Shmoop University, Inc. Privacy Policy
Effective as of January 1, 2023 (last updated April 10, 2024)
Shmoop's Privacy Policy (“Privacy Policy”) is designed to help you understand what information we collect from you and how that information is used by Shmoop University, Inc. (collectively, “Shmoop,” “we,” “us,” or “our”). Your trust and confidence are essential to our success. Shmoop respects your privacy and will not sell or share your personally identifiable information with another party without your expressed consent, other than as described in "Exceptions to Sharing Personally Identifiable Information" below.
This Privacy Policy applies to the websites and domains on which it is posted, including, but not limited to, www.shmoop.com (the “Site”) and to the various education tools and services we offer on the Site (the “Services”). It does not cover:
- Information collected by third-party websites linked from Shmoop
- Information collected off-line
Your use of the Shmoop Site and Services constitutes your consent to this Privacy Policy and Shmoop's Terms of Use. Capitalized terms in this Privacy Policy either have the meanings given them in this Privacy Policy or in the Terms of Use.
Shmoop may revise this Privacy Policy from time to time to accurately reflect the Shmoop Site and Shmoop Services and our privacy practices or changes in the law. Please review this Policy frequently for any changes. The most current version of the Privacy Policy will govern our use of information about you and will be located at https://www.shmoop.com/privacy-policy. If Shmoop makes material changes to this Privacy Policy, we will notify you by posting a notice on the Site or sending an email to the email address we have on file for you or that you provided in your Shmoop account. Please ensure your email address remains current so you will receive updates. If you have any questions about this Privacy Policy, please email us at support@shmoop.com.
Please note that if you are a resident of the European Union, California, Colorado, Connecticut, Utah, or Virginia, you have additional rights as set forth below.
Information We Collect
We collect two types of information from you:
- Information you voluntarily provide when registering or participating in activities or using Services on Shmoop; and
- Information collected automatically by using cookies and other tracking technologies from your computer or other device that you use to access the Site or Services, including your geographic location when you use Shmoop.
All personally identifiable information collected from the Site or through the Services will not be shared with any other entity without your expressed consent, other than as described in “Exceptions to Sharing Personally Identifiable Information” below.
Registration
To use some parts of our Site or certain of our Services, you must register with Shmoop and create an account (“Registration Information”). When you register, we collect personally identifiable information such as your name and email address. You may provide other personally identifiable information voluntarily (e.g., year in school, gender), but it is not required for registration. If you register for a subscription or purchase a product at our Site, then we may collect credit card and debit card information to provide to our payment processor, including credit/debit card numbers, expiration dates, CV numbers, billing address, shipping address, date of order, payment information, and the product or subscription ordered.We use this Registration Information to contact you about the Services on our Site about which you have expressed interest, to process subscriptions, and provide you the Services you have purchased or for which you have registered.
Other Voluntarily Submitted Information - User Generated Content
The Services also allow users to submit information and content through the Site and in connection with the Services. This includes, but is not limited to the following:
- Any response, content, or information you provide in connection with the Services. For example, we collect your answers to test prep questions, essays you might write, responses to survey questions or polls, responses to assessment questions in the Heartbeat™ tool, and notes and other content you create.
- We track your progress and performance in connection with the Services you use.
- We collect your contact and other information you provide when providing us feedback, making inquiries, or asking for customer support.
- We collect the optional profile information that you wish to share with other users of the Site and Services.
- We collect other information that you submit voluntarily through our Shmoop message boards, notes, conversations, and other communications.
Automatically Collected Information
In addition to the information you voluntarily send us while visiting Shmoop, like most websites, we gather certain information automatically and store it in log files. This information includes, but is not limited to, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, mobile device ID, advertising identifiers, date/time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyze trends, administer the site, track users’ movements around the site, and to gather demographic information about our user base as a whole. We may link this automatically-collected data to personally identifiable information.
Shmoop uses third-party products called Google Analytics, Google AdSense, HotJar and Rhapsody that use cookies and/or other tracking mechanisms embedded in our pages to track non-personally identifiable information about visitors to our Site in the aggregate, such as total visitors to the site and length of visit. We use this usage information for internal purposes. We do not share your personally identifiable information with these third parties.
