AGENTS OF INFLUENCE DATA SECURITY AND PRIVACY POLICY

Dear Agent,

Alterea Inc. (“Alterea”) is committed to the privacy and protection of your information. This Privacy Policy (“Policy”) covers users of the Agents of Influence game, and addresses the practices we use to safeguard the information you provide to the Agents of Influence game, whether playing online through our website or on an installed application (collectively, “The Game”). Please read this Policy carefully as we wish to help you better understand our practices and feel safe in using Agents of Influence. When you access The Game, you consent to the collection, use and disclosure of your information in accordance with this Policy.

In short, The Game:

  • Uses encryption for user logins.
  • Collects minimal personal information from teacher and administrator users (typically name, school/district, and work email address).
  • Allows students to play without providing their own personal contact details. Student accounts use nicknames/ usernames and school/class information, and we do not collect student contact, financial, or government ID information (such as personal email address, phone number, home address, payment card details, or Social Security number). 
  • Schools or districts may choose to enable student sign-in using school-issued email addresses or single sign-on credentials under their direction. This is not required for students to access the core gameplay, and we do not use student email addresses for advertising or direct marketing to students.
  • Collects only the limited identifiers and technical/usage data needed for student users (e.g., nickname/username, school/class, gameplay activity, device/browser information, and IP address) to operate, secure, and improve The Game (collectively, “Gameplay Data”).
  • Does not offer “in-app” purchases or sell anything directly to students.
  • Deletes or de-identifies student accounts and associated personal information on at least an annual basis, or sooner at the direction of the school or district.
  • Teacher and Admin accounts are deleted at the end of each school year unless the account owner renews their account for the following year. Account data may be retained in backup form for up to six months after deletion to allow restoration if an account is renewed, and can be deleted sooner upon request.
  • Does not sell the information of any user or allow third parties to use Gameplay Data for their own advertising or commercial purposes.
  • Complies with COPPA and other applicable student data privacy laws, as described in this Privacy Policy.

The rest of the Policy covers the following information in further detail:

  • What Student information we collect and how that information is used
  • What information we collect from Teachers/Educators and Admin users and how that information is used
  • What non-personal information is collected from all users and how Alterea uses cookies
  • Compliance with COPPA
  • State-specific compliance
  • Third-party vendors and links to other websites
  • Data Security
  • Right to update
  • Contact

What student information we collect and how that information is used

Students, or those playing The Game in middle- or high-school classrooms (collectively, “Students”), access The Game through school-managed accounts (“School Accounts”), which may be associated with one or more specific classrooms (“Classroom Accounts”). Student Accounts are created by teachers or administrators on behalf of Students.

Depending on the choices made by the school or district, Students may log in using either:

  • a school-provided single sign-on or school-issued email–based login, or
  • a unique username and password that does not need to include an email address.

For privacy, student usernames should not be the Student’s full legal name and may be randomized or pseudonymous. In many implementations, Students join a class using a join code provided to the teacher by Alterea, and the teacher assigns or records a nickname so they can easily tell which account belongs to which student.

As part of The Game, students may occasionally be invited to respond to discussion prompts and/or short surveys designed to improve the quality and educational impact of the game. These activities are optional. We design these prompts so that students are not asked to provide personal contact information or other personally identifiable information (PII) in their responses. Students are not required to include any PII and should be instructed by their teachers not to include PII in any open-ended answers.

Student information is used to:

  • create and manage Student Accounts and classroom rosters;
  • save and restore game progress and personalize the gameplay experience;
  • provide teachers and schools with classroom- and student-level reports on usage and progress; and
  • analyze aggregate, de-identified gameplay and survey data to improve The Game and its learning outcomes.

We do not use student information for advertising or marketing to Students. For a more comprehensive description of the specific data elements collected from Student Accounts, please see the Data Collection section above.

Data Collection 

We collect and use information from minors only as needed to operate Agents of Influence, support educators and institutions, and improve our products. We do not knowingly collect personal contact information (such as a child’s email address or phone number) from accounts created for minors without appropriate school or parental authorization, or authorization from a school or district acting as the parent’s agent for educational use. We may collect limited technical and usage information (such as IP address, device and browser type, and in-game activity) for internal operations, security, and service improvement, as described in this Privacy Policy. We do not sell children’s personal information and we do not allow our third-party service providers to use children’s information for advertising or marketing purposes.

