Flint Inc (flintk12.com)

|

Last Updated: November 6th, 2024

Flint Privacy Policy

This privacy notice for Flint Inc ("we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

  • Visit our website at https://www.flintk12.com/, or any website of ours that links to this privacy notice

  • Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact our Data Protection Officer, Sami Belhareth, at sami@flintk12.com

For users in the European Union, European Economic Area, and United Kingdom, we have appointed DataRep as our Data Protection Representative. You can contact DataRep:

Summary of key points

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we receive any information from third parties? The information that Flint receives from third parties is limited to rostering information and only when a User chooses to make use of our SIS and LMS rostering integration options to import their school’s roster. Roster information may include users' first name, last name, email address, and associated courses at the school.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by visiting sohan@flintk12.com, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

How do we define and use student data? We are committed to the privacy and security of Student Personal Data and Student-Created Content and disclose and use these data solely for educational purposes and to better provide educational experiences through our Services. Student Personal Data and Student-Created Content will not be used for marketing purposes without prior consent, and will not be disclosed or sold to third parties or business partners. Schools own all personally identifiable student information, including name, ID number, and photo, as well as all Student Personal Data and Student-Created Content. Learn more about student data collection, usage, and rights.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.

  1. What information do we collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • names

  • email addresses

  • google profile picture

  • usernames

  • passwords

  • chat history with our AI chatbots

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • student data

We collect data and process data when you:

  • register to use our AI chatbots

  • voluntarily interact with our chatbots

  • provide feedback through our websites, via email, in meetings, or through other social media

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "How do we handle your social logins?" below.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: https://flintk12.com/cookies.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).

  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

  1. How do we process your information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.

  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

  • To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.

  • To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see "What are your privacy rights?" below.

  • To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.

  • To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.

  • To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

Flint securely stores your data in the United States. When Flint engages with a third-party data processor (Processor), it will require any Processor to protect Customer Data to the standard required by Applicable Data Protection Laws, such as including the same data protection obligations referred to in Article 28(3) of the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR; and require any appointed Processor to agree in writing to only process data in a country that the European Union has declared to have an “adequate” level of protection; or to only process data on terms equivalent to the Standard Contractual Clauses. As such, our third party processors either:

  1. Adhere to a strict zero-retention policy with our third-party processors, meaning that no personal data is retained after processing is completed.

  2. Only store data for the purposes of providing web hosting and computing services. Data is not used by the third-party processors for any other purposes.

Flint will keep your personal identification information and chat history for the duration necessary to fulfill the purposes outlined in this notice. Once this time period has expired, we will delete your data by securely erasing digital records and sanitizing any related storage devices.

  1. What legal bases do we rely on to process your personal information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way

  • For investigations and fraud detection and prevention

  • For business transactions provided certain conditions are met

  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim

  • For identifying injured, ill, or deceased persons and communicating with next of kin

  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse

  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province

  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records

  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced

  • If the collection is solely for journalistic, artistic, or literary purposes

  • If the information is publicly available and is specified by the regulations

If you are located in the European Union or European Economic Area, this section applies to you.

Flint would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request Flint for copies of your personal data.

  • The right to rectification – You have the right to request that Flint correct any information you believe is inaccurate. You also have the right to request Flint to complete the information you believe is incomplete.

  • The right to erasure – You have the right to request that Flint erase your personal data, under certain conditions.

  • The right to restrict processing – You have the right to request that Flint restrict the processing of your personal data, under certain conditions.

  • The right to object to processing – You have the right to object to Flint’s processing of your personal data, under certain conditions.

  • The right to data portability – You have the right to request that Flint transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact our Data Protection Officer, Sami Belhareth, at sami@flintk12.com.

Should you wish to report a complaint or if you feel that Flint has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office in Spain (Agencia Española de Protección de Datos, AEPD) or the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland.