Our Use of Information
We use the information that we collect on our Site and through the Services for the following purposes:
- provide access to the Site and to provide you with requested Services and customer support and to process and respond to your inquiries;
- personalize, customize, measure, and improve our Services, content, and advertising and otherwise to enhance your experience of the Site;
- prevent, detect, and investigate potentially prohibited or illegal activities or a breach of the Shmoop Terms of Use;
- analyze the accuracy, effectiveness, usability, or popularity of the Site and Services;
- generate and review reports and data about our user base and service usage patterns;
- compile aggregate data for internal and external business purposes;
- resolve disputes and troubleshoot problems;
- enforce our Terms of Use;
- contact you with information, including promotional, marketing, and advertising information and recommendations that we believe may be of interest to you;
- provide you with other services requested by you as described when we collect the information; and take any other action as otherwise stated in this Privacy Policy.
We do not share personally identifiable information with third parties without your expressed consent, other than as described in “Exceptions to Sharing Personally Identifiable Information” below. We may provide information in the aggregate about our users to third parties for other purposes, but in this case, all personally identifiable information will be removed.
Student Privacy - FERPA
Shmoop may have access to student education records that are subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, et seq. and the regulations promulgated thereunder. This information is considered confidential and is, therefore, protected from disclosure, except with the consent of the student or in the case of a minor, a parent or legal guardian, or other person authorized to consent on behalf of the student.
To the extent that Shmoop has access to “education records” subject to FERPA, it does so as a service provider to educational institutions. We will only use such education records and personally identifiable information contained therein for the purposes of providing Services to users that access our Services under our contract with the educational institution. We will not use such information to market to the users except to the extent permitted by law or by our contract with the educational institution.
Except as required or permitted by law, or with consent as noted above, we shall not disclose or share such education records with any third party unless (a) such disclosure is permitted by the terms of our contract with the particular educational institution from which we received the educational records, and (b) the third party has agreed to maintain the confidentiality of the education records to the same extent required of Shmoop under its contract with the educational institution.
In the event any person(s) seek to access protected education records, we will only retrieve such data or information upon receipt of, and in accordance with, written directions, if allowed by law. If we receive a court order or lawfully issued subpoena seeking the release of such data or information, Shmoop will provide notification to relevant users with a copy of the court order or lawfully issued subpoena prior to releasing the requested data or information, if allowed by law or judicial and/or administrative order.
If a student or his or her parent would like to request to access, modify, refuse further collection of, or delete a student’s personally identifiable information that we have been provided under a contract with a school or school district, please contact your school or school district with your request as we may not be able to respond to such requests directly under our contractual confidentiality obligations with the schools and school districts.
Children's Privacy
We are committed to protecting the privacy of persons less than 13 years of age (“child” or “children”) who use our Site or Services. This policy explains our information collection, disclosure, and parental consent practices with respect to information provided by children and is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”). Shmoop does not knowingly permit any child to register directly for the Site or Services unless we reasonably believe, or have received assurances from the subscribing user or in the case of use under a plan with an educational institution, the administrator, that the child’s parent has consented to such registration and use of the Site and Services. If Shmoop learns that personally identifiable information of a child has been collected on the Site without parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child has a registered account with the Site without your consent, please email Shmoop at support@shmoop.com and request that Shmoop delete that child's personally identifiable information from its systems.
Registration and Use of the Site
When a child requests to register for the Site or Services, Shmoop will seek consent from the child's identified parent or guardian (“Parent”). We may ask the child to provide certain information for notification and security purposes, including the Parent's email address, the child’s first name and gender, the child’s username, and password. We may also ask for birth dates from children to validate their ages. Please note that children can choose whether to share their information with us, but certain features cannot function without it. As a result, children may not be able to access certain features if required information has not been provided. We will not require a child to provide more information than is reasonably necessary in order to participate in an online activity. Parents may also agree to the collection and use of their child’s information, but not allow disclosure to third parties.
