- We design and operate our technology and services with our users’ protection and privacy in mind, and we make every effort to be transparent in our data collection and use practices.
- Our flagship education products include individual accounts that enable schools and parents to keep track of individual student learning and maintain control over their student data.
- We do not use student or children’s personal information for advertising purposes, including targeted advertising.
- We do not rent or sell student data.
- BrainPOP uses industry standard protocol to ensure that student data is encrypted and transmitted securely from end to end and at rest.
- We limit the data collected from students or children to only that which is necessary to meet the educational purposes of BrainPOP.
- We do not collect sensitive data like biometric or health data or behavior data.
- Students cannot interact with other users outside their school, classroom or family account. The product is not intended and does not allow for social interactions between students.
- Districts, schools and homeschools are able to delete student personally identifiable information at any time.
- We are proud supporters of the K-12 School Service Provider Pledge to Safeguard Student Privacy.
- BrainPOP complies with the Children's Online Privacy Protection Act (COPPA).
- BrainPOP agrees to operate as a school official as the term is used in the Family Educational Rights and Privacy Act (FERPA), and operates at the direct control of our school and district customers with respect to our use and handling of their student records.
Last updated June 15th, 2020.
For purposes of this policy, we will use the following definitions:
Personally identifiable information (PII) is information that can identify a user of the Services, including his or her e-mail, name, and address. It also includes PII combined with non-PII.
De-identified information is information from which personally identifiable components have been removed and a reasonable determination made that an individual is not identifiable.
Student Records are records that are directly related to a student and maintained by BrainPOP on behalf of a school or district subscriber.
What Type of Information Do We Collect and Why?
Education Product Subscribers:
Information collected during the subscription process: During the registration process for any of our subscriptions, we ask the subscriber to provide us with a name, email address, school or district affiliation (when applicable), phone number, and billing information. We may also ask you to provide username and password. We use the information to create and service the account, fulfill the subscription and send you service-related announcements. For instance, we may send emails about routine maintenance, new feature launches or product recommendations related to your subscription. We may also use this contact information to request feedback on our products and services, to inform future customer service and product improvements. If you are registering for a free trial, we will use the information to create a free trial account and to send occasional promotional emails and other marketing campaigns. You may opt out of promotional email messaging at any time as described in the Opt Out section below.
BrainPOP at Schools:
Whether engaging with BrainPOP through a free trial or a paid subscription, schools or districts are required to appoint an administrator (“Administrator”), who is authorized by the school or the district to be responsible for the Students Records.
Each school or district Administrator has access to a dashboard that allows them to create, update, review, modify and delete individual accounts, and monitor logins within the individual accounts.
To create the teacher accounts, we require a full name, email address, class name, and a password security question. We also use the email address to send product updates and use recommendations, password recovery information, effectiveness and efficacy data, invitations to participate in surveys and research and more (messaging may not be available in all jurisdictions). An unsubscribe option is included in promotional messaging.
If a school or district uses and accesses individual accounts through any of the single sign on services that we support, we collect the information we use for the individual accounts function from the third party integrated service.
Students accounts can be created by the school, the district, or by the teachers, or the teacher can invite the students to create the accounts using a class code provided by the teacher. We collect students’ full name, class, graduation year/grade, username, password and security question(s). Students will be able to store their activities, quizzes, movies and other projects they’ve created and correspondences with their teachers within their individual accounts. We collect student’s voice-recording if they use the recording feature in Make-a-Movie®. Students cannot interact with other users outside their school or classroom subscription. Students’ PII is not posted publicly.
BrainPOP at Home:
To create a family subscription for home use, parents or legal guardians are asked to provide their full name, email address and other minimally required personal information.
For family subscriptions that permit individual accounts, we also ask parents or guardians for their children’s name (first or full name, depending on product), graduation year/grade, username, password and security question(s), an avatar image, when applicable. We use this information to create the individual child accounts. Some of the family subscriptions allow children to store their activities, quizzes, movies and other projects they created, and badges or goals they have achieved, and the Homeschool subscription allows for children to correspond with the parent/guardian within the Services. Children cannot interact with other users outside their family or homeschool subscription. Children PII is not posted publicly.
