Last updated on Dec 12, 2021


1. About this privacy policy 

This privacy policy describes what information Exodexa (“we” or “us” or “our”) collects from users, including children, (“user” or “you” or “your”) when they visit our website and how such information is used, stored, processed, shared and protected. You acknowledge that your personal data collected through our website, will be collected, stored and processed in accordance with the terms of this privacy policy. We provide additional privacy protection for children (“learner”) on our website. Our privacy practices are guided by the United States’ Children’s Online Privacy Protection Act of 1998 (COPPA), as well as other applicable data privacy laws in the United States. In all cases, children should always check with their parents or guardians before entering information on any website. In order for a child to use our website, no personally identifiable information is collected from the child until verifiable parental consent (as defined by COPPA) is received from the child’s parent or guardian. We request you to carefully read this policy together with our Terms & Conditions. (Add hyperlink) 

2. Controller of your personal data 

Exodexa is the data controller of your personal data. We are committed to safeguarding your privacy and if you have any queries regarding your personal data, you can contact Ainsley Fagerström by mail at Four Embarcadero Center, Suite 1400, San Francisco, CA 94111, USA, by email at info@exodexa.com or by telephone at 628.242.0888.

3. What personal data do we collect? 

A. Registration Information

  • Personal data provided by the parent during account registration such as the parent’s full name, email, full address, payment information and phone number. 
  • Personal data of the learner after obtaining verifiable parental consent from the parent such as: full name of the learner, nickname (optional), email, (optional), date of birth, username, password and time zone. 

B. Information collected while facilitating communications with the user. 

C. Order and enrollment information when a subscription is purchased by the user from our website.

4. Why do we use your personal data?

We may use your personal data for a variety of business purposes which are set out below along with their respective lawful purpose. 

Why do we use your personal data?Lawful purpose
To conduct our business and provide you with our services and access to our website. Contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you).
To manage your account and subscriptions.Contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you).
To communicate with you and provide you with customer support services.Contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you).
To accept payments.Contract performance, legitimate interests (to ensure that payments are effectively managed). 
To inform you about updates and changes made to the website or relevant legal policies.Contract performance, legitimate interests (to enable us to perform our obligations and provide our services to you). 
To improve, maintain, personalize, and expand our website.Legitimate interests (to enable us to develop our business based on your feedback).
To understand and analyze how you use our website and for website development & research purposes (such as developing new services, features, and other relevant functionalities).Legitimate interests (to enable us to develop our business based on your feedback).
For marketing and promotional purposes (if you have chosen to receive such marketing updates and promotional offers)Based on your consent
For fraud prevention purposes.Legal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities). 
To enforce our terms and comply with legal or regulatory obligationsLegal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities). 

5. Cookies and similar technologies

  1. Our website uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the site. 
  2. When you access our website, cookies used by us and approved third parties are sent to your browser and stored on your device. These cookies are used to store information such as your preferences, and the pages on the website that the visitor accessed or visited. They also allow you to navigate between pages efficiently and generally improve your overall user experience. 
  3. A list of the categories of cookies used on this website is set out below: 
    1. Necessary Cookies

Necessary cookies help in making a website usable by enabling its basic functions such as page navigation and access to secure areas of the website. The website cannot function efficiently without such cookies.

  1. Statistics Cookies

Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

  1. Preference Cookies

Preference cookies enable a website to remember information, for example, your preferred language or the geographical region that you are located in. 

  1. Marketing Cookies

Marketing cookies are used to track visitors across websites. The intention is to display ads which are relevant for the user and thereby more valuable for publishers and third party advertisers.

  1. What if I don’t want cookies? 

You can choose to disable cookies through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers’ respective websites. 

  1. Do we use any tracking technologies similar to cookies?

Yes, our website may use web beacons, log files and tracking pixels. These technologies help us better understand users’ behaviour, tell us which parts of our websites people have visited, analyze trends, administer the site, as well as facilitate and analyze the effectiveness of advertisements and web searches. 

a. Web beacons: Web beacon is a technique used on web pages and email to unobtrusively (usually invisibly) check that a user has accessed some content on the website. Web beacons are typically used by third parties to monitor activity of users on a website for purposes such as web analytics or page tagging.

b. Log files: Our log files may log visitors when they visit our website. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information. 

c. Tracking Pixels: Our emails contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an email was opened by you, and which links in the email were called up by you. 

d. “Do not track signals”: Some web browsers have a “Do Not Track” feature that, when turned on, signals to websites the user visits that the user does not want to be tracked. Our website honors users’ Do Not Track requests. 

6. Who do we share your personal data with and why?

A. Third-party service providers: Companies who perform functions on our behalf such as course enrollment, order fulfillment, payment processing, marketing and promotions, website analytics and managing user communications etc. Our third-party service providers include: Google Analytics, Google Workspace, Google Ads, Oribi, Hotjar, Shopify, Stripe, Amazon Web Services, ActiveCampaign, Openli, Zapier, Stripo, Slack, Typeform, Pollfish, User Interviews and social media networks such as Meta, Twitter, Pinterest, Nextdoor, LinkedIn, Spotify and Gather Town. 