Consistent with the requirements of COPPA, on any child-targeted site or application, or in any instance where we ask for age and determine the user is less than 13 years of age, we will ask for a Parent email address before we collect any personally identifiable information from the child. If you believe your child is participating in an activity that collects personally identifiable information and you or another Parent have NOT received an email providing notice or seeking your consent, please feel free to contact us at support@shmoop.com. We will not use Parent emails provided for parental consent purposes to market to the Parent, unless the Parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
If you are a Parent and wish to provide direct consent for your child’s registration on the Site and Services, you must first register through the Site and affirmatively verify you are the child’s Parent and consent to the collection of the child’s personally identifiable information.
If, in addition to collecting content that includes personally identifiable information, Shmoop also plans to post the content publicly, share it with a third party for the third party’s own use or allow the child to post content publicly, we will obtain a higher level of parental consent as required by COPPA (verifiable parental consent). Methods by which we will obtain verifiable parental consent include, but are not limited to, requiring a signed consent form by mail, fax or electronic scan, asking for a credit card or other online payment method for verification, or having the Parent speak to a trained customer service representative by telephone or video chat. We will not post a child’s personally identifiable information or content publicly or except as permitted by law or as stated in the section entitled “When Information Collected From Children is Available to Others,” share such personally identifiable information or content with a third party for their third party’s own use without first obtaining verifiable parental consent.
Teacher or Administrator Consent
With regard to school-based activities, COPPA allows teachers and school administrators to act in the stead of parents to provide consent for the collection of personally identifiable information from children. Schools should always notify parents about these activities.
Email Contact with a Child
On occasion, and as permitted by COPPA, in order to respond to a question or request from a child, Shmoop may need to ask for the child’s online contact information, such as an email address. Shmoop will delete this information immediately after responding to the question or request.
In connection with certain activities or services, we may collect a child’s online contact information, such as an email address, in order to communicate with the child more than once. In such instances we will retain the child’s online contact information to honor the request and for no other purpose such as marketing. Whenever we collect a child’s online contact information for ongoing communications, we will simultaneously require a Parent email address in order to notify the Parent about the collection and use of the child’s information, as well as to provide the Parent an opportunity to prevent further contact with the child. On some occasions a child may be engaged in more than one ongoing communication, and a Parent may be required to "opt-out" of each communication individually.
Persistent identifiers:
When children interact with us, certain information may automatically be collected, both to make our Site and Services more interesting and useful to children and for various purposes related to our business. As discussed in this Privacy Policy, examples include the type of computer operating system, the child’s IP address or mobile device identifier, the web browser, the frequency with which the child visits various parts of our Site, and information regarding the online or mobile service provider. This information is collected using technologies such as cookies, flash cookies, web beacons, and other unique identifiers (which we define under the “Cookies; Do Not Track” section of this Privacy Policy). This information may be collected by Shmoop or by third-party businesses for the purposes explained in the “Cookies; Do Not Track” section of this Privacy Policy.
In the event we collect (or allow others to collect) such information from children on our Site or Services for other purposes, if required by COPPA, we will notify parents and obtain consent prior to such collection.
When Information Collected From Children is Available to Others
In addition to those instances where a child’s personally identifiable information is posted publicly (after receiving verifiable parental consent), we also may share or disclose personally identifiable information collected from children in a limited number of instances, including the following:
- We may share information with our service providers if it is necessary for them to perform a technology support function for us, or for other legitimate educational purposes.
- We may disclose personally identifiable information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personally identifiable information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our Site; (iii) to protect the security or integrity of our Site, Services and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.
Parental Choices and Control
At any time, parents can refuse to permit us to use and collect further personally identifiable information from their children in association with a particular account, and can request that we delete from our records the personally identifiable information we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of an account, membership, or other service.
Where a child has registered for a Shmoop account, we use two methods to allow Parents to access, change, or delete the personally identifiable information that we have collected from their children:
- Parents can request access to and delete their child’s personally identifiable information by logging onto the child’s account. Parents will need their child’s username and password.
- Parents can contact us to request access to, change, or delete their child’s personally identifiable information at support@shmoop.com.
