Introduction

We at Yeti My Friend, Inc. (“we,” “us,” or “Yeti My Friend”) value your privacy. In this Privacy Policy, we provide you with detailed information about our collection, use, maintenance, and disclosure of Personal Data (as defined below) when you use our website (the “Site”) or Trooᵀᴹ , our mobile application (the “App”) (collectively, the Site and the App are referred to as the “Services”). This Privacy Policy applies to any information that can be used to identify a person (“Personal Data”) that Yeti My Friend may collect from you when you use, access, or otherwise interact with our Services. 

The App and Services are designed to take a whole-child approach to unlock creativity, nurture curiosity, and develop social-emotional skills for elementary and primary school children (each, a “Learner”) through interactive stories and activities.. If you are a parent or guardian of a Learner (“Guardian”) that creates a user account (“User Account”) through the App or visits our Site, we may collect certain Personal Data about you and about your Learner. 

In the United States, the App, Site, and Services may be used by teachers, school administrators, or other school personnel (“Educators”) as part of an educational program or materials offered through a school, school district, or other similar educational institution (“School”). Our collection of any Personal Data pertaining to Educators and/or Learners on behalf of an Educator or School will be governed by our contract with the School and any other applicable federal, state or local privacy laws and regulations. In the event of a conflict between this Privacy Policy and our contract with the School, the contract with the School will govern as to Personal Data or educational records as defined by the Family Educational Rights and Privacy Act (“FERPA”) (such records hereinafter known as “Educational Records”) and collected under that contract. If you have any questions or concerns about how we collect and use Learner Personal Data or Educational Records pursuant to our contract with a School or would like to exercise any rights you may have with respect to that Personal Data or Educational Records, you should contact the School directly.

As a matter of our practices and policies, we adhere to the principles set out in the European Union General Privacy Directive, however our Services are operated from the United States, and the privacy laws of the United States may not be as protective as those in your jurisdiction. If you are located outside of the United States and choose to use the Services or provide your information to us, you agree that your information will be transferred, processed, and stored in the United States. Your use of the Services represents your agreement to this practice. For the purposes of the GDPR, we act as a data controller for the personal data which we collect directly from users who interact with us outside of an agreement we have with school or school district, but we act as a data processor for the personal data which we collect and process as part of our agreement with a school or school district.  We have established an individual within our executive team as our data protection officer, who can be reached at privacy@yetimyfriend.com.

IF YOU DO NOT AGREE WITH ANYTHING DESCRIBED IN THIS PRIVACY POLICY OR THE ADDENDUM, DO NOT DOWNLOAD THE APP, PERMIT A LEARNER TO DOWNLOAD THE APP, LOG IN TO OR PERMIT A LEARNER TO USE THE APP, OR USE OR PERMIT A LEARNER TO USE THE SERVICES.

If you have any questions related to how we use and disclose Personal Data and/or Educational Records, please contact us at:

Yeti My Friend, Inc.

privacy@yetimyfriend.com

When any user clicks on the privacy support email address, confirmed Users are either over the age of 18 or are Learners whose educators have received the requisite notice and have provided appropriate consent aligned to the requirements of the Children’s Online Privacy Protection Act (“COPPA”). 

Note regarding third-party sites: Our Services may contain links to other sites not operated by Yeti My Friend. If you click a third-party link, you will go to that third party’s site. We have no control over how any third party uses your Personal Data. We strongly advise you to review the privacy policy(ies) of every site you visit. Yeti My Friend has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to your use of or access to any third-party sites or services.

Privacy Policy Updates

Please note that we occasionally update this Privacy Policy. If we make any material modifications to this Privacy Policy, we will send any new versions of this Privacy Policy to the email address you provided when creating a User Account, conspicuously post this Privacy Policy in the Services, and/or otherwise communicate any new versions of this Privacy Policy to you through your User Account. Any changes to this Privacy Policy will be effective immediately upon posting or upon the Effective Date indicated in the communication or on the Privacy Policy update.

