Last updated: November 18, 2021
As transparency and privacy are among PRIVO’s core values, we regularly review our privacy notices to make sure that you are always aware of our practices, what information we collect, how we use it and how we might share it. The ‘What’s new’ section summarizes the changes made to the previous version. To review previous versions of this policy please contact us using the details below.
Changes to this Policy
What is the PRIVO iD Platform
The PRIVO iD Platform, (aka PRIVO-Lock) is an identity and consent management platform owned and operated by Privacy Vaults Online, Inc. d/b/a PRIVO®. The PRIVO iD Platform (the Platform) is a third-party service provider for websites, apps, connected toys and other online services (aka “online services") handling account creation, identity verification and managing consent on their behalf. It also includes the PRIVO iD (PiD), a privacy enhanced single sign on for parents and families. EdTech providers that have an agreement with a school or district may also use the PRIVO iD Platform.
PRIVO is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
What does powered by PRIVO iD mean
The powered by PRIVO iD (PiD) symbol indicates that the online service uses PRIVO's technology solution, but it is not operated by PRIVO. The solution enables individuals to give informed consent to an online property to legally collect, use, share, disclose or block personal information.
The PRIVO iD Platform utilizes a sliding scale for verification assurance and authorization which adapts to the specific data use and disclosure risk associated with the feature the child or any other individual seeks to access. By using this sliding scale, the PRIVO iD Platform offers a solution that is tailored to the specific features an online property offers, making parental consent or revocation easy, convenient, and scalable.
What is a PRIVO iD (PiD) Account
A PRIVO iD account (PiD) is part of the PRIVO iD Platform suite of services. A PiD account is a secure online log-in credential that can be used by online services in the PRIVO iD network. Only COPPA compliant services and those that have met the requirements of the PRIVO Privacy Assured Programs are included in this network. PiD account holders have a dashboard that allows individuals to manage consent and their account settings and data collected by PRIVO. Individuals can manage their own PiD account on myPRIVO and with the online services they have registered with.
What is myPRIVO
myPRIVO is a website (my.privo.com) where users can login with their PRIVO iD to manage their account. It also showcases information on members of PRIVO's FTC approved COPPA Safe Harbor and Kids Privacy Assured programs. You can visit myPRIVO here.
We updated this policy on November 18, 2021 to provide further information on where data is stored.
Changes to this Policy
We may make minor non material changes to this policy from time to time. When we do the last updated date will reflect this and you will continue to be bound by this policy. If we make a material change, that is a change to the way we collect and process personal information we will take reasonable steps to contact you first by email and by alert on login and when necessary, obtain your consent, before making the change effective for you. If you would like to see a past version of this policy please contact us at firstname.lastname@example.org.
Information We Collect on Behalf of a Website, App or Online Service that Uses The PRIVO iD Platform
The PRIVO iD Platform assists companies with streamlining account creation, identity verification and the login process as well assisting to obtain informed consent for features and functionalities that can be directly mapped to: the information necessary to provide the service, the duration and retention of such data, the individual who will be provided the relevant privacy notices, as well as the processing of identity verification for minors, adults and holders of parental responsibility in order to satisfy the regulatory requirement associated with the processing of such data.
In some cases, we may not collect or maintain any personal information and only log a PRIVO generated service identifier as record of a transaction processed by an online service provider’s use of the Platform.
Notice is provided if the context in which personal information is collected changes, however, PRIVO would not use personal information collected for any purpose other than that which you consented to, without first seeking your consent. The personal information collected below is combined to seek parent consent, verify a parent and obtain parent consent for a child. Combined information is treated as personal information.
A child below the age of consent may begin the process of engaging with an service that needs to record it’s compliant handling of data to initiate an account for a client service using the Platform. On behalf of the service, PRIVO may collect the following:
In some instances, the following information may also be collected:
A parent or guardian may be asked to create an account on service that uses the Platform and depending on the regulatory requirement for informed consent, age assurance and proof of parental responsibility, PRIVO’s verification widget may be utilized.
On behalf of the online service, PRIVO may collect the following from parents and guardians:
The following information may also be collected from a parent or guardian when necessary:
Before asserting a parent/guardian child relationship, a parent may be asked to verify they are an adult by choosing a method in light of available technology that may include one of the following:
To learn more about why parental consent is necessary, click here.
PRIVO uses third-party providers to verify adult’s information and does not use it for any other purpose but verifying identity. Depending on the method you use to verify, PRIVO may securely retain the last four digits of your credit card, hashed SSN or driver’s license number as record of a transaction. For more information on these third-party service providers see here.
Parents may also provide PRIVO with verifiable parental consent through an offline method, such mailing, faxing or emailing a signed form to PRIVO or calling the PRIVO Customer Service number.
When you have completed the registration process, individuals will each receive a unique PiD account. This PiD may allow adults, teens, parents and their child(ren) to securely log into online services that accept the PiD credential, but additional consent may be required.
PRIVO does not collect precise geo location data, nor does it collect health or biometric, sensitive or behavioral data or student records from pre-K - 12 students. PRIVO does not collect free or reduced lunch status. Users cannot upload any user generated content and we do not offer any community features or social sharing, therefore we do not include information on copyright or copyright licenses in this policy. The sole purpose of the platform is to support online services to obtain verifiable parental consent and provide a privacy enhanced login credential.