Student and school data remain the property of the originating school, district, or educational institution (or the student/parent, as applicable). By using Agents of Influence, these institutions grant Alterea, Inc. a limited license to host, process, and use this data solely to provide, maintain, and improve the service, in accordance with this Privacy Policy and our agreements with the institution.

Alterea, Inc. maintains ownership and control of the de-identified, aggregate, and system-level data it generates in operating Agents of Influence and our related platforms, which it may use to analyze and improve its products and services.

How we collect information

We collect information in the following ways:

  • Provided by schools, teachers, administrators, parents, or individual users.
  •   Student, Teacher, Administrator, Individual, and Guest account details (such as names, nicknames, email addresses, and associated organizations) are provided either by educators/administrators during registration, by parents or guardians (for minors with individual accounts), or directly by adult users when they sign up or update their profiles.  
  •  In some cases, schools or districts may provide roster information or class lists so that we can create student accounts on their behalf.

Generated automatically as you use The Game.

  •  Gameplay data (such as choices, scores, missions completed, time spent, and settings) is recorded automatically by our game servers and services as players interact with The Game.  
  •  System and diagnostic information (such as device type, browser, crash reports, and performance data) is collected automatically by our game and error-reporting tools to help us secure, maintain, and improve the service.

Collected through authentication and analytics tools.

  •  If you choose to use Google Sign-In or another single sign-on provider, we receive basic account information (such as your name, email address, and a unique ID) from that provider to create or link your account.  
  •  On our website and, where applicable, in our online dashboards, we use cookies and similar technologies set by our service providers (such as Google Analytics) to collect information about how the site is used, as described in “Third-Party Service Providers” below.

Users (including students, parents, teachers, and administrators) retain the rights provided to them under applicable privacy laws — including the right to request access to, correction of, or deletion of their personal information. Alterea complies with all applicable privacy laws, including COPPA, FERPA (where applicable), and state student data privacy regulations, and uses collected information only to support educational gameplay and product improvement.

Information we collect by account type

Student Accounts

Student accounts are typically created by educators or administrators on behalf of students, or by parents/guardians where permitted by the school or district. 

For Student Accounts, we may collect:

  • Account identifiers such as nickname and username.  
  • Associated organization information (school, district, or other educational program).  
  • An email address or parent email address, only where permitted by the school/district and applicable law.  
  • Gameplay data, including choices in branching narratives, game scores, missions completed, time spent in different missions, settings, avatar customization, and in-game store purchases.  
  • De-personalized, higher-level usage data such as how many students play each game or how far they progress.  
  • Technical and diagnostic data related to errors and performance (for example, device type, browser, and crash reports).
  • Students can play using nicknames and class codes without providing a name or email address. Any collection of student email addresses is enabled and authorized by the school or district.

Teacher and Administrator Accounts

Teacher and Administrator accounts are created directly by those users or by their institution, using either an email-and-password login or a supported single sign-on provider.

For Teacher and Administrator Accounts, we may collect:

  • Contact information such as name, email address, and associated organization (school, district, or other educational program).  
  • Role and context information such as grades and subjects taught, approximate number of students served, and school location (city, state, country).  
  • Account credentials (such as a password or credentials from a single sign-on provider).  
  • Product usage information, such as which dashboards or reports are accessed and how often.  
  • Optional communication preferences and engagement data if you opt in to receive information about research opportunities, product updates, engagement opportunities, or discounts.

Teacher Accounts may be used by school teachers or librarians, as well as educators/student leaders administering the game in other relevant use cases including after school programs and summer camps (collectively, “Teacher Accounts”). Like Student Accounts, Teacher Accounts will use encrypted third-party sign-on through Google or another email address. Additionally, Alterea collects minimal PII from Teacher Accounts, including teacher first and last name, email address, subject(s) and grade(s) taught, school, and class size(s). This data is required for providing licenses of The Game to educators in schools, and allows Teacher Accounts to administer The Game to Student Accounts, preserving Student Account anonymity. This PII is encrypted when used, and is not given or sold to any third parties for commercial purposes.

