Security & Privacy
We put the privacy and security of our students, parents, and users first, following the highest standards and industry best practices.
Last updated: March 17, 2026.
This privacy policy explains how Neomind Learning (“we,” “us,” “our”) collects, uses, shares, and protects information when you use our websites, apps, and Services (the “Services”). It also describes the rights and choices that may be available to you under applicable U.S. privacy laws.
Definitions
For purposes of this privacy policy: (a) "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular individual or household. Personal Information does not include information that is aggregated or de- identified in a manner that cannot reasonably be used to identify an individual. (b) "Sensitive Personal Information" (also called "sensitive data" in some laws) includes categories such as precise geolocation; government-issued identifiers (as specifically defined by applicable law and only to the extent such identifiers are not publicly available); account log-in credentials (username and password); contents of certain communications (where we are not the intended recipient); and information about a child known to be under 13. (c) "Student Data" means Personal Information processed on behalf of a school, district, or other educational organization for K-12 educational purposes, including information that may be considered an "education record" under the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. 1232g. (d) "Sell" means disclosing Personal Information to a third party for monetary or other valuable considerations. (e) "Share" means disclosing Personal Information to a third party for cross-context behavioral advertising. (f) "Targeted Advertising" (also called "cross- context behavioral advertising") means displaying ads to an individual selected based on Personal Information obtained from that individual's activities over time and across nonaffiliated websites or online applications.
This policy covers two usage models:
Family and direct use
A parent or guardian, adult learner, or student uses the Services directly.
If you are a student using the Services through a school or district, some requests (like access, correction, or deletion) may need to be directed to and handled by the school or district as the account administrator, as they control the Student Data and we act as a service provider on their behalf.
School and district use
A school, district, or other educational organization provides the Services to students and manages student accounts; in this model, we process Student Data on behalf of, and under the instructions of, the school or district, subject to applicable agreements (such as a Data Privacy Agreement, where applicable).
Privacy principles
We built our Services to support learning while protecting student and family privacy.
We collect only the information we need to provide and improve the Services, and we keep it only as long as necessary.
We do not sell Personal Information or Student Data. We do not share Personal Information for cross-context behavioral advertising, and we do not use Student Data for behavioral advertising or any non-educational commercial purpose. We may display contextual advertisements in certain adult-facing areas of the Services; such advertisements are based on the content of the page and are not based on your personal information, browsing history, or learning activity.
We keep school-managed accounts separate from consumer accounts, so Student Data collected through a school is handled under school-controlled terms and agreements and is not used for purposes outside the educational Services provided to the school.
We apply additional protections for children under 13, including obtaining verifiable parental consent where required by the Children's Online Privacy Protection Act ("COPPA"), 15 U.S.C. 6501-6506, except where we process Student Data on behalf of a school that has provided consent under COPPA's school exception.
We use administrative, technical, and physical safeguards designed to protect information, including encryption (both in transit and at rest), role-based access controls, monitoring, and an incident response process.
1. What information do we collect?
We collect Personal Information in two ways. First, we collect information you provide directly to us. Second, we collect information when you use the Services, including information collected automatically and information generated through your use of learning features, such as progress and activity data. We collect different categories of Personal Information depending on whether you use the Services through a school or district account or through a family or direct account.
Information you provide to us
Depending on how you use the Services, we may collect:
Account information
Parent or guardian name and email, adult username and email, username, password (or authentication token), account preferences, and, if you choose to provide them, your profile information (such as a display name). Account log-in credentials (usernames combined with passwords or authentication tokens) are treated as Sensitive Personal Information.
Child profile information (if you create a child profile)
Child username, child age or age range, and optional learning preferences. We strongly recommend using a username and avoiding a child’s full legal name to minimize the collection of identifiable information about children.
Sensitive Personal Information
In general, we do not request Sensitive Personal Information beyond log-in credentials and information about a child known to be under 13 (where applicable). Please do not submit information such as Social Security numbers, driver's license numbers, financial account numbers, or precise geolocation through free-text fields (for example, support messages) unless we specifically request it for a permitted purpose. If you inadvertently provide such information, please contact us immediately at privacy@neomindlearning.com so we can delete it.
School-provided information
School roster information provided by the school or district (or via a rostering/single sign-on integration at the school’s direction), such as student name or username, student identifier, grade/class, teacher, and school identifiers, depending on the school’s configuration and integration method.
Communications
Support requests, emails, chat messages to support, survey responses, and related metadata (such as the date and time of communication).