Deletion

If you are a Guardian and no longer agree to the collection, use and disclosure of a Learner’s Personal Data or Educational Records, as described in this Privacy Policy, you can request deletion of Personal Data, Educational Records and/or your User Account (or the User Account you created on behalf of a Learner) by (i) selecting the delete account option within the settings of your User Account, or (ii) sending a deletion request to support@yetimyfriend.com with the following information: 

• Your name;

• Your login email address; and

• A statement that you are requesting account deletion.

Notwithstanding the foregoing ,deletion of User Accounts created by an Educator or School are governed by our contract with that School, FERPA and other relevant laws and regulations. If you have any questions about the deletion of User Accounts, Personal Data or Educational Records on behalf of your School, please reach out to your School directly.  Upon termination of an account or a request for deletion, Yeti My Friend will delete your Personal Data or deidentify your personal information no later than ninety (90) days from the receipt of your request.  

Collection and Use of Personal Data

How Does Yeti My Friend Collect Personal Data and What Personal Data Do We Collect?

Directly from you or on your behalf. We collect Personal Data that you provide directly to us. Personal Data is required to use certain features of our Services. We will collect Personal Data that you provide to us through the Service features, contact forms on the Site, and in your communications with us in the following ways:

Registration and Account Data: From Guardians, we collect your and your Learner’s name and email address, as well as your Learner’s grade level, a username, and your relationship to the Learner. If you are an Educator, we collect your name, email, and the grade level you teach from you or the applicable School. We use this information primarily for creating User Accounts, customizing the user experience, and contacting you relating to our Services and your User Account.

User-Generated Information: Yeti My Friend may collect information provided to us by the Learner about the Learner’s education and personal experiences input on the App. User-Generated information may include recorded text, audio or video responses provided by the user. User-generated information is only used to (i) customize the user’s experience provided by the Services, and (ii) improve the Services and create additional functionality.  User-Generated Information from Leaner’s and Educators may be considered Educational Records under FERPA and therefore treated as such.

Feedback: When you provide comments or feedback about our Services or our content ("Feedback"), we will not treat that Feedback as confidential, and we may use that Feedback for any purpose in our sole discretion so long as it does not personally identify a person. Feedback will be used without attribution or compensation to you.

Third Party SSO Information:  If your school or district chooses to use third party single sign-on for access to the Site, Application and/or Services, you may have to provide us with your username (or user ID) so that your identity can be authenticated through the third-party account (the “SSO Account”). When the authentication is complete, we’ll be able to link your account with the SSO Account. That linking may allow us to access and collect certain personal information, such as your name and email address, your user ID for the SSO Account, data tokens used to implement single sign-on and connect with your SSO Account profile, and other personal information that your privacy settings on the SSO Account permit us to access, in connection with creating your Site, Application and/or Services account.  We may also share some information back to the SSO Account depending on the requests of your school or district and the capabilities of the particular SSO services utilized.  We encourage you and all schools or districts to carefully choose privacy settings in SSO Accounts to limit the exchange of information to what you (or the school / district) want to share with us and want us to share. However, we don’t try to access any information in the SSO Account that we don’t have to access to allow you to use it to sign onto the Site, Application and/or Services.  We never receive or store passwords for any of your SSO Accounts.  In some circumstances school accounts may be provided with QR codes for log-in purposes.  Each QR code is associated with individual user accounts and should be safeguarded against unauthorized disclosure as you would a password.

Through automated means. 

If you are under 13 years of age: We will not collect any Personal Data from you unless and until we have received consent from your Guardian to do so. Specifically, this means that we will not collect any IP addresses assigned to the computers and other devices you use (or proxy server); your internet service provider and/or mobile carrier; device ID number; browser type; operating system Site pages visited; websites you access before and after visiting the Site, system configuration information, date/time stamps associated with your usage; and data related to how and when you use the Site. This may prevent you from using some or all of the features of the App or the Services. 

If you are older than 13 or Guardian consent has been provided: While we do not collect Personal Data automatically, we may tie automatically collected information to Personal Data or Educational Data about you that has previously been provided to us. We may use common information-gathering tools and similar technologies to automatically collect information about you from your computer system or mobile device as you navigate and use the Site, including via the use of cookies, web beacons, pixel tags, and other tracking technologies (collectively "Cookies"). A cookie is a small text file that our Site may save onto your computer or device when you use the Site that provides us certain information about your activities. Cookies allow the Site to remember your actions and preferences and recognize you or your browser, along with some information you provided. Web beacons/pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage.