Parents or guardians subscribing to the family products will receive occasional emails with information about usage of the accounts, new features, product use recommendations, effectiveness and efficacy testing, backup schedules, survey and research participation invitation and more. An opt-out will be included at the bottom of promotional messaging.
Children under Age 13:
In compliance with the Children's Online Privacy Protection Act (COPPA), BrainPOP does not collect personally identifiable information from children under 13, without a parent or guardian's consent, or that of a school if applicable. Parents and guardians of children under 13 who use any of the BrainPOP products have certain rights under COPPA and BrainPOP recognizes those rights. At any time, parents/guardians using a home product may request to review the personal information we collected from their child, request that we make no further use of that information or request that we delete it. To exercise your right to delete information, please use the contact information below. Parents/guardians of children using BrainPOP through a school account should contact their school to exercise their rights and we will work with the parent/guardian and school together to facilitate those requests.
A child's participation or access to an activity on BrainPOP cannot be conditioned on him or her providing more personal information than is reasonably necessary for that activity.
Connecting with BrainPOP:
Contact information for newsletter and surveys: On BrainPOP Educators®, and other adult-facing pages of our Services, including pages that do not require log in, adult users may choose to sign up for newsletters, promotional offerings, or participation in surveys, all of which require contact information. The submitted contact information will be used for promotional purposes, and you may opt-out at any time. An opt-out link or instructions on how to opt-out will be included at the bottom of such messages. Registration for newsletters, promotional offerings, and surveys participation are not intended for minors.
Information we collect when you contact us: When you send us messages through our system or by email or through other online platforms, we collect the information you provide, including your message and any contact information you include. We use and retain such information to respond to your request, facilitate support to you in the future and to optimize our support services. We will respond once to messages from children under age 13 and then we delete those messages and any personally identifiable information contained in them.
Feedback: Certain features we offer include an option to provide us with feedback. The feedback feature does not identify the user submitting it. If we receive personally identifiable information through a feedback form we take steps to immediately delete that information. We reserve the right to use feedback for any purpose with no obligation to you.
Applying for a job: all resumes submitted by applicants through our website are submitted through BambooHR. We will only use the information for the application process.
Information Collected Automatically
We automatically receive and record information on our server logs from a user’s browser. This may include the IP address, pages of BrainPOP visited, the time spent on those pages, and access times and dates. We use this information to better display our Services, maintain a user’s session, identify the country the user is located in, monitor, analyze use of and administer BrainPOP, and to better tailor it to your needs. We may also use this information to serve advertising to adult users.
To collect this information, we use technological tools including:
Cookies. A cookie is a small data file sent from a website or application and stored on your computer or device. Cookies allow us to recognize your browser when you return to BrainPOP, remember your login information, enable access to paid content and monitor potential account misuse. Cookies also allow us to better understand how you interact with BrainPOP and to monitor aggregated usage. You can set your browser to detect some cookies, to stop accepting cookies or to prompt you before accepting a cookie. Disabling our cookies will prevent access to paid content and limit some of the functionalities within our Services. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your web browser, or visit allaboutcookies.org.
Pixel Tags. A pixel tag (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one-pixel – that we place in our marketing emails, newsletters, promotional offerings and surveys. We use pixel tags and line tracking to analyze the effectiveness of our marketing campaigns.
By using our Services, you agree to our use of these tracking technologies.
In addition, we and our third party partners may use tracking technologies to deliver targeted advertisements and marketing messages to adult users on our or unaffiliated websites and online services. We also occasionally source information about groups of adults to generate a "lookalike audience" or similar audience of prospective customers through advertising platforms. This allows us to target prospective customers with advertisements on their networks who appear to have shared interests or similar demographics to our existing customers, based on the platforms' own data. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the ads, and this information is only used for customer prospecting.
