Capti Global Privacy Policy

Updated April 1, 2024

1 Introduction and Key Definitions

This is the Global Privacy Policy (this “Privacy Policy”) of Charmtech Labs LLC ("Company," “we,” “our” or “us”) for use of the Capti application ("App”), captivoice.com website ("Site"), Products, the servers the Site is stored on including without limitation by use through an API, or the computer files stored on that server (collectively, the "Services"). We want our visitors to learn about our Services, and we help educators, researchers, parents, students, and other authorized users to easily put our Services to work.

In this Privacy Policy we describe the information we may collect about you through our Services (as defined in our Terms of Use), how we use that information, circumstances in which we share it, how we protect it, and the rights and choices you may have with regard to your information. Please read this Privacy Policy carefully before accessing or using our Services. By accessing or using any of our Services, you accept and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, do not access or use our Services.

This Privacy Policy is incorporated into our Terms of Use. Any capitalized terms not defined in this Privacy Policy have the definitions set forth in the Terms of Use.

In the event we add future Services that affect the terms of this Privacy Policy, we will revise accordingly. References to “you” or “your” pertain to all our site visitors, registered users, or our members throughout this Privacy Policy.

2 What is our general approach to your Personal Information?

We do not sell “Personal Information” as that term is commonly defined in applicable privacy laws. We use reasonable efforts to protect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with you or your household (your “Personal Information”).

We know that when users provide Personal Information to an organization it is an act of trust. That trust is something we take seriously. We work to ensure that the Serviced observes compliance standards for online privacy, security, business practices, honest transactions, and availability. This Privacy Policy explains the steps we take to protect Personal Information shared with us through the Services or when you otherwise interact with us, including how we collect it, who has access to it and what is done with it.

3 What categories of Personal Information do we collect?

Depending on the nature of your relationship with Capti, the categories of Personal Information we collect and use may include the following (these are examples and may be subject to change):

Identity Data	Information such as your name; address; email address; telephone number; age and/or age range; grade level; account login details, including your username and password, or other account-related information; and information you provide in connection with your application to be an employee or to otherwise collaborate with us.
Contact Data	Identity Data that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, and information you provide to us when you contact us by email or otherwise communicate with us.
Location Data	Information about your location as determined based on your IP address.
Device/Network Data	Browsing history, search history, and information regarding your interaction with our Services (e.g., IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
Commercial Data	Information about the Services for which you have registered and transactions you enter into with us, and similar information.
Inference Data	Personal Information used to create a profile about you, which may include your preferences, reading or writing levels, abilities, aptitudes, and other data or analytics provided about you or your account by our third-party partners or data aggregators.
Financial Data	Information such as bank account details, payment card information, and information from credit reference agencies, including similar data defined in Cal Civ Code § 1798.80(e), which is collected only to the extent you have subscribed to one of our paid Services.
Audio/Visual Data	Data collected if you submit audio, images, or video recordings to our Services, as well as any other audio or video files you may submit to us, in addition to voice mails, call recordings, and the like. Note, however, that we do NOT use any such data for the specific identification of any individuals.
User Content	Unstructured/free-form data that may include any category of Personal Information, e.g., data that you give us in free text fields such as comment boxes, content that you upload to our Site or Capti App answers you provide when you participate in assessments, sweepstakes, contests, votes and surveys, including any other Personal Information which you may provide through or in connection with our Services.

4 What information do we collect automatically about you?

Some information is collected automatically when you use our Services. This information may not on its own reveal your name or contact information, but it may include device and usage information, such as your IP address, browser, device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes, however we also use this information to improve our Services, to determine which features of our Services are most popular with our users, and to otherwise better understand our users’ preferences.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). “Cookies” are small text files that are placed on your device by a Web server when you access our Services. Please see our Cookie Notice for more details.
Web Beacons. Pages of the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Do Not Track. Please note that our Services do not currently respond to browser-based “do not track” signals. We will respond to any similar signals in the future as may be required by applicable law.