Payments (if applicable)
Billing details are processed by our third-party payment processor, Stripe Inc. (“Stripe”). We receive confirmation of payment and limited payment-related information (such as the payment status, date, amount, and a partial payment instrument identifier such as the last four digits of a payment card), but we do not store full payment card numbers.
Information we collect automatically
We may collect:
Device and log information
IP address, approximate location (city/region) inferred from IP address, browser type, device type, operating system, app version, language settings, timestamps, device identifiers (which may include various technical identifiers as necessary for Service functionality), and crash/error logs.
Usage information
Pages/screens viewed, features used, time spent, and interactions with learning activities.
Cookies and similar technologies
We use cookies and similar technologies (such as SDKs and pixels) for authentication, security, preferences, and service operation. We may also use analytics technologies to understand usage and improve the Services. For Student Data processed on behalf of schools, we limit the use of cookies and analytics to those necessary for providing the educational Services. For information about your choices (including browser settings, Global Privacy Control, and “Do Not Track” signals), see the Cookies, Analytics, and Advertising Technologies section below.
Learning-related information
We may collect:
Progress and performance
Information generated through a user’s participation in learning activities, including assignments completed, lesson progress, quiz and assessment responses, mastery estimates, conversation or session logs, user submissions and responses, interaction history, and other learning and engagement signals. Where enabled as part of the Services, this may also include audio, video, or similar session content.
Teacher/class context
Class assignments, classroom activity, and progress views available to authorized educators.
Information we do not require
We do not require children to provide more information than is reasonably necessary to participate in learning activities.
We do not intentionally request Sensitive Personal Information from children, other than as described in this policy (for example, account log-in credentials and information about a child known to be under 13 where applicable).For additional detail on how we use and share categories of Personal Information, see Sections 2 (How we use the information we collect), 3 (How we share or transfer data), and 5 (Your privacy rights and choices).
2. How we use the information we collect
We use information to operate, provide, and improve the Services for the purposes described below. The purposes for which we use Student Data in school-managed accounts are limited to providing the Services for educational purposes and as directed by the school or district, subject to applicable agreements and applicable law (including FERPA and COPPA).
Service delivery
To create and manage accounts, provide educational features, personalize learning consistent with educational purposes, deliver content, process transactions (if applicable), provide customer support, and perform quality assurance and debugging.
AI and learning features
To use AI and machine learning technologies to provide educational features, generate content, provide feedback, and improve the Services. Student Data used with AI features is processed in accordance with our agreements with schools and this policy and is not used to train general-purpose AI models that benefit other users or third parties.
Communications
To send Service-related messages (account verification, security notices, product changes, and administrative messages) and to respond to support requests. Non- promotional messages cannot be opted out of.
Improvement and analytics
To understand usage patterns, troubleshoot issues, improve the user experience, and develop new features.
Safety and security
To protect users, prevent fraud, enforce our terms, and secure the Services.
Compliance
To comply with legal obligations (including FERPA, COPPA, and applicable state student privacy laws); respond to lawful requests and legal process; maintain appropriate records; and support audits and other lawful business purposes consistent with this policy and applicable law.
We do not use children’s Personal Information for marketing or advertising purposes. We do not use Student Data for Targeted Advertising. Any contextual advertisements displayed in adult-facing areas of the Services do not use children’s Personal Information or Student Data.
We do not use Personal Information to make decisions that produce legal or similarly significant effects about you (as those terms are used in certain U.S. privacy laws).
3. How we share or transfer data to others
We do not rent or sell Personal Information to third parties for their own purposes without consent. We also do not share Personal Information for cross-context behavioral advertising.
We share information only as needed to provide the Services and, in the circumstances, below:
Service providers and subprocessors
We may share information with trusted vendors that provide Services on our behalf (such as hosting, AI providers, email delivery, analytics, customer support, security monitoring, and professional Services). Vendors are contractually required to protect the information provided to us, to use it only to provide Services to us, and to notify us of security incidents as required by contract and applicable law. Some vendors may process information in the United States or other countries where they operate.
Subprocessor list:
Subprocessor
Purpose
Anthropic
OpenAI Services
Inworld
Groq
Novita
Novita
Hugging Face
Voyage AI
Livekit
Portkey
AWS
Milvus
neo4j
Redis
Preset
New Relic
Microsoft
Stripe
GitHub
GitHub Copilot
Atlassian
Aggregated or de-identified information
We may share aggregated or de-identified information that cannot reasonably be used to identify an individual. We maintain and use de-identified information in de-identified form and do not attempt to re-identify it except as permitted by law. For Student Data from school-managed accounts, we will use commercially reasonable efforts to de- identify such data consistent with our standard de-identification practices.
