Last Update: November, 2022
Introduction and Definitions
Pixton Comics Inc. (“PCI”) is committed to maintaining the security, confidentiality and privacy of your Personal Information (which includes the Personal Information of Students).
“Child or Children” means any child or children under the age of 13 years old.
“Content” means any expression fixed in a tangible medium and includes, without limitation, ideas, text, graphics, avatars, designs, presets (including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays, effects), combinations of presets, drawings, logos, images, trademarks, copyrights, information, software, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.
“Educator(s)” means a teacher or individual employed by an educational institution, or the educational institution itself.
“Pixton Content” means all Content that is not User Generated Content.
“Services” means creation of avatars, characters and scenes with accompanying text for a comic strip accessed through the Site, as well as access to preset Content including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays and effects.
“Site” means www.pixton.com, app.pixton.com, and other affiliated subdomains of pixton.com.
“Student” means a student who enrolls in a Student Sub-Account upon an Educator's provision of a registration code or link.
“User Generated Content” or “UGC” means any material whatsoever, including comics, that a user, including you, submits, creates, transfers or otherwise makes available by access to the Site or through the Services, including but not limited to ideas, information, images, data, text, graphics, designs, drawings or other Content posted in any area within the Site or through the Services.
Compliance with Privacy Laws
Pixton is compliant with the requirements of Canadian and US privacy laws including:
- United States: the Children’s Online Privacy Protection Act (“COPPA”); the Family Educational Rights and Privacy Act (“FERPA”)
- California: the California Consumer Privacy Act (“CCPA”); the Student Online Personal Information Protection Act (“SOPIPA”)
- Illinois: the Student Online Personal Protection Act (“SOPPA”)
- New York: Education Law Section 2-D (“Ed 2d”)
- Washington: the Student User Privacy in Education Rights (“SUPER”) Act
- Canada: the Personal Information Protection and Electronic Documents Act (“PIPEDA”)
- Alberta: the Freedom of Information and Protection of Privacy Act (“FOIP”)
- British Columbia: the Personal Information Protection Act (“PIPA”)
- Ontario: the Municipal Freedom of Information and Protection of Privacy Act (“MFIPPA”)
Don't hesitate to contact firstname.lastname@example.org if you are unsure whether Pixton complies with your local privacy laws – chances are, we do!
Acceptance of Terms and Revisions
Types of Information We Collect
There are two types of information we may collect through your access to and use of the Site and/or Services:
“Personal Information” means information about an identifiable individual (including any “Personal Information” as such term is defined in the applicable privacy statute). Personal Information may include for example, but is not limited to, a person’s first and last name, an email address, a user name, persistent identifiers such as IP address or device number, a photograph, or any anonymous information combined with a persistent identifier or other Personal Information.
“Non-Personal Information” means information that does not identify you and cannot be used to identify you personally and may include your browser and operating system descriptor, age, gender, and non-precise geolocation information (e.g., your city). For Student users Non-Personal Information includes your grade level and subject area if this information is made anonymous and de-identified. Non-Personal Information also includes “Usage Data” which is anonymous data associated with your computer that includes activities and time on the Site, when not linked to any persistent identifier or other Personal Information.
No Personal Information is necessarily needed by Pixton for the registration of any Student Sub-Accounts. If you select the Username method of Student authentication for your classroom, you may input a pseudonym for each Student instead of each Student's real name.
Collection of Information
We may collect information (including Personal Information) as follows:
Information you provide to us upon registration. If you choose to register, complete a sign-up form or group register form, open an account or become a member with us, request support, or in any other way take steps that require the submission of information, we may collect Personal Information such as your email address, and for Educators only, your name.
Purchases. If you choose to subscribe to the Site and/or Services, our payment processor, Stripe, will collect your credit card information. We do not collect or store your credit card information.
Information you submit to us. If you choose to submit your information to us for any other reason in any other form, we will collect such information and use it for the purposes for which you submitted it. In COPPA applicable jurisdictions, you will need to submit verifiable parental, guardian or Educator consent prior to submitting personal information if not previously consented to.
Visiting our Site. We will not collect any Personal Information from you simply by virtue of your visiting the Site; we only collect Personal Information if you choose to submit it to us. We do, however, collect Non-Personal Information such as Usage Data, whenever you use the Site and/or Services. If prohibited in your jurisdiction, such Non-Personal Information is not combined with Personal Information.
Where permitted by law. We may also collect information, including Personal Information as otherwise permitted by law.
