- Application Data Cache
- Behaviorally-Targeted Advertising
- Contextual Targeting
- Cookies And Similar Technologies
- Educational Purpose
- Education Records
- HTTP Referrer
- IP Address
- Local Storage
- Mobile Application
- Non-Personally Identifiable Information
- Persistent Identifiers
- Personal Information
- Pixel Tag
- Server Log Data
- Student Data
- Third-party Advertising
- Unique Device Identifier
Application Data Caches
An application data cache is a data repository on a device. It can, for example, enable a web application to run without an internet connection and improve the performance of the application by enabling faster loading of content.
Behaviorally-targeted advertising (also referred to as online behavioral advertising [OBA] or interest-based advertising) has been defined by the Digital Advertising Alliance (DAA) as "the collection of data online from a particular computer or device regarding Web viewing behaviors over time and across non-affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on preferences or interests known or inferred from the data collected."
The definition has largely been accepted by the Federal Trade Commission, and is described in similar fashion in its Self-Regulatory Principles for Online Behavioral Advertising . This type of advertising is precluded by the Children’s Online Privacy Protection Act (COPPA) for children under 13 without prior, verifiable parental consent, as well as by the existing self-regulatory advertising groups, including DAA and the Network Advertising Initiative (NAI). This is in contrast to contextual targeting or advertising which is permitted under COPPA.
*Also see the California Attorney General's guidance on SOPIPA here
Contextual targeting (also referred to as contextually relevant advertising) is defined by DAA as advertisements that are delivered “based on the content of a Web page, a search query, or a user’s contemporaneous behavior on the website.” NAI expands a bit further explaining , “the ad selected depends upon the content of the page on which it is served, or ‘first party’ marketing in which ads are customized or products are suggested based on the content of the page or users’ activity on the page (including the content they view or the searches they perform).”
The FTC echoes this in policy statements and in comments surrounding COPPA. There, the FTC notes that contextual targeting, “is more transparent and presents fewer privacy concerns as compared to the aggregation and use of data across sites and over time for marketing purposes.” Contextual targeting is permitted under COPPA .
Cookies and similar technologies
Cookies may be placed in your browser by third-party advertising companies when you view content off of our site (such as an embedded YouTube video) to help deliver the ads you see online. These “third-party cookies” may be used to “remember” parts of your online activities in order to deliver ads tailored to your interests. For example, if you read an article online about running, a cookie may be used to note your interest in running. As you continue to surf the web, you may see coupons to save money on running shoes. We do not allow any third parties to place cookies on our site for advertising purposes in any areas where a student or child using our service at home is logged into his or her account.
Other similar technologies
Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable, such as the Advertising ID available on Android mobile devices and the Identifiers for Advertiser (“IDFA’) on iOS devices. Most modern mobile devices (iOS, Android, and Windows 10 and above) provide mobile advertising identifiers. These are randomly-generated numbers that are associated with your device that often come with options to reset the identifier and opt-out of advertising across apps (“Cross-App Advertising”). They are included to provide advertisers a method to identify your devices without using a permanent device identifier, like your phone’s serial number. We do not use any of these technologies where a student or child using our service at home is logged into his or her account.
“De-Identified or De-Identified Data” is information that has all direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify or contact a student. This includes, but is not limited to, persistent unique identifiers , name, ID numbers, date of birth, and school ID.
For EU residents, anywhere we use the term De-Identified, we will apply the General Data Protection Regulation (GDPR) definition of "pseudonymization" which states that pseudonymization is "the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” Additionally, consistent with the GDPR, we will ensure that the “additional information” is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.
A device is a computer that can be used to access our website or services. For example, a device could be a desktop, tablet or smartphone.
Consistent with the Student Privacy Pledge , ‘educational or school purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services (including new products) intended for educational/school use). Additionally, consistent with both the Student Online Personal Information Protection Act (SOPIPA) and the Student Privacy Pledge, this does not preclude the use of student personal information for adaptive learning or customized student learning or education purposes. We also consider “educational purposes” to be services or functions that a child’s parent or legal guardian directs KidRewards (such as through setting up their child’s account, or otherwise providing their consent to us) to provide to their child for educational or learning activities outside of school (e.g. learning activities at home).
Education records shall have the meaning set forth under the Family Educational Rights and Privacy Act (“FERPA”) cited as 20 U.S.C. § 1232g(a)(4); 34 CFR Part 99 . Certain Student Data elements will also be considered education records.
An HTTP Referrer is information transmitted to a destination webpage by a web browser, typically when you click a link to that webpage. The HTTP Referrer contains the URL of the last webpage the browser visited.
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks and are typically controlled by your Internet Service Provider (ISP), your company, or your university. An IP address can often be used to identify the location from which a device is connecting to the Internet. Please note that third parties have mapped the assignments of IP addresses by ISPs with specificity to postal code and exact city for broadband IP address and are also often mapped to college campuses, specific businesses, hotels, airports or conference centers. Mobile IP address often can only be mapped to a specific carrier’s gateway. However, most of the Wi-Fi routers in the world have been mapped by third parties to precise latitude and longitude and many Wi-Fi routers correspond to home addresses. IP address can be used to combat fraud and compliance with geographical legal restrictions and can be used to target advertising. Additionally, we only use IP address information collected from students under 13 for internal business purposes.