Legal and safety
We may disclose information when we believe disclosure is reasonably necessary to comply with law, respond to lawful requests, protect rights and safety, investigate fraud or suspected illegal activity, address security issues, or enforce our terms.
Business transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction, subject to applicable law and any applicable contractual restrictions. For school-managed accounts, we will provide advance notice to schools as required by our agreements and applicable law, and the successor entity will be bound by the same privacy commitments regarding Student Data. Schools may have the right to terminate and request deletion of Student Data in connection with such transactions, as provided in our agreements.
4. Marketing, advertising, and email communications
Email communications
We may send emails about our Services and updates to adult users and parent/guardian account holders. You can opt out of promotional emails via the unsubscribe link (where provided). Service and security emails are required and cannot be opted out of.
Advertising
We do not display Targeted Advertising within child-directed or school-managed experiences, and we do not permit third parties to collect information about children’s or students’ use of the Services for Targeted Advertising on other sites or services. We may display contextual advertisements in certain adult-facing areas of the Services that are not child-directed or school-managed. Contextual advertisements are selected based on the content of the page being viewed and do not use Personal Information, Student Data, browsing history, or learning activity for ad targeting.
If we run marketing campaigns outside the Services, those campaigns are not based on a child’s in-product activity.
Cookies, analytics, and advertising technologies
We and our service providers may use cookies and similar technologies to: (a) authenticate users and keep you signed in; (b) remember preferences; (c) provide security features and prevent fraud; (d) understand how the Services are used (analytics); and (e) maintain and improve the Services. We do not use cookies or similar technologies to track students across third-party websites or Services for advertising purposes. You can control cookies through your browser settings and other tools (your ability to control cookies may depend on your device and browser). Some browsers transmit "Do Not Track" signals; because there is not yet an industry-standard approach, we do not respond to "Do Not Track" signals. Where required by applicable law, we process opt-out preference signals such as the Global Privacy Control ("GPC") for applicable uses, including opt-outs of sale/sharing/Targeted Advertising, as described in Section 5.
5. How to access, update, or delete your personal information
Family and direct use
You can request access, correction, update, portability, or deletion by contacting: privacy@neomindlearning.com. We will respond to verified requests within the timeframes required by applicable law (typically 45 days, with possible extensions as permitted by law). We may need to verify your identity (and, if applicable, your authority to act on behalf of another person) before we process your request.
School and district use
Schools and districts manage student accounts and are the primary point of contact for parents and eligible students regarding Student Data in school-managed accounts. Requests about Student Data in school-managed accounts (including access, correction, and deletion) should be directed to the school or district in accordance with the school’s policies and applicable law (including FERPA). Where we receive a request directly regarding a school-managed account, we will refer the request to the school or district and/or process it in the school’s direction and in accordance with our agreement with the school. We will cooperate with schools to facilitate the exercise of rights under FERPA and applicable state student privacy laws.
You may designate an authorized agent to submit certain requests on your behalf, where permitted by law. We will take steps to verify the agent’s authority and your identity. If we deny your request, you may have the right to appeal our decision by replying to our denial notice or contacting us at privacy@neomindlearning.com with “Privacy Appeal” in the subject line. We will respond to appeals within the timeframes required by applicable law. We will not discriminate against you for exercising your privacy rights.
Additional U.S. privacy rights and choices
Depending on where you live and how you use the Services, you may have the right to: (a) request access to and a copy of certain Personal Information we maintain about you; (b) request correction of inaccurate Personal Information; (c) request deletion of Personal Information; (d) request a portable copy of certain Personal Information; and (e) opt out of certain processing, including the sale of Personal Information, the sharing of Personal Information for cross-context behavioral advertising, and Targeted Advertising. We do not sell Personal Information, and we do not share Personal Information for cross-context behavioral advertising; however, we will honor valid opt- out requests where required by law. For school-managed accounts, the school or district may control certain settings and requests for Student Data. To exercise these rights, please contact us at privacy@neomindlearning.com with sufficient detail to identify you and the specific right you wish to exercise. We will respond to verified requests within the timeframes required by applicable law.
