Link to Prior Privacy Policy
Last Updated: 9/13/2024
Welcome to MagicSchool, operated by Magic School, Inc ("MagicSchool"). We provide teachers and school staff with online access to generative artificial intelligence tools through our website, browser extensions, and other services (collectively our "Services"). At MagicSchool we prioritize safety and respect your privacy.
This Privacy Policy describes how we collect, use, disclose, share, or otherwise process your personally identifiable information ("PII" or "personal data") when you visit our website or use our other Services. The categories of information we collect and how it is used will depend on your interactions with us.
If you use our student-facing features or products, such as MagicStudent, please see our Student Data Policy to learn more about how we process Student Data. If you are a teacher, school, school district or other educational institution (“Educational Institution”) that uses our student-facing Services such as MagicStudent (“Student-Facing Services”) for an educational purpose, then the use of the Student-Facing Services is subject to our Student Data Privacy Addendum. For all Student-Facing Services, the Student Data Privacy Addendum is incorporated herein by reference unless your Educational Institution has entered into a separate agreement with us that includes reasonably equivalent protections with regard to student data.
What Data We Collect
MagicSchool collects the following types of personal data when you visit our Websites or use our Services. We take steps to minimize the collection of personal data from the product to only what is necessary to provide the services.
Information We May Collect via Technological Means.
Our servers, which are hosted by a third-party service provider, collect certain technical data about your device and software, including your browser type, operating system, IP address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session and may indicate your general location), domain name, and/or a time stamp of your visit. We automatically gather this data and store it in log files each time you visit our website or access an account on our network. Unless you have provided PII in connection with your use of the Services (for example, by creating an account), we cannot use such technical data to identify your name or contact information.
We may also directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends in connection with the Services. We collect and use this analytics information in aggregate form such that it cannot reasonably be used to identify any particular individual.
Cookies, web beacons and other tracking technologies.
We may also use various technical mechanisms such as cookies, web beacons and similar tracking technologies to monitor how users use our Services. "Cookies" are small pieces of information that a website sends to your computer's hard drive while you are viewing a website. "Web beacons" refer to various tracking technologies used to check whether you have accessed some content on our Services. We use cookies for the following purposes, specifically:
We may link the information we store in cookies or through other mechanisms to the PII you submit while using our Services. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services. You can remove persistent cookies at any time by following the directions in the "Help" section of your Internet browser. You can also disable all cookies on your Internet browser. If you choose to disable cookies, be advised that you can still visit our Websites, but some components of our Services may not be available or work properly.
We do not allow third-parties to use a user’s data to create an automated profile or engage in data enhancement for the purposes of personalized advertisement.
We use third-party analytics and tracking tools solely to help deliver and improve our Services. These third-party service providers are prohibited from using your personal information for their own purposes, including creating profiles or engaging in targeted advertising.
Information Provided by You When Visiting Our Websites.
You may visit our Websites if you wish without creating an account or providing us with any information about yourself.
However, if you decide to use certain Services, you may be asked for information that we need in order to provide you with the Services requested. For example, if you decide to sign up for newsletters from us, attend a demonstration or virtual event, create an individual account to use our Services, or apply as an organization to join our AI Innovators program or other offerings, MagicSchool may collect some or all of the following PII from you: (1) first and last name, (2) school or organization name, (3) role or job title, (4) email address, (5) phone number, (6) location information including state/province and country, and (7) where applicable, a user-generated password for your account. You may also be provided the opportunity to provide a profile image or other information for your account profile.
If you provide us with feedback or contact us via email (e.g., in response to an employment or a program application on our Website), we will collect your name and email address, as well as any other content or information included in or attached to your email, in order to send you a reply. If you order Services from us for a fee, we may also collect information needed for billing and payment purposes that will be processed through a secure third-party payment processor.
We may combine the information we collect directly from you with information we obtain from public sources, partners, and other third parties and use such combined information in accordance with this Privacy Policy.
How We Use the Data We Collect.
In summary, we use your personal data to respond to your requests, to provide, secure, and enhance the Services, and to comply with our legal obligations. In particular, MagicSchool uses your PII for the following purposes as necessary and as permitted by applicable law:
We may also compile statistical or anonymized, non-personally identifiable information and use or transfer such information for any purposes; provided, however, that such data has been fully de-identified and cannot in any way be traced back to the customer or user and does not contain any personally identifiable information. We may also use such anonymized information to help train our AI models or use aggregated information publicly to show trends about the general use of our services. All customer data is encrypted at rest with AES-256 and in transit via TLS.
Third-Party Online Analytics Services
In connection with our Website and emails, we may use third-party online analytics services, such as those of Google Analytics. These analytics services use automated technologies to collect information (such as email address, IP address, and device identifiers) to evaluate, for example, use of our products and services and to diagnose technical issues. To learn about how Google Analytics collects and processes data, you may visit https://policies.google.com/technologies/partner-sites.