5 What information do we collect when you voluntarily provide it?

We collect Personal Information from and about you when you voluntarily provide it to us, in addition to Personal Information and other data we collect automatically when you visit the Services. Depending on the website you have accessed, or the other ways in which you interact with us, we may collect different types of information as outlined below.

Site Users

Some of our Services enable you to register to create an account. If you do this, we will collect your name, username or email address, and password you provide. On some Services we may also request additional Personal Information associated with your account (such as your company name, school, or other data). We use this information in connection with your account and your use of our Services. We may also use this information to contact you regarding the Services you are using and other Company Services we believe would be of interest to you.

Any user of our Services wishing to obtain support must provide an email address. Without this information we cannot answer your questions. When submitting a support question to us you must not only provide a valid email address, but also first and last name, US state if applicable, country, role, and your specified request. Some of our Services offer multiple levels of access, some of which may require users to register or purchase a subscription, and others which are available without registration or subscription. Differences between levels of access may require corresponding differences in data collection practices.
If you purchase a subscription to one of our Services, you must provide a valid email address and password. Some Services may additionally require role (educator, parent, researcher), country, US state, and company.
For certain subscriptions, we may also require that you provide billing information to our payment processor Service Providers, AppStore and PayPal. For PayPal, you enter billing information through our Site, but we do not retain such information. We also use Intuit QuickBooks to bill administrators directly for our Services. Note that qualifying educators in partner states can subscribe to some of our Services for free and thus without the need to provide billing information. All registered users may voluntarily submit additional personal information, like their first and last name, into their profile information and select mailing lists to which they wish to subscribe.

We may offer limited time, seasonal, early or limited access, special purpose or demonstration versions of our Services. In such cases we may collect additional information, tied to the registrant’s email, role, country, and state. Where applicable, we may permit users to provide student data in order to customize the registered user’s use of the offered Services. Some such Services allow registered users to provide:

Student name or nickname
Completed grade level
Classes registered for
Ability level (e.g., in reading, writing, etc.)
School District or state
Demographic information (sex, race, free and reduced lunches, etc.)
Performance measurement results

Paid Subscriptions and Financial Information

If you need to submit a payment to us via credit or debit card, we use Intuit QuickBooks for invoice payment, AppStore for in-App purchases on iOS, and PayPal for any purchases via www.captivoice.com. Intuit QuickBooks processes credit and debit cards via QuickBooks website; we have no access to card information. AppStore purchases are charged to the card you have on file with Apple; we have no access to card information. However, for PayPal payments, you will enter the card information on our Site—we securely pass it along to PayPal, but we do not retain such information. We encourage you to review the PayPal privacy policy at PayPal Privacy, AppStore Privacy, and Intuit QuickBooks Privacy to learn about how they manage your data.

In any event, when you enter into a paid subscription for one of our Services, sensitive credit card data is exchanged using direct and indirect communication between these payment processors and you. We do not collect, control, see or store any of the card data exchanged with these payment processors.

Service Form Inquiry

Certain pages on some of our Services enable you to submit inquiries or requests to us. These Services collect Personal Information when users complete an inquiry or request for more information using our online form. These forms typically collect the following information: first and last name, phone number, email address, organization name, organization type, areas of interest. We may share this information with our third-party service providers, including storing the information in cloud-based contact management systems, and providing the information to third parties who assist us with our email marketing and other communications.

Handling Audio Recordings

You may be able to submit audio recordings to some of our Services, e.g., audio notes, voiceover, pronunciation analysis, etc. These Services may enable users to record themselves reading a presented passage or to upload an audio file of themselves or others reading. When we collect oral reading samples, data collected may include the reader’s grade (if a student), date and time of the recording, and prior ability information used to calculate current oral reading ability. Information we send back as a result of the analysis may also be linked to data or files retained in our system. We may use a Third-Party provider for automated speech recognition (ASR) and/or analysis. Once processed, an informational oral reading ability measure is displayed, the recognized text is stored. We do not process audio data for the purposes of deducing or inferring any special characteristics that are restricted by law or regulation about the reader. We do not use audio content for any purpose other than as described above, and audio content is not used to uniquely identify you.

