Search

PRIVO iD Platform Privacy Policy

Last Updated: November 15, 2023

As transparency and privacy are among PRIVO’s core values, we regularly review our privacy notices to make sure that you are always aware of our practices, what information we collect, how we use it and how we might share it. The ‘What’s new’ section summarizes the changes made to the previous version. To review previous versions of this policy please contact us using the details below.

Content 

What is the PRIVO iD Platform

What does powered by PRIVO iD mean

What is a PRIVO iD (PiD) Account

What is myPRIVO

What's new

Changes to this Policy

Information we collect on behalf of a website, app or online service that uses The PRIVO iD Platform

Service providers

What we do with the information you provide

Control over your information and the information of your collected data

Passively collected data

Security

How to update or remove your information

Notice for California Users

Note for EU and UK Citizens

EU – US Data Privacy Framework

Contact

 

What is the PRIVO iD Platform

The PRIVO iD Platform, (aka PRIVO-Lock) is an identity and consent management platform owned and operated by Privacy Vaults Online, Inc. d/b/a PRIVO®. The PRIVO iD Platform (the Platform) is a service provider for websites, apps, connected toys and other online services (aka “online services") handling account creation, identity verification and managing consent on their behalf. It also includes the PRIVO iD (PiD), a privacy enhanced single sign on for parents and families. EdTech providers that have an agreement with a school or district may also use the PRIVO iD Platform.

This policy covers the PRIVO iD Platform and myPRIVO (my.privo.com). It is not intended to, encompass the privacy practices of the sites and services that use the Platform. To understand how our clients, use your information, and that of your child, please review their privacy policy.

If you disagree with any part of this Privacy Policy, please do not use the Platform or myPRIVO.

PRIVO is a leader in online privacy protection. The privacy solutions offered by PRIVO also include an FTC-approved COPPA (Children’s Online Privacy Protection Act) Safe Harbor Program, as well as GDPRkids™ Privacy Assured and the Children's Code Privacy Programs. To find out more about these solutions visit privo.com and the privo.com privacy policy.

PRIVO is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).


What does powered by PRIVO iD mean 
The powered by PRIVO iD (PiD) symbol indicates that the online service uses PRIVO's technology solution, but it is not operated by PRIVO. The solution enables individuals to give informed consent to an online property to legally collect, use, share, disclose or block personal information.

The PRIVO iD Platform utilizes a sliding scale for verification assurance and authorization which adapts to the specific data use and disclosure risk associated with the feature the child or any other individual seeks to access. By using this sliding scale, the PRIVO iD Platform offers a solution that is tailored to the specific features an online property offers, making parental consent or revocation easy, convenient, and scalable.   


What is a PRIVO iD (PiD) Account
A PRIVO iD account (PiD) is part of the PRIVO iD Platform suite of services. A PiD account is a secure online log-in credential that can be used by online services in the PRIVO iD network. Only COPPA compliant services and those that have met the requirements of the PRIVO Privacy Assured Programs are included in this network. PiD account holders have a dashboard that allows individuals to manage consent and their account settings and data collected by PRIVO. Individuals can manage their own PiD account on myPRIVO and with the online services they have registered with.


What is myPRIVO
myPRIVO is a website (my.privo.com) where users can login with their PRIVO iD to manage their account. It also showcases information on members of PRIVO's FTC approved COPPA Safe Harbor and Kids Privacy Assured programs. You can visit myPRIVO here.


What’s New
This policy was updated on November 15, 2023 to include information on PRIVO’s participation with the EU – US Data Privacy Framework.


Changes to this Policy
We may make minor non material changes to this policy from time to time. When we do the last updated date will reflect this and you will continue to be bound by this policy. If we make a material change, that is a change to the way we collect and process personal information we will take reasonable steps to contact you first by email and by alert on login and when necessary, obtain your consent, before making the change effective for you. If you would like to see a past version of this policy please contact us at privacy@privo.com.


Information We Collect on Behalf of a Website, App or Online Service that Uses the PRIVO iD Platform
The PRIVO iD Platform assists companies with streamlining account creation, identity verification and the login process as well assisting to obtain informed consent for features and functionalities that can be directly mapped to: the information necessary to provide the service, the duration and retention of such data, the individual who will be provided the relevant privacy notices, as well as the processing of identity verification for minors, adults and holders of parental responsibility in order to satisfy the regulatory requirement associated with the processing of such data.

In some cases, we may not collect or maintain any personal information and only log a PRIVO generated service identifier as record of a transaction processed by an online service provider’s use of the Platform.

Notice is provided if the context in which personal information is collected changes, however, PRIVO would not use personal information collected for any purpose other than that which you consented to, without first seeking your consent. The personal information collected below is combined to seek parent consent, verify a parent and obtain parent consent for a child. Combined information is treated as personal information.