In any correspondence such as email or mail, please include the child’s username and the Parent’s email address and telephone number. To protect children’s privacy and security, we will take reasonable steps to help verify a Parent’s identity before granting access to any personally identifiable information.
We will retain your child’s information for as long as their account is active or as needed to provide them services. If you wish to cancel your child’s account or request that we no longer use that information to provide them Services, please contact us at support@shmoop.com. We will retain and use their information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
If we make material changes to how we use personally identifiable information collected from children, we will notify parents by email in order to obtain parental consent for the new uses of the child’s personally identifiable information.
Our Communication with You
After you register with Shmoop, we may contact you in several ways. Please see our contact us page to opt-out of specific types of messages.
Customer Service
When you register, we will send you a welcome message from Shmoop. We may also respond to your customer service inquiries, your suggestions, or your requests to manage your account. We will communicate with you by email or phone, in accordance with your preferences.
Special Offers
We may send our users emails with information about special offers and promotions. You may opt-out of such communications at the time of registration and on our Contact page or by using the unsubscribe mechanism in the email.
Newsletters, Product Updates, and Notifications
YWe may send our users newsletters, product updates, and other marketing-related notifications by email. You may opt-out from such communication on our Contact page or by using the unsubscribe mechanism in the email.
Service Announcements
TWe may send our users updates regarding the Service or their account. These are sent to all registrants of Shmoop on occasions when a significant service change or disruption occurs. You cannot opt-out of such Service-related or account-related emails.
Accessing, Changing and Managing Your Information
You can access or change your personal profile and contact information or delete your account by either logging into your account or contacting customer service at support@shmoop.com.
Security of Your Information
The security of your information is important to us. We use a number of measures to help protect the security of the personally identifiable information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security and any information you transmit to Shmoop or submit through the Site or the Services is done so at your own risk. If you have questions about security on our Site or Services, please contact us at support@shmoop.com.
Sharing Information within Shmoop
Message Board, Site Sharing Features and Site Contributions
When you use our Site or Services, you have the option to make contributions including, but not limited to, your notes, comments, creative works, or information about yourself, available to other visitors to our Site or Services.
We will, generally, provide you with the option to control the privacy of your contributions or remove your contributions from the Site or Services.
If you use Shmoop’s message boards, chat rooms, conversations, or other Services on the Shmoop site, please be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums.
If you have not removed or marked private any given piece of identifiable information, Shmoop will assume that you are aware that it is viewable by other users of Shmoop and the public at large.
If you have further questions about your contributions to this Site, please contact us.
Sharing of Personally Identifiable Information
We may disclose your personally identifiable information for certain business and other purposes set forth below.
Service Providers
We provide personally identifiable information to third parties that provide services related to the Site and Services or perform certain activities or functions on our behalf. For example, we use an outside shipping company to fulfill orders, and a credit card processing company to bill you for goods and services. These companies may only use the personally identifiable information to provide such services and perform such functions, and do not retain, share, store, or use personally identifiable information for any other purposes.
Other Users
Information that you post on the Site and Services (e.g., comments, notes, creative works, and information about yourself) will be made available to other users of the Site.
Schools and School Districts
Certain of the Services are provided to user under contracts we have with schools and school districts. In such cases, your personally identifiable information, including any content or responses you provide in connection with the Services, such as responses to the Heartbeat™ tool, will be disclosed to the school and school district, and their teachers, administrators and other personnel as applicable.
Our Affiliates
Shmoop may share some or all of your information with our parent company, subsidiaries and corporate affiliates, joint venturers or other companies under common control with us.
Legal Purposes
Shmoop may disclose personally identifiable information as required by law or to comply with a judicial proceeding, court order, or legal process served on our company. In addition, we reserve the right to disclose your personally identifiable information when we believe that such disclosure is necessary to protect our rights, safety, or property, or the rights, safety, or property of service providers or others. We also may disclose personally identifiable information to third parties in order to resolve disputes that arise in the normal course of business.
Business Transitions
In the event that Shmoop University, Inc., goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, or the transfer of the business or assets in a bankruptcy or similar proceeding, the acquirer would have access to or acquire the information maintained by Shmoop University, Inc., which could include personally identifiable information submitted by or collected from users and visitors to our Site and Services.