Admin accounts (“Admin Accounts”) can be used to monitor and organize all Teacher Accounts (and therefore all Student Accounts) at a school or similar institution using The Game, and are subject to similar disclosure of minimal PII: first and last name, email address, and role at school or institution.

Individual and Guest Accounts

Individual and Guest Accounts are created directly by the user (or, for minors, by a parent or guardian where permitted).

For Individual and Guest Accounts, we may collect:

  • Contact information such as name, email address, and general location (city, state, country). For accounts for minors, this may include the child’s name and a parent or guardian’s name and email address; we use the parent/guardian email as the primary contact.
  • Account credentials (such as a password or sign-in via a third-party authentication service).
  • Gameplay and usage data similar to that described for Student Accounts.
  • Optional communication preferences and engagement data if you opt in to receive information about research opportunities, product updates, engagement opportunities, or discounts. We do not collect marketing contact information from minors; for accounts for minors, any such communications are directed to the parent or guardian, where permitted by law.

System, Diagnostic, and Web Data

When you use our services, we also collect technical and diagnostic data to maintain security and improve performance, such as:

  • Device type and operating system  
  • Browser type and version  
  • IP address and general region (city/region)  
  • Error and crash reports, including “breadcrumbs” leading up to an issue  
  • Website usage information (pages visited, clicks, scrolls, and time spent)

What non-personal information is collected from all users and how Alterea uses cookies

What are cookies?

Cookies are bits of text that are placed on your computer’s hard drive when you visit certain websites. We use third-party cookies set by our service provider, Google Analytics, to collect information about how you use The Game, including how long you spend on each page and how you got to The Game. We do not use data collected by cookies to identify who you are.

What non-personal information does Alterea collect?

The Game collects minimal Gameplay Data for each player account. This includes responses to dialogue prompts, time spent playing, performance in mini-games, in-game achievements and items unlocked, and responses to optional surveys seeking to improve the quality of the game. This serves multiple functions:

  • Allows for specific and immediate feedback to the player based on decisions they make and performance
  • Allows teachers/educators administering the game to students to track the progress and performance of students
  • Allows for non-linear (starting in the middle of a module), multi-use (preserving progress over multiple play sessions), and multi-context gameplay (playing on the same account in different classrooms)

Alterea uses cookies in a limited capacity (cookies “expire” at the end of your user session). Stored player information is annually purged by Alterea.

Some of this information is collected or processed through trusted third-party service providers, as described in “Third-Party Service Providers” below.

In general, we make explicitly clear how your data will be used, and give you the option to accept or reject that. Purposes of data use include sending you emails if you signed up for our mail list, establishing a line of communication for support with or feedback on The Game, sending you important information regarding function of The Game or changes/updates to our Data Security and Policy, to comply with legal processes, to enforce our terms of use, to protect our rights, privacy, safety, or property and that of others, and to pursue available remedies or limit damages we may sustain, or for business purposes of improving this product and/or future products.

Links and Supplemental Content

Alterea may collaborate with third-party organizations to offer supplemental educational content that supports the learning objectives of The Game. These resources may be hosted on websites we do not control. While we do our best to vet partners, Alterea is not responsible for the privacy practices or content of third-party websites.

If you choose to visit a third-party website, any information you provide is governed by that site’s own privacy policy, and we encourage you to review it carefully before sharing personal information.

Compliance with Major Laws

COPPA

Alterea complies with the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that website and online service operators not knowingly collect personal information from children under the age of 13 without verifiable parental consent or authorization from a school or district acting as the parent’s agent for educational use.

The Game may be used by children under the age of 13. Students are not required to provide personal contact information such as their name or email address in order to access the core gameplay; they typically play using non-identifying nicknames, class codes, or similar credentials provided by their school or educational program.

We may collect limited technical and usage information, such as IP address, device and browser type, in-game activity, and cookies or similar technologies, for the purposes of operating, securing, and improving The Game and related educational services, as described in this Policy. These uses are consistent with COPPA’s allowance for the use of persistent identifiers for internal operations.