Third-Party OpenAI Services
We utilize OpenAI's application program interface ("API") to power the AI functionality of our Services. While we strive to maintain the highest level of data security, we encourage you to review OpenAI's API Privacy Policy separately to understand their data handling practices. We are committed to ensuring that the use of OpenAI's API aligns with applicable data protection laws and regulations. We have opted OUT of sharing data with OpenAI to train models.OpenAI will not use data submitted by our users via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose. You can opt-in to share data. Any data sent through the API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted (unless otherwise required by law).
Other Third-Party Services
It's important to us that we keep your information safe and secure. In order to help Magic School provide, maintain, protect and improve our services, Magic School shares information with other partners, vendors and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security or other requirements we deem appropriate. These companies will only have access to the information they need to provide the Magic School service. You can find information on these partners and subprocessors we work with in our DPA here. This list may change over time, and we’ll work hard to keep it up-to-date.
We do not share your personal data with third parties for their own marketing purposes, including direct marketing. We do not permit contextual advertisements, marketing, or other third-party advertising and promotion in our services. This policy applies to all users, regardless of location. Your personal data will only be shared with third-party service providers in order to fulfill the specific services you have requested from Magic School and in compliance with this Privacy Policy.
MagicSchool's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Personalized Advertising
We do not use or disclose Student Data for targeted advertising purposes. Specifically, personalized advertising (ads based on a user’s personal information) is not used or displayed in Magic School’s products. We are committed to protecting the privacy and data of our students. We do not share student data with third-party advertisers or use it to create profiles for advertising purposes.
Automated Decision-Making
MagicSchool does not use in connection with the Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.
Information Sharing and Disclosure
To the extent permitted by applicable law, MagicSchool may disclose your PII in the following circumstances:
How We Protect Your Data -- Security
We are committed to protecting the security of information received via the Services, including PII. If we collect PII from you, we provide reasonable and appropriate administrative, technical, and physical security controls designed to protect your PII from unauthorized access, use, or disclosure. Despite our efforts, no security controls are 100% risk-free, and MagicSchool does not warrant or guarantee that your PII will be secure in all circumstances. If you create an account, you are responsible for keeping your account credentials and passwords secure and not allowing others to use your account.
Student Data.
When an Educational Institution makes our student-facing services such as MagicStudent available to students, MagicSchool may collect and process personal information related to identifiable students (“Student Data”). MagicSchool collects and uses Student Data for educational purposes only as authorized by the Educational Institution and subject to its control. MagicSchool enters into student data privacy agreements with individual Educational Institutions which govern our use and responsibilities for Student Data. We process Student Data solely as directed by the applicable Educational Institution under these agreements. For more information about the principles that guide our collection, use and disclosure of Student Data, please refer to our Student Data Policy. You can also contact an Educational Institution directly if you would like to learn more about its privacy practices.
No student profile or student work is made available or visible to the public or to any other students directly from the service. Educators may allow their students to share their work with other students, educators, school administrators in their school, but no mechanisms exist to allow students to publicize or "post" directly from the service.
Other than the above, the Services do not directly provide any other form of messaging or communication between users.
Your Data, Your Choice
Please note if you are a California resident, please see Section IX "Additional Information for California Residents" below for more information about your privacy rights under California law.
Links to Third-Party Sites
Our provision of a link to any website or location outside of the Services is for your convenience and does not signify our endorsement of such other website or location or its contents. When you click on such a link, you will leave our site and go to another site. During this process, a third party may collect data, including PII, from you. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on a link to a third party. We encourage you to carefully read the privacy statement of any other website you visit.
Cross Border Data Transfers
MagicSchool is located in the United States. By accessing or using the Services, or otherwise providing information to us, you understand that your information may be subject to processing, transfer, and storage in other locations. In the event that MagicSchool transfers your Personal Data from the European Economic Area ("EEA") to a country which is not subject to an adequacy decision by the European Commission, or which may not provide for the same level of data protection as the EEA, MagicSchool will ensure that the recipient of your PII offers an adequate level of protection. This may include such measures as entering into standard contractual clauses for the transfer of data as approved by the European Commission, gaining your prior consent, or other appropriate measures in accordance with applicable law.
Additional Information for California Residents
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your "personal information" (as defined in the California Consumer Privacy Act ("CCPA")).
Please note that the above chart does not describe the Student Data that we process. For more information about our privacy practices with regard to Student Data, please refer to our Student Data Policy. In short – Student Data are processed solely on behalf of specific Educational Institutions under a student data privacy agreement. If you have questions about an Educational Institution’s privacy practices, you should contact the Educational Institution directly.
Your California Privacy Rights.
If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
The CCPA further provides you with the right not to be discriminated (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide our services to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you.
Please also note that if your personal information has been collected by MagicSchool as a result of a Customer's (as defined above) use of our services, MagicSchool collects and maintains your personal information under the directions of the relevant Customer. If these circumstances apply to you and you wish to access or delete any personal information that we have collected about you, please direct your query to the relevant Customer as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to consumer choices as appropriate and required by applicable laws.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer's behalf, please contact us at security@magicschool.ai.