Most browsers automatically accept Cookies. You can disable this function by changing your browser settings but disabling cookies may impact your use and enjoyment of the Site. Not all features or functions of the Site may work properly if you disable Cookies. You cannot disable all Cookies, such as Cookies that are essential to the functioning of the Site. 

The Cookies on our Sites may collect information such as: IP addresses assigned to the computers and other devices you use (or proxy server); your internet service provider and/or mobile carrier; device ID number; browser type; operating system Site pages visited; websites you access before and after visiting the Site, system configuration information, date/time stamps associated with your usage; and data related to how and when you use the Site.

A Cookie can either be a “session” Cookie or a “persistent” Cookie. Session Cookies exist only for so long as you are visiting the applicable site and are typically deleted when you exit your web browser. Persistent Cookies exist for a set period of time, for example, up to several months or years. Each time you visit a site that has implemented a persistent Cookie, the persistent Cookie is renewed, and that Cookie will remain active until its predetermined expiration date. You can manually delete persistent Cookies through your browser settings.

How does Yeti My Friend Use Personal Data?

In addition to the uses described elsewhere in this Privacy Policy, Yeti My Friend uses Personal Data for the following purposes:

• To manage, analyze and provide the functionality of the App, Site, and Services to you, as well as to troubleshoot problems and address security issues; 

• To transact business with you;

• To inform our business strategies and analyze our current and prospective customer base;

• To respond to requests from government authorities, and to comply with applicable state and federal law, including cooperation with judicial proceedings and court orders;

• To protect our legal rights and interests and to seek business and legal advice;

• To manage and improve our operations and the App, Site, and Services, including through development of additional functionality; and

• To evaluate the quality of the Services you and/or Your Learner receive and improve your and/or your Learner’s user experience.

To Whom Does Yeti My Friend Disclose Personal Data?

In addition to disclosures of Personal Data described elsewhere in this Privacy Policy, we may disclose Personal Data to the following categories of individuals/entities:

Business Partners and Vendors: We disclose Personal Data to our partners, service providers, and other individuals/entities who help run our business, administrative or technical functions for our business, and help us provide communications to you (“Business Partners”). Specifically, we may employ third-party companies and individuals to store Personal Data, facilitate the App, Site, and/or our Services, develop and/or provide the App, Site, and/or Services on our behalf, perform Service-related functions, , and/or assist us in analyzing how our Services are used. We do not sell Learner’s Personal Data or Educational Data.  We will not use, sell, share or disclose Personal Data or Educational Data we receive to: (i) market or advertise to Learners or Guardians; (ii) inform, influence or enable marketing or advertising to Learners or Guardians; or (iii) develop a profile of a Learner or Guardian for any commercial purposes.  Personal Data and Educational Data are only collected for providing or improving the App, Site and/or Services.  We use Amazon Web Services for cloud services including any future integration of our own instances of any artificial intelligence used to provide summaries of Learner feedback to Guardians.  We use MongoDB for high volume data storage.  We currently use the following engineering resources: NVISH Solutions, Inc., Akivna Technologies Privacy Limited, and mirco1, Inc. for engineering services.  

Our Advisors: We may disclose Personal Data to third parties that provide advisory services to Yeti My Friend, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”) so long as the advisor agrees to hold the information as confidential in accordance with this Privacy Policy. 

Third Parties Pursuant to Business Transfers: We may disclose Personal Data to a subsequent owner if the Site or App are sold to a third party, or in connection with a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of the Yeti My Friend corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings), including with respect to any due diligence performed related to the foregoing, so long as the third party in question agrees to hold the information as confidential in accordance with this Privacy Policy

Government and Law Enforcement Authorities: We may disclose Personal Data to (i) respond to legal and governmental requests and comply with legal processes or as otherwise required by law; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms of Use; or (iii) when necessary to identify, contact or bring a legal action against someone who may cause or be causing harm to, or interfering with our legal rights or any other party's legal rights.

How Long Does Yeti My Friend Retain Personal Data and/or Educational Records?

