IMPORTANT: Kpass will NEVER use, distribute or share information provided to us without receiving explicit consent from our users. We have a commitment to not having any advertising on any of our Kpass products and will never sell your data to a broker
At Kpass we are trying to safely connect kids and parents to their favorite digital experiences online by creating a safe and COPPA compliant identity infrastructure. Essentially, its a single-sign-on identity for Kids and their Parents, and a simple oAuth2.0 implementation for Brands and Apps. By connecting the two pieces, we can simplify the process of getting VPC for brands and allow them to focus on creating great digital experiences online, while giving parents more clarity around where their kids are going online.
Basically, we want to give parents one place to manage all of their children’s permission slips for all of their favorite sites online. With any site that is Kpass compliant, your child can use their Kpass ID and password to easily login, and at the same time give you (the parent) the ability to see all of the permissions needed for that site, from information sharing, usage permissions and the ability to see any user generated Content that is created for the site. With Kpass you can manage all of these settings from one place that will enable parents to better understand where their kid’s information is online
Our information collection, use and disclosure practices are fully compliant with the Children’s Online Privacy Protection Act (“COPPA”). For further information on COPPA, please click here.
COPPA requires that we inform parents and legal guardians about how we collect, use, and disclose personal information from children under 13 years of age; and that we obtain the consent of parents and guardians in order for children under 13 years of age to use certain features of our Services. Below we explain how we do that for these children. (Also, when we use the term “parent” below, we mean to include legal guardians. It’s just easier to say the one word!)
A Note about the Children’s Online Privacy Protection Act. (COPPA): As of July, 2013, COPPA laws changed to widen the definition of children’s personal information to include persistent identifiers such as cookies that track a child’s activity online, as well as geolocation information, photos, videos, and audio recordings.
In addition, the COPPA law now requires that website collecting such information from children under 13 acquire Verifiable Parental Consent before doing so. The FTC has approved various different methods for collecting VPC, Kpass, has utilized two that are the most effective and efficient for you, the parent.
- The first method works in in conjunction with Veratad, a leading age and Identity Verification company, asks for a either the sum of the last two digits of the social security number or if that doesn’t work the last four digits of an adult guardian’s Social Security Number. Note that Kpass does NOT store this information anywhere in our records.
- The Second method is to use a valid credit card to make a small, one-time transaction for .99 (which will be refunded in 90 days) to verify your identity. We use the industry leader, Stripe for this process.
If you have any questions or concerns regarding these documents or any of our practices or policies, please contact us at Privacy@kpass.com.
Table of Contents
- Non-Personal Information We Automatically Collect About You
- Personal Information We Collect About You
- Your California Privacy Rights
- How We Use Personal Information
- Links to Other Sites
- Disclosure of Your Information
- Data Security and Integrity
- Transfer and Storage of Data
2. Non-Personal Information We Automatically Collect About You
A. Cookies. We do not use “cookies” to customize your experience. Our product is entirely reliant on the child and parent user logging in and authenticating with their site each time. However, please review our partner sites for their policy on cookies and tracking. Cookies are small computer files that are transferred to your computer’s hard drive that contain information such as your username, user preferences, the pages you’ve visited and the activities you’ve performed while using the Services. You may block cookies or delete cookies from your hard drive; however, by disabling cookies, you may lose access to some of the features of our partners.
B. Web Beacons. We do not use “web beacons” to collect anonymous information about your use of our Services and the websites of selected sponsors and advertisers, your use of emails, special promotions and/or newsletters we may send to you. Web beacons are tiny graphic image files embedded in a web page or email that provide a presence on the web page or email and send back to its home server information from the user’s browser. The information collected by web beacons allows us to statistically monitor how many people are using our Services, visiting selected sponsors’ and advertisers’ websites, opening our emails, and for what purposes. Our web beacons are not used to track your activity outside of our Services. We do not link Non-Personal Information from web beacons to Personal Information without your permission.
C. Traffic Data. Kpass will collect data about traffic and usage of products on any Kpass.com in order to consistently deliver the best experiences to you. We will never collect data from third party usage and share it without first alerting our parent users for explicit consent.
Eventually we would like to provide our parent and kid users with a better picture of their internet usage that is for their usage only (never shared with advertisers) which will help everyone better understand their privacy online
3. Personal Information We Collect About You
“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, phone number, visual or audiovisual files containing your image, audio files containing your voice, persistent identifiers that recognize users over time and across different websites or online services, IP address, or geolocation information. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
The Service collects Personal Information from you when you register and through other facets when our partners have requested additional information. We do not share this information with any third parties without our users explicit approval.
A. Registration. In order to access certain areas of the Site and use certain Services, we require you to register and provide us with certain Personal Information. Anyone under the age of 18 must obtain the permission of his/her parent or guardian before registering with the Services, required in our Terms of Service. For anyone younger than 13 (referred to herein as a “child”), A PARENT MUST GRANT PERMISSION FOR THE CHILD’S USE AND COMPLETE THE REGISTRATION PROCESS FOR THE CHILD. Before we allow the parent to grant permission, we must perform the VPC exercises as discussed earlier in this document.
When we receive a request to register for the Services, we will email the parent to provide our COPPA Notice to disclose what information we have already collected, that we intend to allow the child to have limited Services access that requires no further personal information and does not allow for any potential disclosure of personal information, and that we will retain the parent email address to administer the child’s account for this limited Services access including password recovery and future request for parent consent. A parent can opt out of this limited Services access.
