Athlon, Inc. Privacy Policy
Last updated: October 11, 2023
This Privacy Policy describes the ways in which Athlon, Inc. (“Athlon”), a Delaware corporation dedicated to making learning fun, collects, uses, and shares information about you when you use (or access) our websites at www.athlon.fun and www.letsrallee.com, our mobile applications , and online services (collectively, the “Platform”), and any other websites, applications, and online services that link to this policy, (collectively, with the Platform, the “Services”). By accessing or using the Services, you agree to the handling of your information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not access, download, register with, or use the Services.
Athlon is fully COPPA and FERPA compliant, and committed to protecting the privacy of students and educators while providing schools, teachers and children with world-class, curriculum-aligned, digital learning applications. Your privacy is important to us.
Users of the Services include children who use the gaming and educational portion of the Services in the classroom or on school-issued devices as part of their class activities (“Student Users”), teachers using our Services to educate Students and who also use the administrative and reporting portions of the Services (“Teacher Users”), and employees and contractors of Educational Institutions (as defined below) such as principals and administrators (collectively referred to as “School Users”).
Overview
Our Privacy Policy is fueled by our commitment to these Privacy Principles:
-
We’re deeply committed to creating a safe and secure online environment for you.
-
We do not sell your personal information to third parties.
-
We strive to provide you with access to and control over the information you give us, and we take the protection of your information very seriously.
-
We take extra precautions for our younger learners as described below, including restricting children’s Student Accounts (as defined below) to automatically block features that would allow a child to post or disclose personal information.
Athlon Website Visitors
Like many website operators, when someone visits our website at www.letsrallee.com or any other site which references this Privacy Policy, whether they use our Services or not, we collect information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. We also collect Internet Protocol (IP) addresses and mobile device ID. Our purpose in collecting such information is to understand better how visitors use our website.
Athlon Accounts and Users
How we collect, use, and disclose information depends on the type of account and the type of user. We currently have three types of accounts: 1) School Accounts; 2) Teacher Accounts; and 3) Student Accounts.
-
School Accounts (“School Accounts”, and together with Teacher Accounts, an “Account”) are only for use by schools, school districts, or other licensed educational institutions or programs (each, an “Educational Institution”);
-
Teacher Accounts are for use by educators from Educational Institutions with School Accounts (“Teacher Accounts”);
-
“Student Accounts” are for use by elementary, middle and high school students of any age, and therefore can only be created by a School User or Teacher User in conjunction with an Account.
When the primary account is a School Account, Teacher Accounts and Student Accounts will be populated in coordination with the Educational Institution responsible for the School Account and will be considered “Sub-Accounts” of the School Account. Teacher Users and Student Users will be given login information in accordance with the policy of their Educational Institution by using a school-provided, formula-based email address and Athlon-provided unique Athlon access code (“Access Code”).
We support third-party Single Sign-On platforms including Google Classroom and others to log into or share information with the Platform. Information collected by third-party integrations is subject to the third party’s own terms and privacy policy. For questions about which third-party Single Sign-On platforms we support, contact info@letsrallee.com.
Consent by School Districts and Teachers
Our Services currently are not offered directly to students or parents. School Users must first sign up for an Account, and then create or invite Teacher Users to create Teacher Accounts and Student Users to create Student Accounts. If we learn that a student of any age has created an account of any type without School User approval, that account will be deleted.
Children under 13 may only use the Services if we have obtained advance parent or guardian consent. When School Users create an Account and invite Student Users to create Student Accounts, they are acting on behalf of parents to give Athlon permission to collect the information described in this Privacy Policy, and we are acting as a Services provider to them and their Educational Institution.