Retention
We retain Personal Information for as long as an account is active and as needed for the purposes described in this policy, including to provide the Services, maintain security, prevent fraud, resolve disputes, enforce our agreements, and comply with legal obligations. Retention periods vary depending on factors such as the nature of the data, the purpose for which it was collected, our legal and contractual obligations, and whether the data is needed for safety and security. For school-managed accounts, we retain Student Data consistent with our agreement with the school or district and will delete or return Student Data upon the school’s request within a reasonable timeframe not to exceed 60 days, subject to applicable law and any required backup, audit, or security retention. We may retain de-identified or aggregated information that cannot reasonably identify an individual.
6. Our approach to data security
We use safeguards designed to protect information, including technical, administrative, and physical measures. These safeguards are designed to reduce risk and help protect information from unauthorized access, disclosure, alteration, and destruction.
Key measures include: Encryption in transit and at rest: All sensitive data is protected using industry-standard encryption mechanisms during transmission and while stored. Encryption safeguards information from unauthorized access and helps ensure confidentiality and integrity throughout the data lifecycle.
Role-based access and least privilege: Access to systems and data is restricted based on roles and responsibilities. Personnel are granted the minimum level of access required to perform their duties, and access rights are regularly reviewed and adjusted as needed.
Logging and monitoring for administrative access: Administrative activities are logged and monitored to detect unauthorized or suspicious behavior. Logs are retained and periodically reviewed to support security investigations and maintain accountability.
Secure development practices and vulnerability management: We follow secure development practices throughout the software lifecycle, including code reviews, security testing, and dependency management. Vulnerabilities are tracked, prioritized, and remediated in a timely manner according to internal security procedures.
No system is impenetrable. If a security incident occurs that compromises Personal Information or Student Data, we will investigate and take appropriate steps to mitigate harm. We will provide notices consistent with applicable laws and contractual obligations, which may include notice to affected individuals, parents/guardians, or schools/districts, as applicable. To report a suspected security issue, contact us at privacy@neomindlearning.com and include “Security Incident” in the subject line.
Some of our service providers may process information outside your state of residence or, for users outside the United States, outside your country of residence, as described in Section 10.
7. How do we protect children's privacy?
Children under 13 may use the Services only with:
A parent or guardian’s verifiable consent (as required by the Children’s Online Privacy Protection Act, “COPPA”) and oversight, or
A school’s authorization and oversight as part of curriculum, where the school provides consent on behalf of the parent/guardian for the student’s educational use (where permitted by COPPA).
What we collect from children
Family and direct use
For family and direct use accounts, we collect a child’s nickname or username, age or age range, and learning activity information associated with the parent/guardian account. We do not require or collect more Personal Information from children than is reasonably necessary to provide the Services. The child’s nickname or username, age or age range, and optional learning preferences are provided directly by the parent or guardian during child profile creation. Learning activity information (such as lesson progress, quiz responses, and mastery estimates) is generated as the child uses the Services. In addition, we automatically collect certain technical information during a child’s session, including device type, browser type, operating system, IP address (used to derive approximate city/region-level location), language settings, timestamps, and persistent identifiers (such as device identifiers and session cookies) necessary for authentication, security, and service operation. We do not use cookies or similar technologies in the child’s experience for advertising or cross-site tracking purposes.
School and district use
When a school creates accounts, the school may provide a student username and class/grade information. If a school uses a rostering or single sign-on integration, we may receive roster fields from that system as configured and controlled by the school in its sole discretion (which may include information such as student name, student ID, email address, grade level, and class assignment information). We also collect usage and progress information to provide the Services and show progress to authorized educators. We collect only such Student Data as the school chooses to provide through its selected configuration.
How we use children's information
We use children's Personal Information to operate, personalize, maintain, and provide the Services, including for analytics, service improvement, and other legitimate business purposes necessary for service delivery. Specifically, we use children’s Personal Information to: (a) create and manage child profiles within the parent/guardian account; (b) deliver age-appropriate educational content and personalize learning paths; (c) track and display learning progress, performance, and mastery to the parent or guardian; (d) provide AI-powered educational features such as adaptive content, feedback, and tutoring; (e) authenticate sessions and maintain account security; (f) perform internal analytics to understand usage patterns, troubleshoot issues, and improve the educational experience; and (g) comply with legal obligations, including COPPA. We do not use children’s Personal Information for third- party marketing or advertising purposes.
