Privacy Policy

Effective Date: April 6th, 2025

SIMPLY SMARTER BY NACD

PRIVACY SUMMARY

We collect information to provide and improve our cognitive development Service. We do NOT sell your personal information. We do NOT use your data for targeted advertising. We comply with COPPA for children’s data. You have rights regarding your data, including access, correction, and deletion.

NACD, a Utah nonprofit corporation (“NACD,” “we,” “us,” or “our”), operates the Simply Smarter application, the website located at mysimplysmarter.com, and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information you provide when you:

  • Create an Account: Name, email address, password, and profile details
  • Subscribe: Billing address and payment information (payment card details are processed securely by our third-party payment processors and are not stored on our servers)
  • Use the Service: Activity selections, progress data, performance metrics, and completion records
  • Contact Us: Messages, support requests, feedback, and correspondence
  • Set Up Child Accounts: Parent/guardian contact information, child’s first name or nickname, and date of birth range (to verify age category)

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, screen resolution, and unique device identifiers
  • Usage Data: Features accessed, activities completed, time spent, performance data, clicks, and navigation patterns
  • Log Data: IP address, access times, pages viewed, referring URLs, and error logs
  • Location Data: General location (city/region level) inferred from IP address; we do not collect precise GPS location

1.3 Cookies and Similar Technologies

We use cookies, pixel tags, and similar technologies to:

  • Maintain your session and authenticate your account
  • Remember your preferences and settings
  • Analyze usage patterns to improve the Service
  • Ensure the security of the Service

We use only essential and functional cookies. We do NOT use advertising or tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features.

1.4 Information from Third Parties

We may receive information from:

  • Payment Processors: Confirmation of transactions (we do not receive full payment card numbers)
  • Analytics Providers: Aggregated and anonymized usage statistics
  • Schools/Organizations: User information for institutional accounts (with appropriate authorization)

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • Provide the Service: Create and manage accounts, authenticate users, process subscriptions, and deliver cognitive development activities
  • Personalize Experience: Track progress, adjust difficulty levels, and provide personalized recommendations
  • Process Payments: Complete transactions and send billing communications
  • Communicate: Send service announcements, administrative messages, security alerts, and respond to inquiries
  • Improve the Service: Analyze usage, identify trends, conduct research, and develop new features
  • Ensure Security: Detect and prevent fraud, abuse, and security threats
  • Comply with Law: Meet legal obligations, respond to lawful requests, and protect our rights

We do NOT sell your personal information.

We do NOT share your information with third parties for their marketing purposes.

We do NOT use your personal information for targeted advertising.

3. CHILDREN’S PRIVACY (COPPA COMPLIANCE)

We are committed to protecting the privacy of children. Our Service is designed for users of all ages, including children under 13. We comply fully with the Children’s Online Privacy Protection Act (COPPA).

3.1 Parental Consent Requirement

We do not knowingly collect personal information from children under 13 without verifiable parental consent. Parents or legal guardians must:

  • Create and manage all accounts for children under 13
  • Provide verifiable parental consent before any personal information is collected from their child
  • Supervise their child’s use of the Service

We use reasonable methods to obtain verifiable parental consent, which may include email confirmation combined with additional verification steps.

3.2 Limited Data Collection for Children

For users under 13, we strictly limit data collection to only what is necessary to provide the Service:

  • First name or nickname (for personalization within the app only)
  • Age range (to provide age-appropriate content)
  • Activity progress and performance data (to track development and adjust difficulty)
  • Basic usage information (to ensure Service functionality)

We do NOT collect: full name, home address, email address (from the child), phone number, photos, precise location, or any other personal information from children beyond what is listed above.

3.3 How Children’s Data Is Used

Children’s personal information is used solely to:

  • Provide access to age-appropriate cognitive development activities
  • Track progress within the program
  • Personalize the experience based on performance

We do NOT use children’s data for marketing, advertising, or any purpose unrelated to providing the Service.

3.4 Parental Rights

Parents and legal guardians have the right to:

  • Review: Request to review the personal information we have collected from their child
  • Delete: Request deletion of their child’s personal information
  • Refuse: Refuse to permit further collection or use of their child’s information
  • Revoke Consent: Revoke previously given consent at any time

To exercise these rights, please contact us at simplysmarter@nacd.org. We will verify your identity and parental relationship before processing requests.

3.5 School and Educational Accounts

When the Service is used through a school or educational institution under a school account:

  • The school may act as the agent of the parent for purposes of COPPA consent
  • Schools are responsible for obtaining appropriate consent from parents before allowing children under 13 to use the Service
  • We rely on schools to have obtained necessary consents in accordance with COPPA and the Family Educational Rights and Privacy Act (FERPA)
  • Student educational records are treated as confidential and protected in accordance with FERPA

4. HOW WE SHARE YOUR INFORMATION

We may share your information only in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who perform services on our behalf, including:

  • Payment processing (e.g., Stripe)
  • Cloud hosting and data storage
  • Analytics (anonymized and aggregated data only)
  • Email delivery services
  • Customer support tools

Our service providers are contractually required to: (a) use personal information only for specified purposes; (b) maintain appropriate security measures; (c) comply with applicable laws including COPPA; and (d) delete or return data upon termination.