Children’s and Adult Information Collected

We collect personal information directly from children and adults through our Services. We may receive data provided by a parent regarding their child, or by a state, school district or teacher containing information regarding a child or groups of children; however, any group information is aggregated and anonymized. If a student minor is a resident of Colorado, Quebec, UK or the European Union, we will require prior parental consent to process any non-anonymized information and to transfer it to our servers outside their home residency.

If you are logging in through a school district facilitated program, we have assumed that the school district or school has procured consent to process yours or your child’s personal information. However, if you are direct subscriber, we need prior parental consent for minors or your consent. If you believe that we have collected yours or the Personal Information directly from a child under the age of 13 (in the U.S.) or 16 (typically the applicable age in European countries) without following the proper procedures, please notify us immediately via email to privacy@captivoice.com.

Information Collected from Children under Age 13

The Children's Online Privacy Protection Act of 1998 and its rules (collectively, "COPPA") require us to inform parents and legal guardians (as used in this policy, "parents") about our practices for collecting, using, and disclosing Personal Information from children under the age of 13 ("children"). It also requires us to obtain verifiable consent from a child's parent for certain collection, use, and disclosure of the child's Personal Information. Please see our Children’s Privacy Policy Supplement for information about the Personal Information that we collect from or about Children under Age 13.

6 What information do we collect from other sources?

We may collect limited data from schools with which we have a relationship, public databases, marketing partners, and other outside sources. All Personal Information that you provide on or to a Third Party or that is collected by a Third Party is provided directly to the controller, owner or operator of the Third Party and is subject to the owner’s or operator’s privacy policy. We do not monitor or control any data you provide to Third Parties. Thus, we are not responsible for the content, privacy or security practices of a Third Party. To assure the protection of your Personal Information, we recommend that you carefully review the privacy policies of any Third Party you access. You assume the risk of providing any information you provide to a Third Party.

7 Do we sell your Personal Information?

No. We do not sell your Personal Information, and as such you do not have to Opt-in or Opt-out of any sale of information requirements under the law. However, as noted below, we do share Personal Information with our Service Providers and with certain Third Parties under very limited circumstances.

8 What and how do we share with Service Providers?

In order to operate our Services, it may sometimes be necessary to disclose Personal Information with contractors and other service providers. For example, we may share Personal Information with the companies that host our Services (such as AWS), provide analytics and other functionality on our Services, host or provide our database of current and potential customers, help us send emails and other communications, or provide other services to us. In addition, we may share Personal Information with individual contractor scientists and software developers as may be required.

As noted above, we use third-party Service Providers to analyze audio recordings. When the recording is submitted to the third party for processing, no other personal identifiers are shared. Results from the third party are combined with our own processes to calculate the reader’s proficiency results. In doing so, we connect the proficiency results with the Personal Information you provided.

When we digitize documents you upload to our Services, we use a third-party Optical Character Recognition (OCR) service to process such documents; no personal identifiers are shared.

All Service Providers are bound by a legal contract to keep Personal Information confidential. They can use Personal Information only for the purposes for which we disclose it.

Please check this Privacy Policy regularly for updates on other Service Providers that may be used in connection with our Services or contact us at privacy@captivoice.com for the most recent list of our Service Providers with whom we share your information.

9 What and how do we share with other third parties?

Fulfilling your requests. Some of our Services include the ability for you to share content or information with third parties you designate. If you give us an email address to use the “share” feature within a tool, we will transmit the contents of that email and your email address to the recipients.

Affiliated entities and corporate transactions. We may share Personal Information with our current or future subsidiaries and affiliates in order to streamline provision of our Services or for other business purposes. In addition, if we contemplate a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, it is possible that we would need to share Personal Information with another organization during the due-diligence process, following the transaction, or otherwise in connection with a corporate event.

Legal proceedings. We may also share Personal Information to comply with a court order, law or legal process. This includes a government or regulatory request. Before we do that, we would provide the user with notice of the requirement. If the user so chooses, a protective order or another remedy could be sought. If after providing that notice we still must share the demanded Personal Information, we will share no more than that portion of Personal Information which, on the advice of our legal counsel, the order, law or process specifically requires us to share. Note, some of these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Information as your home jurisdiction. We may, in our sole discretion (but without any obligation) object to the disclosure of your Personal Information to such parties.