  1. When and with whom do we share your personal information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The third parties we may share personal information with are as follows:

  • Allow Users to Connect to Their Third-Party Accounts
    Google account
    Microsoft account

  • Communicate and Chat with Users
    Intercom

  • User Account Registration and Authentication
    Google Single Sign-On
    Microsoft Entra Single Sign-On

  • Web and Mobile Analytics
    Google Analytics

We also may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. Any successor entity will be required to maintain the same commitments as outlined in this privacy policy so long as this policy is in effect.

  • Other Users. When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. If you interact with other users of our Services and register for our Services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile.

  1. Do we use cookies and other tracking technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://flintk12.com/cookies.

  1. How do we handle your social logins?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

  1. How long do we keep your information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than   the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

  1. How do we keep your information safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

  1. What are your privacy rights?

In Short: In some regions, such as Canada, the European Union, and the European Economic Area, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "How can you contact us about this notice?" below.

We will consider and act upon any request in accordance with applicable data protection laws.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "How can you contact us about this notice?" below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "How can you contact us about this notice?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice: https://flintk12.com/cookies.

If you have questions or comments about your privacy rights, you may email our Data Protection Officer, Sami Belhareth, at sami@flintk12.com

  1. Controls for do-not-track features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

  1. Do United States residents have specific privacy rights?

In Short: If you are a resident of California, Connecticut or Virginia, you are granted specific rights regarding access to your personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

Category

Examples

Collected

A. Identifiers

Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name

Yes

B. Personal information as defined in the California Customer Records statute

Name, contact information, education, employment, employment history, and financial information

Yes

C. Protected classification characteristics under state or federal law

Gender and date of birth

No

D. Commercial information

Transaction information, purchase history, financial details, and payment information

No

E. Biometric information

Fingerprints and voiceprints

No

F. Internet or other similar network activity

Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements

No

G. Geolocation data

Device location

Yes

H. Audio, electronic, visual, thermal, olfactory, or similar information

Images and audio, video or call recordings created in connection with our business activities

Yes

I. Professional or employment-related information

Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us

No

J. Education Information

Student records and directory information

No

K. Inferences drawn from collected personal information

Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

No

L. Sensitive personal Information

Account login information

Yes

We will use and retain the collected personal information as needed to provide the Services or for:

  • Category A - As long as the user has an account with us

  • Category B - As long as the user has an account with us

  • Category G - As long as the user has an account with us

  • Category H - As long as the user has an account with us

  • Category L - As long as the user has an account with us

Category L information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You have the right to limit the use or disclosure of your sensitive personal information.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels;

  • Participation in customer surveys or contests; and

  • Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?
Learn about how we use your personal information in the section, "How do we process your information?"
We collect and share your personal information through:
  • Beacons/Pixels/Tags
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "When and with whom do we share your personal information?"
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
  • Category A. Identifiers
  • Category B. Personal Information as defined in the California Customer Records law
  • Category G. Geolocation data
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "When and with whom do we share your personal information?"

California Residents

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.
The California Code of Regulations defines a "residents" as:
  1. every individual who is in the State of California for other than a temporary or transitory purpose and
  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."
If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
Your rights with respect to your personal data

Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know:
Depending on the circumstances, you have a right to know:
  • whether we collect and use your personal information;

  • the categories of personal information that we collect;

  • the purposes for which the collected personal information is used;

  • whether we sell or share personal information to third parties;

  • the categories of personal information that we sold, shared, or disclosed for a business purpose;

  • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

  • the business or commercial purpose for collecting, selling, or sharing personal information; and

  • the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information
If the business collects any of the following:
  • social security information, drivers' licenses, state ID cards, passport numbers

  • account login information

  • credit card numbers, financial account information, or credentials allowing access to such accounts

  • precise geolocation

  • racial or ethnic origin, religious or philosophical beliefs, union membership

  • the contents of email and text, unless the business is the intended recipient of the communication

  • genetic data, biometric data, and health data

  • data concerning sexual orientation and sex life

you have the right to direct that business to limit its use of your sensitive personal information to that use which is necessary to perform the Services.
Once a business receives your request, they are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.
Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right, as well as the publicly available information.
To exercise your right to limit use and disclosure of sensitive personal information, please contact our Data Protection Officer, Sami Belhareth, at sami@flintk12.com

Verification process
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights
  • You may object to the processing of your personal information.

