Last Update: November, 2022
Introduction and Definitions
Pixton Comics Inc. is committed to maintaining the security, confidentiality and privacy of your Personal Information (which includes the Personal Information of children).
“Child or Children” means any child or children under the age of 13 years old.
“Content” means any expression fixed in a tangible medium and includes, without limitation, ideas, text, graphics, avatars, designs, presets (including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays, effects), combinations of presets, drawings, logos, images, trademarks, copyrights, information, software, and any intellectual property therein, any of which may be created, submitted, or otherwise made accessible on or through the Site and/or Services.
“Homeschooler(s)” means a parent or individual employed by an educational institution, or the educational institution itself.
“Pixton Content” means all Content that is not User Generated Content.
“Services” means creation of avatars, characters and scenes with accompanying text for a comic strip accessed through the Site, as well as access to preset Content including but not limited to: backgrounds, scene configurations, characters, outfits, body poses, facial expressions, color filters, overlays and effects.
“Site” means www.pixton.com, app.pixton.com, and other affiliated subdomains of pixton.com.
“Dependent” means a child who enrolls in a Dependent Sub-Account upon a Homeschooler's provision of a login link.
“User Generated Content” or “UGC” means any material whatsoever, including comics, that a user, including you, submits, creates, transfers or otherwise makes available by access to the Site or through the Services, including but not limited to ideas, information, images, data, text, graphics, designs, drawings or other Content posted in any area within the Site or through the Services.
Compliance with Privacy Laws
Pixton is compliant with the requirements of Canadian, US, and other privacy laws including:
- United States: the Children’s Online Privacy Protection Act (“COPPA”); the Family Educational Rights and Privacy Act (“FERPA”)
- California: the California Consumer Privacy Act (“CCPA”); the Student Online Personal Information Protection Act (“SOPIPA”)
- Illinois: the Student Online Personal Protection Act (“SOPPA”)
- New York: Education Law Section 2-D (“Ed 2d”)
- Washington: the Student User Privacy in Education Rights (“SUPER”) Act
- Canada: the Personal Information Protection and Electronic Documents Act (“PIPEDA”)
- Alberta: the Freedom of Information and Protection of Privacy Act (“FOIP”)
- British Columbia: the Personal Information Protection Act (“PIPA”)
- Ontario: the Municipal Freedom of Information and Protection of Privacy Act (“MFIPPA”)
- Australia: the Privacy Act 1988 and Privacy Principles of Australia (“APP”)
- New Zealand: the Privacy Act 2020 and Privacy Principles of New Zealand
Don't hesitate to contact firstname.lastname@example.org if you are unsure whether Pixton complies with your local privacy laws – chances are, we do!
Acceptance of Terms and Revisions
Types of Information We Collect
There are two types of information we may collect through your access to and use of the Site and/or Services:
“Personal Information” means information about an identifiable individual (including any “Personal Information” as such term is defined in the applicable privacy statute). Personal Information may include for example, but is not limited to, a person’s first and last name, an email address, a user name, persistent identifiers such as IP address or device number, a photograph, or any anonymous information combined with a persistent identifier or other Personal Information.
“Non-Personal Information” means information that does not identify you and cannot be used to identify you personally and may include your browser and operating system descriptor, age, gender, and non-precise geolocation information (e.g., your city). For Dependent users Non-Personal Information includes your grade level and subject area if this information is made anonymous and de-identified. Non-Personal Information also includes “Usage Data” which is anonymous data associated with your computer that includes activities and time on the Site, when not linked to any persistent identifier or other Personal Information.
No Personal Information is necessarily needed for the registration of Dependent Sub-Accounts. Instead of inputting your Dependent's real first name, for example, you could use a pseudonym for your Dependent.
Collection of Information
We may collect information (including Personal Information) as follows:
Information you provide to us upon registration. If you choose to register, complete a sign-up form or group register form, open an account or become a member with us, request support, or in any other way take steps that require the submission of information, we may collect Personal Information such as your email address, and for Homeschoolers only, your name.