Other parties. We may share Personal Information with third parties as we deem appropriate in order to enforce or apply our Terms of Use or other agreements, including for billing and collection purposes, to prevent fraud, and to obtain advice about legal and financial matters.

10 How long do we keep Personal Information?

In general, we keep Personal Information as long as it is reasonably necessary in connection with the purpose for which it was provided, and for which parental consent has been received. For Personal Information collected through our Services for account registration and subscription payment purposes, we will keep such information for as long as a Member maintains registration and or subscription in good standing. Once those registrations or subscriptions lapse or terminate, unless a written agreement between us and a member provides otherwise, we may keep Personal Information for as long as needed only to meet regulatory requirements or business requirements.

We will ensure that all Personal Information that constitutes an “Educational Record” (as defined by the Family Educational Rights and Privacy Act (FERPA)) in our possession and in the possession of any subcontractors, or agents to which we may have transferred Educational Records, are destroyed or transferred to the School/District under the direction of the School/District when the Educational Records are no longer needed for their specified purpose, at the request of the School/District.”

“Any Educational Records held by us will be made available to the School/District upon request by the School/District.”

Any kept Personal Information will remain subject to the restrictions on sharing and use outlined in this Policy for as long as it resides with us.

11 What is the Company’s legal basis for processing?

We process your Personal Information in accordance with applicable data protection laws. If you are subject to the GDPR, we process Personal Information in accordance with one of the required legal bases. For example, when you voluntarily provide Personal Information to us, we primarily process it with your consent, or in order to fulfill a contract with you. Information we collect automatically is typically processed in accordance with our legitimate business interests, such as to improve our Services. We may also process certain Personal Information to the extent required by applicable legal requirements.

12 How can you exercise rights in your Personal Information?

At any time, users of our Services can change their Personal Information stored in the profile page. Members can also choose to opt-out of our mailing lists with immediate impact. Members can also close their memberships by following the directions listed for immediate closure of the membership. Closing a membership will not trigger the deletion of Personal Information.

Regardless of whether you are a member, depending on where you live, and subject to our obligations under applicable laws, you may have certain rights and choices regarding your Personal Information. For example, in addition to choices described elsewhere in this Privacy Policy, you may have some or all of the following rights and choices in general:

General Regional Rights

Access Rights: You may have the right to receive certain information, such as the following (these rights, and the applicable types of data and time periods, will vary depending on the laws applicable to the state or country in which you reside):
1. The categories of Personal Information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting your Personal Information; and the categories of third parties with whom we shared Personal Information.
2. Access to and/or a copy of certain Personal Information we hold about you.
3. In some circumstances, you may have the right to obtain certain Personal Information in a portable format.
Erasure: You may have the right to request that we delete certain Personal Information we have about you. We may either decide to delete your Personal Information entirely, or we may anonymize or aggregate your Personal Information such that it no longer reasonably identifies you, and may use it to improve our Services. Certain Personal Information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide our Services to you, we may be required to retain certain information for legal purposes, and there may be other reasons we may need to keep certain Personal Information under various applicable laws. In addition, if you ask us to delete your Personal Information, you may no longer be able to access or use some of our Services.
Correction: You may have the right to request that we correct certain Personal Information we hold about you.
Limitation of Processing: Certain laws may allow you to object to or limit the manner in which we process some of your Personal Information, including the ways in which we use or share it. For example, you may have these rights if the processing was undertaken without your consent in connection with our legitimate business interests (although we may not be required to cease or limit processing in cases where our interests are balanced against your privacy interests).
Regulator Contact: You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Information. To do so, please contact your local data protection or consumer protection authority.
Postings by Minors: Users of our Services under the age of 18 in certain jurisdictions have the right to require that we delete any content they have posted on one of our Services.
Other: You may have the right to receive information about the financial incentives that we offer to you, if any. You may also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.