B. Third-party service providers, such as advertising networks, social networks, or video conferencing websites, that access, collect or maintain children’s personal information through our website or services. In case of any queries, their contact information has been provided below. 

  1. Google: https://about.google/contact-google/ 
  2. Gather: https://www.gather.town/contact 
  3. Oribi: privacy@oribi.io
  4. Hotjar: support@hotjar.com 
  5. Shopify: https://help.shopify.com/en/questions#/login 
  6. Stripe: https://stripe.com/ 
  7. Slack: privacy@slack.com  
  8. Amazon Web Services: https://aws.amazon.com/ 
  9. ActiveCampaign: help@activecampaign.com 
  10. Openli: hello@openli.com   
  11. Typeform: support@typeform.com 

C. We may disclose personal information if permitted or required by law, (for example, in response to a court order or a subpoena). To the extent permitted by applicable law, we also may disclose personal information collected from children (i) in response to a law enforcement or public agency’s request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our website; (iii) to protect the security or integrity of our website, and other technology, along with the technology of our service providers; or (iv) enable us to take precautions against any liabilities. 

7. Collection and use of non-personal information

We may also collect other types of information that have no direct or indirect connection with individuals (for example  statistical data, network monitoring data etc.). This information may not be defined as personal information. The purpose of our collection is to understand how you use our website and services and to continuously improve our services to better meet user needs based on such information. Since this type of information is not personal information, we will decide on how we collect, use, disclose and transfer such non-personal information. Only when such non-personal information is used in combination with other information to identify a specific natural person, or when it is used in combination with personal information, will this information be regarded as personal information. In this case, we will anonymize and de-identify this type of information, unless with your consent or otherwise according to laws and regulations. 

8. Third-party links

This website may contain links to other third-party websites and applications. These third-party websites and applications you visit are not owned or operated by us. You acknowledge that we are not responsible or liable for the content you access on such links, websites and applications. Furthermore, please be aware that these websites and applications, who have their own privacy policies, may collect information about you. We request you to review the privacy policies mentioned on their websites. Our privacy policy does not apply to such websites and applications. 

9. How do we protect your personal data?

No data transmission over the Internet or through websites can be guaranteed to be absolutely secure from intrusion. However, we take commercially reasonable steps to protect our users’ personal data from unauthorized access. We implement reasonable physical, administrative and technical measures to protect your personal information from unauthorized access, use and disclosure. We regularly review our security procedures to consider appropriate new technology and methods to safeguard your personal data. To ensure that your account details and password remain confidential, we request that you do not share this information with anyone. 

10. International access of personal data

Our servers are located in the US, and consequently, we may collect, process, store, share, and transfer your personal data in the US. We may share information with our service providers (that may be located in other countries) if necessary for them to perform a business, professional, or technology support function for us. Please note that your personal data may be also accessed by our staff or suppliers in a location outside the US. We will take steps to ensure that personal data that is accessed outside the US is safeguarded in accordance with this privacy policy. 

11. How long do we keep your personal data?

The retention period for your personal data is solely based on our legitimate interests and legal requirements. We will retain your personal data only for the purposes described in this policy and for as long as the account holders stay on our website. 

12. What are your rights?

A. In general, the following rights are likely available to you regardless of where you are located:

  1. The right to stop receiving marketing communications by following the procedure mentioned in Section 13(B).
  2. You have the right to access, update and correct factual inaccuracies in personally identifiable information that we collect online on our website, subject to certain exceptions. To do so, you should log into your account or you may contact us using the details provided in Section 2. To protect the privacy and the security of your personally identifiable information, we will take reasonable steps to verify your identity before granting access. 

B. Parents’ rights with respect to personal information collected from their child. 

Please note that our website and services do not require a child to disclose more information than is reasonably necessary to participate in an activity with the consent of the parent. 

Parents have the right to:

  1. Review the personal information collected about their child; 
  2. Revoke their consent and refuse the further use or collection of personal information from their child; 
  3. Get their child’s personal information deleted from our records; 
  4. Agree to the collection and use of their child’s information, but still not allow disclosure to third parties unless that’s part of the service.
  5. Parental Access Procedure: Parents/guardians of children under the age of 13 can connect to our trained personnel via a video call that allows them to review any personally identifiable information collected with their verifiable consent, about their child, have this information deleted, and/or request that there be no further collection or use of their child’s personally identifiable information. To do so, you may contact us using the details provided in Section 2. We will take steps to verify the identity of anyone requesting personally identifiable information about a child and to ensure that the person is the child’s parent or legal guardian. 

13. How can you change or review your technical preferences?

  1. Account information

When you sign up on our website as a user, an account is created for you. Please go to your Account Settings to change your account information. 

  1. Marketing communication preferences

If you currently receive marketing communications and promotional offers and wish to stop receiving such communications, you can do so by using the unsubscribe link at the bottom of any such email you receive. If the link isn’t available, you can reply to the email or send an email to support@exodexa.com and we will remove you from our mailing lists.

14. Updates to this Privacy Policy

We regularly review and, if required, update this privacy policy from time to time. We also encourage you to review the policy regularly to stay well informed. If changes made to this website are material, we will inform you promptly via email. Changes to this privacy policy are effective when they are posted on this page. If you have additional queries please contact us using the details provided in Section 2.