  • You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.

  • You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.

  • You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact Sami Belhareth, at sami@flintk12.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.
The California Code of Regulations defines a "residents" as:
  1. every individual who is in the State of California for other than a temporary or transitory purpose and
  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."
If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
Your rights with respect to your personal data

Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know:
Depending on the circumstances, you have a right to know:
  • whether we collect and use your personal information;

  • the categories of personal information that we collect;

  • the purposes for which the collected personal information is used;

  • whether we sell or share personal information to third parties;

  • the categories of personal information that we sold, shared, or disclosed for a business purpose;

  • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

  • the business or commercial purpose for collecting, selling, or sharing personal information; and

  • the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information
If the business collects any of the following:
  • social security information, drivers' licenses, state ID cards, passport numbers

  • account login information

  • credit card numbers, financial account information, or credentials allowing access to such accounts

  • precise geolocation

  • racial or ethnic origin, religious or philosophical beliefs, union membership

  • the contents of email and text, unless the business is the intended recipient of the communication

  • genetic data, biometric data, and health data

  • data concerning sexual orientation and sex life

you have the right to direct that business to limit its use of your sensitive personal information to that use which is necessary to perform the Services.
Once a business receives your request, they are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.
Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right, as well as the publicly available information.
To exercise your right to limit use and disclosure of sensitive personal information, please email sohan@flintk12.com .

California Civil Code Section 1798.83, also known as the "Shine The Light" law permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

This section applies only to California residents. Under the California Consumer Privacy Act (CCPA), you have the rights listed below.
The California Code of Regulations defines a "residents" as:
  1. every individual who is in the State of California for other than a temporary or transitory purpose and
  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."
If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
Your rights with respect to your personal data

Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know:
Depending on the circumstances, you have a right to know:
  • whether we collect and use your personal information;

  • the categories of personal information that we collect;

  • the purposes for which the collected personal information is used;

  • whether we sell or share personal information to third parties;

  • the categories of personal information that we sold, shared, or disclosed for a business purpose;

  • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;

  • the business or commercial purpose for collecting, selling, or sharing personal information; and

  • the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information
If the business collects any of the following:
  • social security information, drivers' licenses, state ID cards, passport numbers

  • account login information

  • credit card numbers, financial account information, or credentials allowing access to such accounts

  • precise geolocation

  • racial or ethnic origin, religious or philosophical beliefs, union membership

  • the contents of email and text, unless the business is the intended recipient of the communication

  • genetic data, biometric data, and health data

  • data concerning sexual orientation and sex life

you have the right to direct that business to limit its use of your sensitive personal information to that use which is necessary to perform the Services.
Once a business receives your request, they are no longer allowed to use or disclose your sensitive personal information for any other purpose unless you provide consent for the use or disclosure of sensitive personal information for additional purposes.
Please note that sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer is not covered by this right, as well as the publicly available information.
To exercise your right to limit use and disclosure of sensitive personal information, please email sohan@flintk12.com .

Connecticut Residents

This section applies only to Connecticut residents. Under the Connecticut Data Privacy Act (CTDPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

To submit a request to exercise these rights described above, please email Sami Belhareth, at sami@flintk12.com

If we decline to take action regarding your request and you wish to appeal our decision, please email Sami Belhareth, at sami@flintk12.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.

Virginia Residents

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.


Your rights with respect to your personal data
  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")


Exercise your rights provided under the Virginia VCDPA
You may contact us via email at sami@flintk12.com
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at sohan@flintk12.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.