4.2 Organizational Administrators

If you access the Service through a school, business, or other organization, we may share progress reports and usage data with designated administrators as needed to manage the organizational account.

4.3 Legal Requirements

We may disclose information if required by law, regulation, court order, subpoena, or government request, or if we believe in good faith that disclosure is necessary to: (a) protect our rights, property, or safety; (b) protect the safety of our users or the public; (c) detect, prevent, or address fraud, security, or technical issues; or (d) comply with applicable law.

4.4 Business Transfers

If NACD is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you have provided explicit consent.

4.6 Aggregated and De-Identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analysis, or other purposes.

5. DATA SECURITY

We implement and maintain reasonable technical, administrative, and physical safeguards designed to protect your personal information, including:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access limited to personnel who need it
  • Authentication: Secure password requirements and session management
  • Monitoring: Regular security assessments and vulnerability testing
  • Training: Employee training on data protection and security
  • Incident Response: Procedures for detecting, reporting, and responding to security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

6. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • Active Accounts: For as long as your account remains active
  • After Cancellation: For a reasonable period after account termination to maintain continuity if you reactivate
  • Legal Requirements: As required to comply with legal obligations, resolve disputes, and enforce agreements
  • Anonymized Data: Indefinitely for research and analytics (in de-identified form)

You may request deletion of your personal information at any time by contacting us. Certain information may be retained as required by law or for legitimate business purposes.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Update

You may access and update your account information at any time by logging into your account settings. You may also contact us to request access to or correction of your personal information.

7.2 Deletion

You may request deletion of your personal information by contacting us at simplysmarter@nacd.org. We will delete your information within 30 days, subject to exceptions for legal compliance, fraud prevention, and contractual obligations.

7.3 Data Portability

You may request a copy of your personal information in a structured, commonly used, machine-readable format by contacting us.

7.4 Marketing Communications

You may opt out of promotional emails by clicking the “unsubscribe” link in any promotional message. You will continue to receive transactional and service-related communications.

7.5 Do Not Track

Our Service does not currently respond to “Do Not Track” browser signals. However, we do not engage in online behavioral advertising or cross-site tracking.

8. STATE-SPECIFIC PRIVACY RIGHTS

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do NOT sell or share personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Personal Information: Request that we limit use of sensitive personal information to purposes necessary to provide the Service
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at simplysmarter@nacd.org or call (801) 621-8606. We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf.

Categories of personal information collected in the past 12 months: Identifiers, commercial information, internet activity, and inferences. We do not sell personal information.

8.2 Virginia, Colorado, Connecticut, and Other State Residents

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, and others as enacted) have similar rights to access, correct, delete, and obtain a copy of their personal information. You also have the right to opt out of targeted advertising (we do not engage in targeted advertising), profiling (we do not engage in profiling for decisions that produce legal or similarly significant effects), and sale of personal information (we do not sell personal information).

To exercise your rights, contact us at simplysmarter@nacd.org. If we decline your request, you may appeal by contacting us with the subject line “Privacy Appeal.”

8.3 Nevada Residents

Nevada residents may submit a request directing us not to sell their personal information. We do not currently sell personal information as defined under Nevada law.

9. EUROPEAN USERS (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) your consent; (b) performance of a contract; (c) compliance with legal obligations; or (d) our legitimate interests (improving the Service, fraud prevention, and security)
  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (“right to be forgotten”)
  • Right to Restrict Processing: Request restriction of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at simplysmarter@nacd.org. We will respond within 30 days (or longer if permitted by law).

Data Controller: NACD is the data controller for personal information collected through the Service. For questions about data processing, contact us at simplysmarter@nacd.org.

10. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

When we transfer data internationally, we implement appropriate safeguards, including: (a) standard contractual clauses approved by relevant authorities; (b) ensuring recipients are in countries with adequate data protection laws; or (c) obtaining your consent.

11. THIRD-PARTY LINKS

The Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new “Effective Date”
  • Sending an email to the address associated with your account (for material changes)
  • Providing a notice through the Service

For changes that materially affect how we collect, use, or share information from children under 13, we will obtain new verifiable parental consent where required by law.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes acceptance of the changes.

13. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Simply Smarter by NACD

Attn: Privacy

Email: simplysmarter@nacd.org

Website: mysimplysmarter.com

For questions specifically regarding children’s privacy:

Parents and guardians may contact us at the above address. We will respond to verified requests regarding children’s information within the timeframes required by COPPA (generally within a reasonable time, not to exceed 5 business days for urgent requests).

For California residents:

You may also contact the California Attorney General at https://oag.ca.gov/privacy or the California Department of Consumer Affairs’ Complaint Assistance Unit at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210.