A child below the age of consent may begin the process of engaging with a service that needs to record its' compliant handling of data to initiate an account for a client service using the Platform. On behalf of the service, PRIVO may collect the following:

  • Child first name
  • Date of birth
  • Username
  • Moderated display name
  • Password

In some instances, the following information may also be collected:

  • Gender
  • Grade
  • Child email address
  • Parent / Guardian email to seek verifiable consent in the manner described above, for the child’s use of the service.

PRIVO does not collect more information than reasonably necessary for a child or any individual to participate in an activity. The online service using the Platform may collect or request the Platform collects additional information from your child and will disclose this to you in its privacy policy and the Platform notice.

A parent or guardian may be asked to create an account on service that uses the Platform and depending on the regulatory requirement for informed consent, age assurance and proof of parental responsibility, PRIVO’s verification widget may be utilized.

On behalf of the online service, PRIVO may collect the following from parents and guardians:

  • First name
  • Date of birth
  • Username
  • Password
  • Email

The following information may also be collected from a parent or guardian when necessary:

  • Last name
  • Display name
  • Child email address for child account
  • Physical address that could be used for such things as toy catalogues, magazines, and rewards
  • Mobile phone number for account authentication and communication

Before asserting a parent/guardian child relationship, a parent may be asked to verify they are an adult by choosing a method in light of available technology that may include one of the following:

  • A credit card number in conjunction with a monetary transaction
  • Banking information
  • Partial social security number in conjunction with their last name, address, date of birth and/or postal code
  • A driver’s license number in conjunction with their full name and address
  • Video conference with a trained verifier
  • Or other data that is reasonably designed to identify the user and their parental status

To learn more about why parental consent is necessary, click here.

PRIVO uses service providers to verify adult’s information and does not use it for any other purpose but verifying identity. Depending on the method you use to verify, PRIVO may securely retain the last four digits of your credit card, hashed SSN or driver’s license number as record of a transaction. For more information on these  service providers see here.

Parents may also provide PRIVO with verifiable parental consent through an offline method, such mailing, faxing or emailing a signed form to PRIVO or calling the PRIVO Customer Service number.

When you have completed the registration process, individuals will each receive a unique PiD account. This PiD may allow adults, teens, parents and their child(ren) to securely log into online services that accept the PiD credential, but additional consent may be required.

If a service uses PRIVO’s Smart Age Gate™ to provide the users with an appropriate privacy protected experience, age or date of birth is collected along with device type and model, operating system, browser and local time zone along with some other non-personal data such as screen resolution and browser window size. If a user enters the wrong date of birth and wishes to dispute and correct their already-provided age, they will be required to verify their age using one of the methods outlined above.

PRIVO does not collect precise geo location data, nor does it collect health or biometric, sensitive or behavioral data or student records from pre-K - 12 students. PRIVO does not collect free or reduced lunch status. Users cannot upload any user generated content and we do not offer any community features or social sharing; therefore we do not include information on copyright or copyright licenses in this policy. The sole purpose of the platform is to support online services to obtain verifiable parental consent and provide a privacy enhanced login credential.

Personal information is not shared with third parties for analytics, research or product improvement.

No personal information is displayed publicly.

You may request your personal information is returned to you at any time by contacting us at privacy@privo.com.


Service Providers
PRIVO works with a number of service providers solely to support our services. Personal information is not acquired from service providers. Information shared with these third parties is not used for any other purposes or shared onwards. PRIVO requires that all third parties have appropriate security measures in place. For more information on the personal information shared with each service provider please contact us here: privacy@privo.com.

To see each service provider, what it is used for and how to find more information on each please click here.

In some instances, personal information is shared to provide verification services to our customers only. This is limited to the personal information outlined above.

If a service provider we work with was found to be violating or misusing any personal information, PRIVO would cease to work with this service provider and would require that all personal information is deleted upon termination of the agreement.

PRIVO does not serve advertising of any kind to children or adults. We do not rent or sell your data to third parties, and we do not combine it with data from any third parties. PRIVO does not track users, allow third parties to track users, target users with advertising on other websites or build profiles of users.

There are no in-app purchases or purchases of any kind included in our service.


What We Do With The Information You Provide
PRIVO only uses information collected directly from you for the purposes stated. The information is used to facilitate registration on sites and services and to process verifiable parental consent when required by law.

We will also use your information to update you about changes to our policies and to give you information about additional products and services we may offer.

PRIVO will disclose information about you or your child(ren), in a manner that is not aggregated or anonymous, if we believe it is legally necessary to do so, for example, in response to a court order or civil subpoena, or to law enforcement or other government officials in connection with an investigation of fraud, intellectual property infringement, or other activity that is illegal or may expose PRIVO to legal liability. In addition, in the event of a merger, acquisition, reorganization, bankruptcy or other similar event, PRIVO customer information may be transferred to our successor or assigned but will remain governed by and protected in strict accordance with this Privacy Policy and no further use of customer information will be made without explicit consent. PRIVO will inform users in the event of a merger or acquisition by contacting them using the email address provided.


Control Over Your Information and the Information of Your Child
When you provide us with consent for you and/or your child to participate at an online service using the Platform we give you the option to agree to the collection and use by ourselves and our client of your child’s personal information for internal purposes, without having to agree to the disclosure of your child’s information by us or our client to unaffiliated third parties.

