Updated September 9, 2020.
Grom Social is designed specifically for children under the age of 16. We are dedicated to protecting their privacy and handling any personal information we obtain with care and respect. COPPA requires that we inform parents and legal guardians about how we collect, use, and disclose personal information from children under 16 years of age. COPPA also requires that we obtain the consent of parents and guardians of children under 16 years of age prior to allowing them to use certain features of our website and mobile app. Below, we explain how we do that for these children. Also, when we use the term “parent” below, we mean to include legal guardians. When we use the terms “personal information,” “personally identifiable information,” or “personal data,” we mean information that can specifically identify you or your child.
Our Commitment to Children’s Online Safety Education
Grom Social is very committed to helping kids learn about proper netiquette and how to protect their privacy. Parents also have the ability to monitor their child’s activity on Grom Social by using the Parent Portal. Should a parent see child-generated content in any area of the app that they deem to be personally identifiable information (PII), they can request removal of the content by contacting us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
As required by General Data Protection Regulation (GDPR), the following identifies the data controller and data protection officer.
- Data Controller: Grom Social Inc
- Data Protection Officer: Dan Putnam
- Address: 2060 NW Boca Raton Blvd Suite 6 Boca Raton, FL 33431
- Email: firstname.lastname@example.org
2. THE INFORMATION WE COLLECT
There are two different methods of collecting data in the Grom Social App. The first is data entered by the user, and the second is data that is automatically obtained public information made available by visiting our website and/or downloading our mobile app.
Children must be registered members to access certain areas of the Grom Social Mobile App.
Automatically collected data
Requested information at time of registration sign up for children ages under 16:
- (1) Internet Protocol (IP) Address – this is a number identifier associated with your computer/device. We use this to verify your host or network interface and location by country origin only.
- (2) Third-Party Advertisers/Analytics – Please refer to our third-party privacy policies listed below to see what information they collect.
- (1) Date of Birth (required): to clarify the age of the person interested in membership.
- (2) Username/“Grom Name” (required): The name the child uses to log into the Grom Social Mobile App and the name that will be visible to other Grom Social members once registration is complete.
- (3) Parent email address (not-required): The parent email address is used to contact and inform the parent about the child’s wish to participate in Grom Social, provides parents info to monitor and control their child’s account with the MamaBear Parenting App, and provides parents access to remove their email and child’s account from our system.
- (4) Password (required): This is secret and only known by the user.
3.DATA SECURITY PRACTICES
Grom Social operates with collecting as little personal information as possible about your child. Even though we only collect limited personal information this information is kept behind firewall and SSL encryption. With this safety infrastructure in place, we still follow data security practices to make sure this data is secure.
Guidelines for Administration and IT teams
- Each user/employee with access is background checked and signs a confidentiality agreement before obtaining their required access.
- Each user shall be identified by a unique user ID so that individuals can be held accountable for their actions.
- The use of shared identities is permitted only where they are suitable, such as training accounts or service accounts.
- Each user shall read this data security policy and the logon and logoff guidelines, and sign a statement that they understand the conditions of access.
- Records of user access may be used to provide evidence for security incident investigations.
- Access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their tasks.
- All employees and contractors shall be given network access in accordance with business access control procedures and the least-privilege principle.
- Segregation of networks shall be implemented as recommended by the company’s network security research. Network administrators shall group together information services, users and information systems as appropriate
a. All users must lock their screens whenever they leave their desks to reduce the risk of unauthorized access.
b. All users must keep their workplace clear of any sensitive or confidential information when they leave.
c. All users must keep their passwords confidential and not share them.
Application and Information Access
a. All company staff and contractors shall be granted access to the data and applications required for their job roles.
Access to Confidential, Restricted information
- All company staff and contractors shall access sensitive data and systems only if there is a business need to do so and they have approval from higher management.
- Sensitive systems shall be physically or logically isolated in order to restrict access to authorized personnel only.
- Access to data classified as ‘Confidential’ or ‘Restricted’ shall be limited to authorized persons whose job responsibilities require it, as determined by the Data Security Policy or higher management.
- The responsibility to implement access restrictions lies with the IT Security department.
4. THE REGISTRATION PROCESS
Once the initial sign up process is completed, the child is granted access to their Grom Account with limited access. Once the parents email is supplied, the parent is emailed for email verification. Parent emails will be stored for 10 days from the day email is sent; however, if parental email verification is not provided within 10 days of the email being sent, the Parent email will be deleted from our system. Children will have the opportunity to resubmit the parent email again. The Parent will have the ability to delete the account by email. Non-Parent-Approved Grom members have limited access to app features as noted below.
5. ACCOUNT TYPES
There are FOUR account types on Grom Social App. Depending on your age and verifiable parental consent, each account type has specific limitations to access within the app. Below are the descriptions of each account type.
This is a user who downloads the app but is not registered as a user. Grom Guest users will be allowed to watch streaming Grom TV content and will not be allowed to enter any data or interact with any Grom users or data. When Grom Guest users try to access these features, they will be prompted to register an account or sign in to an account.
A Non-Parent-Approved Grom is a child under the age of 16 who has registered on the Grom Social App, but parent approval process using our secure in-app payment method has not been completed by the parent. The Non-Parent-Approved Grom features will be limited as shown below in the Feature List Grid.
As a parent you can choose to approve a child to become a Parent-Approved Grom, and are required to activate and/or approve their child’s account by verifiable parental consent. As required and approved by the Federal Trade Commission’s Children’s Online Privacy Protection Act (“COPPA”) parents may provide verifiable parental consent using the secure one-time $1 in-app purchase for parent approval.