Purchases. If you choose to subscribe to the Site and/or Services, our payment processor, Stripe, will collect your credit card information. We do not collect or store your credit card information.
Information you submit to us. If you choose to submit your information to us for any other reason in any other form, we will collect such information and use it for the purposes for which you submitted it. In COPPA applicable jurisdictions, you will need to submit verifiable parental, guardian or Homeschooler consent prior to submitting personal information if not previously consented to.
Visiting our Site. We will not collect any Personal Information from you simply by virtue of your visiting the Site; we only collect Personal Information if you choose to submit it to us. We do, however, collect Non-Personal Information such as Usage Data, whenever you use the Site and/or Services. If prohibited in your jurisdiction, such Non-Personal Information is not combined with Personal Information.
Where permitted by law. We may also collect information, including Personal Information as otherwise permitted by law.
Browser privacy preference. We will use reasonable efforts to comply with the privacy preference setting in any browser, but generally do not comply with any Do-Not-Track requests on browsers.
Email messages. We may collect Non-Personal Information through emails we send you which contain code that allows us to track whether the message was opened and/or links were clicked.
Cookies. In connection with the foregoing collection of information, we may also use “cookies” or similar technologies (small amounts of data that are stored on your computer's hard drive when you use or access the Site and/or Services that identify your computer and may store information about you such as behavioural data). Should you choose to submit Personal Information to us, we may link cookie information to such Personal Information. If you do not wish to accept cookies, you have the option of blocking or disabling cookies. However, please be aware that some of the Site and/or Services will not function properly if you do so and you may lose access to Services you purchased. In light of the above, if you happen to be in a jurisdiction in which COPPA applies, we will not collect any Personal Information with cookies and will not link any cookie information with Personal Information without verifiable parental consent.
Third party advertisers. No third-party advertising is permitted on the Site.
User-generated content. All users can enter comic titles, speech / thought bubble text, and captions with no restrictions other than length. All users can create an avatar, which may or may not be an accurate representation of themselves in real life. Users attached to all-access subscriptions can upload images into the backgrounds of their comic panels.
We strongly advise you not to submit Personal Information as part of UGC, comics or other content you create. However, if you do, the Personal Information will be stored in our database and treated the same as other Personal Information collected from you.
Public Disclosure of User Generated Content and Other Internet Activity
By default, all UGC attached to a Dependent is visible only to that Dependent and to their Homeschooler.
You or your Dependent may choose to disclose information about yourself in the course of creating User Generated Content to us or through your use of the Site and/or Services. You may generate a “Share Link” on the Site for any of your own comics, and for any of your Dependents. Dependents may also generate a Share Link for any of their own comics, unless they are Children. Children cannot generate Share Links. Comics viewable via a Share Link never include the Dependent's name. However, the comic title and any text in the comic are displayed unchanged. If you do generate a Share Link on a Child's comic, you must remove any Personal Information before posting the link to any public forum. Both you and your Dependent have the ability to edit a comic and remove any Personal Information from it, before sharing it publicly.
Use of Your Information
We may use your information (including Personal Information) for the following purposes:
to provide you with any services or functionality you have requested, including the Services;
to improve the Site and/or Services, and to inform the creation of future Services;
to send you information related to the Site and/or Services, including confirmations, Site news, technical notices, updates, security alerts, and support and administrative messages;
to process transactions for the Services;
to manage your account with Pixton;
to respond to customer service inquiries;
to troubleshoot problems with the Site and/or Services;
to protect against unlawful activities or other misuse of the Site and/or and Services or for other security reasons;
to compile statistics;
for Homeschoolers only, to invite you to participate in Pixton surveys, contests or special events;
to allow you to share your User Generated Content with your colleagues, friends or family;
to authenticate your identity; and
to integrate third-party authentication, including Google or Microsoft single sign-on.
Specific Third-Party Services
The Site makes use of the following third party services:
Google Analytics (Homeschoolers only) collects Non-Personal Information, which we use aggregated and anonymized to track the usage of the Site. No User Generated Content is passed to Google Analytics.
