Privacy Policy
Last Updated: May 1 2025.
LeapYear Education Incorporated (“LeapYear,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals who use our EMBRS Learning platform, including EMBRS Math, EMBRS Reading, and Decodable Me (collectively, the “Service”). This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal information when schools or school districts (“Institutions”) subscribe to our Service and their authorized teacher users (“Authorized Users”) access and use the Service.
This Privacy Policy should be read in conjunction with our Terms and Conditions.
1. Our Role: Data Controller and Data Processor a. For personal information collected directly from Authorized Users (e.g., teacher account registration information), LeapYear acts as the “data controller.” b. For student personal information (e.g., names, achievement data) inputted into the Service by Authorized Users on behalf of an Institution, LeapYear acts as a “data processor” (or “service provider”). The Institution is the data controller for this student personal information and directs LeapYear to process it according to its instructions and for the purpose of providing the Service.
2. Information We Collect a. Information Provided by Authorized Users (Teachers): When an Authorized User creates an account or interacts with the Service, we may collect personal information such as: * Full name * Email address * School affiliation * Any other information an Authorized User voluntarily provides. b. Student Personal Information (Processed on Behalf of Institutions): Authorized Users may input limited personal information about their students into the Service solely for educational purposes. This may include: * Student names * Student achievement data LeapYear does not directly collect student email addresses, birthdates, or other sensitive personal information from students. Students do not create their own accounts. c. Automatically Collected Information: When Authorized Users (or students interacting with the Service under an Authorized User’s supervision) use the Service, we automatically collect certain information, including: * Log Data: IP addresses, browser type, operating system, device information, pages visited, time spent on pages, and other usage statistics. * Cookies and Similar Technologies: We use essential cookies, performance/analytics cookies, and functionality/preference cookies. We do not use targeting or advertising cookies. Cookies help us operate and improve the Service, understand usage, and remember user preferences. You can manage cookie preferences through your browser settings.
3. How We Use Information We use the information we collect and process for the following purposes: a. To provide, maintain, and improve the Service. b. To personalize the experience for Authorized Users. c. To communicate with Authorized Users about their accounts, service updates, and support requests. d. For security purposes, including preventing and detecting fraud or unauthorized access. e. To generate aggregated and anonymized analytics reports for Institutions about the use of the Service. f. To comply with legal obligations and enforce our Terms and Conditions. g. Student personal information is used solely to provide the Service to the Institution and for educational purposes as directed by the Institution.
4. Legal Basis for Processing (for Teacher Personal Information) Our legal basis for collecting and using the personal information of Authorized Users (for which we are the data controller) includes: a. Consent: Where you have provided consent for specific processing. b. Contractual Necessity: To perform our contractual obligations to provide the Service to the Institution. c. Legitimate Interests: For our legitimate interests, such as improving the Service, security, and customer support, provided these interests are not overridden by your data protection rights.
5. Data Sharing and Disclosure We do not sell personal information. We may share personal information in the following circumstances: a. With Third-Party Service Providers: We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as: * Cloud hosting providers (e.g., Google Cloud. Data may be stored include locations in Canada or the United States. If requested, LeapYear may accommodate a district’s preference upon request. * Data analytics providers. * Email service providers (for communications with Authorized Users). * Customer support systems. These third parties are authorized to use personal information only as necessary to provide these services to us and are contractually obligated to protect its confidentiality. b. With the Subscribing Institution: Information related to an Institution’s account, including aggregated usage reports and student personal information inputted by its Authorized Users, is accessible to authorized personnel from that Institution. c. For Legal Reasons: We may disclose personal information if we believe in good faith that disclosure is necessary to: (i) comply with a legal obligation, subpoena, or court order; (ii) protect and defend our rights or property; (iii) prevent or investigate possible wrongdoing in connection with the Service; (iv) protect the personal safety of users of the Service or the public; or (v) protect against legal liability. d. Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction, subject to standard confidentiality arrangements.
6. Data Retention We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. a. Student Personal Information: Student academic data inputted by Authorized Users is generally deleted or anonymized annually after the end of the relevant school year, unless otherwise required by the subscribing Institution for ongoing educational purposes, agreed upon in the Service Agreement, or for legal or compliance reasons. Institutions may have their own retention policies for student data. b. Authorized User (Teacher) Account Information: Personal information of Authorized Users is retained for as long as their account is active with the subscribing Institution and for a reasonable period thereafter as necessary for administrative, legal, or security purposes.
7. Data Security LeapYear takes reasonable administrative, technical, and physical security measures to protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to, encryption of data in transit (e.g., HTTPS) and at rest where feasible, access controls, staff training on data privacy and security, and incident response plans. We leverage the robust security infrastructure of our cloud hosting provider, Google Cloud. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
8. Your Rights and Choices a. Authorized Users (Teachers): Subject to applicable law, Authorized Users may have the right to access, correct, update, or request deletion of their personal information. You can exercise these rights by contacting us at hello@embrslearning.com. b. Institutions (Regarding Student Data): Institutions are responsible for managing student personal information, including requests for access, correction, or deletion from parents or eligible students. LeapYear will assist Institutions in responding to such requests for data stored on our platform, as required by our contractual agreements and applicable law. Institutions can submit such requests to hello@embrslearning.com. c. Managing Cookies: Most web browsers allow you to control cookies through their settings preferences.
9. Children’s Privacy a. The Service is designed for use by K-12 Institutions and their Authorized Users. Students use the Service under the direction and supervision of their Institution and Authorized Users. b. No Direct Collection from Children: LeapYear does not knowingly collect personal information directly from children under the age of 13 (or the relevant age of consent in their jurisdiction) without the consent and direction of their school. Students do not create their own accounts. c. School Responsibility for Consent: The Institution is responsible for obtaining any necessary parental consents required under applicable laws (such as COPPA in the U.S. and PIPEDA in Canada) for students to use the Service and for student personal information to be inputted by Authorized Users. LeapYear relies on this “school consent” when processing student data. d. Service Provider Role (COPPA & FERPA): LeapYear acts as a service provider to Institutions. For U.S. Institutions, LeapYear’s practices are designed to be consistent with COPPA’s requirements for school service providers and FERPA, under which LeapYear acts as a “school official” with legitimate educational interests, processing student data solely for the educational purposes instructed by the Institution. Student personal information is not used by LeapYear for targeted advertising or to build profiles for commercial purposes not related to the provision of the Service.
10. International Data Transfers Personal information we collect may be stored and processed by us and our third-party service providers in Canada, the United States, or other countries where our servers or service providers are located. These countries may have data protection laws that are different from the laws of your country. We will take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy and applicable law.
11. Changes to This Privacy Policy We may update this Privacy Policy from time to time. We will notify Institutions of any material changes by posting the new Privacy Policy on our platform, through a notification upon login, or by email to the Institution’s designated contact. We encourage you to review this Privacy Policy periodically for any changes.
12. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
EMBRS Learning
2967 Dundas St. W. #1252
Toronto, ON M6P 1Z2
OR
EMBRS Learning
12448 Flatlands Ave
Unit #A1099
Brooklyn, NY 11239
Email: hello@embrslearning.com