1. Introduction
We, the Typing Pal Team, are deeply committed to making our web application a safe and secure place for you and your family members to learn. That is why we make every effort to comply most widely recognized standards for safeguarding personal information.
This document uses clear and simple terms to describe the practices and procedures adopted to ensure that Typing Pal – Personal Edition (“Typing Pal”) protects your privacy.
2. Overview
2.1. Compliance
We comply with the following privacy laws:
- Act Respecting the Protection of Personal Information in the Private Sector (ARPPIPS—Government of Quebec)
- Personal Information Protection and Electronic Documents Act (PIPEDA—Government of Canada)
- Children’s Online Privacy Protection Act (COPPA—United States of America)
- Student Online Personal Information Protection Act (SOPIPA)
- AB-1584 Pupil records: privacy: 3rd-party contracts: digital storage services and digital educational software
We support schools and libraries in their compliance with the following laws:
- Family Educational Rights and Privacy Act (FERPA)
- Children’s Internet Protection Act (CIPA)
- NY Education Law 2-d and Part 121 of the regulations of the NY Commissioner of Education
We are a signatory to the K-12 School Service Provider Pledge to Safeguard Student Privacy.
We are resolutely committed to a global and methodical approach to respecting the principles set out in the General Data Protection Regulation (GDPR—European Union).
2.2. What We Do
- We collect personal information to identify users and we track their performance by saving their activity results. The only personal information that we collect about children under 16 years old is their full name, username and email address (optional).
- We use HTTPS (SSL) to ensure that personal information and student data are transmitted securely from end to end.
- We enable you to review and delete personal information and activity results for both you and your children under 16.
- We delete your personal information and activity results at your request, or automatically after a subscription has been expired for one year.
- We provide a copy of your personal information and activity results at your request in a structured, commonly used, machine-readable and interoperable format if you request this within the year following the end of your subscription. (After one year, your details are automatically deleted.)
- We innovate safely without compromising user privacy by only analyzing anonymized and aggregated data as we develop and improve Typing Pal.
2.3. What We Don’t Do
- We do not collect or use personal information and user data for non-educational purposes.
- We do not sell, trade, rent or otherwise provide personal information and user data to any advertisers or third parties.
- We do not use or disclose any user information for behavioral targeting of advertisements.
- We do not create advertising profiles on users.
- As Typing Pal is fee-based, we do not expose users to advertisements.
- We do not provide any messaging system for users to communicate privately with each other.
3. What Information Do We Collect and Why?
3.1. Information Provided by Users
3.1.1. Subscription Holder Identification
Contact information — Account creation by subscription holders (aged 16 or older) requires their full name, telephone number, mailing address and email address. On the rare occasions when it is necessary or advisable, we may use the information provided by the subscription holder for service-related communications and technical support requests or announcements.
Credit card information — Because subscription holders make the payment, we also require their credit card details. An entirely secure payment system is provided by our partner Stripe, a platform with PCI/DSS level 1 certification (the highest level of security for online payments). Information relating to your credit card is encrypted and is never transmitted over the Internet in unencrypted form. Additionally, it is processed exclusively by Stripe and never comes into our possession.
Username and password — When the account is created, the subscription holder chooses a personal password. The username is the same as the user’s email address. The username is required for signing into Typing Pal, and may also be needed for technical support requests.
3.1.2. User Information for Invited Users aged 16 or older
Contact information — When a subscription holder creates an invited user account (aged 16 or older), only the invited user’s email address is required. Upon receipt of an invitation from a Home Edition subscription holder, invited users will then be required to provide their full name. On the rare occasions when it is necessary or advisable, we may use the information provided by invited users for service-related communications and technical support requests or announcements.
Username and password — When signing in for the first time, invited users (aged 16 or older) choose a personal password. The username is the same as their email address. The username is required for signing into Typing Pal, and may also be needed for technical support requests.
3.1.3. User Information for Invited Users Under 16 Years Old
Contact information — When a subscription holder creates an invited user account (under 16 years old), only the invited user’s full name is required. No email address is linked to the account. Unlike with other users of Typing Pal, we never communicate with invited users under 16 years old; not even for service-related communications or technical support.
Username and password — The subscription holder also chooses a username and password when an account is created. Users under 16 years old cannot change their username or password. Only the subscription holder can make these changes.
3.1.4. Communicating With Us
Support requests — Typing Pal’s support section includes a form to describe a problem, express a comment or share a suggestion. We ask you to provide us with all the information that could help us answer your questions or process your requests. We only use this information to provide the services or support requested.
Feedback — We occasionally ask you to provide us with feedback on your experience with Typing Pal through surveys. The surveys are optional and the information submitted to us will only be used to improve our services. We may use third-party services to collect this information, such as Google Forms or SurveyMonkey.
