Last modified: 4/14/25

Newfruit Media, LLC d/b/a Shiny Gems (“Company,” “we,” or “us”) respects your privacy and is committed to protecting it by complying with this Privacy Policy (this “Policy”). 

This Policy describes the types of information Company may collect from or about you or that you may provide when you visit our Shiny Gems website, www.shinygems.com (the “Shiny Gems Website”), or otherwise engage with any content, functionality, services, or other online experiences offered under the Shiny Gems trade name or otherwise on or through the Shiny Gems Website (the “Services”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Policy is an integral part of our End User Terms of Use, located at https://shinygems.com/end-user-terms-of-use (the “EULA”), which govern your use of and access to the Services. When completing the initial registration process for your user account, you agree to be bound by the EULA, including this Policy. Any capitalized term used, but not defined, in this Policy has the definition given to such term in the EULA.

A note about Student Data: Our Services are intended to be used for educational purposes by (i) providers of educational services, such as schools, school districts, teachers, and authorized school users and administrators (collectively, “Schools”), and (ii) providers of youth programs other than Schools, such as after-school youth clubs, religious or spiritual youth programs, and other similar organizations (collectively, “Youth Programs,” and, together with Schools, “Institutional Customers”). When we engage with an Institutional Customer to provide the Services, we may collect or have access to Student Data (defined below), which may be provided by the Institutional Customer. Some components of our Services are directly accessible by a School’s students or a Youth Program’s youth participants (collectively, “Participant Users”) and/or their parents and guardians (collectively, “Guardian Users”). Please see the “Student Data” section below to understand the principles which guide our collection, use and disclosure of Student Data.

This Policy applies to information about Participant Users, Guardian Users, and individual end users accessing the Services on behalf of an Institutional Customer (collectively, “Institution Users” and, together with Participant Users and Guardian Users, “Users”) that Company collects, processes, or generates:

· on or through the Services;

· from or on behalf of Institutional Customers or other third parties in relation to the Services; and/or

· through email, text, and other electronic messages between a User and Company (including through the Services) and relating to the Services.

This Policy does not apply to information:

· collected by Newfruit Media, LLC through any means not associated with the Services, including on any website operated by Newfruit Media, LLC or any third party other than the Shiny Gems Website; 

· maintained, collected, or processed by any Institutional Customer, except to the extent such information is provided to Company as described in this Policy;

· disclosed to any portion of the Shiny Gems Website that can be viewed by the public (or by other Users generally), or information disclosed directly to another User; or

· maintained, collected, or processed by any third party (including the LMS Provider), including through any application or content that may link to or be accessible from or on the Services.

Please read this Policy carefully to understand our policies and practices regarding your information and how Company will treat it.  If you do not agree with our policies and practices, your choice is to not use our Services in any capacity. By accepting the EULA and accessing or using any part of the Services, you agree to this privacy Policy. This Policy may change from time to time (see “Changes to Our Privacy Policy” below) without notice to you (except to the extent required by law). Unless additional steps are required by applicable law or otherwise described in this Policy, your continued use of the Services after Company makes such changes is deemed to be your acceptance of those changes, so please check the Policy periodically for updates. 

While we control and manage the information collected through the Services, such information may be processed on behalf of an Institutional Customer. In such event, where applicable under data privacy laws, you understand and acknowledge that we are a “data processor,” “service provider,” or “business associate,” and not a “controller,” “business,” or “covered entity,” as such terms are defined in the applicable data privacy laws.

If you are an Institution User that accesses or uses our Services, it means that the applicable Institutional Customer with which you are affiliated determines how your personal information is used. This means that your organization’s privacy notice governs the use of your personal information. This Policy is intended to provide transparency related to Company’s privacy practices only.