If you believe that you have specific rights under your jurisdiction and you would like to exercise any of these rights, please submit a support request through our Site or email us at privacy@captivoice.com. Other than marketing opt-out you will be required to verify your identity before we fulfill your request. In certain jurisdictions, you may be able to designate an authorized agent to make a request on your behalf, subject to certain requirements of your applicable law. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf, and we may be required to take additional verification measures under applicable law.

Important Information for European Union and United Kingdom Users

If you are a user from the European Union or United Kingdom you should be aware that we are the controller of your Personal Information (Data Controller) under the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and such similar laws promulgated in the various EU countries.

You may have certain additional rights regarding your Personal Information (as defined in the GDPR and UK GDPR, for instance), including the right to:

access your information;
rectify your information if it is incorrect or incomplete;
have your personally identifiable information erased (“right to be forgotten”) if certain grounds are met;
withdraw your consent to our processing of your information at any time, if our processing is based on consent;
object to our processing of your information, if our processing is based on legitimate interests;
object to our processing of your information for direct marketing purpose; and
receive your information from us in a structured, commonly used, and machine-readable format, and
the right to transmit your information to another controller without hindrance from us (data portability).

There is no charge for any of these requests. To make a request, please contact us at privacy@captivoice.com. We try to respond to such requests in a timely manner, but in no event longer than one month.

When we collect your Personal Information, we maintain and store it for as long as we determine reasonably necessary to provide our Services to you, unless you exercise your right to erasure described above, or to comply with applicable legal requirements.

If you are a citizen of the European Union or United Kingdom, when we process your Personal Information, we will only do so in the following situations:

We have a contractual obligation.
You have provided your consent. You are able to remove your consent at any time, and you may do this by contacting us at privacy@captivoice.com.
We have a legal obligation.
We have a legitimate interest in processing your Personal Information. For example, we may process your Personal Information to send you marketing communications, relevant content, products or events invitations, or to communicate with you about changes to our Services, and to provide, secure, and improve our Services.

You should be aware that Personal Information that you provide to us may be transferred out of the country in which you reside to servers in a country that may not guarantee the same level of protection as the one in which you reside. We do this for a legitimate business purpose in providing the Services as permitted under UK and EU privacy laws, and therefore specific consent is not required under the EU and UK legal schema. Nevertheless, out of abundance of caution, we are asking for your consent, especially when it comes to processing the data of minor children. We will take all steps reasonably necessary to ensure that your Personal Information is treated securely in accordance with this Privacy Policy, and no transfer of your Personal Information will take place to a third party unless there are adequate controls in place to protect your Personal Information and/or you have provided contractual consent by becoming a client.

If you are a user in the European Union or United Kingdom and have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Information for California, Colorado, Connecticut, Utah and Virginia Residents

Various U.S. states (e.g., as of the date of this Policy, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah and Virginia) allow consumers to opt out of sharing of their data. As such, residents of those states may request that the Company:

Disclose the sources, categories, and specific pieces of personal information we have collected about them, how that information is used, and with whom the Company shares it
Disclose the purpose for collecting personal information
Disclose the categories of third parties with whom the Company shares personal information
Delete/rectify/restrict their personally identifiable information, subject to certain exceptions (right of rectification not applicable to Utah residents)
Though not specifically applicable to this Company, to disclose, for any “sales” of personal information, the categories of personal information collected and sold and to what categories of third parties it was sold
Though not specifically applicable to this Company, to opt them out of sales of their personal information (if any) or subject certain personal information to automated decision-making algorithms (not applicable to Utah residents)
Provide a copy of their personal information in a readily usable format that allows the information to be transmitted to others
Residents in these states may not be discriminated against for exercising any of the rights described above.