Local storage enables websites to store and retrieve data in a browser on a device. When used in “local storage” mode, it enables data to be stored across sessions (for example, so that the data are retrievable even after the browser has been closed and reopened). One technology that facilitates web storage is HTML 5. Other technologies include local shared objects, sometimes known as “Flash Cookies”. For more information, please see our Online Tracking Technologies Policy .
A mobile application or mobile “app” is an application software designed to run on mobile devices, such as smartphones and tablet computers. Mobile apps frequently serve to provide users with similar services as those accessed on PCs. Mobile apps differ from desktop applications that run on desktop computers, and with web applications which run in web browsers in that they run directly on the mobile device.
Non-Personally Identifiable Information
This is information that on its own does not permit direct association with any specific individual. For example, we consider the following to be non-personally identifiable information: your zip code, approximate location (e.g region, city, zip), your browser type, cookie IDs, non-unique device identifiers and websites you have visited. We also consider aggregated, de-identified and/or anonymized data to be non-personally identifiable information. Anything that is personal information is excluded from the definition of non-personal information. Not all jurisdictions have the same definition for personal information and non-personally identifiable information.
This is a persistent and unique identifier that can be used to recognize a user over time and across different websites or online services. For example, this can be an IP address, a unique device identifier or a device serial number.
Personal information is data that can be used to identify or contact a particular individual, such as the individual’s name, email address or billing information, or other data which can be reasonably linked to that data or to that individual’s specific computer or device. When anonymous or non-personal information is directly or indirectly linked with personal information, this anonymous or non-personal information is also treated as personal information. We will consider persistent identifiers that are not anonymized, de-identified or aggregated as personal information. Not all jurisdictions have the same definition for personal information and non-personally identifiable information. Additionally, please check here for the definition of personal information under the Children’s Online Privacy Protection Act (“COPPA”) which we follow for any personal information collected from children under 13. Please also see the COPPA FAQ for more information.
If you are a resident of California, we follow the definition of personal information as set forth under the California Consumer Privacy Act of 2018 (CCPA) as amended and its implementing regulations .
A pixel tag is a type of technology placed on a website, or within the body of an email for the purpose of tracking activity on websites or when emails are opened or accessed, and is often used in combination with cookies. Pixel refers to the software code that is placed within a web page in order to trigger the placing of cookies and transmits information to us or our third party service providers. This enables two websites to share information. The resulting connection can include information such as a device’s IP address, the time a person viewed the pixel, an identifier associated with the browser or device, the type of browser being used and the URL of the web page from which the pixel was viewed. A pixel tag is also known as a web beacon or Clear GIFs. There may or may not be a visible graphic image associated with the pixel, and often the image is designed to blend into the background of a web page or email.
Sell also does not include sharing, transferring or disclosing of Student Data or other personal information with a service provider that is necessary to perform a business purpose (such as detecting security incidents, debugging and repairing, analytics, storage or other processing activities) provided that the service provider does not further use or sell the Personal Information or Student Data except as necessary to perform the business purpose. KidRewards is also not “selling” personal information if a user directs KidRewards to intentionally disclose Personal Information or uses KidRewards to intentionally interact with a third party, provided the third party does not also sell the personal information.
If you are a resident of California, we follow the definition of sell or sale as set forth under the California Consumer Privacy Act of 2018 as amended (“CCPA) and its implementing regulations.
Server Log Data
Like most websites, our servers automatically record the page requests made when you visit our websites. These “server logs” or “log data” typically include your web request, IP address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
“Student Data” means any personal information, whether gathered by KidRewards or provided by a school or its users, students, or students’ parents/guardians for a school purpose, that is descriptive of the student including, but not limited to, information in the student’s educational record or email, first and last name, home address, telephone number, email address, or other information allowing online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information text messages, documents, student identifies, search activity, photos, voice recordings or geolocation information. To the extent U.S. law applies, Student Data may include education records . Student Data as specified in Exhibit B to our Student Data Privacy Addendum is confirmed to be collected or processed by the KidRewards pursuant to our services. Student Data shall not include de-Identified data or information that has been anonymized, or anonymous usage data regarding a student’s use of our services.
We consider third-party advertising on our service to mean third-parties that would directly advertise their products or services on our service (i.e., such as when an advertiser would bid to place an advertisement directly on a platform such as Facebook). We don’t allow third parties to advertise directly on our service in user logged-in areas of our service. We also do not use third-party ad servers (such as Google AdWords or AdSense) in user logged-in areas of our Service. However, we may serve contextually relevant advertising for third-party products and services ourselves that we believe may be of interest to you (e.g., our collaboration with Stanford creating Growth Mindset videos).
Unique Device Identifier
A unique device identifier (sometimes called a universally unique ID or UUID) is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device (for example an IMEI-number of a mobile phone). Different device identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. A given device may have several different unique device identifiers. Unique device identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant advertising.