Types of Information Company Collects

Company collects several types of information from and about users of our Services, including:

· information by which you may be personally identified, such as your name, gender, ethnicity, date of birth, address, e-mail address and/or telephone or mobile phone number, School or Youth Program with which you are affiliated, student ID (or similar), geographic information, preferred language, and other information defined under applicable data privacy laws as “personal data”, “personally identifiable information” or similar kinds of information (“Personal Data”);

· Personal Data, information defined as “educational records” by the Family Educational Rights and Privacy Act (“FERPA”), or other information protected by state or federal student data privacy laws that is (i) provided to Company by a School that is subject to the applicable student data privacy law, or (ii) collected by Company during the provision of the Services to a School that is subject to the applicable student data privacy law (“Student Data”), which is generally limited to email address, username, first name, last name, roles, and external ID;

· information that is about you but individually does not identify you, such as your interactions with other Users, performance of the Services, how you use our Services, including courses in which you are enrolled, your average progress, your average score, which courses are overdue, when you are active in courses, the number of courses completed, and the average time spent on each course; 

· information about your affiliated Institutional Customer, including, as applicable, the name of the organization, district, teacher, authorized administrator, organizational units, course information and topics, grade levels taught, student or participant rosters;

· names and contact information of Guardian Users; and

· information about your internet connection, the equipment you use to access our Website, and usage details, including Internet Protocol (IP) addresses, browser type and version, domain names, referring/exit pages, devices, operating system, date/time stamp, and click stream data.

How Company Collects Information

We collect the information above through various methods, including:

· directly from you or your authorized representative (such as a Guardian User on behalf of a Participant User) when you or that authorized representative provide it to us, such as when you, an authorized representative or an Institutional Customer provide registration information for a User account;

· from Institutional Customers, such as when an Institutional Customer provides information to verify your affiliation with the Institutional Customer or the coursework assigned to you by the Institutional Customer;

· automatically as you navigate through the Services, including through cookies and other tracking technologies;

· when you communicate with us by phone or through e-mail or other electronic messaging, such as contacting our help desk or providing us with feedback; and

· from other third parties and third party systems.

We require that Institutional Customers uphold privacy requirements as well. For example, a School may not generally disclose Personal Data or Student Data to a third party without written consent of the parent or eligible student or without meeting one of the exemptions under FERPA, including the exemption for directory information or disclosure to school officials with a legitimate educational interest. Any School that provides directory information or any education record to Company must confirm to us that the School has complied with the applicable exemptions to FERPA, including, as applicable, (i) informing parents and eligible students what information the School deems to be directory information and allowing parents and eligible students a reasonable amount of time to request that the School not disclose directory information about them, or (ii) informing parents in the School’s annual notification of FERPA rights that the School defines “school official” to include service providers and defines “legitimate educational interest” to include services such as the Services, or (iii) that the School has obtained all necessary parental or eligible student written consent to share Personal Data and Student Data with Company.

Information Company Collects Through Automatic Data Collection Technologies 

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

· details of your visits to our Services and other communication data and the resources that you access and use on the Services; and

· information about your computer and internet connection, including your IP address, operating system, and browser type.

We do not collect Personal Data or Student Data automatically, but we may tie this information to Personal Data or Student Data about you that we collect from other sources or you provide to us. 

The technologies we use for this automatic data collection may include the following.

· Cookies (or browser cookies).A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services. 

· Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About Use and Disclosure of Your Information.

· Web Beacons. Pages of our Services and our e-mail or other electronic communications may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, verifying system and server integrity). 

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications on the Services are served by third-parties, including content providers and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content outside the Services. 

We do not control these third parties’ tracking technologies or how they may be used. However, we do not permit any third parties to collect Student Data for any purpose other than to provide the Services on behalf of the applicable School. If you have any questions about tracking technologies of third parties, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About Use and Disclosure of Your Information.

Information Company Collects from Third Parties

We may receive personal information about you from third party platforms, networks, services and/or sites that you or your associated Institutional Customer integrate with our Services and combine that with information we collect through our Services. For example, if you register through, or you or your associated Institutional Customer otherwise grants access to, a third-party site or service, such as Google (e.g., Google Classroom/Google Workspace) or a rostering provider, we may collect personal information that is associated with your third-party site account. If you create or upload assessments or other academic or educational resources or materials, we collect the content of these materials and metadata you provide about them. The information we receive from these third-party sites is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services. 

