Privacy Policy

Rally Reader, LLC, a Delaware limited liability company (“RR”, “we” or “us”) provides educational materials and related services, via a set of online learning platforms. The following privacy policy governs our privacy practices for each learning platform that links to this policy.

• 1. Our Commitment to Privacy We have created our learning platform to assist schools and Parents in providing personalized and rewarding online educational experiences to their Students. We believe that transparent and strong privacy practices foster these experiences, and we provide this privacy policy in that spirit.

• 2. Our Compliance With COPPA And FERPA Our learning platform is designed for schools, teachers and Parents working with Students. We recognize the sensitive nature of personal information concerning Students under age 13, and concerning Students generally, where the information is contained in a school’s educational records. This personal information is protected under either or both of the following federal statutes: the Children’s Online Privacy Protection Act (“COPPA”) and the Family Educational Rights and Privacy Act, including the Protection of Pupil Rights Amendment (“FERPA”). Our privacy practices comply with both COPPA and FERPA. For California residents only, this personal information is also subject to California Consumer Privacy Act (“CCPA”). Our privacy practices comply with the CCPA.

• 3. The Scope of Our Privacy Policy This privacy policy governs our privacy practices with respect to all personal information that our users submit, or that we collect in connection with our learning platform. This policy governs not only our practices with respect to Students’ personal information, but also with respect to the personal information of teachers, school administrators and Parents who use our learning platform.

• 4. Consent from Schools regarding Students’ Personal Information COPPA permits a school, acting in the role of "parent," to provide required consents regarding personal information of Students who are under the age of 13. Where a school is the subscriber to our learning platform, we rely on this form of COPPA consent. We provide the school with this privacy policy, to ensure that the school, in providing its COPPA consent, has full information and assurance that our practices comply with COPPA. FERPA permits a school to provide educational records (including those that contain Students’ personal information) to certain service providers without requiring the school to obtain specific parental consent. FERPA permits this where the service provider acts as a type of “school official” by performing services, for example, which would otherwise be performed by the school’s own employees. We fulfill FERPA requirements for qualifying as a school official by, among other steps, giving the school direct control with respect to the use and maintenance of the education records at issue (including associated personal information), and refraining from re-disclosing or using this personal information except for purposes of providing our learning platform to the school. We comply with FERPA by relying on this form of consent. For California residents only, per the CCPA, children under the age of 16 must provide consent, with a parent or guardian consenting for children under 13, before the sale of their personal information. We do not sell personal information of California Consumers under the age of 16 and will not sell this information unless we modify this Privacy Notice and take the additional steps required under the CCPA.

• 5. Consents from Other Users We also obtain consents regarding personal information of users other than Students (such as teachers, school administrators and Parents) to collect and use their personal information. To obtain these consents we (a) notify the users of our privacy practices by including links to this privacy policy within our learning platform, and (b) rely on their continued use of our learning platform to indicate their consent to this privacy policy.

• 6. The Types of User Information We Collect We limit our collection of personal information to no more than is reasonably necessary for the user at issue to participate in our learning platform. Specifically, we collect the following types of information: • School Administrator Information: we collect registration information from a school administrator when the school administrator activates the school’s subscription account, which may include the school administrator’s own first and last name, business address and phone number, date of birth, email address, and username; • Teacher Information: we collect registration information from a teacher or school administrator when the teacher (or school administrator) activates the teacher’s account, which may include the teacher’s first and last name, business address and phone number, date of birth, email address, and username; additionally, we may collect information that constitutes Performance Review Data; • Student Information: we collect registration information from a teacher or school administrator when the teacher (or school administrator) activates the account of an individual Student, which may include the Student’s first and last name, email address, username and other information which may include gender, race, and ethnicity; • Schoolwork Information: we collect information contained in Student homework, assignments, Student compositions and reports, tests, test results, grades, and other exchanges over our learning platform; • User-Generated Content: we collect information that Students and other users provide in connection with submitting user-generated content, and participating in collaborative features of our learning platform (where applicable). Examples of user-generated content that might contain personal information include stories, responses to teacher assignments (either in text, image, audio, or video format), drawings that allow text or free-hand entry of information, and other information provided in open-text and open-form fields; and • Usage Information: we collect usage, viewing, analytics, and technical data, including device identifiers and IP addresses, relating to users of our learning platform. If we discover that we have collected information in a manner inconsistent with the requirements of COPPA or FERPA, we will either (a) delete the information or (b) promptly seek requisite consents before taking further action concerning the information.

