or security alerts;
To respond to your comments or inquiries;
To provide you with user support; or,
To protect, investigate, and deter against unauthorized or illegal activity.
You acknowledge that this information may be personal to you, and by creating an account and providing such information, you allow others, including Company, to identify you and therefore you may not be anonymous. Company Properties user profiles are available for view by Company and other Company Properties’ users, and other users can contact or follow you through the Service. Content that you post on, through, or in connection with the Service, including on third party services, such as your social media accounts, may also be public.
We and our third-party service providers may use the information collected through these technical methods for a number of purposes, including delivering content, tracking and enhancing our users experience on the App. The information collected are used only to support the internal operations of the Services. We do not utilize any third-party advertising networks.
How Long Your Personal Information Will Be Kept
We will keep your personal information while you have an account with us or we are providing services to you. Thereafter, we will keep your personal information for as long as is necessary:
To respond to any questions, complaints or claims made by you or on your behalf;
To show that we treated you fairly; and
To keep records required by law.
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
LEGAL BASES FOR PROCESSING DATA UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
Below are the types of lawful basis that we will rely on to process your Personal Data:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at email@example.com.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject.
Consent means where you have consented to a certain use of your Personal Data.
Our Disclosure of Your Personal Data and Other Information
Company will not sell, distribute, or reveal users’ email addresses or other personal information, except when required by law, without their consent. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
Agents, Consultants and Related Third Parties: Company, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Legal Requirements: Company may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Company, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect against legal liability.
The Company Properties may share your information with third parties when you explicitly authorize us to share your information. Additionally, the Company Properties may use third-party service providers to service various aspects of the Company Properties. Each third-party service provider’s use of your personal information is dictated by their respective privacy policies. The Company Properties currently uses the following third-party service providers:
Google Analytics – this service tracks usage and provides information such as referring websites and user actions on the Company Properties. Google Analytics may capture your IP address, but no other personal information is captured by Google Analytics.
MAILING LIST – this service is used for delivery of email updates and newsletters. We store your name and email address for purposes of delivering such communications.
Google Firebase – The Google Firebase SDK collects identifier for mobile devices (for example Android advertising id and Advertising id for iOS) and utilizes technologies similar to cookies.
On iOS, the SDK collects the Advertising Identifier if it is available. If the Advertising Identifier is unavailable, the SDK collects the Vendor Identifier. If the Advertising Identifier becomes available after the Vendor Identifier was reported, the SDK stops collecting the Vendor Identifier.
By default, on Android the SDK collects the Advertising ID. If the Advertising ID is not collected, the device's hardware identifier, e.g., Android ID (SSAID), is collected instead. This alternative Android identifier cannot be reset. The extensive list of data collected by Google Firebase can be found here https://support.google.com/firebase/answer/6318039?hl=en
Stripe - We use Stripe to process any financial transactions through the Company Properties. At no time is your banking information passed to the Company. We receive only information used for order fulfillment.
Apple’s In app Purchase - For users who purchase using iOS devices, we use Apple’s in-app purchase method. At no time is your banking information passed to the Company. We receive only information used for order fulfillment.
At this time, your personal information is not shared with any other third-party applications. This list may be amended from time to time in Company’s sole discretion.
How We Protect Your Personal Information: We strive to take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. In addition, we use encryption in the transmission of sensitive personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to personal information. Your account is also protected by a password for your privacy and security and you must prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately, limiting access to your devices, and by signing off after you have finished accessing your account.
We take commercially reasonable steps to protect information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such Information, nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
You may request deletion of your personal information by sending an email to firstname.lastname@example.org, but in some cases, we may be required to keep your information by law. In such a case, it would no longer be active and would be kept separately in an archive.
Please note that while any amendments, corrections or deletions will be reflected in active user databases (as updated with a reasonable period of time), we may retain all Personal Data for backups, archiving, prevention of fraud and abuse, analytics, and satisfaction of other legal obligations we reasonably believe applicable.
We may retain your Personal Data to comply with laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our contracts, and take other actions otherwise permitted by law.
California Residents: Pursuant to the California Consumer Privacy Act of 2019 ("CCPA"), you have certain rights with respect to your personal information. For the purposes of this section, personal information is used as defined in the CCPA. Company reserves the right to verify all requests made pursuant to the CCPA.
Access and Disclosure
You may make a verifiable request that we disclose the categories of personal information we have collected about you, the categories of sources of the personal information we collected about you, the business or commercial purpose for collecting or selling the personal information, the categories of third parties with whom we share your personal information, our use of the personal information and if the personal information was disclosed or sold to third parties, including the categories of personal information sold or disclosed. You also have the right to make a verifiable request for a copy of the personal information collected about you for the twelve (12) months prior to the date of your request. The Company has not sold your personal information in the past twelve (12) months.
Deletion Request Rights
You have the right to request that Company delete any of your personal information that we collected from you and retained, subject to certain exceptions. We may deny your deletion request if retaining the personal information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising Your Rights
To exercise the access, disclosure and deletion rights described above, please submit a verifiable request to us by either emailing email@example.com or sending us a written request to
487 E Main St
Mount Kisco, NY 10549
You may only make a verifiable request for access or disclosure twice within a 12-month period. You may also make a verifiable consumer request on behalf of your minor child. The verifiable consumer request must:
• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
To respond to your request or provide you with personal information, Company must verify your identity or your authority to make the request. We will only use personal information provided in a verifiable request to verify the requestor's identity or authority to make the request.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by e-mailing us at firstname.lastname@example.org. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Other Terms and Conditions
Your access to and use of the Company Properties and Services is subject to the Terms of Service at https://www.magicpolygon.com/terms
Storage And Transfer Outside of the Country Where You Access The Company Properties
The Company Properties are located in the United States. If you access the Company Properties outside of the United States, please note that your Personal Data may be transferred and stored in the United States. Nonetheless, the Company endeavors to comply with the data protection laws where the Company Properties are available for use.
Your Personal Data may also be used or stored by us or our third-party providers outside of the country where you reside or access the Company Properties if you consent to such transfer. Should you choose to share the Your Personal Data with other Users, we shall transfer that data based on your consent. We require that our service providers safeguard your personal information. Should your Personal Data be used or stored outside of the country where you access the Company Properties, it will also be subject to the laws of the country in which it is used or stored.
Links to Other Web Sites
If you send us an email with questions or comments, we may use your personally identifiable information to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send non-public personal information, such as passwords, social security numbers, or bank account information, to us by email. You may “opt out” of receiving future commercial email communications from us by clicking the “unsubscribe” link included at the bottom of most emails we send, or as provided below; provided, however, we reserve the right to send you transactional emails such as customer service communications.
Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of the App, such as Personal Information, Payment Information, Geolocational Information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies.
No Class Actions: We all agree that we can only bring a claim against each other on an individual basis. That means: (a) neither you nor Company can bring a claim as a plaintiff or class member in a class action, consolidated action or representative action; (b) an arbitrator cannot combine more than one person's claim into a single case, and cannot preside over any consolidated, class or representative arbitration proceeding (unless we both agree to change this); (c) an arbitrator's decision or award in one person's case can only impact the person who brought the claim, not other users, and cannot be used to decide other disputes with other users.
Access to Information; Contacting Company
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via the Services. To unsubscribe from any communications, please contact us at the email address below.
The Company is committed to complying with the laws of any country in which we do business, incuding the United States, the European Union, Australia Mexico and India. In particular, we have insititued policies designed to comply with the laws of the United SGDPR and the Australian Privacy Principles in the Privacy Act.
You may contact us as follows: email@example.com.
Last updated: February 23, 2022