Where an email address or other contact information is used in connection with a child’s use of The Game, it is generally either:

  • a parent or guardian email address provided when a parent creates or manages an account for their child; or
  • a school- or district-issued account (such as a school email address or single sign-on credential) provided and managed under the direction of the school or district for educational purposes.

In all such cases, Alterea relies on the school or district, or the parent or guardian, to obtain any consent required by COPPA and applicable law. Additionally, we instruct schools, districts, and educators not to ask students to submit personal contact information in response to any open-ended prompts within The Game and to direct students not to include personal information in such responses.

FERPA

When Agents of Influence is provided to a U.S. school, district, or other educational institution (collectively, “schools”), Alterea Inc. (“Alterea”) generally receives, uses, and maintains student information only as a “school official” with a legitimate educational interest under the Family Educational Rights and Privacy Act (“FERPA”) and any applicable state student privacy laws. This means that schools remain responsible for and in control of “education records” and related student information, and authorize Alterea to use student data solely to provide and support the educational services the school has requested, to maintain and secure our systems, to comply with law, and for no other independent commercial purpose.

For school-managed student accounts, the school determines what information is shared with us and remains the primary point of contact for parents and eligible students exercising their rights of access, review, correction, and deletion under FERPA. When a school asks us to help it meet these obligations, we support the school by making student information available to it, implementing corrections the school directs us to make, and deleting or de-identifying student information when instructed by the school or when our agreement with the school ends, subject to limited backup and legal retention requirements. If a parent, guardian, or eligible student contacts Alterea directly about a school-managed account, we may refer the request to the relevant school and will act on the school’s instructions.

Alterea does not sell student education records or use them to deliver targeted advertising. We do not redisclose student information except (i) to service providers acting on our behalf under written agreements that require them to protect the information and use it only on our instructions, or (ii) as required by law, such as in response to a valid court order or subpoena, and where permitted we will seek to provide notice to the affected school. We may use and share de-identified or aggregate information that does not reasonably identify an individual student for research, analytics, and to improve our products and services.

State-specific compliance

California Consumer Privacy Act (“the CCPA”)

In compliance with the CCPA, Alterea complies with your right to ask us to disclose which, if any, PII we have about you, what we do with it, and to delete it and not sell it. This Policy serves as notification of which types of PII we collect and what we do with it.

New York EdLaw 2-D (“Ed 2D”)

In compliance with Ed 2D, Alterea provides this Policy, and uses third-party encryption technology (Google) to protect personally-identifiable login information.

Additional Information for Users in the United Kingdom and European Economic Area

For users located in the United Kingdom (“UK”) and, where applicable, the European Economic Area (“EEA”), Alterea Inc. (“Alterea”) processes personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”) and, where applicable, the EU General Data Protection Regulation (“EU GDPR”). For Student Accounts created and used under a school, district, or other educational institution, that institution generally acts as the “controller” of student personal data, and Alterea acts as its “processor,” using student information only on the institution’s documented instructions and solely to provide, maintain, and improve The Game and related educational services. For Individual and Guest Accounts created directly with Alterea, and for visitors to our websites and recipients of our direct communications, Alterea typically acts as an independent “controller” of the personal data it processes.

Where Alterea acts as a controller, we process your personal data only where we have a valid legal basis under the UK GDPR or EU GDPR. Depending on your relationship with us, this may include: (i) performance of a contract (for example, to create and manage your account and provide access to The Game); (ii) our legitimate interests (for example, to secure our systems, prevent fraud or misuse, understand how our services are used, and communicate with educators and institutional contacts about service updates in a way that does not unfairly impact your rights); (iii) compliance with legal obligations (such as maintaining certain business or tax records); and, where required, (iv) your consent (for example, for certain optional communications or analytics). You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Alterea is based in the United States, and we and our service providers may process personal data in the U.S. and other countries that may not provide the same level of data protection as your home jurisdiction. Where required by law, we take steps to ensure that appropriate safeguards are in place for such transfers, such as entering into standard contractual clauses or other data transfer mechanisms approved under the UK GDPR or EU GDPR, combined with technical and organizational measures designed to protect your information. Further details about these safeguards are available from us upon request.