Third Party Advertisers
Some advertisements appearing on our Site are delivered by Google Inc. (“Google”). Google uses cookies and clear GIF images on this site, which allow it to recognize a user’s cookie when a user visits this Site. The information that Google collects and shares through this technology is not personally identifiable information. For more information about our third-party advertisers, or to learn more about the choices available to you regarding this anonymous information please visit Google’s Privacy Policy. Using the Ads Settings, visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads.
We use third-party advertising companies such as Google DFP to serve ads when you visit our Site. These companies may use aggregated information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. While this information will not identify you personally, in some instances these third parties may be able to combine this information with other data they have about you, or that they receive from third parties, in a manner that allows them to associate this aggregated data with your personally identifiable information. Please refer to Google’s documentation for more information on their policies: https://www.google.com/policies/technologies/ads/. Or, to learn more about interest-based advertising in general and to opt out, please visit http://www.aboutads.info/choices and http://www.networkadvertising.org/managing/opt_out.asp.
All or partial advertising on this Website or App is managed by Playwire LLC. If Playwire publisher advertising services are used, Playwire LLC may collect and use certain aggregated and anonymized data for advertising purposes. To learn more about the types of data collected, how data is used and your choices as a user, please visit https://www.playwire.com/privacy-policy.
Links to Other Sites
This Site contains links to other sites that are not owned or controlled by Shmoop University, Inc. Please be aware that we are not responsible for the privacy practices of those other sites. We encourage you to be aware of this when you leave our Site, and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by this Site or the Services.
Cookies; Do Not Track
Shmoop, along with our third-party service partners, vendors, and business partners may use cookies, locally stored objects, and web beacons to automatically collect information about your use of the Site. A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use both “persistent cookies,” which remain on your computer after you have closed your browser as well as “session cookies,” which exist only during a visitor’s online session and disappear from your computer when you close your browser. Locally stored objects or “flash cookies” are data files that can be created on your computer by the websites you visit and are a way for websites to store information for later use. Locally stored objects are different than cookies because they are stored in different parts of your computer than cookies. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data. We use cookies, locally stored objects, and web beacons to make your experience with our Site more efficient and customized. Our cookies do not include any sensitive information, but they do help us learn which of our Site pages are visited and what tools and Services are most often used. Please note that in order to use Shmoop, your web browser must be configured to accept cookies.
The Site may include links to other websites and other content from third-party businesses. We permit third parties to track your actions through cookies and web beacons over time and across different websites or platforms.
In addition, you may be able to adjust your browser settings or other settings so that “do not track” requests are sent to the websites and mobile applications that you use. However, Shmoop will not disable tracking technology that may be active on the Site in response to any “do not track” requests that are sent to the Site.
Testimonials and User Feedback
From time to time, we will publish comments from users who have shared positive testimonials about our Site and Services. When we publish such content, we will identify those users only by their first and last name or a screenname, and their city, state, and school. We may also retweet your feedback and testimonials through our Twitter account, provided that we will not retweet feedback and testimonials from children under 13 without parental consent.
International Users - Applicable Law
Shmoop gathers, aggregates, processes, stores, discloses, and disposes of personally identifiable information submitted to the company according to applicable United States law. To use the Site and Services, users agree that their personally identifiable information will be transferred to the United States and processed by Shmoop to provide the Site and Services as set forth in this Privacy Policy. If you are not a United States resident, your use of the Site and Services is an acknowledgement and agreement that, in accordance with this Privacy Policy, Shmoop may gather and process your information outside your resident jurisdiction and in the United States. In using the Site, you acknowledge that United States law may offer levels of protection for personally identifiable information that differ from or less protective of your rights than those available in your resident country or jurisdiction.
EU Data Subjects
If you are a resident of the European Union, we comply with the General Data Protection Regulation (“GDPR”) to the extent it is applicable to your personally identifiable information (for purposes of this section, this term is the same as “personal data” as defined in the GDPR). For purposes of the GDPR, the controller is Shmoop University, Inc., 2390 E. Camelback Rd. Ste 130-1223 Phoenix, AZ 85016.