The CCPA provides certain rights if a company "sells" personal information, as such term is defined under the CCPA. We do not engage in activities that would be considered "sales" of personal information under the CCPA.
Shine the Light Disclosure: The California "Shine the Light" law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
Do Not Track Signals: MagicSchool does not track users over time and across third-party websites and therefore does not respond to Do Not Track ("DNT") signals from web browsers. Further, because there currently is no industry standard concerning what, if anything, a service should do when they receive such signals, we currently do not take action in response to these signals.
Other State Laws
Data protection laws change and update frequently, and we endeavor to always comply with applicable laws where we operate. If you have any questions, concerns, or requests regarding the handling of your personal information, contact us at security@magicschool.ai. Please note we may take reasonable steps to verify your identity and the authenticity of the request.
Changes to Our Privacy Policy
MagicSchool reserves the right to change this Privacy Policy. MagicSchool will provide notification of the material changes to this Privacy Statement through our Website and, where appropriate, when you login to your account or by email to any email address of yours we may have on file, at least thirty (30) days prior to the change taking effect.
Contact Us
MagicSchool welcomes your comments, questions, and concerns regarding our Privacy Policy. Please contact us at security@magicschool.ai or at our mailing address below:
MagicSchool
Attn: Legal Department
4845 Pearl East Cir Ste 118 PMB 83961
Boulder, CO 80301-6112
MagicSchool participates in the iKeepSafe Safe Harbor program. If you have any questions or need to file a complaint related to our privacy policy and practices, please do not hesitate to contact the iKeepSafe Safe Harbor program at COPPAprivacy@ikeepsafe.org
Supplemental GDPR Privacy Statement
This Supplemental GDPR Privacy Statement is relevant to any individual located in the European Economic Area who uses our Services.
European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), requires MagicSchool to provide additional and different information about its data processing practices to data subjects in the EEA. If you are accessing the Services from a member state of the EEA, this Supplemental GDPR Privacy Statement applies to you.
For purposes of the GDPR, MagicSchool 4845 Pearl East Cir Ste 118 PMB 83961 Boulder, CO 80301, is the data controller of your personal information.
Legal Basis of Processing. In general, the legal basis for MagicSchool's processing of your personal data in connection with the Services is Article 6(1)(b) of the EU GDPR, which allows processing of personal data as necessary for the performance of a contract or to fulfill your requests.
As exceptions, MagicSchool relies on your consent with respect to cookies that are not strictly necessary and direct marketing emails per Article 6(1)(a) of the EU GDPR; and pursues legitimate interests under Article 6(1)(f) of the EU GDPR with respect to situations where MagicSchool needs to process your personal data to comply with applicable laws (as a U.S.-based company, MagicSchool is subject to U.S. laws and must comply with them) or processes your personal data to improve our business and Services.
Personal Data Transfers outside of the EEA. MagicSchool may transmit some of your personal data to a country where the data protection laws may not provide a level of protection equivalent to the laws in your jurisdiction, including the United States. As required by applicable law, MagicSchool will provide an adequate level of protection for your personal data using various means, including, where appropriate:
Any onward transfer is subject to appropriate onward transfer requirements as required by applicable law.
Data Retention. MagicSchool keeps personal data as long as required to provide the Services you have requested or registered for and comply with applicable laws.
Data Subject Rights. You have a right to request from MagicSchool access to and rectification or erasure of your personal data or restriction of processing concerning you, as well as the right to data portability under the GDPR. You also have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. In general, you have the right to object to our processing of your personal data for direct marketing purposes. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You can exercise such rights by accessing the information in your account, submitting request by email to security@magicschool.ai.
If you have provided consent for cookies that are not strictly necessary, direct marketing emails or other data processing based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You have the right to lodge a complaint with a supervisory authority.
Your Choices. You are not required to provide any personal data to MagicSchool but if you do not provide any personal data to MagicSchool, certain Services may not be available or operate correctly. You may visit our Websites without consenting to cookies that are not strictly necessary; the only consequence is that our Services may be less tailored to you or you will not receive our newsletters or other Services you requested.
Profiling. MagicSchool does not use in connection with the Services automated decision-making, including profiling, in a way that produces legal effects concerning you or which significantly affects you.
Specific location and other sensitive data. We do not collect or process biometric information or specific location information from your devices, nor do we collect or process other "sensitive data" about you, with the exception of your address and payment card information in the event you provide payment for Services, in which case such information is securely processed by our third-party payment processor and we make no other use of such personally identifiable information.
EU and UK Representation.
If you are in the European Union/EEA, you may address privacy-related inquiries to our EU representative pursuant to Article 27 GDPR: EU: EU-REP.Global GmbH, Attn: MagicSchool, Inc., 24114 Kiel, Germany
magicschool.ai@eu-rep.global
www.eu-rep.global
If you are in the United Kingdom, you may address privacy-related inquiries to our UK representative pursuant to Article 27 GDPR: UK: DP Data Protection Services UK Ltd., Attn: MagicSchool, Inc., 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
magicschool.ai@eu-rep.global
www.eu-rep.global