Hubspot.com (Homeschoolers only) is a customer communication tool that allows us to send email and in-application messages to Homeschooler parents. We use it to segment Homeschooler parents for more specific messaging; to organize messages; and to communicate product updates such as feature releases. This service collects limited Personal Information, such as name and email address.
Stripe.com (Homeschoolers only) is a payment processor, which we use to collect credit card payments from Homeschooler users. This service collects limited Personal Information, such as name and credit card information.
Google, Microsoft, or Facebook (Homeschoolers only) facilitate single sign-on to the Site. We use them to authenticate users and to retrieve the name and/or email address of the user, for the purposes of provisioning and then enabling access to a Pixton account. These services collect and pass to Pixton limited Personal Information (name and email address).
Amazon Web Services is a set of cloud-based web hosting services. We use it to host the Site, including the database where user data are stored. This service does not collect Personal Information, although it may store (in an encrypted format) such data as collected and stored by Pixton.
Disclosure of Information
Protection of Your Information
Pixton has implemented reasonable physical and technical measures to protect the information we collect or are provided with from unauthorized access and against loss, misuse or alteration by third parties, including but not limited to:
- Containment of database(s) inside a Virtual Private Cloud (VPC), access to which is extremely restricted;
- Encryption of database data in transit and at rest;
- Use of SSL / HTTPS for all data transmission over the Internet;
- Multifactor authentication on administrator-level access;
- Code reviews and scans to monitor for security vulnerabilities;
- Firewalls, private keys, anti-virus protection, IP address whitelists, and encrypted local hard drives.
Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure.
PIXTON STRIVES TO EXCEED COMMERCIALLY REASONABLE EFFORTS TO PROTECT YOUR PERSONAL INFORMATION, HOWEVER, TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION.
For further information on how we safeguard information we collect or are provided with, contact us via email at email@example.com.
Incident Response Plan
If we ever discover or receive reports of a security breach, we will take the following steps to address it:
- The staff member who detects or receives a report of a breach will forward all details to Pixton's privacy officer at firstname.lastname@example.org.
- The privacy officer will:
- Determine the severity of the potential impact. Is it real or perceived? Is it still in progress? What data is threatened and how critical is it? What is the impact on the business should the attack succeed – minimal, serious, or critical?
- If the breach is real, determine the system(s) being targeted, along with all relevant details such as the attacker's IP address.
- Determine how the incident can be contained, and contain it. This may involve changing passwords, encryption keys, or other system access information.
- Determine what data has been compromised, and who should be notified about the incident.
- Notify affected parties by email no more than seven calendar days after the discovering of the breach, including relevant details such as: the data that was compromised; the measures being taken to prevent any future such incidents.
- Document the incident, including date detected, date occurred, notifications issued, and response.
- Consider how the intrusion could have been prevented, and make changes to systems and/or policies accordingly.
Retention of Your Information
The data and information that we collect will be stored and maintained by Pixton or our third-party service providers until you delete it or instruct us to delete it, or until your Account is terminated by us. We will retain data and information we collect for a period of 60 days after your Account is terminated, at which time it will be permanently deleted. We intend to only retain data, including Dependent data, for as long as is reasonably necessary to fulfill the purpose for which the information was collected.
To request deletion of your account or deletion of a Dependent's account, please email our Privacy Office at email@example.com with specific details, such as the email address or username on the account and the date you wish it to be deleted. In order to verify your identity and authorization to make a deletion request, we will only correspond using the email address associated with your Homeschooler Account.
If you have not logged into your Pixton account for more than 365 days, we reserve the right to terminate it.
Currently, Pixton or our third party service providers retain and store information collected by, or provided to, us in the cloud and on secure servers in Canada. You hereby consent to Pixton storing any Personal Information you provide to us on secure servers in Canada.
If you access the Site and/or use any of the Services, you are responsible for protecting the confidentiality of your account password and login link, and for restricting access to your computer and you agree to accept responsibility for all activities that occur under your account. Please notify us immediately if you detect suspected misuse of your account via email at: firstname.lastname@example.org.