Before making any further use of the Parent email and before collecting any information that would allow the Site to interact directly with your child, we will request a Parent’s affirmative consent.
Personal Information includes data, such as a parent’s first and last name, e-mail address, telephone number, a child’s first and last name, mailing address, email address or SMS address. These will only be collected once we have obtained Verifiable Consent by the parent. The child’s age and birth date, username and password, hobbies and interests, and user generated content may be combined with the registration data.
Before we allow parents to modify any personal information or grant permission for use of a site partner, we must either register them and receive VPC or have them login to their account.
Children may not use the Services before we receive and process this verifiable parental consent. If we determine that a user of our Services is younger than 13 and we have not received a Consent Form from this child’s parent, we will take steps to delete all or virtually all Posted Content (as defined in the Terms of Service) posted by the user and take reasonable technical measures to delete all or virtually all stored user information about this child from our records, in compliance with applicable laws. CHILDREN ARE NOT GIVEN FULL ACCOUNTS UNTIL THE PARENT HAS APPROVED
We do not require child members to disclose more information than is reasonably necessary to interact with the Services. We use the Personal Information that you provide to offer you with the specific Services you select, respond to your questions, send you emails about maintenance and updates and for internal marketing research purposes.
D. Email and Text Notifications. We may use your contact data to send you information about the Services and/or to contact you when necessary and in conjunction with your use of certain Services. In some cases, when you click on a link in an e-mail, your browser may be momentarily directed a Kpass site, acting on behalf of a partner. To login.
E. Updating Personal Information
Parents may update their and their child’s Personal Information at any time by logging into their account and clicking on the “My Account ” link.
F. Parental Review of Children’s Personal Information
Any parent of a child who is registered as a member of Kpass will have their kids personal information made available at their parents portal, however, they may contact Kpass at any time and request to review his /her child’s Personal Information, ask to have it deleted and/or refuse to allow any further collection or use of the information. Please email Privacy@Kpass.com with “Parental Review Request” in the subject line of the message
Kpass. will respond to all such requests, informing the parent of its compliance with his /her request, as soon as is commercially practicable , but typically within 3 business days.
4. Your California Privacy Rights
Under the California “Shine The Light” law, California residents may opt-out of our disclosure of Personal Information to third parties for their direct marketing purposes. If you have given us permission to share your Personal Information for third parties for marketing purposes, you may choose to opt-out of this sharing of your Personal Information with third parties for marketing purposes at any time by submitting a request to us. It is important to note that this opt-out does not prohibit disclosures made for non-marketing purposes. To make such a request, please email us at: email@example.com or calling or texting us at 646-535-2037
5. How We Use Personal Information
We use Personal Information to:
- facilitate and improve the Service;
- provide with parental consent; and
- communicate with you.
A. Internal and Service-Related Usage. We use information, including Personal Information, for internal and service-related purposes and may provide it to third parties. We may use and retain any data we collect to make and provide improvements.
B. Communications. We may send email to the email address you provide to us to verify your child’s account and parental consent thereto, and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also email you in response to activity on the Service, such as when someone comments on a post you made, follows you, or sends you a message.
C. Marketing. We will not use information, including Personal Information, to enable advertising and marketing, including to others both online and through other means; KPASS DOES NOT SHARE, SELL, RENT OR TRADE THE PERSONAL INFORMATION OF ITS USERS WITH ANY THIRD PARTIES FOR THEIR PROMOTIONAL PURPOSES without obtaining such users’ explicit consent (we wont do it anyway)
E. Displaying to Other Users. Kpass profiles are inherently NON-SOCIAL, and thus the only people that have access to the information are the child user and their parent account. We do not make user information public. However, if a user or parent approves one of our partner sites to have a public profile, that will be provided as a specific consent and will be governed by the terms of our partner sites.
F. Marketing. We do not rent, sell, or share your Personal Information with other people or nonaffiliated companies for their direct marketing purposes.
G. As Required By Law and Similar Disclosures. We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; or protect yours’, ours’ or others’ rights, property, or safety.
6. Links to Other Sites
7. Disclosure of Your Information
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on our Services.
If you agree to the collection and use of your child’s information; however, you object to our disclosure of your child’s information to third parties under any circumstances, you may notify us of your objection by emailing us at: Privacy@Kpass.com
We will honor all requests not to share a child’s information with any third parties; however, doing so, may limit your child’s ability to access certain areas of the Site and/or use certain of the Services.
8. Data Security and Integrity
The security and confidentiality of your information is extremely important to us, and we are committed to ensuring safety of all information wherever possible. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls and password protection systems to safeguard the confidentiality of your personal information. We will notify users of a data breach involving unencrypted personal information by email or by posting a notice on the affected website. We also strive to limit access to personal information to employees performing a legitimate business function. We review our security procedures periodically to consider appropriate new technology and updated methods. Despite our efforts, no security measure is ever perfect or impenetrable.
If you no longer wish to receive communications from Kpass, you may opt-out of receiving them by following the instructions included in each email, or by emailing us at: Privacy@Kpass.com or even texting or calling us at (646)535-2037.
10. Transfer and Storage of Data