1160 Main Street
Buffalo, NY 14209
11/10/16 – 8/13/2019
Starting with this new updated version, when material changes are made to these policies, we will send an email to all account holder email addresses. We will send notices out a week in advance of effective policy change dates. If users continue to use the service, they are indicating consent to these changes.
During the registration process, the person creating accounts provides information.
School Accounts. When teachers register, they provide information that may include a name, school name, district name, school email address, position, password, and phone number.School Accounts must be created with a verifiable educational institution email address to ensure appropriate educational access.
When a teacher uses Tyto Online, they are able to add students in order to keep track of their learning progress and assign activities to them. Students are organized into periods under different subjects by their teacher. For these accounts, we ask teachers to enter the students;’ first and last name, and they can then create a username and password or have them automatically generated for the students.
Teachers may also opt to use a third party Google Classroom integration, in which case student information that includes email addresses will be imported from Google Classroom. Google provides us with the students’ email, name, profile id, and teacher information.
Parent & Child Accounts (non-School). We also support students making their own accounts, separately from a school, under a parent’s supervision. Parents provide information including their name, email, username, and password. When Parents add children, they provide their first name and then set up usernames and passwords.
If a child registers to play on their own, we request the parent’s email so that we can obtain permission for the child to play.
Information During Purchasing. All account types allow for creating a free trial account with the same processes, and that follow the same policies defined here. There are no in-app purchases available or accessible to children.
If someone decides to purchase a Tyto Online subscription, which is done via the website dashboard, users may also provide credit card information and their billing zip code.
During the registration process, the person creating accounts provides information.We also automatically receive information based on our website and game services.
Messages. Tyto Online collects chat messages that are sent and received within the Tyto Online application.
IP Address. We collect your IP address when you login to our services, in order to provide more specific location-based services that we offer now or in the future. For example, connecting you to the closest game server.
Web Search History. We do not collect users’ web search history across third party websites or search engines. However, if a user navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find us. Our website does not honor “do not track” signals transmitted by users’ web browsers, so we encourage you to visit the following link if you would like to opt out of certain tracking: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. Note that if you wish to opt out, you will need to do so separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox®, Safari®).
Usage Data. We also collect information about what you’re doing with our product, in order to improve the experience and provide accurate assessment data. This includes when you log into the game or website, when you log out of the game, and data on what you accomplish and do within the game via analytics tracking.
The information we collect helps us provide and improve our product.
Contact Information for Account Notification, Support, & Marketing
Opt-in subscriptions targeted towards adults (educators, parents) may ask users to sign up for newsletters, promotional offerings, or participation in other feedback or informational sessions. These communications may include tracking. The information submitted will never be shared or sold to third parties, and an opt-out link will be included at the bottom of these messages. We never knowingly send marketing or advertising to student or child users.
We also require an email for password recovery and sending notifications, emailing about new features or training options, and more. An opt-out link will be available at the bottom of all messages that are not required for functioning of the product.
Providing the Service and its Features
Most of the information we collect is used primarily for providing Tyto Online and its related services, such as its assessment dashboard. For example, IP addresses allow us to connect users to the correct server in the world for the best performance. We collect students’ names so that teachers can use this information to manage their classes, assign content, and receive assessment information. Similarly, detailed information on what the student does within the game is used to generate assessment data for teachers’ legitimate educational uses.
We also collect PII to collect and process payment information, when needed to continue services.
Improving the Product
Information is also used and retained in order to guide the internal team in improving the product. For example, de-identified information is used by the developers to see the common educational patterns made by students in the game, so that the game can be improved for better educational outcomes.
We will never sell your data to third parties or share data for marketing or advertising purposes.
We may provide limited personally identifiable information to third party service providers in order to help us provide and improve our own services.
In short, our commitment to you regarding third parties is that:
1. They are used for the purposes of providing and improving our services.
2. We will not share any personally identifiable information for marketing or advertising purposes.
3. We will never sell any personal information to third parties.Teachers may also opt to use a third party Google Classroom integration, in which case student information that includes email addresses will be imported from Google Classroom. Google provides us with the students’ email, name, profile id, and teacher information.
