COPPA & Data Privacy

BringChange PBC or BringChange Labs India Pvt. Ltd. (TrustCircle). ("company" or "we" or "us") recognizes the importance of privacy and take it very seriously. This COPPA Privacy Policy ("COPPA Policy") is designed to comply with the Children's Online Privacy Protection Act ("COPPA") and contains important information for organizations, schools, parents, caregivers about how we collect, use and disclose the personal information we collect from your students and your child or children including a child or children under 13 years old.

For purposes of this Policy, "child" or "children" means a child or children including a child or children under 13 years old. "Student" or "students" means a student or students including a child or children under 13 years old. Unless otherwise specified, for the purposes of this COPPA Policy, "you" and "your" refers to the organizations, institutions, schools, school, district, or other entities contracting with the company for the provision of the services or to you as the parent of a child or children using the company's platform or services.

At TrustCircle, we offer:

• Cloud-based, white-labeled unique Social Emotional Learning platform for each partner organization
• Emotional Resilience and Self-Reflection tools
• AI-driven Wellbeing Insights and more

each as applicable (collectively, the "Services").

We are committed to complying with the Family Education Rights and Privacy Act ("FERPA") and COPPA in all applicable respects with regards to the collection, use, disclosure, and retention of the personal information of your students.

We have contracted with you, as an operator defined under COPPA, in order to collect personal information from your students, for the use and benefit of the students and the school in the educational context as authorized by you, and for no other commercial purpose.

Under COPPA, we are required to obtain consent to the collection of personal information online from children under 13. When organizations, institutions, schools use our Services, the organization, institution, the school (including the teacher, school administrator, school district) consents to the collection and use of personal information from students including children under 13 years old as part of signing up to use the services.

When parents or caregivers use the Services independent of the organization/school, they are required to provide consent to the collection and use of personal information from children as part of the Services.

We collect personal information belonging to a student or child through the Services only where we have received consent for that student or child to use the Services and disclose personal information to us. This does not mean consent from every student is needed; normally the school, school district, dept. of education and/or parents will consent on behalf of the student.

By using the Services, consent is given to the collection and use of the personal information, anonymous information, and aggregate information about your students or child as described in this COPPA Policy, and you confirm you are authorized to consent to the collection and use of this information. Use of the Services by your students or child, and any dispute over privacy, is subject to this COPPA Policy and our Terms of Service including its applicable limitations on damages and resolution of disputes.

The personal information of your children/students or child will NOT be used for any other purpose without your consent. You may withdraw your consent to our processing of the personal information of your students or child at any time. However, withdrawing consent may result in your students' or child's inability to continue using some or all of the services.

Personal information of your students or child may be collected directly from you or your students while utilizing the well-being platform such as Emotions, Journals, Seek Help, et al. We also collect admin approved email ids of students/users to authenticate users utilizing Google/Microsoft authentication services allowing a seamless sign-in.

We use student personal information we collect in the following ways:

• To provide our Services including to respond to customer service and technical support issues and requests. If a student or child runs into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from the personal computing device utilized by the student or child documenting the error. Such information may contain information regarding the device's Operating System version, hardware, and browser version.
• To provide wellbeing insights via the TrustCircle platform including the information your student or child distributes, displays, or shares, and to provide you with reports and logs regarding the same. In the case of schools, such reports may include class or school-wide student participation reports, to allow you to conduct comparative analyses of your students' demographics.

We may use aggregate or de-identified information about students and children for the following purposes:

• To monitor and analyze the Services and for technical administration;
• To better understand how students and children access and use our Services;
• To improve our Services; and
• For other research and analytical purposes.

Third Party Service Providers. No student data is shared with any third party. We utilize third parties such as Microsoft, Google, Amazon, and MongDB as these are standard third parties that are utilized by almost every SaaS provider to ensure highest security and data privacy. The data is encrypted at transit and at rest.

• We utilize third parties such as Google, and Microsoft for authentication of a user to grant them access to a platform utilizing their existing school-issued email ids so that there is no need for the user to create any new credentials.
• These third parties are required to treat personal information in accordance with our privacy and security policies and commitments.
• Except as explained above, we do not disclose or transfer your child's or student's personal information to third parties except for authorized educational/school purposes or as directed by the organizations/schools that have engaged us to provide Services.

Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected to the other company provided the successor entity is subject equivalent privacy and security commitments as that of the company for the previously collected personal information and the information disclosed continues to be used for only improving services for you, educational/school purposes.

In Response to Legal Process. We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena or other legal process.

With Schools. You are able to login to view information about your students' or child's use of the Services.

All data or Personally Identifiable Information (PII) of your individuals, students, children, and staff we collect for the purposes of developing products or services for you is within the scope of your agreement and will be owned by your organization, school, school district and will have the final authority over the same.

At any given time when You need the dataset the company will share the copy of the dataset with You per your need and request in any format that You need the data in.

The security of your students' or child's personal information is very important to us. We have implemented the highest levels of data security, privacy, and integrity standards that are designed to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We have implemented technical, contractual, administrative, and physical security steps and other organizational safeguards designed to protect personal information on our servers that are located in our partner geographical area, for example, all United States partners data is stored in the United States only. We also utilize secure authentication technologies, encryption, and a securely configured network to ensure highest data security and privacy standards.

If any case we learn of a data security breach that poses a serious risk of harm, we will attempt to notify you electronically (subject to any applicable laws) as soon as possible so that you can take appropriate protective steps; for example, we may post a notice on the company website or elsewhere on the Service, and may send email to you at the email address you have provided to us. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

We will make every reasonable effort to keep personal information accurate and up-to-date, and we will provide you with mechanisms to review, update, and correct your students' or child's personal information as appropriate and/or desired. You have a right to ask for the personal information we have collected from your student or child, for your review and for any other reason that you may need to access your student / child data. The company will make sure you get a copy of all data in any format that you need. All retained personal information will remain subject to the terms of this Privacy Policy. If you would like to obtain a copy of your student's or child's personal information, please contact us at info@trustcircle.co.

If we learn we have collected personal information about a student or child without proper consent or the parent or guardian consent is no longer there, we will delete that information as quickly as possible.

This COPPA Policy is current as of the last update set forth above. We may change this COPPA Policy from time to time, so please be sure to check back periodically. If we make any changes to this COPPA Policy that materially affect our practices with regard to the personal information we have previously collected from your students or child, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site.

If you have any questions, comments, concerns or suggestions about the privacy aspects of our Services or would like to make a complaint, please contact info@trustcircle.co or write to us at the below mentioned address:

BringChange PBC (TrustCircle)
11040 Bollinger Canyon Road, Suite E-187
San Ramon, California 94582
United States