If you are a School User or Teacher User accessing or using the Services on behalf of a child under 13, you represent and warrant that you and your Educational Institution are solely responsible for complying with COPPA, meaning that you must obtain advance written consent from all parents or guardians whose children under 13 will be accessing the Services. When obtaining consent, you must provide parents and guardians with our Privacy Policy. You must keep all consents on file and provide them to us if we request them. For more information on COPPA, please click here. If you believe that a student under 13 may have provided us personal information in violation of this paragraph, please contact us at info@letsrallee.com. In addition, by creating Student Accounts or providing Access Codes for Student Users to create Student Accounts and use the Services, you represent that you have the authority to provide all information including any information relating to other individuals for use by us in accordance with this Privacy Policy, and to consent to our collection of information from Student Users in accordance with this privacy policy, and you further consent to our collecting and using the Student User data described in this Privacy Policy.
Collection of Information
Information that Users Provide to Us:
We and our third-party service providers collect information that users provide when using the Services, including when creating an account or contacting us with a question, comment, or request, and when Student Users participate in learning activities on the Platform.
Our collection and use of data from any user is strictly limited to the minimum requirements needed for operation of the Services.
Users may provide information about themselves in the following situations:
-
When registering for an account: School Users and Teacher Users will be requested to provide their school-provided email address, name of class(es) or grade(s) they teach. School Users will also need to provide the email addresses of Teacher users who will be accessing the Services through their School Account. The School Account will also need to provide the email addresses of Student Users who will be accessing the Services through their active School Account. Student Users will be asked to provide their school-provided email address and password in order to access the Platform.
-
When purchasing the Service: When paying Athlon by credit card, School Users will be asked to provide payment card information. Payment card information is shared with our third-party provider for payment processing and we do not retain this information.
-
Voluntarily: School Users and Teacher Users may choose to provide additional information through a separate password protected section of the Services that allows them to administer their accounts and Sub-Accounts, including adding Teacher Users, Student Users, and reviewing Student User and Teacher User data.
Information Collected Automatically:
We and our third-party service providers automatically collect information from users of the Services during their use of the Services. For example, from School Users, we first anonymize the user by associating their email address log-in with a JWT 32-digit code generated each time the login takes place and then may collect information about patterns of usage, length of usage, review and game play. From Student Users, we first anonymize the user by associating their email address log-in with a JWT 32-digit code generated each time the login takes place and then may collect information including patterns of usage, activity commencement and completion, student performance on a game or other piece of content. We may record all of or any part of an activity performed, or a game played by a Student User.
The third party service providers we use include:
GOOGLE ANALYTICS (GOOGLE INC.)
Google Analytics is a web-based analysis service provided by Google Inc. (“Google”) that collects anonymized analytics data from the Application that measures and analyzes specifically how users engage with the Services but does not collect or track any personal information. We use Google Analytics is to improve the app experience for our users, and we anonymize each user to protect their privacy.
FIREBASE (GOOGLE INC.)
Firebase is a comprehensive mobile and web application development platform developed by Google that stores the Student Users' school-appointed email address, which must use a formula-based email format so that no person’s full name is included in the email log-in along with the Google ID numerical identifier. All other data stored, including but not limited to session time, session length, rewards collected on our Platform, type of session, etc. is associated with an anonymized unique identifier. A Student User’s email address log-in will be matched against an anonymous user ID and token identifier attached with a JWT 32-digit code generated each time the login takes place.
Your use of the Services is subject to your consent to the Privacy Policies of our third party service providers listed above, which can be found here and here . If you do not consent, then you should not use the Services.
How We Use The Information Collected
When you opt to use the Services, we and our third-party service providers may use the information collected from users for the purposes set forth below. Information collected about Student Users will not be used for marketing or advertising purposes. Information collected from School Users and Teacher Users may be used for:
-
Marketing and Advertising: To serve you, unless you are a Student User, with relevant online advertisements of our products and to send you marketing, professional development and training communications, or newsletters, from us that we believe may be of interest to you and to measure the effectiveness of our marketing to potential users of our Services. We will not knowingly send any such advertisements or communications to Student Users. If you believe a Student User may have received such a marketing communication, please contact at info@letsrallee.com, and we will stop such communications.