Browser privacy preference. We will use reasonable efforts to comply with the privacy preference setting in any browser, but generally do not comply with any Do-Not-Track requests on browsers.
Email messages. We may collect Non-Personal Information through emails we send you which contain code that allows us to track whether the message was opened and/or links were clicked.
Cookies. In connection with the foregoing collection of information, we may also use “cookies” or similar technologies (small amounts of data that are stored on your computer's hard drive when you use or access the Site and/or Services that identify your computer and may store information about you such as behavioural data). Should you choose to submit Personal Information to us, we may link cookie information to such Personal Information. If you do not wish to accept cookies, you have the option of blocking or disabling cookies. However, please be aware that some of the Site and/or Services will not function properly if you do so and you may lose access to Services you purchased. In light of the above, if you happen to be in a jurisdiction in which COPPA applies, we will not collect any Personal Information with cookies and will not link any cookie information with Personal Information without verifiable parental consent.
Third party advertisers. No third-party advertising is permitted on the Site.
User-generated content. All users can enter comic titles, speech / thought bubble text, and captions with no restrictions other than length. All users can create an avatar, which may or may not be an accurate representation of themselves in real life. Users attached to all-access subscriptions can upload images into the backgrounds of their comic panels.
We strongly advise you not to submit Personal Information as part of UGC, comics or other content you create. However, if you do, the Personal Information will be stored in our database and treated the same as other Personal Information collected from you.
Public Disclosure of User Generated Content and Other Internet Activity
By default, all UGC attached to a Student Sub-Account is visible only to that student, and to their Educator.
You or your Student Sub-Account holder may choose to disclose information about yourself in the course of creating User Generated Content to us or through your use of the Site and/or Services. You may generate a “Share Link” on the Site for any of your own comics, and for any of your Student Sub-Accounts. Students may also generate a Share Link for any of their own comics. Note that Share Links generated for comics created by Children redirect to a login page such that only an authorized Educator can view the shared comic (i.e., the comic cannot be shared publicly). Otherwise, comics viewable via a Share Link never include the Student's name or username. However, the comic title and any text in the comic are displayed unchanged. Both the Student and the Educator have the ability to edit a comic and remove any Personal Information from it, before sharing it.
Use of Your Information
We may use your information (including Personal Information) for the following purposes:
to provide you with any services or functionality you have requested, including the Services;
to improve the Site and/or Services, and to inform the creation of future Services;
to send you information related to the Site and/or Services, including confirmations, Site news, technical notices, updates, security alerts, and support and administrative messages;
to process transactions for the Services;
to manage your account with Pixton;
to respond to customer service inquiries;
to troubleshoot problems with the Site and/or Services;
to protect against unlawful activities or other misuse of the Site and/or and Services or for other security reasons;
to compile statistics;
for Educators only, to invite you to participate in Pixton surveys, contests or special events;
to allow you to share your User Generated Content with your colleagues, friends or family;
to authenticate your identity; and
to integrate third-party authentication, including Google or Microsoft single sign-on.
Specific Third-Party Services
The Site makes use of the following third party services:
Google Analytics (Educators only) collects Non-Personal Information, which we use aggregated and anonymized to track the usage of the Site. No User Generated Content is passed to Google Analytics.
Hubspot.com (Educators only) is a customer communication tool that allows us to send email and in-application messages to Educators. We use it to segment Educators for more specific messaging; to organize messages; and to communicate product updates such as feature releases. This service collects limited Personal Information, such as name and email address.
Stripe.com (Educators only) is a payment processor, which we use to collect credit card payments from Educators. This service collects limited Personal Information, such as name and credit card information.
Google, Microsoft, or Facebook (Educators only) facilitate single sign-on to the Site. We use them to authenticate users and to retrieve the name and/or email address of the user, for the purposes of provisioning and then enabling access to a Pixton account. These services collect and pass to Pixton limited Personal Information (name and email address).
Amazon Web Services is a set of cloud-based web hosting services. We use it to host the Site, including the database where user data are stored. This service does not collect Personal Information, although it may store (in an encrypted format) such data as collected and stored by Pixton.
FERPA and California AB 1584
Consistent with FERPA and California AB 1584 (Buchanan) Privacy of Pupil Records: 3rd-Party Digital Storage & Education Software (Education Code section 49073.1), PCI will abide to the following for all users:
Student records obtained by PCI from an educational institution continue to be the property of and under the control of the educational institution. The educational institution retains full ownership rights to the personal information and education records it provides to PCI.