In addition to the rights described elsewhere in this Policy, individuals in the UK and EEA may have the right, subject to certain conditions and exemptions, to request access to their personal data, to request correction of inaccurate or incomplete data, to request deletion, to request restriction of processing, to object to certain processing (including processing based on our legitimate interests or for direct marketing), and to request portability of their personal data in a structured, commonly used, and machine-readable format. For student data processed under a school, district, or other educational institution, you should first contact your school or institution to exercise these rights; we will support the institution in responding to your request. For Individual and Guest Accounts and for personal data we process as an independent controller (such as website visitors or educator contacts), you may contact us directly at thealterea@gmail.com to exercise your rights. We will respond to such requests in accordance with applicable law and generally within one month. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local data protection authority if you believe your rights have been infringed, though we encourage you to contact us first so we can address your concerns. 

Third-party vendors 

Alterea uses a small number of third-party service providers to operate The Game, including hosting and data storage, authentication, payments, communications, analytics, game and website development, and impact research. These companies act as our processors and only use information to perform services on our behalf.

Our relationships with these providers are governed by written service agreements and data processing terms (including each provider’s standard online data processing/addendum terms). For example, our use of:

  • Google services (including Firebase, Google Analytics, and Google Sign-In) is governed by Google’s cloud and analytics data processing terms,
  • Stripe is governed by Stripe’s data protection / data processing terms, and
  • Bluehost is governed by its hosting and data processing/addendum terms.

Under these agreements, our service providers are contractually obligated to:

  • Maintain the confidentiality and security of personal data;
  • Process personal data only on Alterea’s documented instructions and only for the purposes described in this Privacy Policy and, where applicable, in our agreement with your school or organization;
  • Not retain, use, or disclose personal data for any purpose other than providing the contracted services; and
  • Delete or return personal data when our relationship with them ends, or when we request deletion, consistent with applicable law and the provider’s obligations.

These contractual obligations are designed to ensure that our service providers comply with the same privacy and security commitments that Alterea has made in its agreements with schools, districts, and other customers. We do not authorize service providers to act in a manner that is inconsistent with those agreements.

The third-party services we currently use as processors include:

  • Firebase: hosting and data storage for game services and accounts. Firebase receives the following information:
    • For Student, Teacher, Administrator, Individual, and Guest accounts: account profile and authentication data such as nickname/username, email address (where applicable), password hash, and associated organization (school, district, or other program).  
    • For minors with Individual Accounts: a parent or guardian email address, where permitted by applicable agreements and law.
  • Unity: game services and gameplay analytics. Unity receives the following information:
    • – For Student, Teacher, Administrator, Individual, and Guest accounts: gameplay and usage data, including game session identifiers, progress, choices in branching narratives, scores, missions completed, time spent in missions, and in-game settings and customization.  
    • – De-personalized, aggregate usage data such as how many players complete specific missions or which games are played most often.
  • Sentry: error reporting and diagnostics. Sentry receives the following information:
    • – Anonymized bug and crash reports linked to game sessions, including device model, device memory, operating system, browser, internet speed/bandwidth, and “breadcrumbs” (steps) leading up to an error.
  • Salesmate: customer relationship management for non-student contacts. Salesmate receives the following information:
    • For Administrator and Teacher accounts that opt in: name, email address, organization and location (city, state, country), grades and/or subjects taught, and approximate number of students served.  
    • For Individual and Guest accounts that opt in: name, email address, and general location (city, state, country).  
    • Salesmate does not receive any information from Student Accounts and is not used to contact minors.
  •  Bluehost: domain and web hosting. When you visit our public website, Bluehost receives standard web server log information, including
    •  IP address;  
    • Browser type and version;  
    • Device and operating system information;  
    • Date, time, and duration of your visit;  
    • Pages and resources requested; and  
    • Referring website or link (if any).
    • We do not ask Bluehost to collect names, email addresses, or gameplay content.
  • Google Analytics: web analytics. Google Analytics receives information about how visitors use our website, including:
    • Pages visited and features used;  
    • Clicks, scrolls, and other interactions;  
    • Approximate location (city/region) based on IP address;  
    • Device type, operating system, and browser information;  
    • Time spent on pages and navigation paths; and  
    • Online identifiers such as cookies or Analytics IDs.
    • We do not send names, email addresses, passwords, or gameplay content to Google Analytics and use these analytics in aggregate form to understand overall usage patterns, not to profile individual students.
  • Google (Sign-In): authentication. If you choose to use Google Sign-In for a Teacher, Administrator, Student, or Individual account, Google shares the following information with us:
    • Your name (as listed on your Google account);  
    • Your email address;  
    • Your Google profile picture (if any); and  
    • A unique Google user ID.
    • We use this information only to authenticate you, create or link your Alterea account, and keep your account information up to date. We do not receive your Google password or access to your email contents.
  • Stripe: secure payment processing. For users who purchase access to The Game or related services, Stripe receives:
    • Payment card information (such as card number, expiration date, and CVC), which is submitted directly to Stripe;  
    • Billing name;  
    • Billing address and postal code;  
    • Email address for receipts and transaction communication;  
    • Transaction amount, currency, and date; and  
    • Device and technical information (such as IP address and browser details) for fraud prevention and security.
    • Alterea does not store full payment card numbers or CVC codes on our systems. Stripe processes this information on our behalf in accordance with its own security and data protection obligations.