We use a variety of third party service providers, such as analytics companies, to understand usage of our services. We may allow those providers to place and read their own cookies to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties.
These third parties are bound contractually to practice adequate security measures and to use your information solely as it pertains to the provision of their services. They do not have the independent right to share your personally identifiable information.
The following type of third parties have access to limited PII for specified uses (generally email addresses).
Rostering & Single Sign-in. We use Google Classroom and Google Single Sign-in services in order to allow easy account access and set up. We do not support any other social login services.
Google provides us with the following information: students’ email, name, profile id, classroom and/or course name, and teacher information. We currently do not share information with Google Classroom, but may add this feature in the future to support Educator Account workflows.
Hosting and Log Storage. We use Amazon Web Services for hosting our game servers, databases, and logs. This means that PII is stored here in the form of emails, usernames, character names, and user IDs. However, Amazon does not have permission to use this information personally.
Customer Support & Outreach. We use some third party services for customer support and outreach, such as our live chat, Knowledgebase, or email services. These services have access to emails, some to names, and sometimes behavioral information, such as triggers we set up to prompt customer support emails and delivery analytics. These services include Mailchimp (including the Mandrill service), Intercom (which also collects IP, location, and device information to help us provide fast and accurate support), and Hubspot. Some basic contact information may also go through Google as we use their email and docs internally.
Contract & Payment. We use Stripe to collect payment information, when necessary, which includes customer name, credit card information, billing zip code, and contact information. We also use Quickbooks for internal tracking of revenues and expenses, which may include school billing contact information. We use Hello Sign to sign electronic documents. None of this includes student PII.
The following third parties have access to user data, but only in de-identified form without PII. This may include teacher registry information (email and name) as this alone is not considered PII.
Analytics & Tracking. We share anonymous or de-identified information about our users for tracking analytical information that helps us debug and improve our services. These include Google Analytics, Amplitude, and Papertrail.
Research Purposes. We may use or share anonymous or aggregate and de-identified information for educational research purposes, to evaluate, inform, or show the efficacy of our services.
Required by Law. We reserve the right to disclose personally identifiable information if we are required to do so by law, or if we believe that disclosure is necessary to protect our rights, protect your safety or others’ safety, investigate fraud, and/or comply with a judicial proceeding, court order, subpoena, or legal process.
We take a variety of technical and common-sense measures to protect your data.
Tyto Online takes protecting your security and privacy seriously and has put measures in place to protect your information. These include the use of secure, access-controlled data centers operated by industry leading partners, data encryption in transit and storage of personal information, SSL security, and hashed and salted passwords.
We also take common-sense, non-technical approaches. We limit the amount of personal data we collect to begin with, focusing on what we need to provide services and contact our customers. Our employees who have access to any PII are provided training on privacy laws.
In the event of a security breach, we will notify affected account holders within the amount of time required by law so that you can take steps to keep your data safe.
The school or district assumes responsibility to verifying parental consent to use Tyto Online. There are multiple ways teachers or schools can obtain parental consent:
1. Obtain consent as part of a school-wise technology consent process you already have in place;
2. Obtain individual consent from parents to use Tyto Online;
3. Teachers in the United States may agree to act as the parent’s agent and provide consent on their behalf for students to use Tyto Online solely in the educational context as provided by the FTC.
Teachers, schools, or districts using Tyto Online maintain ownership of their Student Records (as defined in the Family Educational Rights and Privacy Act (FERPA)).
Each educator has access to a dashboard that allows control over the Student Records. They can create, update, review, modify, and delete accounts.
Educators are encouraged to safeguard access to Tyto Online Student Records, and notify us if there is any unauthorized use of a password or account registered to them. Students using Tyto Online under an educator account will only be able to create or access their accounts with a class code provided by the teachers. Students will be able to communicate with other students within their classroom within Tyto Online. Tyto Online does not allow students to communicate with other students outside of their schools right now (although this may be added as a feature, requiring parent permission to enable, in the future).
