Privacy Policy

At Grom Social, Inc., we are dedicated to protecting your privacy and handling any personal information we obtain from you with care and respect. This Privacy Policy covers the use of information collected by Grom Social related to your use of our website www.gromsocial.com and our Grom mobile application.

To help ensure a rewarding experience for our visitors, we are providing you with this Privacy Policy that describes the information practices of the website and our Grom mobile app, including how we collect, use, and disclose personal information.

Although we acknowledge that no place is completely safe and no online safety measure will always work, we are committed to providing a fun, entertaining, and safe website and mobile application for our users. We are dedicated to safeguarding personal information collected on the website and the mobile app. We work hard to ensure that our Privacy Policy and our information practices adhere to the Federal Trade Commission's Children's Online Privacy Protection Act ("COPPA") and the General Data Protection Regulation (GDPR).

The Grom mobile app is designed specifically for users under the age of 16. All accounts under 16 years old will have the same permissions following COPPA and will be referred to in this document as Grom Account(s). We are dedicated to protecting their privacy and handling any personal information we obtain with care and respect. COPPA requires that we inform parents and legal guardians about how we collect, use, and disclose personal information from children under 13 years of age. COPPA also requires that we obtain the consent of parents and guardians of children under 13 years of age before allowing them to use certain features of our mobile app. Below, we explain how we do that for Grom Accounts. Also, when we use the term "parent" below, we mean to include legal guardians. The term “Parent Account” refers to the user of a legal guardian of a user under the age of 16. When we use the terms "personal information," "personally identifiable information," or "personal data," we mean individually identifiable information about an individual collected online.

Grom Social is very committed to helping youth learn about proper netiquette and how to protect their privacy. Parents can also monitor their linked Parent-Approved Grom Accounts activity on the Grom app by creating a Parent Account on the Grom app. The Parent Account will set the Grom Account's permissions to use the features of the Grom app, and allow the Parent Account to control all data submitted to our system from the linked Parent-Approved Grom Account. Should a parent see Grom Account content in any area of the app that they deem to be personally identifiable information (PII), they can request removal of the content by contacting us at support@gromsocial.com.

As required by the General Data Protection Regulation (GDPR), the following identifies the data controller and data protection officer.
Data Controller:
Grom Social Inc Data Protection Officer: Dan Putnam
Address: 2060 NW Boca Raton Blvd Suite 6
Boca Raton, FL 33431
Email: support@gromsocial.com.

The FAQ section on our website is updated periodically with common questions and information, but if you have questions or concerns regarding this Privacy Policy, please email us anytime at support@gromsocial.com.

2. THE INFORMATION WE COLLECT

There are two different methods of collecting data in the Grom mobile app. The first is data entered by the user, and the second is data that is automatically obtained public information made available by downloading and registering on the Grom mobile app.
Users under 16 years of age can register on the Grom app using their birthdate, and create a safe username and password. Once registered these users will have limited access to features in the Grom app. Each user under the age of 16 is required to provide verifiable parental consent. Verifiable parental consent is submitted by the parent using the secure video approval method where the parent and child record a video together and submit. Our trained staff will approve or deny the video submission if it meets the requirements.

Automatically collected data

Internet Protocol (IP) Address - is a number identifier associated with your computer/ device. We only use an IP address to verify your host or network interface and location by country of origin.

Requested information from Grom Account user to create a Grom account:

Username (required): Provide a username that does not resemble their real name or any personal information. Users under the age of 16 years old may also choose from Safe username suggestions provided.
Birthdate (required): A birthdate is required to validate users are under the age of 16.

Requested information from the Parent to create a Parent Account:

Parent email address (required): The parent email address is used to contact parents about any policy changes, reset forgotten parent passwords, and provide us with verification of support requests pertaining to their linked Grom Accounts.
Full Name (required): Provide the first and last name associated with your account. This information is only for your linked Grom Accounts and will not be seen by the public.
Birthdate (required): A birthdate is required by COPPA to verify the age of a parent and not a child under 13 years of age. This is stored to guard parent account access.
Password (required): This is an alphanumeric password with special characters created by the user to access their Grom Parent Account.

Technology/ APl's
‍We do not collect, keep, or share any data used by technologies such as ARCore, ARkit,
Photo, and Camera APls, or any other software aimed at depth image and face recognition, like the TrueDepth API of iOS devices.

Our Use of Apple's TrueDepth Technology
‍We use TrueDepth API technology in our apps to project character masks and filters on users' faces in real-time. In order to use such technology, it is necessary to access the apps through a supported device and allow them camera access. The camera video images and feed as well as the depth data obtained from TrueDepth API are used only to use app features. None of the user's face data is shared with third parties, saved remotely, or used for purposes other than the use of the app.