Third-Party Services and Opt-Out of Data Sharing

  • We work with a number of companies and organizations to provide The Game, including hosting and data storage, authentication, payments, communications, analytics, game and website development, and impact research. These third-party service providers are only allowed to use information to perform services on our behalf and are required to protect it and keep it confidential. We do not sell your information to these or any other organizations.
  • Some third-party services are essential to operating The Game (for example, hosting, secure sign-on, and payments). If you choose to use The Game, we must share limited information with these providers so the service works; the only way to stop this sharing is to stop using the service and/or request deletion of your account.
  • We also use optional analytics and diagnostics providers to help us understand usage and improve The Game. You may opt out of sharing your data with these optional third-party analytics/diagnostics providers at any time without affecting your ability to play the game. 

How to opt out:

  • Email us at thealterea@gmail.com with the subject line “Opt-out of third-party analytics sharing” from the email associated with your account.

What happens when you opt out:

  • We stop sending new data to optional analytics/diagnostics providers for your account or device immediately or at your next session start.
  • Where supported by the vendor, we submit deletion or pseudonymization requests for your historical analytics data.
  • Your account, sign-in, saves, progress, and educator dashboards continue to function.

Timeline:

  • New data collection stops within 24 hours (usually immediately or at your next session).
  • Requests to optional analytics vendors are submitted within 7 days, with completion expected within 30 days (subject to vendor processing).
  • When you submit a data deletion request for your account, we also request deletion of your data from our third-party service providers, subject to technical and legal limitations.

Disclosure Exceptions: 

Notwithstanding the above policies, we reserve the right to disclose your personal information to appropriate third parties if we are required to do so by law or we believe that such action is reasonably necessary:

  • To comply with legal process such as a search warrant, subpoena, or court order;
  • To protect Alterea’s rights or defend against legal claims;
  • To protect any other party’s rights, property, or safety;
  • To report to any law enforcement agency any activities that we, in good faith, believe to be unlawful;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving harassment or abusive messages, or potential threats to the physical safety of any person; or
  • In the event that Alterea, or all or part of its assets, are acquired, merged, reorganized, or otherwise transferred to a third party (including in connection with a sale, bankruptcy, or similar change in control), where your information may be transferred as part of that transaction. In such a case, we will use reasonable efforts to ensure that any successor organization is bound by written obligations to protect personal information in a manner consistent with this Privacy Policy and our agreements with schools and districts and, where practicable and permitted by law, we will provide schools and account holders with notice and an opportunity to request deletion of their accounts and associated data before any such transfer is completed.

Data Deletion and Retention

Alterea deletes all administrator, teacher, and student accounts at least annually unless the user or institution renews the account for the following year. After an account is deleted, associated data is retained for up to six (6) months in case the user or institution chooses to renew and is then permanently deleted. Users or institutions may request earlier deletion at any time.