We rely on the following legal basis for processing of your personally identifiable information:
- Consent: we rely on your consent to process personally identifiable information in certain circumstances, such as in the case of processing personally identifiable information for children under 16 or in responding to your requests, or when we ask you to opt-in to certain marketing. Please note that if we rely on consent, you may withdraw your consent at any time, but such withdrawal will not affect the lawfulness of the processing prior to the withdrawal. The collection and processing of personally identifiable information based on your consent is in accordance with Art. 6 para. 1(a) GDPR.
- Necessary to perform a contract: we process personally identifiable information as necessary for the performance of contracts with you, including to provide Services. For example, we are not able to provide our Services unless you provide us with necessary personally identifiable information, such as the registration information described above. This collection and processing of personally identifiable information is based on Art. 6 para. 1(b) GDPR (necessary for the performance of a contract with you).
- Performance of a legal obligation: we process personally identifiable information as necessary to perform our legal obligations, such as complying with the laws in the jurisdiction in which you reside. This collection and processing of personally identifiable information is based on Art. 6 para. 1(c) GDPR (necessary for compliance with a legal obligation to which the controller is subject).
- Legitimate Interest: we process personally identifiable information based upon our legitimate interest (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personally identifiable information), such as to improve our Site and Services, to market our Site and Services, to exercise or defend legal claims, and to protect our rights, property, and interest, and those of our users, and in the case of business transitions. Such processing is based on Art. 6 para 1(f) GDPR.
If you are a data subject of the European Union, you have the following rights:
- Access, Correction, and Erasure Requests: You have the right to:
- contact us to confirm whether we are processing your personally identifiable information;
- receive information on how your personally identifiable information is processed;
- obtain a copy of your personally identifiable information;
- request that we update or correct your personally identifiable information; and
- request that we delete personally identifiable information in certain circumstances.
- Right to Object to Processing: You have the right to request that we cease processing your personally identifiable information for marketing activities, including profiling for statistical purposes where such processing is based upon our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personally identifiable information for the establishment, exercise, or defense of a legal claim.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personally identifiable information:
- while we are evaluating or in the process of responding to a request by you to update or correct your personally identifiable information where such processing is unlawful and you do not want us to delete your data;
- where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; and
- where you have submitted an objection to processing based upon our legitimate business interests, pending our response to such request
- Data Portability Requests: You have the right to request that we provide you or a third party that you designate with certain of your personally identifiable information in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personally identifiable information that we have obtained directly from you and only where our processing is based upon consent or the performance of a contract.
If you believe our processing of your personally identifiable information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged violation.
EU data subjects can submit requests by contacting us at support@shmoop.com. We will respond to all such requests within 30 days of our receipt of the request, unless there are extenuating circumstances, in which event we may take up to 60 days to respond. We will inform you if we expect our response to take longer than 30 days. Please note, however, that certain personally identifiable information may be exempt from such rights pursuant to applicable data protection laws. In addition, we will not respond to any request unless we are able to appropriately verify the requester’s identity. We may charge you a reasonable fee for subsequent copies of personally identifiable information that you request. In addition, if we consider that a request is manifestly unfounded or excessive, we may either request a reasonable fee to deal with the request or refuse to deal with the request.
Retention of Your Information
We retain information for active Shmoop accounts as long as it is necessary and relevant for our operations, which is usually up to 90 days, unless otherwise specified in an individual agreement. In addition, we may retain information from closed accounts to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted by law. The information we retain about you will be handled in accordance with this Privacy Policy.
Notice of Privacy Rights to California Residents
Section 1798.83 of the California Civil Code permits California residents to request from a business, with whom the California resident has an established business relationship, information related to the personally identifiable information disclosed by those parties to third parties for direct marketing purposes and the names and addresses of the third parties with whom the business has shared such information during the immediately preceding calendar year. Although we do not disclose your personally identifiable information to third parties for their direct marketing, you may make one request each year by emailing us at support@shmoop.com or sending a letter to:
Shmoop University Inc., 2390 E. Camelback Rd. Ste 130-1223 Phoenix, AZ 85016
California Privacy Notice This California Privacy Notice supplements the Privacy Policy and contains the disclosures required under the California Consumer Privacy Act (“CCPA”). For individuals who are California residents, the CCPA requires certain disclosures about the categories of personally identifiable information (for purposes of this section this is the same as “personal information” as defined in the CCPA) we collect and how we use it, the categories of sources from whom we collect personally identifiable information, and the categories of third parties with whom we share it.