3.2. Information Collected Automatically
3.2.1. Performance information — When users are engaged in a Typing Pal activity, we collect information related to their typing performance. This information allows us to track their progress, calculate game scores, create replay videos, and generate performance reports on demand. You can delete the results for all your activities and those of any user under 16 by resetting the account from your settings.
3.2.2. Single Sign-On — When an account is linked to a single sign-on service, such as Google Single Sign-On (SSO), we only collect the authentication information required by that service. This consists of the username, email address and avatar URL. The password, however, is not collected.
3.2.3. Cookies — Cookies are small blocks of data stored on your device (computer, smartphone, tablet) by your web browser. They are a standard technology used by all browser software. Like most online services, we use cookies to enable the functionality of Typing Pal and to evaluate its performance and usability. Some cookies are required for Typing Pal to function properly, while others are optional. Cookies can be deleted, but if they are disabled or blocked, you will be prevented from logging into Typing Pal. Learn more about the cookies we use or configure them in your Cookies Settings.
3.2.4. Log Information — As an online service, we automatically collect and store certain information in our server logs. The information collected could be related to the device used (operating system, hardware version, browser name, etc.), or how Typing Pal is used (session frequency and duration , which options are enabled, etc.). This information helps us make decisions about future improvements. For example, we can focus on improving Typing Pal’s integration with the most popular browsers.
3.2.5. IP address — We may collect and process IP addresses. We may use these to find the cause of a technical problem. We do not collect precise geolocation data from users, nor do we store or track any device location.
3.2.6. Web analytics — To understand the context of a technical issue, to improve our service or to protect it from attacks carried out by automated applications (bots), we may use third-party web analytics providers such as Matomo or Google reCaptcha. Google may use the data collected to contextualize and customize ads for its own advertising network. For more information on Google’s practices in terms of the protection of personal information, please view the page describing its privacy rules.
3.3. What We Don’t Do With the Information We Collect
We do not collect, use or share personal information in any way that is not disclosed in this Privacy Policy. This also means that:
- We do not collect or use personal information and user data for non-educational purposes.
- We do not sell, trade, rent or otherwise provide personal information and user data to any advertisers or third parties.
- We do not use or disclose any user information for behavioral targeting of advertisements.
- We do not create advertising profiles on users.
- As Typing Pal is fee-based, we do not expose users to advertisements.
- We do not provide any messaging system for users to communicate privately with each other.
4. How Do We Protect Information?
4.1. Security Measures
When it comes to protecting user information, security is our highest concern. We follow industry-recognized standards such as the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the Open Worldwide Application Security Project’s (OWASP) Application Security Verification Standard. Here’s what we do to keep Typing Pal secure:
4.1.1. — We use SSL (Secure Sockets Layer) to establish an encrypted link between our web server and a browser. This link ensures that all data transferred remains private and secure.
4.1.2. — We use firewall-protected servers stored in a secured location to prevent any unauthorized access.
4.1.3. — We store and transfer passwords using encryption technologies deemed to be secure.
4.1.4. — We control and limit our employees’ access to the Typing Pal database. The same is true for access to log files containing user and employee interactions with Typing Pal, as well as security events. Only employees who require this information to perform their duties have access to it. In such cases, we apply the principle of least privilege: the access granted is the minimum access required for these employees to perform their duties.
4.1.5. — We regularly educate our employees about information security issues and about how important this information is to our customers. The manner in which this information is handled is set out in a written document read and accepted by all relevant members of our staff.
4.1.6. — We implement control measures to ensure that Typing Pal’s development is secure. These measures include searching for disclosed vulnerabilities in third-party software included in Typing Pal, reviewing code, validating changes before deployment, training technical staff in good development practices, etc.
4.1.7. — We test Typing Pal’s security and fix any detected vulnerabilities presenting a security risk. We periodically appoint external experts to carry out security audits, including vulnerability and penetration testing.
4.1.8. — We use only industry-standard, publisher-supported software and technology infrastructures. We diligently keep them up to date with the latest patches.
4.1.9. — We implement measures for managing all Typing Pal updates, whether or not they are required for security reasons. We take swift and appropriate action to prevent any vulnerability from being exploited, from the moment one is identified to the deployment of the update required to address the situation.
4.1.10. — We periodically review all above security measures and practices.
4.2. In Case of Failure
We strive to protect our users against unauthorized use, disclosure, or access to their personal information. Although we adhere to the best industry standards, we cannot claim that our security system is 100% immune to failure. In the event that we discover a security breach affecting the accounts in your Typing Pal subscription, we will send an email within 24 hours to all users (over 16 years old) who are included in your subscription.