-
Providing the Services: To permit you to register and use the Services, process your payment, if any, provide you with customer service or tech support, respond to your inquiries, provide you with training and communicate with you about the Service including, for example, sending you communications about Student User progress or an Account.
-
Additional Services: To allow you to participate in surveys, research studies and other educationally relevant activities. Some of these have rules that could contain additional details about how we use and disclose your information and all such rules will be provided to you.
-
Improving the Services: To allow us to gain a better understanding of the use of our Services; to assess and improve the Services, their educational content, and other services we provide and to customize, adapt, and to personalize users’ viewing and playing experience. For example, by recommending certain Content and playlists of Content based on the characteristics and performance of a user and their learning needs; or by providing progress reports on a Student User’s performance in activities.
-
Compliance with Law and Agreements: As we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to detect violations of and enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates, including the security of the Services; (f) to protect our rights, privacy, safety, or property, or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
What Student User Information Can Other Users See?
For School Accounts, the School Users designated by the Educational Institution can access the information we collect about Student Users in their School Account that we make available through the web-based user interface in our Platform. This includes records of usage history, and other details about the activities performed by a Student User using the Services. School Users can delegate the right to view student information to Teacher Users in accordance with the policy of their Educational Institution. Each Teacher User within an Educational Institution can only view information relating to Student Users for which a School Users has delegated them the right to view. With a School Account, we will share information with third parties at the direction of the Educational Institution, and it is the Educational Institution’s responsibility to make such requests in a manner that is consistent with their internal policies and the law.
For Teacher Accounts, the Teacher User can access all information we collect about Student Users interacting with our Services who have Student Accounts. A Teacher User cannot see any information we collect related to a Student User’s interaction with our Services if that Student User’s Student Account is not listed by the School Account on that Teacher User’s class roster and set up as a Sub-Account of that Teacher User.
How We Share your Information
We do not disclose the personally identifiable information of any user to third parties for their research, marketing, or promotional purposes. We do not under any circumstance sell or rent data to third parties. To the extent information is transferred to a third party, it is solely for our use in conjunction with the third party to operate or evaluate the effectiveness of our Platform and Services, and it is subject to compliance with all applicable data privacy and protection laws.
Our Platform does not display personally identifiable information about any user publicly. You remain the owner of any personally identifiable information you provide to us. By using the Services, however, you agree that your personally identifiable information may be shared by us in any or all of the following circumstances.
Service Providers: We may share information with third parties who perform certain services for us, such as to process payment cards, perform analytics on usage of our Services, conduct or evaluate research (such as on the educational efficacy of the Services) or administer marketing campaigns (which will not target Student Users), provided that the service providers we use agree to keep the information confidential and use it only for purposes that are permitted by this Privacy Policy, and we only do this where such transfer or use does not violate any data privacy or protection laws. These third parties do not share your information with any other third parties. We currently use the following third party services: Google Analytics and Firebase on the Platform.
Compliance with law or agreements: We may share information as we believe to be necessary or appropriate: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities; (d) to detect violations of and enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates, including the security of the Platform and Services; (f) to protect our rights, privacy, safety, or property, or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Data Transfers: When transferring data to service providers, advisors, potential transactional partners, or in the event of a consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets in bankruptcy or otherwise, Athlon may transfer information to a third party provided that any such party agrees to adhere to the terms of this Privacy Policy and Athlon’s information security practices.
De-Identified Data: We may share, at our discretion, information that has been anonymized so that it does not identify a specific user through de-identification or aggregation (“De-Identified Data”) to third parties. We do, however, prohibit our third party providers from selling, licensing, distributing, or disclosing De-Identified Data.