To learn about interest-based advertising, “lookalike audiences” and how you can opt-out of these features, you may wish to visit the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org/choices, and/or the Digital Advertising Alliance (DAA) resources at http://www.aboutads.info/choices. Note that if you wish to opt out, you will need to do so separately for each of your devices and for each web browser you use. You may also manage certain advertising cookies by visiting the EU-based Your Online Choices at http://www.youronlinechoices.eu/. You may also be able to limit interest-based advertising through the settings on your mobile device by selecting “limit ad tracking” (iOS) or “opt-out of interest based ads” (Android). You may also be able to opt-out of some – but not all – interest-based ads served by mobile ad networks by visiting http://youradchoices.com/appchoices and downloading the mobile AppChoices app.
We also subscribe to various third parties’ education market information and databases, for example databases of school contacts. We use this data to learn about the industry we serve, to improve our services and for direct marketing. Some third-parties may provide us pseudonymized information about you (such as demographic information or sites where you have been shown ads) from offline and online sources that we may use to provide you more relevant and useful advertising.
Push notifications on mobile apps: Our adult users have the option to accept push notifications. If push notifications are accepted, we will store your previously provided name and email address in the push notification token. If you choose to receive push notifications, we will need to collect certain information about your device - such as operating system and user identification information - in order to ensure they are delivered properly. We also collect the user time zone, which is set on the device, to ensure that we send notifications at an appropriate time of the day. We do not combine this information with other PII. You may turn push notifications off at any time using your device controls.
How Long We Retain Personal Information:
Districts, schools and homeschools are able to delete student personally identifiable information at any time and in real time using the Administrator dashboard as mentioned above. Once that information is deleted, it is deleted from our servers – first from our servers and then, after two weeks later, from any back-up server. If information was not deleted by the school or the district before the subscription expired, we retain such information for a limited period of two years after expiration.
Student classroom accounts and the student identifiable information within them are automatically deleted after two years of inactivity - first from our server and then, two weeks later, from any back-up server. At that point it cannot be restored.
If your jurisdiction requires the deletion of student data within a shorter time period, or upon immediate termination of the subscription, you are required to delete such data using the Administrator dashboard as mentioned above or contact us for assistance at firstname.lastname@example.org.
Districts and schools may request copies of their student personal information (which includes an CSV template file of names, classes and quiz scores), which shall be provided within four (4) weeks of the written request.
Individual accounts created on the BrainPOP Home subscription will automatically be deleted after three (3) months after the expiration of the subscription.
We will retain, use and share anonymous or aggregate and de-identified information for lawfully permissible purposes, including developing and improving educational products and services, educational research purposes, evaluating, informing and demonstrating the effectiveness and efficacy of our products and services.
How We Share Your Information
We may provide Personally Identifiable Information to our partners, business affiliates, and third party service providers who work for BrainPOP and operate some of its functionalities. These may include hosting, streaming, credit card processing services and companies that provide marketing emails on our behalf. A current list of these third parties service providers is available to our subscribers upon request through email@example.com. These third parties service providers are bound contractually to practice commercially reasonable security measures and to use your Personally Identifiable Information solely as it pertains to the provision of their services. They do not have the independent right to share your Personally Identifiable Information or use it for any unrelated purposes.
We reserve the right to disclose personally identifiable information if we are required to do so by law, or if we believe that disclosure is necessary to protect our rights, protect your safety or others' safety, investigate fraud, and/or comply with a judicial proceeding, court order, subpoena, or legal process.
We may share teachers’, administrators’ and parents’ email addresses collected when registering to free trials with third parties business partners for marketing purposes when the individual has opted in to receive such communication. You may opt out of promotional messaging at any time as described in the Opt Out section below.
We strive to maintain security policies and procedures that are designed to protect your information.
Our servers are located in a secured, locked, and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, U.S.-based, off-site data center.
We apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to encrypt data in transit between the server and the browser remains encrypted. We also encrypt the data at rest.
Governance policies and access controls are in place to ensure that the information of each district, school, or other subscriber is separated, and all subscribers can only access their own data.
Only limited BrainPOP personnel have access to the database, and personnel only access it when necessary to provide services. Personnel with access to Student Records pass criminal background checks and undergo periodic privacy training.