• 7. How We Collect Personal Information Our learning platform collects personal information in three ways. First, school administrators and teachers provide personal information during the registration process. Second, teachers and Students submit personal information during the normal operation of our learning platform. They submit this information, for example, when creating and responding to teaching assignments, and otherwise engaging in educational and other activities available on our learning platform. Finally, we collect usage information through technology, such as cookies, flash cookies, web beacons, and persistent identifiers. This collection of usage information takes place, for example, when a Student or other user visits our learning platform, and during the activities in which the user engages. Certain features (or all features) of our learning platform may be hosted on third party sites, and in those instances the collection activities described above are undertaken by this third party, under our direction and control and consistent with this privacy policy.

• 8. How We Use Personal Information We use personal information for the following purposes: • To provide users with the content and features available through our learning platform; • To communicate with school administrators and teachers about the applicable subscription account or transactions with us, and to send information about our learning platform's features and, where applicable, changes to these features; • To personalize our learning platform's content and experiences for Students, teachers, and other users of the platform; and • To detect, investigate and prevent activities that may violate our policies or be illegal. We do not as a rule allow third-party operators to collect personal information or usage information through persistent identifiers on our learning platform for any purposes other than the internal operations of our platform. Further, we do not use personal information collected through our platform for the purpose of targeted advertising. Finally, we de-identify usage information in accordance with COPPA and FERPA, and use this de-identified information to develop, evaluate, and provide improved educational products and services, as permitted under COPPA and FERPA. To the extent we collect information that constitutes Performance Review Data, we protect such information as personal information in accordance with this Privacy Policy.

• 9. We Do Not Share Personal Information Beyond Our Learning Platform Except In Specific, Limited Circumstances We use personal information for our internal purposes only, with the following limited exceptions. We do not sell personal information and have not sold any personal information in the last 12 months. First, we share information with our service providers if necessary for them to perform a business, professional, or technology support function for us. In instances where we engage service providers for these purposes, we require them to comply with this privacy policy. Second, we disclose personal information: • In response to the request of a law enforcement agency or other authorized public agency, including a request by a children’s services agency or by the school at issue; • To protect the security or integrity of our learning platform and associated applications and technology, as well as the technology of our service providers; • To enable us to take precautions against liability, enforce legal rights, and to detect, investigate and prevent activities that violate our policies or that are illegal; • If we are directed to do so by a subscribing school in connection with an investigation related to public safety, the safety of a Student, or the violation of a school policy; and • In other cases if we believe in good faith that disclosure is required by law.

• 10. How We Protect Personal Information We have implemented and maintain technical, administrative and physical security controls that are designed to protect the security, confidentiality and integrity of personal information collected through our learning platform from unauthorized access, disclosure, use or modification. Our information security controls comply with reasonable and accepted industry practice, as well as requirements under COPPA and FERPA. We diligently follow these information security controls and periodically review and test our information security controls to keep them current.

• 10.1 Information Security Procedures. We will: • Standard of Care. Keep and maintain all personal information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, modification, or disclosure; • Use for School Purposes Only. Collect, use, and disclose personal information solely and exclusively for the purposes for which you provided the personal information, or access to it to us, and not use, sell, rent, transfer, distribute, modify, data mine, or otherwise disclose or make available personal information for our own purposes or for the benefit of anyone other than the school, without the school’s or Parent’s prior written consent; • Non-Disclosure. Not, directly or indirectly, disclose personal information to any person other than our employees and service providers who have a need to know, without express written consent from the school; • No Commingling. Segregate (via logical, database, or physical segregation) personal information from our other information or our other customers so that a school’s users’ personal information is not commingled with any other types of information not related to the school; • Employee Training. Provide appropriate privacy and information security training to our employees. • Transport Security. Use Transport Layer Security (TLS) for the transmission of all user data to and from our learning platform; and • Secure Storage. Use industry standard file encryption for user data that is subject to protection under either COPPA, FERPA, or both. Where file encryption is not reasonably feasible, we employ other industry standard safeguards, protections, and countermeasures to protect such data, including authentication and access controls within media, applications, operating systems and equipment.