Please note that for California residents, the term personally identifiable information means information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household as defined in the CCPA. All other capitalized terms have the same meanings as given them in this Privacy Policy.
If you are a California resident who has provided personally identifiable information to Shmoop University, Inc., or a California resident that reasonably believes that Shmoop University, Inc., collected or stores your personally identifiable information, you may exercise your rights under the CCPA and submit your requests by emailing: support@shmoop.com.
You have the right to request Shmoop University Inc. to:
- Disclose if we have collected personally identifiable information about you;
- Disclose the categories of personally identifiable information that we have collected about you (if any); the categories of sources from which the personally identifiable information is collected; the business or commercial purpose for collecting or selling personally identifiable information; and the categories of third parties with whom the business shares personally identifiable information;
- Disclose the specific pieces of personally identifiable information that we have collected about you (if any);
- Delete personally identifiable information we have collected about you (if you satisfy the conditions set out in the CCPA)
- Correct inaccurate personally identifiable information we maintain about you; and
- Not provide discriminatory treatment for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicant’s, or independent contractor’s right to not be retaliated against for the exercise of their CCPA rights.
We do not offer a right to opt-out of the sale or sharing of your personally identifiable information, because within the meaning of the CCPA, we have not sold or shared personally identifiable information to any third party within the last twelve months.
We do not offer a right to limit the use or disclosure of sensitive personal information because, within the meaning of the CCPA, we do not use sensitive personal information for inferring characteristics.
In order to submit a request, we will need to verify your identity. If you have an account with us that is password-protected, we may verify your identity through our existing authentication practices for your account.
If you do not have an account with us, and your request concerns “categories” of personally identifiable information collected, we can request from you two data points of personally identifiable information to verify your identity. If you do not have an account with us, and your request concerns specific personally identifiable information, we can request from you at least three data points of personally identifiable information as well as a signed declaration with penalty of perjury to verify your identity.
Please note that following your verified request, we will send you your personally identifiable information from the following email address: support@shmoop.com. (Any response to your request, including any personally identifiable information may be sent as an encrypted file.)
Please note that once you have submitted a request, we will send you a receipt, acknowledging your request, within 10 business days. If, for some reason, you do not receive such a receipt within 10 business days of your submitted request, please send us an email to support@shmoop.com as an error may have occurred.
We will process and respond to your request within 45 calendar days after it is received (in some cases, as is allowed under the CCPA, this process may be extended by an additional 45 calendar days).
Please note you may only make two requests to know in a 12-month period, and the information provided need only cover the 12-month period prior to our receipt of your request.
As a California resident, you also have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us. Please contact us at support@shmoop.com for more information if you wish to submit a request through an authorized agent.