PCI users may retain possession and control of their own User Generated Content.
Parents, legal guardians, or eligible students may review personally identifiable information in the student’s records and correct erroneous information by contacting their educational institution. Additionally, Users may access, correct, update, or delete personal information in their profile by signing into the Site, accessing their account, and making the appropriate changes.
PCI is committed to maintaining the security and confidentiality of student records. Towards this end, we take the following actions: (a) we limit employee access to student data to only those employees with a need to such access to fulfill their job responsibilities; (b) we conduct background checks on our employees that may have access to student data; (c) we conduct regular employee privacy and data security training and education; and (e) we protect personal information with technical, contractual, administrative, and physical security safeguards in order to protect against unauthorized access, release or use.
In the event of an unauthorized disclosure of a student’s records, PCI will promptly notify Users unless specifically directed not to provide such notification by law enforcement officials. Notification shall identify: (i) the date and nature of the unauthorized use or disclosure; (ii) the Personal Information used or disclosed; (iii) general description of what occurred including who made the unauthorized use or received the unauthorized disclosure; (iv) what PCI has done or shall do to mitigate any effect of the unauthorized use or disclosure; (v) what corrective action PCI has taken or shall take to prevent future similar unauthorized use or disclosure; and (vi) who at PCI the User can contact. PCI will keep the User fully informed until the incident is resolved.
PCI will delete or de-identify personal information when it is no longer needed, upon expiration or termination of our agreement with an educational institution with any deletion or de-identification to be completed according to the terms of our agreement with the educational institution, or at the direction or request of the educational institution.
PCI agrees to work with educational institution to ensure compliance with FERPA and the Parties will ensure compliance by providing parents, legal guardians or eligible students with the ability to inspect and review student records and to correct any inaccuracies therein as described in statement (4) above.
PCI prohibits using personally identifiable information in student records to engage in targeted advertising.
Disclosure of Information
Protection of Your Information
Pixton has implemented reasonable physical and technical measures to protect the information we collect or are provided with from unauthorized access and against loss, misuse or alteration by third parties, including but not limited to:
- Containment of database(s) inside a Virtual Private Cloud (VPC), access to which is extremely restricted;
- Encryption of database data in transit and at rest;
- Use of SSL / HTTPS for all data transmission over the Internet;
- Multifactor authentication on administrator-level access;
- Code reviews and scans to monitor for security vulnerabilities;
- Firewalls, private keys, anti-virus protection, IP address whitelists, and encrypted local hard drives.
Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
PIXTON STRIVES TO EXCEED COMMERCIALLY REASONABLE EFFORTS TO PROTECT YOUR PERSONAL INFORMATION, HOWEVER, TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION.
For further information on how we safeguard information we collect or are provided with, contact us via email at email@example.com.
Incident Response Plan
If we ever discover or receive reports of a security breach, we will take the following steps to address it:
- The staff member who detects or receives a report of a breach will forward all details to Pixton's privacy officer at firstname.lastname@example.org.
- The privacy officer will:
- Determine the severity of the potential impact. Is it real or perceived? Is it still in progress? What data is threatened and how critical is it? What is the impact on the business should the attack succeed – minimal, serious, or critical?
- If the breach is real, determine the system(s) being targeted, along with all relevant details such as the attacker's IP address.
- Determine how the incident can be contained, and contain it. This may involve changing passwords, encryption keys, or other system access information.
- Determine what data has been compromised, and who should be notified about the incident.
- Notify affected parties by email no more than seven calendar days after the discovering of the breach, including relevant details such as: the data that was compromised; the measures being taken to prevent any future such incidents.
- Document the incident, including date detected, date occurred, notifications issued, and response.
- Consider how the intrusion could have been prevented, and make changes to systems and/or policies accordingly.
Retention of Your Information
The data and information that we collect will be stored and maintained by Pixton or our third-party service providers until you delete it or instruct us to delete it, or until your Account is terminated by us. We will retain data and information we collect for a period of 60 days after your Account is terminated, at which time it will be permanently deleted. We intend to only retain data, including Dependent data, for as long as is reasonably necessary to fulfill the purpose for which the information was collected. Any Student account belonging to a deleted group, and to no active or archived groups, will be permanently deleted 60 days after you flag the group for deletion.