Your rights with respect to your personal data
  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")


Exercise your rights provided under the Virginia VCDPA
You may contact us via email at sami@flintk12.com
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at sohan@flintk12.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

Under the Virginia Consumer Data Protection Act (VCDPA):

"Consumer" means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

"Personal data" means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.

"Sale of personal data" means the exchange of personal data for monetary consideration.

If this definition of "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.


Your rights with respect to your personal data
  • Right to be informed whether or not we are processing your personal data

  • Right to access your personal data

  • Right to correct inaccuracies in your personal data

  • Right to request deletion of your personal data

  • Right to obtain a copy of the personal data you previously shared with us

  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")


Exercise your rights provided under the Virginia VCDPA
You may contact us via email at sami@flintk12.com
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process
We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at sohan@flintk12.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

  1. How do we respond to security incidents?

In the event of a security incident that affects your data, Flint is committed to maintaining transparency and open communication. Our priority is to ensure the integrity and confidentiality of your information. We will notify you as soon as possible after the incident has been identified. We understand the importance of timely information and are committed to providing updates as they become available.

Notifications will be delivered through email, our website, and other appropriate communication channels. We will provide clear and accessible information, ensuring that you are fully informed of the nature and scope of the incident. Our communication will include, where possible, a description of the event, the effect to the service, and any potential impact to data.

Once recovery is complete and services have resumed, our customer notifications will include general information about the steps taken to recovery, and any data that may have been impacted. If the recovery is partial and the service is still in a degraded state, notifications will include an estimate of how long the degradation will continue.

Details about our incident response plan can be found at: https://www.flintk12.com/incident-response-plan.

  1. How do we define and use student data?

In Short: Users under 13 years old can sign up and use our Services with parental consent. We use student data solely for educational purposes and comply with student data privacy regulations including COPPA and FERPA.

For the following sections #14-16, “Child” or “Children” means a user under 13 years old. For Child users of our Services, our privacy practices are informed by the Children’s Online Privacy Protection Act (”COPPA”). These sections also explain how a parent or guardian (“Parent” or “you” for the following 3 sections) can restrict the collection, use, and/or disclosure of your Child’s information and how you can request deletion of your Child’s information.

This privacy policy applies to Child users of Flint and administrators and teacher end users (collectively, “Schools”). When the Service is used as part of the School’s educational program, the personal information related to the School’s student users (“Students”), who may or may not be under 13 years old, may include information defined as “education records” by the Family Educational Rights and Privacy Act (”FERPA”) or other information protected by similar state student data privacy laws. We refer to this information as “Student Personal Data”. Through the use of our Services, Students may also generate content (”Student-Created Content”). All Student user data is stored and used for only as long as a user has an account with us, and is viewable, editable, and deletable upon request by a Student’s Parent and/or School.

We are committed to the privacy and security of Student Personal Data and Student-Created Content and disclose and use these data solely for educational purposes and to better provide educational experiences through our Services. We will collect, use, share, and retain Student Personal Data and Student-Created Content only for purposes for which we were authorized by their School or the parent/student. Student Personal Data and Student-Created Content will not be used to target marketing and advertisements to Students, and will not be disclosed or sold to third parties or business partners. Schools own all personally identifiable student information, including name, ID number, and photo, as well as all Student Personal Data and Student-Created Content.

Our vendors with whom Student Personal Data and Student-Created Content is shared in order to deliver the educational service, if any, are obligated to follow the same commitments as outlined in this privacy policy.

  1. How is Student Personal Data collected from Students?

In Short: We collect information through various means, governed by school contracts, our privacy policy, and relevant laws like COPPA and FERPA.

With their Parents’ consent, Students under the age of 13 can sign up for and use our services. We may collect information about Students directly from Students and/or their Schools, as well as automatically through a Student's use of our Services. We will not require a School or Student to disclose more information than is reasonably necessary to use our Services. Our collection and use of Student Personal Data is governed by our contracts with Schools, by our Privacy Policy for all users, and by applicable privacy laws. We work with Schools to protect Student Personal Data consistent with COPPA and FERPA. If you have any questions about reviewing, modifying, or deleting the personal information of a Student, please contact your School directly.