Compiled Data: Finally, in order to provide or improve our services or the services of our third party providers and to better tailor our interactions with you, we or our third party services providers or their respective third party providers may combine the information about you that we share with them with contact and social media information related to you that they collect from publicly available sources (e.g. Internet, social networks, or public or licensed APIs); from third parties who license, sell, or otherwise provide data they have collected. For example, Stripe may acquire information about you from identification/verification services such as credit bureaus.
How to Access, Change, or Delete Account Information
School Users can review or change the information they provided when registering for the Services by accessing the appropriate dashboard within the Services, and may request that we provide for their review, or delete from our records, any personally identifiable information they have provided about themselves, or about Student Users associated with their Account, or to cease collecting personally identifiable information from those, as applicable, by contacting us as described in the Section titled “Contact Us” below.
Teacher Users, Parents and Student Users must request access to, changes and deletions of their Student User’s information or Student Account information by contacting the teacher or Educational Institution that established the Student Account.
Please keep in mind that a request to delete personally identifiable information may lead to the cancelation of an account. When we change or delete any personally identifiable information at your request, we will make good faith efforts to make the changes in our then active databases so that the personally identifiable information will no longer be used in our active databases as soon as reasonably practicable. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules.
Account Cancelation and Reactivation, Data Retention
Cancellation, re-activation, and deletion of a School Account and all of its Sub-Accounts are subject to the terms of the agreement between us and the Educational Institution.
Teacher Users, Parents of Student Users must request cancellation of their Student Account by contacting the teacher or Educational Institution that established the Student Account.
If you cancel a School Account or a Teacher Account, we will remove all personally identifiable information associated with the that account and all Sub-Accounts (collectively, “Account Information”) from our live databases within seventy-two (72) hours after the cancelation, which will result in the loss of all linked Student Accounts, and the activities and progress data for every linked Student User.
If a Teacher Account is not canceled, we will remove all Account Information from our active databases twenty-four (24) months after the last activity on the Teacher Account unless our agreement with your Educational Institution provides otherwise. This period is provided so that you have the ability, following inactivity, to reactivate your account and potentially recover historical information about your Student Users and their progress and performance. However, we provide no guarantee, and shall have no liability or obligation to ensure, that any such information will be available or accessible.
We will retain and use personally identifiable information about you for as long as necessary to provide the Services and to comply with our legal obligations, resolve disputes, and enforce our agreements, after which we will delete it.
Even if you request to close your account, keep in mind that deletion by third parties to whom the information had been provided may not be immediate, and the deleted information may persist in backup copies for a reasonable period of time (but will not be available to others).
Following an account cancelation, we may continue to use de-identified School User, Teacher User and Student User information for our internal support, research studies, administrative, and record keeping purposes in accordance with applicable data privacy and protection laws, including, but not limited to, marketing the Services and allowing us to improve the Services we provide through research, evaluation, and analytics.
Your Choices About Your Information
Email: You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make efforts to promptly process all unsubscribe requests. You may not opt out of Service-related communications (e.g., changes/updates to features of the Services, and technical and security notices). If you have any questions about Service-related communications or unsubscribing from our communications, you can contact us directly as set forth in the Section entitled “Contact Us” below.
Cookies and other Technologies: Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the website may not function properly if the ability to accept cookies is disabled. Turning off the browser’s cookies will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive. To find out how to see what cookies have been set and how to reject and delete the cookies, please visit: http://www.aboutcookies.org.
Analytics: You can control the information provided to Google and opt out of certain ads provided by Google by using the methods set forth at http://www.google.com/policies/privacy/partners/ or by using the Google Analytics opt-out browser add-on at http://tools.google.com/dlpage/gaoptout?hl=en.
Advertising: You can understand which third parties have currently enabled cookies for your browser or mobile device and how to opt out of some of those cookies by accessing http://www.networkadvertising.org/managing/opt_out.asp or http://www.aboutads.info/choices/ from your browser and from your mobile device. If you use multiple browsers or devices, you will need to opt out on each browser or device. Even if you opt out of targeted advertising you will continue to see advertising of a generic nature.