How we share children's information
We share children's Personal Information only with our service providers (subprocessors) that help us operate the Services, are contractually obligated to protect the information and use it only for the purposes we specify, and as otherwise described in this policy. These service providers include: cloud hosting and infrastructure providers (to store and deliver the Services); AI and machine learning service providers (to power educational features such as adaptive learning and tutoring); analytics providers (to help us understand usage patterns and improve the Services); customer support tools (to respond to parent and user inquiries); and security and monitoring providers (to protect against unauthorized access and fraud). Each of these categories of service providers uses children’s Personal Information solely to perform the Services we have engaged them to provide and is prohibited from using it for any other purpose. A current list of service providers that may process children’s Personal Information, including their names, is available at in the Section “3. How we share or transfer data to others - Subprocessor List”. We do not share children’s Personal Information with third parties for their own purposes, including for marketing or advertising.
Parental control and deletion
Parents can request access to, correction of, or deletion of a child’s Personal Information (for family/direct accounts) by contacting: privacy@neomindlearning.com. We may need to verify your identity and your relationship with the child before completing the request. We will make reasonable efforts to respond to verified requests in a timely manner. Parents also have the right to refuse to permit further collection or use of their child's Personal Information, subject to our operational requirements and applicable legal obligations. In accordance with COPPA, parents may consent to the collection and use of their child’s Personal Information without consenting to the disclosure of that information to third parties, unless such disclosure is integral to the Services (for example, disclosure to service providers necessary to operate the educational features). Where applicable, we will provide this option as part of our consent process.
If you believe we collected a child’s information without appropriate consent, contact us at privacy@neomindlearning.com so we can investigate and delete the information when appropriate. If the child uses the Services through a school-managed account, we may work with the school or district to address the request.
COPPA notice and consent process
Before collecting Personal Information from a child in a family/direct account where COPPA applies, we provide notice to the parent/guardian and obtain verifiable parental consent (for example, through a consent email and affirmative authorization, or other methods permitted by COPPA), unless an exception applies. Parents may withdraw by contacting us, in which case we will take steps to delete the child's Personal Information from the family/direct account, subject to applicable law and legitimate retention needs (for example, security and fraud prevention). If a parent or guardian creates an additional child profile within the same account, we will provide notice regarding the Personal Information to be collected from that child and obtain separate verifiable parental consent for the new child profile before collecting the child’s Personal Information. Where the parent’s identity has already been verified through a prior consent process, we may use a streamlined consent mechanism (such as confirmation through the verified parent account) for additional child profiles, provided that the required notice is given and an affirmative consent action is obtained for each child.
Operators collecting or maintaining children’s personal information
The following is the operator that collects and maintains children’s Personal Information through the Services: Neomind Learning, privacy@neomindlearning.com. In addition, the third-party service providers listed at “3. How we share or transfer data to others - Subprocessor List” may collect or maintain children’s Personal Information on our behalf in connection with the operation of the Services. That list identifies each such provider by name and includes contact information. For all inquiries from parents regarding the collection, use, or disclosure of children’s Personal Information by any operator or service provider listed above, parents may contact Neomind Learning at privacy@neomindlearning.com, and we will respond to all such inquiries.
8. School use
Our Services may be used by teachers, schools, and districts. We design school use to minimize collection and support best practices for child and student privacy laws, including COPPA and FERPA. When we provide the Services to a school or district, we act as a “school official” with a legitimate educational interest to the extent permitted by FERPA and as reflected in our agreement with the school or district.
Student information we collect in school use may include:
Student username (recommended to be a nickname), student identifier (if provided by the school), class/grade, teacher, and usage/progress information, collected for educational purposes and to provide the Services to the school or district.
Visibility in school use
Authorized educators can view students’ progress and activity for their classes.
School control
Schools are responsible for managing accounts they no longer need for educational purposes, including roster updates and deletion requests. Parents or eligible students requesting access, correction, or deletion of Student Data in a school-managed account may be directed to the school. We will delete or return Student Data upon the school’s instruction, subject to applicable law and any required retention for security, backup, or compliance purposes.
Agreements
If requested, we provide a Data Privacy Agreement (DPA) that limits use of Student Data to educational purposes and sets security, retention, confidentiality, and vendor/subprocessor obligations, including requirements applicable to cross-border processing where relevant.
FERPA and education records
When Neomind Learning acts as a "school official" under FERPA (20 U.S.C. 1232g) with respect to education records, we acknowledge that we are subject to FERPA's requirements regarding the use and redisclosure of such records. We will use education records solely for the purposes of providing the Services as directed by the educational agency or institution and will not redisclose such records without proper authorization or as permitted by FERPA. We will implement reasonable security measures to protect education records from unauthorized access or disclosure.