Yeti My Friend retains Personal Data for as long as is reasonably necessary to fulfill the purpose for which the Personal Data was collected.  In the case of Educational Records, Yeti My Friend will retain the data as long as needed to provide the Services or as otherwise agreed by the agreement between Yeti My Friend and the School or as required by FERPA and other relevant laws and regulations.  

Children’s Data

What Happens to Personal Data Submitted by Children?

Yeti My Friend will not require a Learner or any other child to disclose more information than is reasonably necessary to access and use the App and/or Services. Except in limited circumstances permitted under applicable law, Yeti My Friend does not knowingly collect Personal Information from children under the age of 13 without first securing verifiable consent from the child’s parent or guardian. If access to the Services is provided by a School, we rely on the School to obtain appropriate consent from an appropriate parent or guardian. If Yeti My Friend learns that Personal Data has been collected from or about a Learner or child under the age of 13 on our Service without the consent required by COPPA or other applicable law and regulations, Yeti My Friend will take appropriate steps to delete this information. 

If you discover that a Learner under the age of 13 has a registered User Account without appropriate consent, please contact us at privacy@yetimyfriend.com and we will make commercially reasonable efforts to delete such Personal Data. 

How Do Guardians Give Consent?

The App requires the child’s Guardian to confirm their year or birth in order to set up an account. The Guardian is provided the requisite direct notice regarding Yeti My Friend. 

Additionally, when a Learner attempts to access links to external videos, the Learner is asked whether they are under the age of 13. If the Learner is under the age of 13, the App will require the Guardian to grant the Learner access to the external video. 

What Rights Do Guardians Have Concerning Learner Personal Data?

You may have certain rights relating to the Personal Data of a Learner if they are under the age of 13 pursuant to the Children’s Online Privacy Protection Act (“COPPA”) and other applicable data protection and privacy laws. If you are a Guardian, these rights include the right to:

• Access and review Personal Data about the Learner that is held by Yeti My Friend;

• Erase/delete the Learner’s Personal Data, to the extent required by applicable data protection and privacy laws and to the extent technologically feasible;

• Be informed regarding and/or receive communications related to the processing of the Learner’s Personal Data;

• Restrict the processing of the Learner’s Personal Data to the extent required by law;

• Object to the further processing of the Learner’s Personal Data.

Where the processing of a Learner’s Personal Data is based on Guardian consent, a Guardian has the right to withdraw that consent at any time. If you would like to withdraw your consent or exercise any of the above rights, please contact us at privacy@yetimyfriend.com. 

Will Yeti My Friend Disclose Personal Data Collected From Learners?

If we receive verifiable parental consent from the Guardian of a Learner under 13 years old, we will disclose that Learner’s Personal Data only in a manner consistent with, and as described throughout, the rest of this Policy. When we request a Guardian consent, you have the option of consenting to our collection and use of the Learner’s Personal Data without consenting to the disclosure of the Learner’s Personal Data subject to any exceptions permitted by applicable law.

Retrieving, Changing and Deleting Information.

We may store analytics data and information collected through our websites separately from the information stored in the individual applications or services.  We may have no meaningful ability to provide you with information concerning analytics data.  For personally identifiable information collected through the websites (e.g., by signing up for a mailing list), please contact us at privacy@yetimyfriend.com if you would like us to delete that information, or if you would like to know which personal information of yours, we have or have shared with third parties.

We use technical safeguards to ensure the integrity of the personal information we collect and store.  However, because we receive all personal information either from you directly, or from the school or school district with which you are affiliated, we have no ability to determine the accuracy of that information and rely on you or the relevant school or school district to either correct or inform us of any inaccuracies so that we can correct them.  

Through your account settings, you may access, and, in some cases, update or delete the personally identifiable information in your Applications account.  Please note that in some cases, the information in your Applications account can only be changed by your teacher, school, or school district, and you cannot change it yourself.  In that case, you will need to contact the relevant person in your school or school district.  If you cannot delete or update your personally identifiable information and the ability to do so is not controlled by our school or district, please contact us at privacy@yetimyfriend.com and we will facilitate the deletion of your requested personally identifiable information.