Users may request that Alterea delete their personal information by contacting us at thealterea@gmail.com

Upon receiving a verified request, and subject to any legal or contractual obligations, Alterea will delete the personal information we hold about you from our active systems and instruct our service providers to do the same, without undue delay and generally within 30 days. In some cases, schools or districts may specify different retention or deletion requirements in their contracts with Alterea; in these cases, Alterea will follow the terms of the applicable agreement and may direct parents or students to submit their request through the school or district in accordance with FERPA and local policies.

Certain records (such as audit logs or financial transaction records) may be retained where required by law, but these will be minimized and, where possible, de-identified.

Please note that Alterea may retain de-identified or aggregate data (such as gameplay analytics, usage trends, or bug reports) that cannot reasonably be used to identify any individual user, in accordance with the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA) where applicable, and other applicable data protection and privacy laws, including the EU General Data Protection Regulation (GDPR) and similar national or regional frameworks in the jurisdictions where our users are located.

Data Security

Alterea uses a combination of technical and organizational safeguards to protect user information. The PII provided by teacher and administrator accounts is stored in a secure environment, accessible only via accounts protected with multi-factor authentication and only by employees who need access to perform their job duties and who are properly trained.

We engage an independent security firm to conduct annual penetration tests of our systems and remediate identified high- and critical-severity issues within 30 days. We maintain audit logs for authentication events, authorization changes, and access to personal data for at least twelve (12) months. We monitor for anomalous activity, including brute-force login attempts, and enforce account lockouts after repeated failed logins.

We encrypt all personal data in transit using industry-standard TLS and at rest using strong encryption (for example, AES-256) for databases and backups. Passwords are salted and hashed using a strong one-way hashing algorithm such as bcrypt. Encryption keys are managed by a cloud key-management service with restricted access and regular rotation.

While we strive to protect the confidentiality and security of your information, no method of transmission or storage is completely secure. We cannot guarantee absolute security of the information you provide to us and you do so at your own risk.

Right to update

Alterea may modify this Policy from time to time. We encourage you to review the Policy regularly for any changes. Whenever we make material changes to how we use your information or reduce your rights under this Policy, we will provide notice and, where required by law, seek your consent to those changes. Alterea will notify affected users (such as account holders, administrators, or schools/districts) via email of new or changed policies within 30 days, as well as any material changes (including addition or removal) to subprocessors and other third-party service providers.

Rights and Contact

 If you have any questions or concerns about this Data Security and Privacy Policy, or about our practices relating to children’s data and COPPA, you can contact us at thealterea@gmail.com.

Subject to applicable law, teachers, administrators, schools/districts, parents/guardians, and eligible students may have the right to:

  • Access the personal information we hold about them or their students.
  • Correct inaccurate or incomplete information.
  • Request deletion of personal information, subject to our legal and contractual obligations.
  • Restrict or object to certain uses of the information (for example, certain types of analytics or optional communications).
  • Opt out of certain sharing that is not necessary to provide the educational service.

For student accounts created and used under a school, district, or other educational institution, we generally act as a service provider / processor on behalf of that institution. In those cases, parents/guardians and students should first contact their school or district to exercise their rights. The school or district may then submit requests to us, and we will support them in responding.

For Individual or Guest Accounts created directly with Alterea, account holders (or parents/guardians, for minors) may contact us directly at thealterea@gmail.com to exercise these rights.

If you believe that we have collected or used a child’s information in a way that is not consistent with COPPA or other applicable laws, please contact us using the email above and we will review and respond to your concern.

Address: Address: 251 Chestnut Ave., Palo Alto, CA, 94306

Accessibility 

Alterea Inc. (“Alterea”) is committed to providing a digital experience that is accessible to the widest possible audience, including students, educators, parents, and other users with disabilities. We design Agents of Influence and our related websites with accessibility in mind and are working over time to align our products with recognized accessibility standards such as the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA, including support for keyboard navigation, readable text, sufficient contrast, and alternatives for key audio and visual content.

If you experience any difficulty accessing or using our game, dashboards, or websites, or if you have suggestions for improving accessibility, please contact us at thealterea@gmail.com and describe the issue (including the page, feature, device, browser, and any assistive technologies used). We will review your feedback, work to identify a reasonable solution, and update our products where feasible as part of our ongoing accessibility efforts.

Misc.

Our privacy policy is effective as of February 12, 2023.