• 10.2 Data Location and Security. We use cloud service providers in the delivery and operation of our learning platform(s), and data (including personal information) is stored on the servers of our cloud service providers. Our contracts with our cloud service providers requires them to implement reasonable and appropriate measures designed to secure content against accidental or unlawful loss, access, or disclosure. Our cloud service providers have at least the following security measures in place for their networks and systems: (i) secure HTTP access (HTTPS) points for customer access, (ii) built-in firewalls, (iii) tested incident response program, (iv) resilient infrastructure and computing environments, (v) ITIL based patch management system, (vi) high physical security based on SSAE-16 standards, and (vii) documented change control processes. To the extent we store personal information internally on our servers, we comply with the information security controls set out in Section 10.1.

• 10.3 Data Breach Response. In the event of a security breach involving Personal Information, we will take prompt steps to mitigate the breach, evaluate and respond to the intrusion, and cooperate and assist schools and other subscribers in efforts with respect to (i) responding to the breach, including the provision of notices to data subjects; and (ii) engaging mutually agreeable auditors or examiners in connection with the security breach, subject to reasonable notice, access and confidentiality limitations.

• 11. Access and Control of Personal Information School administrators and (where applicable) teachers hold access to personal information of the Students for whom they are responsible, and they are able to update this information in the manner permitted by our learning platform. School administrators and teachers are similarly able to access and update their own personal information. Parents can obtain access to information concerning their child that is available on our learning platform. To do so, the Parent should follow the school's procedures for access under FERPA. We cooperate with and facilitate the school’s response to these access requests. Where the school's procedures do not apply to the Parent's access request (and the request is otherwise proper), we will ourselves fulfill the request if and as required by law. After fulfilling an access request, we will update and (where necessary) correct the personal information at issue, as requested by the school or individual entitled to such access. We limit access to personal information to only those employees (i) who have a need to know such information, and (ii) who use the information only for the educational purposes of operating our learning platform and delivering our services.

• 12. Our Retention and Deletion of Personal Information We retain personal information of users of our learning platform (i) for so long as reasonably necessary (ii) to permit the user to participate in the platform, (iii) to ensure the security of our users and our services, or (iv) as required by law or contractual commitment. After this period has expired, we will delete the personal information from our systems. Please understand that these deletion periods apply to personal information and do not apply to de-identified information. We retain de-identified information in accordance with our standard practices for similar information, and do not retain or delete such information in accordance with this policy. In addition, if requested by a school, we will delete from our platform the personal information of the school’s users, including its teachers and Students, as the school directs. Deleting this information will prevent the school user from engaging in some or all features of our learning platform. Where required by local law, we will delete such information and provide a certification of such deletion.

• 13. Your Rights Under California Privacy Law / Only For California Residents This section is adopted to comply with the California Consumer Privacy Act of 2018 (CCPA) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this section.

• 13.1 Right to Request Access You have the right to request that we disclose certain information to you about our collection and use of your personal Information over the past 12 months immediately preceding the Effective Date of this Privacy Policy: • The categories of personal information we have collected about you. • The categories of sources for the personal information we have collected about you. • Our business or commercial purpose for collecting or selling your personal information. • The categories of third parties with whom we share your personal information. • The specific pieces of personal information we have collected about you (also referred to as data portability). • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: o sales, identifying the personal information categories that each category of recipient purchased; and o disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

• 13.2 Right to Not To be Discriminated Should you exercise any of your privacy rights as a California consumer, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request. However, in some circumstances, for example where you have requested or consented to our services that use your personal information to provide the service, we may not be able to provide a service if you choose to delete your Personal Information.

• 13.3 ​ Right to Request Deletion Should you exercise any of your privacy rights as a California consumer, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of services, based solely upon your request. However, in some circumstances, for example where you have requested or consented to our services that use your personal information to provide the service, we may not be able to provide a service if you choose to delete your personal information.