We encourage educators to notify parents if they use Tyto Online. Parents can log into their children’s’ accounts to see their records. If you are the parent or guardian of a student using Tyto Online with their teacher, you can request login information from your child or their teacher. You are encouraged to use this information to view your student’s progress at any time. Parents have the right to request that we delete personal information or make changes to records at any time.
Under the terms of our agreement with schools, we agree to act as a “School Official” as defined by FERPA, meaning that we:
1. Perform an institutional service or function for which the school or district would otherwise use its own employees;
2. Have been determined to meet the criteria for being a School Official with a legitimate educational interest in the education records;
3. Are under the direct control of the school or district with regard to the use and maintenance of education records; and
4. Use education records only for authorized purposes and will not re-disclose Personally Identifiable Information from education records to other parties (unless we have specific authorization from the school or district to do so and it is otherwise permitted by FERPA).
COPPA through Schools. These practices are COPPA compliant. Tyto Online limits use of the child’s information to educational uses authorized by the school.
In addition, School account administrators can review childrens’ personal information and request to have it deleted. Tyto Online may still retain information for up to 30 days to provide customer support and prevent accidental deletion. Please keep in mind that after deletion, recovery of account progress will be impossible.
School account administrators can also request that there is no further use of the child’s information; however, Tyto Online will need to inactivate or delete the account for this, as we cannot provide Services without some data processing.
Parent and Child Registration without Schools. We also allow children and parents to use the service outside of schools. We provide a way for parents to sign up and add their children, providing their consent in the process.
When it becomes necessary to collect personal information from children under 13, we will only do so after obtaining verifiable parental consent, as defined under COPPA, or as otherwise permitted under COPPA. We confirm that the parent is the one giving consent with credit card confirmation.
This information is only retained where the minor’s parent or legal guardian, has provided and/or approved that information to Immersed Games during the registration process. Children before parental consent will not be able to use in-game chat, meaning there is no way for individuals to contact them in the game.
Such information is not shared with third parties and is only used internally. A child’s usage information, such as analytics collected through gameplay, is only shared in an aggregated anonymous manner and never in a way that could personally identify the minor.
In the event that we learn that we have collected personal information from a minor without parental consent, they will delete that information as quickly as possible. If the User believes that their child or a minor may have provided us with personal information beyond what is requested when signing up for the Site or game, please contact the company at firstname.lastname@example.org.
Parental Review of Personally Identifiable Information. Parents will have the ability to use their parental account to administer their children’s accounts and review the personally identifiable information maintained by Immersed from such accounts. Parents or guardians may establish a parental account during the initial registration process for the child’s account or, subsequently, through the account management features applicable to the child’s account.
Right now, students can only see each other in the game and have a set of emotes to select from. In the future, we may add chat functionality but it would only be available by school or parent opt-in.
Users can access and change their own personal information (name, email, username, password) from the website account dashboard unless they are a child account, or imported from Google Classroom. Child accounts can only be edited by their parents, and Google Classroom account information must be edited with Google.
Tyto Online will delete an account and all content associated with the account if the account has not been accessed for more than 7 years. An inactive account will not be automatically deleted, so that students can return to the game during their K12 learning experience and retain their customized character and learning progress.Prior to deleting an abandoned account, Tyto Online will notify the account owner associated with the account by email and provide an opportunity for them to log in and prevent deletion.
If you would like to delete your Tyto Online account (or that of your students or children) and all related account information, please send an email to email@example.com. Tyto Online may still retain information for up to 30 days to provide customer support and prevent accidental deletion. Please keep in mind that after deletion, recovery of account progress will be impossible.
If you are a teacher or school administrator within the US, please be aware that FERPA requires us to retain student education records once a valid request to inspect those records has been made.
Unfortunately, data created by Tyto Online gameplay is unique to the proprietary design of Tyto Online and not usable by other applications. Therefore, this data is not currently exportable or portable to other services or applications.
If you have any questions, please email us at firstname.lastname@example.org