We follow standardized and documented procedures for coding, configuration management, patch installation, and change management for all applicable servers, and we have a third party audit our practices at least once a year.
While we strive to maintain industry-standard privacy and security practices, it should be noted that no industry system is fail proof, and we are not responsible for security incidents not reasonably foreseeable or reasonably within our control. In the event of unauthorized access to Personally Identifiable Information, we will notify the affected subscriber(s) in accordance with applicable law, and as appropriate, coordinate with the subscriber to support notification of affected individuals, students, and families.
Links to Third Party Sites
If you have subscribed to receive marketing messaging from us, or if you receive an unwanted email from us, you can opt-out of receiving future emails by clicking the opt-out link in the email or alternatively by sending an email to firstname.lastname@example.org, with “Opt out” in the subject line. We will process your request within a reasonable time after receipt. Note that you will continue to receive operational emails regarding the products or services you are subscribed to.
For California Residents
As a California resident, you have certain rights regarding your personal information. These rights include:
- Right to Know and Access Information: You may request access to the personal information we maintain about you in the ordinary course of business. This may include what personal information we collect, use, or disclose about you. We may not fulfill some or all of your request to access as permitted by applicable law.
- Right to Deletion: You may request that we delete your personal information. Depending on the scope of your request, we may refrain from granting your request, as permitted by applicable law. For example, we may be legally required to retain your information in our business records.
- Right to Opt Out of the Sale of Your Personal Information: California law considers certain uses of personal information, such as sharing your personal information with a third party in order to serve ads to you to be a “sale.” We do not sell personal information of children or students. However we do engage in some marketing behavior with data from adults that would be considered a “sale” under California law. You may request to opt-out of that use of your information by using the methods provided below or via this form.
In order to prevent unauthorized access to your information, we are required by law to verify your identity before we may address your request.
To Exercise Your Rights
BrainPOP is used in schools at the direction of our Customers. In addition, we are obligated under FERPA to remain under the direct control of our Customers with respect to our use and maintenance of student personal information that is part of the education record. As such, if you use BrainPOP through a school account and wish to exercise your rights in respect to student personal information, please contact your education institution and we will work with them to facilitate your request.
All other BrainPOP users and visitors may exercise these rights by:
- Calling us at Toll free phone number: 866-54-BRAIN (866-542-7246)
- Emailing us at email@example.com
- Visiting https://educators.brainpop.com/contact-us/contact-legal/
- Or mailing us at BrainPOP, Attn: Legal Department, 71 W 23rd Street, 17th Floor, New York, NY 10010.
Your exercise of the above rights is subject to certain exemptions to safeguard the public interest and our interests. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if and why we are unable to fulfill your request.
Non-discrimination: We shall not discriminate or otherwise penalize anyone for exercising their rights.
|Categories of Personal information we collect||
|Categories of sources from which the Personal Information is collected||
|Business or commercial purpose for collecting or selling Personal Information||We collect your Personal Information to provide the services and for the following business purposes:
|Categories of third parties with whom we share Personal Information||We share personal information with service providers who support us in delivering the Services as described above.
For our adult users, we also share personal information with "third parties" as the term is defined in CCPA for targeted marketing purposes.
|Specific pieces of Personal Information we have collected||Education Products Subscribers:
Administrators, educators and parents: full name, email address, phone number, username, password, security question, school, school address (or home if parents), classes associated with the account, IP address
Students: full name, username, password, security question, school and classes associated with the account, graduation year/grade, voice recording (if using Make-a-Movie recording feature), IP address
Connecting with BrainPOP: name, email address, other contact information, IP address
Website visitors: IP address, pseudonymous end user identifiers
Authorized Agent: California residents may use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a California resident to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the resident and have sufficient access to their laptop, desktop, or mobile device to exercise these rights digitally. If you are an authorized agent trying to exercise rights on behalf of a BrainPOP user, please contact the user's school or district with supporting verification information, which includes a valid Power of Attorney in the State of California, proof that you have access to the user’s device, and proof of your own identity.