Children’s Privacy
The Children's Online Privacy Protection Act of 1998 and its rules (collectively, "COPPA") require us to inform parents and legal guardians ("Parents") about our practices for collecting, using, and disclosing personal information from children under the age of 13. It also requires us to obtain verifiable consent from a child's Parent for certain collection, use, and disclosure of the child's personal information.
This and the below sections of this policy notifies parents of:
-
The types of information we may collect from children.
-
How we use the information we collect.
-
Our practices for disclosing that information.
-
Our practices for notifying and obtaining Parents' consent when we collect personal information from children, including how a Parent may revoke consent.
-
All operators that collect or maintain information from children when they use our Services.
Our website is not directed at children under the age of 13. We do not knowingly collect or solicit any information directly from anyone under the age of 13 except as described below.
You must be 18 or older to purchase any of our Services.
If you are under the age of 18, you must not use our Services unless you have been given access by an Educational Institution or teacher who has obtained direct consent from your Parent or legal guardian.
We will only collect personally identifiable information from children under the age of 13 during their use of the Services when the legally required permissions are provided to us. If we learn that we have collected personally identifiable information from a child under age 13 that is not in the scope of such consent, we will delete that information as quickly as possible.
If you believe that we might have any information from or about a child under 13 outside the scope of consent explained above, please contact us as described in the Section entitled “Contact Us” below.
Information We Collect from Children
Children can access many parts of the Service and its content and use many of its features without providing us with personal information. However, some content and features are available only to registered users, and Athlon is required to collect certain information, including limited personal information, from them in order to set up each registered account, including Student Accounts for children.
We only collect as much information about a child as is reasonably necessary for the child to participate in an activity, and we do not condition their participation on the disclosure of more personal information than is reasonably necessary.
Information We Collect Directly
A child must provide their Educational Institution (which provides us) with the following information to register to use our Services: the child's school, class, unique Access Code created by Athlon, and the email address assigned by the child’s Educational Institution or teacher. We may also require the child to create a password. We may request additional information from your child, but this information is optional. We specify whether information is required or optional when we request it.
Automatic Information Collection and Tracking
We automatically collect information from our users, including children, when they access and navigate through the Services and use certain of its features. The information we collect through these technologies may include:
-
A formula-based email address assigned by the Educational Institution that is tied to one or more persistent anonymized identifiers that can be used to recognize a user over time (tracking); and
-
If an Educational Institution uses Google Classroom, we may also store the Google Classroom Class identifier and Google Profile identifier.
We also may combine non-personal information we collect through these technologies with personal information about you or your child that we collect online as described in this privacy policy.
How We Use Your Child’s Information
We use the personal information we collect from your child to:
-
register them to use the Services;
-
communicate with them about activities or features of the Services that may be of interest;
-
track fitness or other Services usage and performance metrics; and
-
provide reporting on their usage to their teachers and Educational Institutions.
We use the information we collect automatically through technology and other non-personal information we collect to improve our Services and to deliver a better and more personalized experience by enabling us to:
-
Use data to evaluate user behavior, including to understand the effectiveness of existing product features and plan new features;
-
Prevent fraud and implement security measures, minimized app crashes, improve scalability and/or perform customer support;
-
Estimate our audience size and usage patterns;
-
Store information about the child's preferences, allowing us to customize the content according to individual interests;
Our Practices for Disclosing Children’s Information
We do not share, sell, rent, or transfer children's personal information other than as described in this Privacy Policy.
We may disclose aggregated information about many of our users, and information that does not identify any individual or device. In addition, we may disclose children's personal information:
-
To third parties we use to support the internal operations of our Services and who are bound by contractual or other obligations to use the information only for such purposes and to keep the information confidential.
-
If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
-
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Athlon, our customers, or others, including to:
-
protect the safety of a child;
-
protect the safety and security of the Services; or
-
enable us to take precautions against liability.