When you access our Services from a mobile device, we may collect unique identification numbers associated with your device, mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number and, depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address.

We may collect analytics data, or use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Services and to understand more about our users by monitoring aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partnersand view its currently available opt-out options at https://tools.google.com/dlpage/gaoptout. 

How We Use Your Information

Without obtaining additional authorization from you or your authorized representative, Company may use information that we collect about you or that you or your authorized representative provide to us, including Personal Data, as described in this Policy. While we may use Student Data for some of the following purposes, we do not use Student Data for all such purposes. For more information on the limited purposes for which we use Student Data, please see the section titled Student Data below. Permitted uses of information include uses:

· to present our Services and Content to you;

· to provide you with information or services that you request from us;

· to fulfill any other purpose for which you provide it;

· to keep you informed about the Services and Content assigned to you by your affiliated Institutional Customer, including any notices or other communications that the applicable Institutional Customer has requested for us to send on their behalf;

· to provide you with notices about your User account and Access Credentials, including expiration and renewal notices;

· to notify you about changes to our Services, including new features and updates; 

· to allow you to participate in interactive features on our Services;

· to estimate our audience size and usage patterns and assess our position in the market;

· to store information about your preferences, allowing us to customize our Services according to your individual usage patterns;

· to recognize you when you return to our Services or use the Services on different devices;

· to improve our Services and to develop new services or features;

· to protect our company, our affiliates, our customers, and our websites, and to comply with laws, regulations, court orders, or other legal obligations;

· to enforce the EULA, this Policy, or agreements with third parties (including Institutional Customers), or to detect fraud or other criminal activity;

· to create aggregated or anonymized data sets that do not reasonably identify you directly as an individual (“De-Identified Data”), which, once de-identified, is no longer subject to this Policy; and

· in any other way we may describe to you or your authorized representative when you or your authorized representative provide the information.

Disclosure of Your Information

Without obtaining additional authorization from you or your authorized representative, Company may disclose De-Identified Data about our Users, and any other information that does not identify any individual, without restriction. 

Without obtaining additional authorization from you or your authorized representative, Company may disclose information that we collect about you or that you or your authorized representative provide to us, including Personal Data, as described in this Policy. While we may use Student Data for some of the following purposes, we do not use Student Data for all such purposes. For more information on the limited purposes for which we use Student Data, please see the section titled Student Data below. Permitted disclosures of information include disclosures:

· to the Institutional Customer and any Guardian User which is linked to your use of our Services. Where permitted, we may also share your information with relevant parties associated with the Institutional Customer, such as educators or fellow students, or parents of students using our Services or fellow Users;

· to provide the Institutional Customer and any Guardian User which is linked to your use of our Services with updates regarding your completion of the curriculum of Content assigned through the Services or other information relevant to any Services in which you have been selected to participate. Please note that, once the information has been provided to an Institutional Customer, the applicable privacy notice provided by such Institutional Customer will govern their use and disclosure of your information;

· to any person who has your permission to act on your behalf, unless you write to us and specifically tell us not to disclose Personal Data or Student Data to such person;

· to our subsidiaries and affiliates; 

· to contractors, service providers, and other third parties Company uses to support our business (including the LMS Provider) and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which Company discloses it to them;

· to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data and Student Data held by us about our Users is among the assets transferred;

· to fulfill another specific purpose for which you provide it; and/or 

· ror any other purpose disclosed by us when you or your authorized representative provide the information.

Other Disclosures of Information

We may also disclose your information, including Personal Data:

· to comply with any court order, law, or legal process, including to respond to any law enforcement, government or regulatory request, including in connection with public health activities;

· to enforce or apply our the EULA, this Policy, or agreements with third parties (including Institutional Customers), including for billing and collection purposes; and/or

· if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

You may choose to share information through our Services with other Users or the public when you post content or otherwise provide information about yourself. We are not responsible for use of the available information by other Users or the public, so you should carefully consider whether and what to post or how you identify yourself.