U.S. residents may exercise these rights by contacting the Company at privacy@captivoice.com. In general, we collect the following California regulated categories of Personal Information from you:

Category	Examples	Collected
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	YES
B. PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some PI included in this category may overlap with other categories.	YES
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with our Service or advertisement.	YES
G. Geolocation data.	Physical location or movements.	NO
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	YES
I. Professional or employment-related information.	Current or past job history or performance evaluations.	NO
J. Non-public education information	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	YES
K. Inferences drawn from other PI.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	YES

Sharing Your Personal Information for a Business Purpose

In the preceding twelve (12) months, The Company has disclosed the following categories of Personal Information for a business purpose with related third parties, defined under Information Transfer and Disclosure below:

Category A: Identifiers.
Category B: California customer records Personal Information categories.
Category C: Protected classified characteristics.
Category F: Internet or other similar network activity.
Category H: Sensory data
Category J: Non-public education information
Category K: Inferences drawn from other PI

Opt-Out of Sale in U.S.

The Company does not currently “sell” (as defined by the California Consumer Privacy Act and other U.S. state laws) any Personal Information subject to this Privacy Policy, and we do not exchange Personal Information for any type of financial incentive.

Marketing and Advertising Rights in U.S.

Opt-out of Marketing: All individuals have the right to opt-out of receiving marketing communications from Capti at any time. You may exercise your choices regarding marketing communications by clicking on the “unsubscribe” link in emails we send you, or you can please submit an email to privacy@captivoice.com.
Direct Marketing: California residents and residents of certain other states may have the right to request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
No Marketing to Children. We do not do any marketing to children.

13 What data security measures do we take?

We have reasonable safeguards to help prevent unauthorized access to, disclosure of, or misuse of your Personal Information. However, we cannot guarantee that your Personal Information will never be shared or otherwise processed in a manner inconsistent with this Privacy Policy (for example, as a result of unauthorized acts by third parties that violate applicable law or our Terms of Use).

If you register for a membership with any Services we offer, you will be asked to select a password to help protect your Personal Information. These passwords help us verify your identity before granting access or making corrections to any of your Personal Information. You should never share your password with anyone. The Company will never ask you for your password in a phone call or email. You are responsible for maintaining the secrecy of your passwords and any account information. We also offer for your convenience single sign-on via various Service Providers, including Google, Clever, ClassLink, Schoology, Canvas Blackboard, etc.

When subscribing to certain Services you also provide your credit card information. It is transmitted using Secure Sockets Layer (SSL) technology to help prevent unauthorized access or misuse of that information. (PCI-compliance requires following the Transport Layer Security 1.2 rules.) SSL is the standard security technology for establishing an encrypted link between a web server and a browser. Make sure you see a full “lock” symbol and https in the status bar of your browser. Browsers like Firefox 123 and above, Google Chrome 122 and above, Safari 16 and above employ some version of the lock symbol to indicate security. If the lock symbol is not visible, do not enter any information. Direct any issues or concerns to our support community for further guidance at privacy@captivoice.com.

Finally, the computers/servers in which we store Personal Information are kept in a secure environment. However, please note that to the extent your Personal Information is shared with a Service Provider or other third party, we cannot guarantee, nor will we be responsible for, the security measures of those third parties.

14 How should you track changes to this Privacy Policy?

It is our policy to post any changes we make to this Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Site home page or App. If we make material changes to how we treat our users' personal information, we will notify you through a notice on our Site’s home page or App. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Site or App and this Privacy Policy to check for any changes.

15 Where should you direct questions to us about this Privacy Policy?

If at any time you have questions or concerns about our privacy practices in general or this Privacy Policy in particular, please feel free to contact us by sending an email to privacy@captivoice.com or contacting us at PO Box 896, Buffalo, NY 14205.

Privacy Notice for Children Under the AGE of 13

Last modified: April 1, 2024

The Children's Online Privacy Protection Act of 1998 and its rules (collectively, "COPPA") require us to inform parents and legal guardians (as used in this [policy/section], "parents") about our practices for collecting, using, and disclosing personal information from children under the age of 13 ("children"). It also requires us to obtain verifiable consent from a child's parent for certain collection, use, and disclosure of the child's personal information.

This policy notifies parents of:

The types of information we may collect from children.
How we use the information we collect.
Our practices for disclosing that information.
Our practices for notifying and obtaining parents' consent when we collect personal information from children, including how a parent may revoke consent.
All operators that collect or maintain information from children through the Sites.