• 13.4 Information We Collect In the past twelve (12) months, we collected the following categories of personal information regarding California residents: a) Identifiers (names, physical addresses, email addresses, phone numbers, online identification numbers, and online account names) b) Demographic information (age, race, gender, marital status, national origin/ancestry) c) Posts and profiles on social media platforms d) Professional or employment related information e) Inferences drawn from other personal information f) Video recordings

• 13. 5 ​Sources of Information We obtain the categories of personal information listed under Section 13.4(a)-(f)) hereto from the following categories of sources: a) Directly from you. For example, from user generated content on our platform, from you when you open an account with us. b) Indirectly from you. For example, when you open an email from us or submit an online form.
c) Directly and indirectly from activity on our website. For example, your usage details on our website and platform collected automatically. d) From third parties such as data partners. For example, we may receive demographic data, from data partners. e) From publicly available government records f) From information made freely available by individuals via a variety of online platforms

• 13.6​ Use of Personal Information In the twelve (12) months immediately preceding the Effective Date of this Privacy Policy, we have disclosed the categories of personal information listed under Section 13.4(a)-(f) hereto for the following business purposes: a) To fulfill or meet the reason for which the information is provided.
b) To provide you with information, products or services that you request from us. c) To provide you with email alerts, updates, newsletters, and other notices concerning our products or services, or news, that may be of interest to you. d) To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections. e) To improve our website, learning platform and present its contents to you. f) For testing, research, analysis and product development. g) For targeted marketing and political consulting services we provide to our customers h) As necessary or appropriate to protect the rights, property or safety of us, our customers or others. i) To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations. j) To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred. The above-listed categories of personal information under Section 13.4(a)-(f) hereto were disclosed to our third-party service providers in the last 12 months preceding the effective date of this privacy policy. We do not sell your Personal information. In the preceding twelve (12) months immediately preceding the Effective Date of this Privacy Policy, we have not sold any personal information. Our targeted commercial marketing and political consulting services do not require any disclosure of Personal Information.

• 14. Additional Rights Under California’s Shine the Light Law/ Only for California Residents California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us from the details under the Contact Us section in this Privacy Policy.

• 15. Definitions “De-identified information” means information that meets each of the following criteria: the information (i) does not identify a particular natural person; (ii) does not identify, by network Internet Protocol address, raw hardware serial number, or raw MAC address, a particular device or computer associated with or used by a person; (iii) does not identify the school at issue by name or address; and (iv) is not reasonably linkable to a particular natural person or school because of technical, legal, or other controls. “Learning platform” means any RR learning platform that links to this privacy policy. “Parent” means a parent or legal guardian of a Student. “Performance Review Data” means professional performance review data of teachers related to the teacher's effectiveness in the classroom and other measurements based upon factors including, but not limited to, Student achievement or growth on state assessments or examinations, classroom observations by peers, classroom observations by trained evaluators, evaluation of lesson plans and other indicia of teacher practices. “Personal Information” means information that identifies a natural person, as specified in the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, including the Protection of Pupil Rights Amendment (“FERPA”) and the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506 (“COPPA”), the California Student Online Personal Information Protection Act, Ch. 22.2, §§ 22584 et seq. of the California Business and Professions Code, and Section 49073.1 of the California Education Code. “Student” means an individual receiving educational instruction via our learning platform. For avoidance of doubt, the term “Student” includes individuals within the K–12 age group, and individuals who are children under the age of 13. “Usage Information” means information that does not directly identify a particular person, but that may be linkable to a particular computer or device (via a unique device ID or otherwise). “We” or “us” or “our” refers to RR.

• 16. Contact Us You may contact us with questions or concerns with respect to this Privacy Policy as well as to exercise your rights at the following addresses: Email address: Mailing address: 102 Catalpa Drive, Atherton CA 94027 • 17 Do Not Track Our learning platform does not change its behavior when receiving the “Do Not Track” signal from browser software. • 18. Effective Date The effective date of this Privacy Policy is March 6, 202


Download the Rally Reader App and start reading today!

Get Rally’s 5 Steps to Support Your Young Reader

Thank you
You've already subscribed to the Rally blog