5. Which Regulations Do We Comply With and How?
5.1. Compliance
We comply with the following privacy laws:
- Act Respecting the Protection of Personal Information in the Private Sector (ARPPIPS—Government of Quebec)
- Personal Information Protection and Electronic Documents Act (PIPEDA—Government of Canada)
- Children’s Online Privacy Protection Act (COPPA—United States of America)
- Student Online Personal Information Protection Act (SOPIPA)
- AB-1584 Pupil records: privacy: 3rd-party contracts: digital storage services and digital educational software
We support schools and libraries in their compliance with the following laws:
- Family Educational Rights and Privacy Act (FERPA)
- Children’s Internet Protection Act (CIPA)
- NY Education Law 2-d and Part 121 of the regulations of the NY Commissioner of Education
We are a signatory to the K-12 School Service Provider Pledge to Safeguard Student Privacy.
- To learn more about the commitments we are sworn to honor, visit https://studentprivacypledge.org.
We are resolutely committed to a global and methodical approach to respecting the principles set out in the General Data Protection Regulation (GDPR—European Union).
5.2. General Measures
While the privacy laws and regulations above were adopted by different jurisdictions which may have specific local objectives, they contain similar overall requirements. To avoid redundancies in this Privacy Policy, the following text presents what we do to comply with these various privacy laws and regulations.
5.2.1. Children’s Information
We are committed to protect the information of all users—especially children under age of 16. We will not require them to disclose more personal information than necessary, and will collect it solely for educational purposes.
Should you become aware that we have inadvertently collected personal information from children—for example, if a child created a subscription holder’s user account in Typing Pal—we will take action to promptly delete such information. To report to us that a child’s personal information has been inadvertently collected outside the boundaries of this Privacy Policy or provided without the parent’s or legal guardian’s consent, please contact us at privacy@typingpal.com.
5.2.2. Deletion and Right to Be Forgotten
In your settings, you can remove the account of any invited users aged 16 or older. You can also delete the account of any invited users under 16 years old, along with all their details. In addition, all accounts are automatically deleted one year after the account’s expiry, or at any time at the user’s request. Upon deletion, personal details are permanently lost and cannot be restored. You can also exercise your right to be forgotten by submitting a request to us.
5.2.3. Right to Correction
Users can review their personal details at any time. In your settings, you can edit your personal information and the information of your children under 16 years old. In addition, all users can exercise their right to rectification of their details. This is done by submitting a request to amend the incorrect information.
5.2.4. Data Ownership, Control and Portability
Activity results belong to users; they have control of these for the duration of the subscription (unless they are under 16 years old, in which case you have control of the results). We do not claim any right of ownership or control over activity results. You can request that we export usersʼ activity results in a structured, commonly used, machine-readable and interoperable format. Such a request must be made within one year following the subscription’s expiry, after which users’ information is automatically deleted.
5.2.5. Parental Consent
COPPA mandates obtaining parents’ verifiable consent before collecting information from their children and describes different accepted ways to do so. By inviting a child under the age of 16 to join your subscription, you certify that you are the child’s parent or legal guardian and consent to the collection of information described in this policy.
5.2.6. Preventing Access to Inappropriate Content
There is no embedded link in Typing Pal that would lead minors to access obscene, defamatory or otherwise objectionable content over the Internet. We do provide original content free of obscene, defamatory or otherwise objectionable words. In addition, we do not provide users with any messaging systems, chat rooms or other forms of direct electronic communication.
5.2.7. Legal Requirements
We may disclose personal information when required to do so by law or by a court.
6. About This Privacy Policy
6.1. Modifications
This document will occasionally be updated to keep pace with improvements to Typing Pal, to security technology and with changes to privacy legislation. We expect that such updates will be minor amendments. However, if any modification materially changes the protections outlined in this document,we will seek consent by email from you and all of your users aged 16 or older.
6.2. General Consent
We advise you to carefully read the latest version of our Privacy Policy, because your use of Typing Pal implies your consent to its terms. Should you disagree with any terms of this Privacy Policy, you should immediately cease using Typing Pal.
6.3. Contact
We strive to make our Privacy Policy as easy to understand as possible. If you have any questions about it, or would like to make a request relating to the protection of your personal information, please send an email to privacy@typingpal.com or write to us at:
Druide informatique inc.
Data Protection Officer
1435 Saint-Alexandre Street, Suite 1040
Montreal (Quebec) H3A 2G4
Canada
6.4. Recourse
If you are not satisfied with the way in which we use your personal information, you can appeal to the supervisory authority with jurisdiction over such matters in your country. For example, the Office of the Privacy Commissioner of Canada is authorized to oversee matters relating to the handling of personal information in Canada, while the Commission nationale de l’informatique et des libertés (CNIL) has jurisdiction in France. If you reside in a European Union country, please visit the site of the European Data Protection Supervisor to find the relevant authority in your country.
The Typing Pal Team