This policy only applies to children under the age of 13 and supplements our Capti Global Privacy Policy. Only our general privacy policy applies to teens and adults.

Terms that are defined in the general privacy policy have the same meanings as used in this Privacy Policy for Children Under the Age of 13.

1 Information We Collect from Children

Children can access many parts of the Site and its content and use some of its features without providing us with personal information. However, some content and features are available only to registered users and require us to collect certain information, including personal information, from them. In addition, we use certain technologies, such as cookies, to automatically collect information from our users (including children) when they visit or use the Site.

We only collect as much information about a child as is reasonably necessary for the child to participate in an activity, and we do not condition his or her participation on the disclosure of more personal information than is reasonably necessary.

2 Information We Collect Directly

A child must provide us with the following information to register for our Services: email, first and last name, and password. The child does not need to provide the real name, but the email needs to be valid (for individual users) and the email does not need to be valid for an education account. We may request additional information from your child, but this information is optional. We specify whether information is required or optional when we request it.

Certain features of our Services enable registered users to record their voice, such as audio transcription or recording of their own content, or of third-party content such as books. (“Audio Content”) Creation and use of the Audio Content results in the temporary collection and recording of a voice audio file. We only use the audio files generated from the Audio Content to assess students’ aural reading, as well as to improve assessment capability, and do not make other uses of the audio files. We keep the associated audio files for as long as the education account is active, or we can delete them at any time upon the request of the school.

3 Automatic Information Collection and Tracking

We use technology to automatically collect information from our users, including children, when they access and navigate through the Site or App and use certain of its features. The information we collect through these technologies may include:

One or more persistent identifiers that can be used to recognize a user over time and across different websites and online services.
Information that identifies a device's location (geolocation information).
Statistics on your usage of the Site collected by tools such as Google Analytics.

We also may combine non-personal information we collect through these technologies with personal information about you or your child that we collect online.

For information about our automatic information collection practices, including how you can opt out of certain information collection, see the "What information do we collect automatically about you?" and "How can you exercise rights in your Personal Information?" sections of Capti Global Privacy Policy.

4 How We Use Your Child's Information

We use the personal information we collect from your child to:

register your child with the Site or Services;
communicate with your child about activities or features of the Site, and Services that may be of interest;
track your child’s performance in tests or other activities;
Improve the quality of the provided Services.

We use the information we collect automatically through technology (see Automatic Information Collection and Tracking) and other non-personal information we collect to improve our Site and Services and to deliver a better and more personalized experience by enabling us to:

Estimate our audience size and usage patterns.
Store information about the child's preferences, allowing us to customize the content according to individual interests.

We use geolocation information we collect to estimate geographic usage patterns.

5 Our Practices for Disclosing Children's Information

We do not share, sell, rent, or transfer children's personal information other than as described in this section.

We may disclose aggregated information about many of our users, and information that does not identify any individual. In addition, we may disclose children's personal information:

To third parties we use to support the internal operations of our Site and who are bound by contractual or other obligations to use the information only for such purpose and to keep the information confidential.
If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, our customers or others, including to:
- protect the safety of a child;
- protect the safety and security of the Site or App; or
- enable us to take precautions against liability.
To law enforcement agencies or for an investigation related to public safety.

If our company is involved in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain to the buyer or other successor.

6 Accessing and Correcting Your Child's Personal Information

At any time, you may review the child's personal information maintained by us, require us to correct the personal information, require us to delete personally identifiable information, and/or refuse to permit us from further collecting or using the child's information.

You can review, change, or delete your child's personally identifiable information by:

Logging into your child's account and visiting the account profile page.
Sending us an email at privacy@captivoice.com. To protect your privacy and security, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make corrections.

7 Operators That Collect or Maintain Information from Children

A list of all operators that may collect or maintain personal information from children through the Site is upon request to privacy@captivoice.com. Please direct inquiries about any third-party operator's privacy practices and use of children's information through the contact information provided on the list.