9. Artificial intelligence features
For the AI-powered features, we apply additional safeguards:
Purpose limitation
AI features are used to support learning and safety, not advertising.
No public model inference for student sessions
We do not send Student Data to public or open AI systems for live session inference, except where explicitly disclosed in writing to the educational institution, contractually permitted in the applicable Service Agreement, and conducted in compliance with all applicable privacy laws including FERPA, COPPA, and state student privacy regulations.
Training separation
Production Student Data does not automatically flow into model training datasets. Where training is used, we apply de-identification where feasible and maintain controls over access, use, and retention.
AI vendors and subprocessors
AI functionality may be provided using third-party service providers acting as subprocessors. A current list of AI subprocessors is available at “3. How we share or transfer data to others - Subprocessor List” and will be updated at least 30 days prior to engaging new AI subprocessors. These providers are subject to written contractual restrictions requiring them to: (a) use Student Data solely to provide the specified AI Services; (b) implement security measures at least as protective as those in this agreement; (c) comply with FERPA, COPPA, and applicable state student privacy laws; (d) not use Student Data for their own purposes, including model training; and (e) delete or return Student Data upon termination. Educational institutions may object to new AI subprocessors within 30 days of notice. AI subprocessors may process information in the United States or other jurisdictions where they operate, consistent with Section 10 and our agreements (including DPAs for school-managed accounts where applicable).
10. International visitors
Our Services are operated from the United States. If you use the Services from outside the United States, your information may be processed and stored in the United States and other countries where we or our service providers operate. These jurisdictions may have data protection laws that differ from the laws of your jurisdiction. We take steps designed to ensure appropriate protections for information transferred internationally, consistent with applicable law and our contractual obligations.
11. State privacy law notices
If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another state with a comprehensive privacy law, you may have the rights described in Section 5, subject to exceptions as determined by Neomind Learning in accordance with applicable law. California residents may have the right to opt out of the sale or sharing of Personal Information and certain uses of Sensitive Personal Information. As described above, we do not sell Personal Information or Student Data, and we do not share Personal Information for cross-context behavioral advertising. If we display contextual advertisements in adult-facing areas of the Services, those advertisements do not involve the sale or sharing of Personal Information as defined under the CCPA/CPRA. We do not use or disclose Sensitive Personal Information for purposes that require an opt-out under applicable law. Categories of Personal Information we collect and disclose depend on how you use the Services, and may include identifiers (such as name, email, username, and IP address); internet or other electronic network activity information (such as usage and device data); geolocation data at an approximate level inferred from IP address; audio and visual information (such as voice recordings from AI-powered tutoring sessions); inferences drawn from the above information (such as learning preferences and predicted performance); and education information as defined under California law (such as educational progress, performance, assessments, and special education status for school-managed accounts). We disclose these categories to service providers and subprocessors for the business purposes described in this policy (such as providing the Services, security, analytics, and customer support), and we contractually require such recipients to maintain the confidentiality and security of such information and use it only for the specified purposes.
12. Changes and updates to this privacy policy
We may update this privacy policy from time to time to reflect changes in our Services, our data practices, or legal requirements.
When we make changes, we will:
Post the updated policy on this page
Update the “last updated” date at the top
If we make a material change, we will provide additional notice as required. Depending on how you use the Services, this may include an in-product notice, an email to the account holder (such as a parent/guardian or an adult user), or notice through a school or district for school-managed accounts. For school-managed accounts, material changes that affect the processing of Student Data will require prior written consent from the educational institution before taking effect.
Your continued use of the Services after the effective date of an updated policy means you accept the updated policy, unless applicable law or an applicable school or district agreement requires a different approach. For school-managed accounts processing Student Data, we will provide reasonable advance notice of material changes to data processing practices, and schools may object in writing within thirty (30) days if such changes conflict with their legal obligations.
13. Questions, complaints, and escalation
If you have concerns about our privacy practices or wish to file a complaint, please contact us using the information in Section 14. We will investigate and respond to complaints in accordance with applicable law.
For school-managed accounts, if a complaint relates to Student Data processing or FERPA compliance, we will work directly with the educational institution to resolve the matter.
You may also have the right to lodge a complaint with a supervisory authority. For California residents, you may contact the California Attorney General or the California Privacy Protection Agency.
14. Contact us
Privacy questions or requests: privacy@neomindlearning.com. For privacy appeals, include “Privacy Appeal” in the subject line. To report suspected security issues, include “Security Incident” subject line.