-
-
To law enforcement agencies or for an investigation related to public safety.
As with adults, if Athlon is involved in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Athlon’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain in regard to children to the buyer or other successor.
Consent, Accessing and Correcting Your Child’s Information, and Revoking Consent
We obtain consent to collect, store and process your child’s information from the Educational Institution or teacher to which you give such consent directly.
At any time, you may review the child's personal information maintained by us, require us to work with your child’s Educational Institution to correct or delete the personal information, and/or refuse to permit your child’s Educational Institution or teacher and us from further collecting or using the child's information. You can do this by contacting your child’s Educational Institution or teacher.
Operators that Collect or Maintain Information About Children
The following are all operators that may collect or maintain personal information from children through the Services:
Google Classroom
1600 Amphitheatre Parkway, Mountain View, CA 94043
(650) 253-0000
Firebase (Google)
1600 Amphitheatre Parkway, Mountain View, CA 94043
(650) 253-0000
No other third-party operators may collect or maintain personal information from children through the Services.
If you have questions regarding this Privacy Policy or issues related to your child’s information or information of a child who is a Student User for which you are responsible, please contact us as described in the Section entitled “Contact Us” below.
Links and References to Other Services
Our Services do not include or provide links to external websites or applications. Our Services may, however, provide a reference to an external website or application. These websites and applications are governed by their own privacy policies or information collection practices, which may be substantially different from ours. We encourage you to review the privacy policies and information collection practices of those linked websites and apps, as those parties’ practices are not subject to this Privacy Policy.
Location of Information Processing
The Services are controlled and operated by us exclusively from the United States and are intended for us exclusively in the United States. We disclaim and have no liability for use of Services not in compliance with laws outside the United States. In addition, your information may be transferred to, stored, or processed in the United States, whose data protection, privacy, and other laws may not provide the same level of protection as those in your country of residence. For example, government entities in the United States and other countries may have certain rights to access your personally identifiable information. By using our website or the Service, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in the United States and to those third parties with whom we share it as described in this Privacy Policy.
Security
The security of your personal information is important to us, and we employ physical, technical, and administrative security measures to safeguard the information collected by the Services.
All data we collect is encrypted in transit and at rest, and all personally identifiable information collected by us is transferred using HTTPS and stored by us or a third party provider for us on a server in a secure environment. We provide access to such information only to our employees, our partners and any subcontractors who need the information to perform a specific service.
For processing your credit card information, we use a PCI DSS certified provider.
Please be aware, however, that no information system can be guaranteed to be one hundred percent (100%) secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Services over networks that we do not control, including the Internet and wireless networks. If you have reason to believe that your interaction with us is not secure, please contact us as described in the Section entitled “Contact Us” below.
The safety and security of your information also depends on you. Where we or your Educational Institution or teacher have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have a comprehensive Security Incident Response Plan in place. Upon the event of a breach, we will provide notice to any potentially affected party within the time required by law. A public copy of the plan will be provided upon written request (please contact us as described in the Section entitled “Contact Us” below).
Browser Do Not Track
Our website does not support Do Not Track at this time. Do Not Track (DNT) is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit www.donottrack.us.
Changes to Our Privacy Policy
If we update this Privacy Policy, we will notify you by posting the revised Privacy Policy on the Services, and for certain revisions that materially expand the ways in which we use or share the information previously collected from you through the Services, we will either display an alert next to the Privacy Policy, display an alert on the Services, or directly communicate with you in advance of the changes taking effect. Your continued use of the website or the Service after the changes have been made will constitute your acceptance of the changes. Please, therefore, make sure you read any such notice carefully. If you do not wish to continue using the website or Services under the new version of the Policy, please cease using the website and the Services.
Contact Us
Questions regarding this Privacy Policy and issues related to your information or information of a Student User for which you are responsible should be directed to us via any of the following methods:
Email Address: info@letsrallee.com