To request deletion of your account or deletion of a Student's account, please email our Privacy Office at email@example.com with specific details, such as the email address or username on the account and the date you wish it to be deleted. In order to verify your identity and authorization to make a deletion request, we will only correspond using the email address associated with your Educator Account.
Currently, Pixton or our third party service providers retain and store information collected by, or provided to, us in the cloud and on secure servers in Canada. You hereby consent to Pixton storing any Personal Information you provide to us on secure servers in Canada.
If you access the Site and/or use any of the Services, you are responsible for protecting the confidentiality of your account password and elected codes, and for restricting access to your computer and you agree to accept responsibility for all activities that occur under your account. Please notify us immediately if you detect suspected misuse of your account via email at: firstname.lastname@example.org.
Access and Accuracy
Pixton will use commercially reasonable efforts to provide you access to your Personal Information (to the extent we are in possession of any) if you submit your request for access via email@example.com. Pixton may charge you a reasonable fee for doing so. Students who wish to access their Personal Information must have the Educator submit a request on their behalf. Subject to applicable law, including COPPA, Pixton reserves the right to deny access to your Personal Information on any of the following grounds:
when denial of access is required by law;
when granting you access is reasonably likely to negatively impact other people's privacy;
when granting access is, in our judgement and acting reasonably, cost prohibitive; or
when we have reason to believe that such requests are frivolous or made in bad faith.
You are responsible for ensuring that all information created through your access to and use of the Site and/or Services is accurate, reliable and complete and you acknowledge and accept that the use of such information is at your own risk. We can only provide accurate Services if we are in possession of your current and accurate information, therefore, we ask that you keep any Personal Information that you provide to us current and accurate. You represent and warrant that all Personal Information you provide us is true and accurate and relates to you and not to any other person. If you believe that the Personal Information maintained by Pixton about you is inaccurate or incomplete, you may notify us by describing in detail any inaccuracies or omissions via email at firstname.lastname@example.org. Following receipt of a properly submitted notice, we will, within a reasonable time period and acting in our sole discretion, use commercially reasonable efforts to either: (a) amend or correct your Personal Information to reflect corrected or additional information provided by you, or (b) in connection with your Personal Information, make note of any claimed inaccuracies or omissions reported in the notice submitted by you.
Our Policy Regarding Children
Upon a Student registering a Student Sub-Account, the Educator may access, modify or delete the Students' information and UGC by:
selecting the areas of the Site and information, including text, images, data or other Content posted on the Site and/or available through the Services, that the Student may access through the Student Sub-Account; and
viewing the Student Sub-Account users' recent activity, including UGC created by the Student.
If Pixton discovers, or if a parent/guardian or Educator becomes aware, that a Student under the age of majority in their local jurisdiction has accessed the Site and/or Services on their own and without the use of a Student Sub-Account, or provided us with information without the parent/guardian's consent, please contact us at email@example.com. We will delete such information from our files within a reasonable time.
If you are below the age of majority in your local jurisdiction, please obtain your parent's, legal guardian's, or Educator’s permission before accessing or using any of the Site and/or Services or providing us with any Personal Information or Non-Personal Information.
In the interests of the safety and comfort of all users under the age of majority in your local jurisdiction, we reserve the right, acting in our sole discretion but without any obligation, to restrict the access of any user to any space on the Site.
Educators can see all User Generated Content created by Students within their group(s), whether completed or in progress. The Educator has the ability to delete User Generated Content created by Students within their group(s). User Generated Content may be shared online through the Share Link – publicly if the student is not a Child – and shared publicly offline through printing hard copies of User Generated Content. THE EDUCATOR IS RESPONSIBLE FOR PROTECTING AGAINST THE DISCLOSURE OF ANY PERSONAL INFORMATION AND WHICH IS INCLUDED IN USER GENERATED CONTENT AND SHARED EITHER PUBLICLY ONLINE OR OFFLINE. TO THE EXTENT ALLOWABLE BY LAW, PIXTON DISCLAIMS ALL RESPONSIBILITY AND LIABILITY AND THE EDUCATOR HEREBY ACKNOWLEDGES AND ACCEPTS ALL RESPONSIBILITY AND LIABILITY FOR ANY DISCLOSURE OF PERSONAL INFORMATION THROUGH USER GENERATED CONTENT, INCLUDING THROUGH THE ONLINE “SHARE LINK” OR OFFLINE THROUGH PRINTING THE USER GENERATED CONTENT.
Questions or Comments
Pixton Comics Inc.
Attention: Privacy Officer