Using BrainPOP® Outside the US
If you are using the Services outside the United States, you consent to having your information and data transferred to the United States. If you are in any jurisdiction with laws or regulations governing internet use, including collection, use, and disclosure of personal data, different from those of the United States, you may only use the Services in a manner that is lawful in your jurisdiction. If your use of the Services may be unlawful in your jurisdiction, please do not use them. If your use of the individual accounts may be unlawful in your jurisdiction, please do not use it.
Using BrainPOP® From the EU
BrainPOP processes your information in one of two capacities, either: (i) as a Data Controller for our own internal business operations, such as sales, marketing, administration etc., or (ii) as a Data Processor when carrying out our Services for our school customers using individual accounts.
As a Data Controller, BrainPOP processes your personal data, in accordance with applicable law, for the following purposes:
- track your interaction with our emails we send, so we can see if they are working as intended;
- sending you marketing communications/placing marketing calls, in order to keep you informed of our products and services, which we consider may be of interest to you;
- to comply with applicable law, for example, in response to a request from a court or regulatory body, where such request is made in accordance with the law; and
- where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure; and
- offer our goods to you in a personalized way, for example, we may provide suggestions based on your personal data to enable you to identify suitable goods and services.
The bases for processing of your personal data for the purposes described above will include:
- you provided us with your consent;
- for BrainPOP’s legitimate business interests as outlined in paragraphs a., b. (where this does not include B2C email or phone marketing communications), d. and e. above; or
- for compliance with a legal or statutory obligation to which BrainPOP is subject.
Your personal data will be retained as long as is reasonably necessary for the purposes listed above or as required by applicable local law. Retention periods can vary based on the type of information and how it is used.
What Are Your Rights Under the GDPR?
Parents/guardians of children using BrainPOP through a school account should contact their school to exercise their rights and we will work with the parent/guardian and school together to facilitate those requests.
When we are operating as a Controller, we provide you with certain rights related to your personal data. To exercise your rights, please contact us at firstname.lastname@example.org. We will respond to your request within a reasonable time frame.
Please note that the rules in your country may provide you with additional rights or may limit the rights noted below. In all cases, we will comply with the applicable laws.
Right of access
You may have the right to obtain confirmation about whether or we process your personal data, and when we do, to request access to that personal data. The access information includes the purposes of processing, the categories of personal data involved, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
Right to rectification
You may have the right to rectify inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase that personal data.
Right to restriction of processing
Under certain circumstances, you may have the right to restrict processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
Right to data portability
Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
Right to object
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, or where Personal Data are processed for direct marketing purposes at any time to the processing of your Personal Data by us and we can be required to no longer process your Personal Data.
Moreover, if your Personal Data is processed for direct marketing purposes, you have the right to object at any time to the processing of Personal Data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your Personal Data will no longer be processed for such purposes by us.
If you have concerns or complaints you may have a right to lodge a complaint with a supervisory authority.
To request execution of the Standard Contractual Clauses (“SCC”) as set forth under GDPR regarding the collection, use, and retention of personal information from European Union, Switzerland, and the United Kingdom to the United States, please contact us at email@example.com.
EU-US Privacy Shield
BrainPOP LLC participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. BrainPOP is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield website. https://www.privacyshield.gov/list
BrainPOP is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers it to a third party acting as an agent on its behalf. BrainPOP complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, BrainPOP’s adherence to the Privacy Shield Framework is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, BrainPOP may be required to disclose personal data in response to lawful requests by public authorities, including requests to meet national security or law enforcement requirements.
Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
In compliance with the Privacy Shield Principles, BrainPOP commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BrainPOP at: firstname.lastname@example.org.
BrainPOP has further committed to refer unresolved Privacy Shield complaints to TrustArc Privacy Dispute Resolution service, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TrustArc are provided at no cost to you.
Using BrainPOP® From Australia
We encourage schools in Australia to use our privacy notice (https://www.brainpop.com/about/australia_notice) to inform parents/guardians of our products and practices. This notice conforms to the notice requirements under the Australian Privacy Principles (APPs) 8 – cross-border disclosure of personal information.
If you wish to report a security breach, please contact us at email@example.com.