To manage your information, or the information we maintain about your child, sign in through the client service you registered with directly or you can visit my.privo.com and click on “sign in” at the top right of your screen. Then click on your profile image and select “account & settings”. There, you will be able to see all the permissions you have set for your child, access the personally identifiable information that PRIVO has collected from you and/or your child, correct factual errors in such information and can delete this information. Information can also be deleted by contacting PRIVO directly. To protect your child’s privacy and security online, we will take reasonable steps to help verify your identity before granting you access to the personal information that we collect and maintain about you or your child.

We retain the personal information we collect as long as reasonably necessary to provide the service. If a parent or child requests to delete their information this request will be met within 30 days unless there is a legal requirement to retain the information. PRIVO will not retain personal data longer than needed to meet statutory requirements.

If parent consent is not obtained PRIVO deletes any personal information collected from a child which would be limited to first name, email address, parent email address.

PRIVO’s services is provided to obtain the correct level of parent consent for a child to use an online service of one of our customers. FERPA school official exceptions do not apply in this context. PRIVO does not transfer parental consent obligations to a school or district. PRIVO does not collect or disclose directory information.

If we are providing our service on behalf of another company, website or app then please review their privacy policy to understand your rights in relation to the personal information they have collected from you. If a parent or child requests to delete their information this request will be met within 30 days unless there is a legal requirement to retain the information.

You can file a dispute by clicking here or you can contact us at privacy@privo.com.


Passively Collected Data
We use strictly necessary cookies to serve some of the information to you during the delivery of our service. To find out more about these cookies please contact us at privacy@privo.com.


Security
PRIVO is SOC2, TYPE 2 certified and uses generally accepted security measures and safeguards and requires that the third parties it works with agree to do the same. The measures and safeguards include limiting access to the data to those persons who need it to complete their work for PRIVO. Access is restricted using technical measures. There is no physical access to user information.

PRIVO may host the registration pages of sites and services that use the Platform. All data is transmitted through an SSL transmission to ensure privacy and security of your family’s information. Data is encrypted at rest. We have put in place industry standard physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. PRIVO allows users to update their information. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while PRIVO uses reasonable efforts to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach PRIVO will inform affected users where required.

PRIVO uses AWS servers in the United States to store data. For more information on this please contact us at privacy@privo.com.


How to Update or Remove Your Information
PRIVO keeps your information/content for as long as necessary in providing the services. If you want to opt out of services, review your information, or delete your information, please contact us at privacy@privo.com.

If a parent or child requests to delete their information this request will be met within 30 days unless there is a legal requirement to retain the information. PRIVO does not collect any personal data or content from a user that the user could download when an account is closed.


 

Notice For California Users
PRIVO does not disclose personal information to third parties for marketing purposes. For further information about our privacy practices, or to review and request to have deleted any personal information you have shared with us, please contact us at: privacy@privo.com.


Note for EU and UK Citizens
PRIVO complies with the rights given to EU and UK Citizens under the General Data Protection Regulation (GDPR) and the UK GDPR. These rights are as follows:

  • to correct the personal data we have about you;
  • to withdraw your consent to the processing of your personal data;
  • to obtain a copy of the personal data we hold about you;
  • to have your personal data deleted;
  • to transfer your personal data to another controller to provide you with services;
  • to restrict the personal data we have; 
  • to request we stop processing your personal data.

You can action any of these rights by contacting us at: privacy@privo.com

If you are an EU citizen and would like to make a complaint about the way we process your personal data, you can contact the relevant Data Protection Authority (DPA). Please contact us at privacy@privo.com to find out more.


EU – US Data Privacy Framework

PRIVO complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  PRIVO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/


In the context of an onward transfer, a participating organization has responsibility for the processing of personal information it receives under the EU-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf.  The participating organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.


In compliance with the EU-U.S. DPF Principles, PRIVO commits to resolve complaints about our collection or use of your personal information.  If you have any inquiries or complaints regarding our EU-U.S. Data Privacy Framework policy you should first contact PRIVO at: 

17949 Main St., #1025
Dumfries, VA 22026
703–569–0504 (telephone)
866–588–8452 (fax within the US)
703–531–8424 (fax outside of the US)
privacy@privo.com (email)
Attn: Privacy Officer


Dispute Resolution
If a privacy complaint or dispute relating to Personal Data received by Privacy Vaults Online, Inc in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/


If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.

Binding Arbitration
If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

PRIVO uses AWS servers in the United States to store data. For more information on this please contact us at privacy@privo.com.


Contact

Privacy Vaults Online, Inc., d/b/a PRIVO
17949 Main St., Unit 1025
Dumfries, VA 22026-8043
703–569–0504 (telephone)
8665888452 (fax within the US)
7035318424 (fax outside of the US)

privacy@privo.com (email) 
Attn: Privacy Officer 
https://www.privo.com/contact