Personal information is not shared with third parties for analytics, research or product improvement.
No personal information is displayed publicly.
You may request your personal information is returned to you at any time by contacting us at email@example.com.
Third Party Service Providers
PRIVO works with a number of third-party service providers solely to support our services. Personal information is not acquired from third party service providers. Information shared with these third parties is not used for any other purposes or shared onwards. PRIVO requires that all third parties have appropriate security measures in place. For more information on the personal information shared with each third party please contact us here: firstname.lastname@example.org.
To see each third party, what it is used for and how to find more information on each please click here.
In some instances, personal information is shared to provide verification services to our customers only. This is limited to the personal information outlined above.
If a third party we work with was found to be violating or misusing any personal information, PRIVO would cease to work with this third party and would require that all personal information is deleted upon termination of the agreement.
PRIVO does not serve advertising of any kind to children or adults. We do not rent or sell your data to third parties and we do not combine it with data from any third parties. PRIVO does not track users, allow third parties to track users, target users with advertising on other websites or build profiles of users.
There are no in-app purchases or purchases of any kind included in our service.
What We Do With The Information You Provide
PRIVO only uses information collected directly from you for the purposes stated. The information is used to facilitate registration on sites and services and to process verifiable parental consent when required by law.
We will also use your information to update you about changes to our policies and to give you information about additional products and services we may offer.
Control Over Your Information and the Information of Your Child
When you provide us with consent for you and/or your child to participate at an online service using the Platform we give you the option to agree to the collection and use by ourselves and our client of your child’s personal information for internal purposes, without having to agree to the disclosure of your child’s information by us or our client to unaffiliated third parties.
To manage your information, or the information we maintain about your child, sign in through the client service you registered with directly or you can visit my.privo.com and click on “sign in” at the top right of your screen. Then click on your profile image and select “account & settings”. There, you will be able to see all the permissions you have set for your child, access the personally identifiable information that PRIVO has collected from you and/or your child, correct factual errors in such information and can delete this information. Information can also be deleted by contacting PRIVO directly. To protect your child’s privacy and security online, we will take reasonable steps to help verify your identity before granting you access to the personal information that we collect and maintain about you or your child.
We retain the personal information we collect as long as reasonably necessary to provide the service. If a parent or child requests to delete their information this request will be met within 30 days unless there is a legal requirement to retain the information. PRIVO will not retain personal data longer than needed to meet statutory requirements.
If parent consent is not obtained PRIVO deletes any personal information collected from a child which would be limited to first name, email address, parent email address.
PRIVO’s services is provided to obtain the correct level of parent consent for a child to use an online service of one of our customers. FERPA school official exceptions do not apply in this context. PRIVO does not transfer parental consent obligations to a school or district. PRIVO does not collect or disclose directory information.
Passively Collected Data
We use strictly necessary cookies to serve some of the information to you during the delivery of our service. To find out more about these cookies please contact us at email@example.com.
PRIVO is SOC2, TYPE 2 certified and uses generally accepted security measures and safeguards and requires that the third parties it works with agree to do the same. The measures and safeguards include limiting access to the data to those persons who need it to complete their work for PRIVO. Access is restricted using technical measures. There is no physical access to user information.
PRIVO may host the registration pages of sites and services that use the Platform. All data is transmitted through an SSL transmission to ensure privacy and security of your family’s information. Data is encrypted at rest. We have put in place industry standard physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. PRIVO allows users to update their information. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while PRIVO uses reasonable efforts to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach PRIVO will inform affected users where required.
PRIVO uses AWS servers in the United States to store data. For more information on this please contact us at firstname.lastname@example.org.
How to Update or Remove Your Information
PRIVO keeps your information/content for as long as necessary in providing the services. If you want to opt out of services, review your information, or delete your information, please contact us at email@example.com.
If a parent or child requests to delete their information this request will be met within 30 days unless there is a legal requirement to retain the information. PRIVO does not collect any personal data or content from a user that the user could download when an account is closed.
Notice For California Users
PRIVO does not disclose personal information to third parties for marketing purposes. For further information about our privacy practices, or to review and request to have deleted any personal information you have shared with us, please contact us at: firstname.lastname@example.org.
Note for EU Citizens
PRIVO complies with the rights given to EU Citizens under the General Data Protection Regulation (GDPR). These rights are as follows:
You can action any of these rights by contacting us at: email@example.com
If you are an EU citizen and would like to make a complaint about the way we process your personal data, you can contact the relevant Data Protection Authority (DPA). Please contact us at firstname.lastname@example.org to find out more.
EU-U.S. Privacy Shield Framework
In the context of an onward transfer, a Privacy Shield organization has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. The Privacy Shield organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, PRIVO commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PRIVO at:
17949 Main St., #1025
Dumfries, VA 22026
Attn: Privacy Officer
PRIVO has further committed to refer unresolved Privacy Shield complaints to JAMS an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
The EU-US Privacy Shield, as a legal basis for transfers of personal data, has been invalidated by a judgement from the Court of Justice of the European Union. However, for as long as PRIVO is self-certified to the Privacy Shield, PRIVO agrees to process EU Data in compliance with the Privacy Shield Principles.
PRIVO uses AWS servers in the United States to store data. For more information on this please contact us at email@example.com.