Guardians may request that we cease collection of personal information about their child.  If you are a Guardian and would like to request that personally identifiable information regarding your child (or, if you are a teacher, a child that is in your class) be updated or personal information about your child no longer be collected (and/or that it be deleted) and you do not have the ability to do so yourself, please contact us at privacy@yetimyfriend.com. In most cases we will refer your request to the relevant school or school district, but if you or your child is not affiliated with a school or school district, we will respond to your request within thirty (30) calendar days of receipt.

You may be able to add or update information as explained above. By emailing us at privacy@yetimyfriend.com you may request that we delete your account or provide you with a list of all personal information of yours we have or have shared with third parties. In most cases we will refer your request to the relevant school or school district, but if you or your child are not affiliated with a school or school district, we will respond to your request within thirty (30) calendar days of our receipt of such request.  

Generally speaking, unless a legal request has been made for a user’s personally identifiable information, we do not retain and will delete personally identifiable information in Services accounts within a reasonable period after we are informed the account will no longer be used, or if it becomes inactive and we are unable to contact the relevant user, their school or school district.  We may use aggregated or de-identified information derived from your personally identifiable information after you update or delete it, but not in a manner that would identify you personally.

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing, updating or deleting information we have on file about you, please contact us at privacy@yetimyfriend.com.

Website Operators

We may use third-party applications, sites or services to collect or maintain Personal Data consistent with this Privacy Policy.

Please direct your inquiries about any operator's privacy practices and use of Personal Data to:

Yeti My Friend, Inc.

Email: privacy@yetimyfriend.com

Safeguarding Personal Data

Yeti My Friend understands the importance of data security. We use a combination of technical and administrative security controls with the goal of (i) maintaining the security and integrity of Personal Data; (ii) protecting against any threats or hazards to the security or integrity of Personal Data; and (iii) protecting against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.

Your account is protected by a password for your privacy and security, and you select that password, so we encourage you to select a strong password. If you use an SSO Account to access your account, you may have additional or different sign-on protections via that third party site or service. You should prevent unauthorized access to your account and the personally identifiable information in that Account by selecting and protecting your password and/or other sign-on mechanism appropriately, not sharing those sign-on credentials with anyone, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

We endeavor to protect the privacy of your account and other personal information we hold in our records, and we use industry standard data security measures to protect your personal information. This includes: (1) only storing your personal information under our control, (2) using two-factor authentication for our personnel to access your personal information, (3) implementing physical access controls to those areas where personal information is stored, (4) limiting access to your personal information to only those of our personnel who need to have that access to do their jobs, and (5) encrypting all of your personal information both in transit and at rest. We also regularly conduct audits of our security practices to make sure that they are up to date.  Unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.

In the event of an unauthorized disclosure of your personal information, we will provide notice as required by applicable law.

You should also be aware that:

• If you are a student, your teacher and your school administrators can access your account and its personally identifiable information.

• If you are a teacher, your school administrator can access your account and its personally identifiable information.

This means that your account security is only as good as the security precautions of the teachers and school administrators who can access your account, and you should check with them about those precautions and their information handling policies.

As no method of transmission of data over the Internet, or any other method of electronic storage or transmission, is 100% secure, WE DO NOT GUARANTEE OR WARRANT THAT OUR CONTROLS WILL PREVENT UNAUTHORIZED ACCESS TO OR PROTECT THE SECURITY OR INTEGRITY OF PERSONAL DATA IN ALL SITUATIONS. YOU ASSUME THE RISK THAT UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS THAT MAY COMPROMISE THE SECURITY OF PERSONAL DATA AT ANY TIME.

Communications

Can You Opt Out of Receiving Communications from Yeti My Friend?

We may send you communications, such as emails, using the contact information we have on file for you, and we may use third parties to provide these communications. You may opt-out of emails from us by clicking “unsubscribe” in the email, however, this does not opt you out of non-marketing emails, such as emails about your User Account or your use of the Services. 

Do Not Track Disclosure

Some web browsers may transmit do not track (“DNT”) signals to websites with which the user communicates. YETI MY FRIEND DOES NOT CURRENTLY PARTICIPATE IN ANY DNT FRAMEWORKS THAT WOULD ALLOW YETI MY FRIEND TO RESPOND TO SIGNALS OR OTHER MECHANISMS REGARDING THE COLLECTION OF PERSONAL DATA.