  1. What Student Personal Data is collected and how is it used and shared?

In Short: We collect Student Personal Data directly and automatically. We do not sell or disclose Student Personal Data. Some automatically collected data may be de-identified and aggregated to inform analytics internally so we can improve our Services.

Data collected directly might include Student Personal Data like names, email addresses, and Google profile pictures that a School provides when deciding to use our Services. These data are used solely to manage access to content within our Services and assess, track, and archive Student’s learning progress. This data is by default viewable by Schools and is upon request viewable by Parents and editable and deletable by Schools and Parents. We will not build a personal profile of a Student other than for supporting authorized educational/school purposes or as authorized by the parent/student. We do not disclose or sell Student Personal Data to third parties or business partners.

Data collected automatically may include information about a Student’s use of our Services through our servers and in log files, such as the following: domain name; browser type and operating system; web pages viewed; links clicked; the length of time spent on our Services; the length of time our Services are used; the referring URL, or the webpage that led a user to our Site; language information; device name and model; operating system type, name, and version; and activities within our Services. This information is de-identified and aggregated to protect individual Student privacy. We do not link this automatically-collected data to a Student’s personal information. These data are stored and used internally and are not sold to third parties or business partners. We use this information to analyze trends, administer the Services, track users’ movements around the Services, gather demographic information about our user base, and better tailor our Services to our users’ needs. We may also collect IP address, device identifier or a similar unique identifier from Student users of our Services; we use such identifiers solely to support the internal operations of our Services in the same manner as described above, including to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users and our Services. Data collected automatically is stored and used for only as long as a user has an account with us, and is viewable, editable, and deletable upon request by a Student’s Parent and/or School.

If you are a School or Parent wishing to manage your Student’s Personal Data or have any questions about Student Personal Data, please email us at sami@flintk12.com.

  1. How is Student-Created Content collected, used, and shared?

In Short: Student-Created Content is only used for educational purposes and not sold or disclosed to third parties or business partners.

Through the use of our Services, Students may produce Student-Created Content. Some examples of this include but are not limited to chat message history, assignment submissions, essay texts, and audio recordings. Any Student-Created Content is stored in our systems for the sole purpose of assessing, tracking, and archiving Student’s learning progress. We do not disclose or sell Student-Created Content to third parties or business partners. Student-Created Content may be shared with other Students at their School and with administrators and teachers at their School. Our policy considers any Student-Created Content as “educational records” under FERPA. As such, upon request, Parents can view and delete any of their Student’s Student-Created Content as long as their Student is under the age of 18.

If you are a School or Parent wishing to manage your Student’s Student-Created Content or have any questions about Student-Created Content, please email us at sami@flintk12.com.

  1. Do we make updates to this notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. If any new policy changes affect how your data is collected, used, or shared, we will notify you and allow you choices before your data is used in any manner inconsistent with prior policies. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

  1. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at sami@flintk12.com or contact us by post at:

Flint Inc
1082 South Van Ness Ave
San Francisco, CA 94110
United States

For individuals in the EU/EEA and UK: DataRep has been appointed as Flint Inc.'s Data Protection Representative in the European Union and United Kingdom under Article 27 of the General Data Protection Regulation (GDPR) and UK GDPR. If you wish to raise a question to Flint Inc., or otherwise exercise your rights in respect of your personal data, you may contact DataRep:
Please ensure all correspondence is marked 'DataRep' and not 'Flint, Inc.' to ensure it reaches us. When contacting us to exercise your rights, Flint, Inc. may request evidence of your identity to ensure your personal data and information is not provided to anyone other than you.
  1. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please fill out this form.

This privacy policy was created using Termly's Privacy Policy Generator.