We hereby inform you that if you exercise any of your rights under the CCPA, we may not deny you goods or services for that reason, or subject you to different prices than those paid by other consumers, unless provided otherwise under the CCPA, Federal, or State law.Notice of Information We Collect and Have Collected
Pursuant to California Civil Section 1798.140(o), this serves as notice of the categories of personally identifiable information that we may collect and have collected through the Site and Services and the commercial purposes for which the information may be collected or was collected. Please note that all of the categories of personally identifiable information we collect about you (as detailed below) come from the following categories of sources:
- You, including through your use of our services;
- Automatically collected from you;
- Our affiliate companies; and
Third parties, such as schools and school districts.In particular, we may collect and have collected the following categories of personally identifiable information from California consumers within the last twelve (12) months:
Category | Collected | Business or Commercial Purpose |
A. Identifiers | YES - A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | Shmoop may collect a name, and email address for account creation & use purposes. IP addresses may also be collected as part of typical infrastructure management practices. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | YES - Name, signature, address, telephone number, bank account number, credit card number, debit card number, or other financial information. | Shmoop may collect a name, and email address for account creation & use purposes and credit card, debit card and bank information for payment transactions. |
D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | YES - Records relating to subscriptions ordered by users. | Shmoop may collect this information to process subscriptions, to manage user accounts, to respond to user inquiries, to provide the Services, to identify, develop and market the Services, and for accounting and legal purposes. |
G. Geolocation Data | YES - We only track IP addresses which can indicate the geographical location of a user. We do not track the location of mobile devices. | We use this information to verify users and monitor usage of the Site and Services, to deliver the Services, to improve our Site and Services and for internal research purposes. |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | YES - Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | When requested by Shmoop customers (schools), elements of “rostering” may be collected to assign students to specific classrooms, allowing for teacher-student alignment. |
K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES - Cognitive and emotional assessments using the Heartbeat™ Tool | We use this information to provide students, parents, schools and school districts an assessment of a student’s emotional and cognitive state. |
Notice of Sale or Sharing of Personal Information for a Business Purpose
In the preceding 12 months, we have not sold or shared Personal Information identified in the above categories to any third parties for cross-context behavioral advertising.
Notice of Disclosures of Personal Information for a Business Purpose
In the preceding 12 months, we disclosed certain data from the following categories of personally identifiable information to third parties listing in: “Exceptions to Sharing Personally Identifiable Information” of our Privacy Policy, such as schools and school districts and other users if you have posted this information in public areas of the Site and Services, for one or more business purposes:
- A. Identifiers;
- B. Personal information categories listed in the California Customer Records statute;
- J. Non-public education information; and
- Inferences from the Heartbeat™ tool.
We also disclose this information to our service providers. When we disclose personally identifiable information for a business purpose to a service provider, we enter a contract that describes the purpose and requires the recipient to both keep that personally identifiable information confidential and not use it for any purpose except performing the contract.
Retention
We retain information for active Shmoop accounts as long as it is necessary and relevant for our operations, which is usually up to 90 days, unless otherwise specified in an individual agreement. In addition, we may retain information from closed accounts to comply with the law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted by law. The information we retain about you will be handled in accordance with this Privacy Policy.
United States Regional Privacy Notice
This United States Regional Privacy Notice supplements the Privacy Policy and contains the disclosures required under the Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act (collectively, the “U.S. Privacy Laws”). The U.S. Privacy Laws require certain disclosures about the categories of personal information we collect and how we use it, and the third parties with whom we share it.
Depending on where you live and subject to certain exceptions, you may have some or all of the following rights to request Shmoop University Inc. to:
- Disclose if we have collected personally identifiable information about you;
- Disclose the specific pieces of personally identifiable information that we have collected about you (if any);
- Correct inaccurate personally identifiable information we maintain about you;
- Delete personally identifiable information provided and obtained about you; and
- Provide a copy of your personally identifiable information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format.
We do not offer a right to opt-out of the processing of personally identifiable information because, within the meaning of U.S. Privacy Laws, we have not used the personally identifiable information for purposes of targeted advertising, sales of personally identifiable information, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
To submit a request to exercise your rights, and as applicable, to appeal a consumer rights action, please send us an email to support@shmoop.com. You may also contact the Attorney General if you have concerns about the result of an appeal.
Notice of Information We Collect
We collect the following categories of personally identifiable information: identifiers, protected classification characteristics, commercial information, geolocation data, non-public education information, and inferences drawn from any of the information identified.
The purposes for processing personally identifiable are described in the “Our Use of Information” Section of our Privacy Policy.
Notice of Disclosures of Personal Information for a Business Purpose
We may disclose the following categories of personally identifiable information to third parties: identifiers, protected classification characteristics, commercial information, geolocation data, non-public education information, and inferences drawn from any of the information identified. We may disclose each category with service providers, other users, schools and school districts, our affiliates, and third party advertisers.
Contact Us
If you have any questions or suggestions regarding our Privacy Policy, please use our online form to contact us. You may also email support@shmoop.com or send postal mail to:
2390 E. Camelback Rd.
Ste 130-1223
Phoenix, AZ 85016