Any use or disclosure of your Personal Data or Student Data not listed in this Policy will be made only with your authorization unless we are permitted by applicable law to make such other use and disclosure, in which case we shall comply with applicable law. Specifically, we will not use or disclose your Student Data for marketing purposes, or sell your Student Data, without obtaining your authorization. You may revoke your authorization, in writing, at any time unless we have taken action in reliance upon it. Written revocation of authorization must be sent to the address listed below (see Contact Information below).

We consider Student Data to be confidential and do not use Student Data for any purpose other than to provide the Services on a School’s behalf, in accordance with contractual agreements with the School. To help Schools address their obligations to protect their students’ data privacy, we have implemented additional controls and procedures for Schools when they enter into a contract with Company to use the Services as part of a School’s educational curriculum.

As between us and the School, Student Data is owned and controlled by the School. Our collection and use of Student Data is governed by our contracts with the Schools and by applicable privacy laws. For example, we provide the Services to Schools as a “School Official” under FERPA and we work with Schools to help protect personal information from a Participant User’s educational record that is directory information, as required by FERPA.

· We collect, maintain, use and share Student Data only for an authorized educational purpose and as described in our agreement with the School, or as directed by the School or by the applicable Guardian User.

· We do not use or disclose Student Data for targeted advertising purposes.

· We do not build a personal profile of a Participant User who is a student other than in furtherance of an educational purpose.

· We maintain a comprehensive data security program designed to protect the types of Student Data maintained by the Services.

· We will clearly and transparently disclose our data policies and practices to our Participant Users.

· We will never sell Student Data unless the sale is part of a corporate transaction, such as a merger, acquisition, bankruptcy, or other sale of assets, in which case we will require the new owner to continue to honor the terms provided in this Policy or we will provide the School with notice and an opportunity to opt-out of the transfer of Student Data by deleting the Student Data before the transfer occurs.

· We will not make any material changes to our Policy or contractual agreements that relate to the collection or use of Student Data without first giving notice to the School and providing a choice before the Student Data are used in a materially different manner than was disclosed when the information was collected.

How We Share and Disclose Student Data

We disclose Student Data solely as needed to provide the Services on behalf of Schools in accordance with our contractual agreements with those Schools or with the consent of the School or Guardian User. For example, Student Data, Guardian User account usage data, and Institution User account usage data may be disclosed to or accessible by Institution Users who are authorized to use the Services for such purposes on behalf of the School. In addition, depending on the manner in which Services are used by the School and the terms of the agreement between the School and Company, we may provide access to certain Student Data to the Participant User and/or to the applicable Guardian User, for the purpose of monitoring Participant User usage and activity and evaluating the effectiveness of the School’s use of the Services. We also disclose Student Data to our subsidiaries, affiliates, and trusted contractors and service providers, including the LMS Provider, who have a legitimate need to access such information on our behalf, subject to appropriate contractual terms to protect such data. Furthermore, we may disclose Student Data in connection with a business transaction or to support our legal rights and obligations, as described in this Policy under the Section titled Use and Disclosure of Your Information.

How We Use De-Identified Student Data

We may also generate, use and disclose De-Identified Information derived from Student Data and other information governed by this Policy for adaptive learning purposes or customized student learning purposes, to recommend content or services relating to School purposes or other educational or employment purposes, as well as for development, research and improvement of our Service including through the development and improvement of our Content, models and algorithms. In addition, we may use De-Identified Information for the development and improvement of other educational sites, services and applications or technologies more generally to the extent permitted under applicable law. We may also display aggregate summaries of De-Identified Information publicly or to our customers or prospective customers. For example, we may display analytics or reports at the district, school, grade-level and/or on the basis of specific demographic or educational groups for peer-benchmarking purposes, provided that the published material does not contain individual-level information and cannot reasonably be used to identify any individual student or School, even if such information is combined with data or information maintained by the School or third-party data sources. 

How We Retain Student Data

We will not knowingly retain Student Data beyond the time period required to support an educational purpose, unless authorized by the School. To delete your account and related Student Data, please contact us at privacy@shinygems.com.