Access and Accuracy
Pixton will use commercially reasonable efforts to provide you access to your Personal Information (to the extent we are in possession of any) if you submit your request for access via email@example.com. Pixton may charge you a reasonable fee for doing so. Dependents who wish to access their Personal Information must have the Homeschooler submit a request on their behalf. Subject to applicable law, including COPPA, Pixton reserves the right to deny access to your Personal Information on any of the following grounds:
when denial of access is required by law;
when granting you access is reasonably likely to negatively impact other people's privacy;
when granting access is, in our judgement and acting reasonably, cost prohibitive; or
when we have reason to believe that such requests are frivolous or made in bad faith.
You are responsible for ensuring that all information created through your access to and use of the Site and/or Services is accurate, reliable and complete and you acknowledge and accept that the use of such information is at your own risk. We can only provide accurate Services if we are in possession of your current and accurate information, therefore, we ask that you keep any Personal Information that you provide to us current and accurate. You represent and warrant that all Personal Information you provide us is true and accurate and relates to you and not to any other person. If you believe that the Personal Information maintained by Pixton about you is inaccurate or incomplete, you may notify us by describing in detail any inaccuracies or omissions via email at firstname.lastname@example.org. Following receipt of a properly submitted notice, we will, within a reasonable time period and acting in our sole discretion, use commercially reasonable efforts to either: (a) amend or correct your Personal Information to reflect corrected or additional information provided by you, or (b) in connection with your Personal Information, make note of any claimed inaccuracies or omissions reported in the notice submitted by you.
Our Policy Regarding Children
Upon a Dependent registering a Dependent Sub-Account, the Homeschooler may access, modify or delete the Dependents' information and UGC by:
selecting the areas of the Site and information, including text, images, data or other Content posted on the Site and/or available through the Services, that the Dependent may access through the Dependent Sub-Account; and
viewing the Dependent Sub-Account users' recent activity, including UGC created by the Dependent.
If Pixton discovers, or if a parent/guardian or Homeschooler becomes aware, that a Dependent under the age of majority in their local jurisdiction has accessed the Site and/or Services on their own and without the use of a Dependent Sub-Account, or provided us with information without the parent/guardian's consent, please contact us at email@example.com. We will delete such information from our files within a reasonable time.
If you are below the age of majority in your local jurisdiction, please obtain your parent's, legal guardian's, or Homeschooler’s permission before accessing or using any of the Site and/or Services or providing us with any Personal Information or Non-Personal Information.
In the interests of the safety and comfort of all users under the age of majority in your local jurisdiction, we reserve the right, acting in our sole discretion but without any obligation, to restrict the access of any user to any space on the Site.
Homeschoolers can see all User Generated Content created by Dependents within their group(s), whether completed or in progress. The Homeschooler has the ability to delete User Generated Content created by Dependents within their group(s). User Generated Content may be shared publicly online through the Share Link and shared publicly offline through printing hard copies of User Generated Content. THE HOMESCHOOLER IS RESPONSIBLE FOR PROTECTING AGAINST THE DISCLOSURE OF ANY PERSONAL INFORMATION AND WHICH IS INCLUDED IN USER GENERATED CONTENT AND SHARED EITHER PUBLICLY ONLINE OR OFFLINE. TO THE EXTENT ALLOWABLE BY LAW, PIXTON DISCLAIMS ALL RESPONSIBILITY AND LIABILITY AND THE HOMESCHOOLER HEREBY ACKNOWLEDGES AND ACCEPTS ALL RESPONSIBILITY AND LIABILITY FOR ANY DISCLOSURE OF PERSONAL INFORMATION THROUGH USER GENERATED CONTENT, INCLUDING THROUGH THE ONLINE “SHARE” LINK OR OFFLINE THROUGH PRINTING THE USER GENERATED CONTENT.
Questions or Comments
Pixton Comics Inc.
Attention: Privacy Officer