Schools are responsible for managing Student Data which they no longer need for an educational purpose, which can be accomplished through their use of the Services or by submitting a deletion request. If you are using the Services on behalf of a School and wish to access Student Data, delete Student Data or close your account, please contact us at privacy@shinygems.com. If you are a Guardian User or Participant User and wish to access Student Data, delete Student Data or close your account, please direct your request to your School.

If you are a Guardian User or Participant User and have questions about specific practices relating to Student Data provided to us by a School, please direct your questions to your School.

For Participant Users under the age of thirteen, we may take steps intended to comply with the Children's Online Privacy Protection Act (“COPPA”). Please see our Children’s Online Privacy Protection Act Notice at https://shinygems.com/coppa (the “COPPA Policy”). Except for authorized Participant Users enrolled in the Services by a Guardian User in accordance with the EULA, if you learn that a child under thirteen years of age has provided us with personal information, please alert us at privacy@shinygems.com.

Choices about Information you Provide to Us

Providing information to us is entirely voluntary; you are not required to provide any information, and your choice to provide or not to provide information will not affect your status with any associated Institutional Customer. However, if you choose not to provide information to us, we may be limited in the services or functions that are available to you through the Services. Specifically, if you choose not to provide information to us, you will not be eligible to participate in any Services or to view any Content.

Choices About Use and Disclosure of Your Information

You may request at any time that the Personal Data you provide to us not be used or disclosed in one or more ways authorized by this Policy by contacting us at privacy@shinygems.com. While we strive to provide you with option regarding the use and disclosure of your Personal Data, we may have to limit the services or functions that are available to you through the Services in order to honor any such request. You may not be eligible to participate in some or all of the Services or view the Content in order to limit the use or disclosure of your Personal Data. 

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's Website. If you disable or refuse cookies, please note that some parts of our Services may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your information to serve interest-based advertising outside the Services. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI's website.

Accessing and Correcting Your Information

You can review and change your Personal Data by logging into the Services and visiting your account profile page.

You may also send us an email at privacy@shinygems.com to request access to, correct or delete any Personal Data that you have provided to us. Company cannot delete your Personal Data except by also deleting your User account. Company may not accommodate a request to change information if Company believes the change would violate any law or legal requirement or cause the information to be incorrect.

Company has implemented measures designed to secure your Personal Data and Student Data from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on secure servers behind firewalls. 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. You may be provided with a temporary password upon the initial creation of your User account, and we may have access to that temporary password. It is recommended that you promptly change your password, and we do not have the ability to access passwords set by Users. It is a best practice to regularly update your password.

Please be aware that the Personal Data and Student Data we collect may be transferred to and maintained on servers or databases located outside your county, and Personal Data and Student Data may be accessible to law enforcement and national security authorities in those jurisdictions. As of the date of this Policy, Personal Data and Student Data provided to LMS Provider may be maintained and processed in Australia, in addition to be maintained and processed in the United States.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data and Student Data, we cannot guarantee the security of your Personal Data and Student Data transmitted to our Services. Any transmission of Personal Data or Student Data is at your own risk. Unless otherwise required by law, we are not responsible for circumvention of any privacy settings or security measures contained on the Services. 

It is our Policy to post any changes we make to our privacy Policy on this page. If Company makes material changes to how Company treats Personal Data or Student Data, Company will notify you through a notice on the home page for the Services. Company will also notify each School of material changes to how Company treats Student Data, and each such School has a legal obligation to inform students and parents of such changes. The date this Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this Policy to check for any changes.

To ask questions or comment about this Policy, our privacy practices, or our compliance with this Policy, contact us at: 

privacy@shinygems.com 

+1 (240) 718-8144

To register a complaint or concern, please email at privacy@shinygems.com. When we receive formal written complaints, it is our policy to contact that complaining User regarding his/her concerns. We will cooperate with the appropriate regulatory authorities to resolve any complaints regarding the transfer of Personal Data or Student Data that cannot be resolved between Company and an individual or entity.