3. DATA SECURITY PRACTICES

Grom Social collects as little personal information as possible about your child. The limited personal information we collect is kept behind firewall and SSL encryption. We follow data security practices to ensure this data is secure with a safety infrastructure in place.

Guidelines for Administration and IT teams

Each staff user/moderator/employee with access is background checked and signs a confidentiality agreement before obtaining their required access.
Each user shall be identified by a unique user ID so that individuals can be held accountable for their actions.
The use of shared identities is permitted only where they are suitable, such as training accounts or service accounts.
Each user shall read this data security policy and the logon and logoff guidelines, and sign a statement that they understand the conditions of access.
Records of user access may be used to provide evidence for security incident investigations.
Access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their tasks.

Network Access
All employees and contractors shall be given network access per business access control procedures and the least-privilege principle.
Segregation of networks shall be implemented as recommended by the company’s network security research. Network administrators shall group information services, users, and information systems as appropriate

Staff User Responsibilities

All staff users must lock their screens whenever they leave their desks to reduce the risk of unauthorized access.
All staff users must keep their workplace clear of any sensitive or confidential information when they leave.
All staff users must keep their passwords confidential and not share them.

Application and Information Access
All company staff and contractors shall be granted access to the data and applications required for their job roles. All company staff and contractors shall access sensitive data and systems only if there is a business need to do so and they have approval from higher management. Sensitive systems shall be physically or logically isolated to restrict access to authorized personnel only.

Access to Confidential, Restricted information
Access to data classified as 'Confidential' or 'Restricted' shall be limited to authorized persons whose job responsibilities require it, as determined by the Data Security Policy or higher management. The responsibility to implement access restrictions lies with the IT Security department.

4. THE REGISTRATION PROCESS

Once the initial sign-up process is completed by the user under 16 years old, the user is granted access to their Grom account with limited access. A Grom Parent account must be created to grant the user under 16 years old parental permission to use all the features in the Grom app. Grom Parent accounts are created by clicking on the ''I'm A Parent" button on the first screen in the app, or at any parental block screen within the user’s Grom Account, displayed when the user under 16 years old attempts to access features in the Grom app that require parental approval. The Parent will have the ability to delete their linked Grom Accounts either through the Parent Monitoring experience or by going to a specific linked Grom Account’s “Info & Settings” page. Non-Parent-Approved Grom members have limited access to app features as noted below, and can be deleted from the account’s “Info & Settings” page.

During the registration process, we will collect and store certain information from users as described in this Privacy Policy. We only directly collect PII submitted by Grom Parent accounts. PII is kept private and is not shared publicly or with third parties except as described in this Privacy Policy.

5. ACCOUNT TYPES

There are three Grom Account types on the Grom App for users under the age of 16 and one account type for parent/guardian users. Depending on whether you have a parent account linked to your account and/or verifiable parental consent, each account type has specific limitations to access within the app. Below are the descriptions of each account type.

Grom Guest Account
‍This is a user under the age of 16 who downloads the app and registers as a Grom Account with a username and password. Grom Guest users can create their Gromatar character and decorate their profile. They will not be allowed to enter any data, see user content, or interact with any Grom users or data. When Grom Guest users try to access these features, they will be prompted with a parental block screen where parents can register a Grom Parent account to grant permission for their child.

Non-Parent-Approved Grom Account
‍A Non-Parent-Approved Grom is a user under the age of 16 whose Grom Account is connected to a Grom Parent Account, but the parent approval process using our secure video approval method has not been completed by the parent and approved by our administration staff. The Non-Parent-Approved Grom features will remain limited the same as a Grom Guest Account explained above.

Parent-Approved Grom Account
‍A Parent-Approved Grom Account is an account that is parent-approved and has access to all
app features that have been permitted by a parent. Using a Grom Parent Account created in the account registration process, the parent/guardian can choose to approve a linkedNon-Parent-Approved Grom Account to become a Parent-Approved Grom and are required to activate and/or approve their linked Grom Account by verifiable parental consent. As required and approved by the Federal Trade Commission's Children’s Online Privacy Protection Act ("COPPA") parents may provide verifiable parental consent using the secure video approval method for parent approval. Approval is only required by a parent, for each linked Grom Account connected to the parent account.

Parent Accounts
‍Parents can sign up independently to their Grom Account by registering on the Grom App. Parent Accounts are designed for parents to be linked to Grom Accounts, and provide the verifiable parental consent for the linked Grom Accounts. Parent Accounts can monitor and control all linked Parent-Approved Grom Accounts.

6. FEATURE LIST

Create a 3D Gromatar
‍Users can create a 3D character that serves as their online persona in GROM.

Use the Custom Camera
Users can utilize the custom camera to create augmented reality videos with filters, stickers, text, and more!

Follow Users
Users can follow other users and have users follow them. This lets users see all the public/private friend video posts that their friends post.

Accept User Follow Request
Users can request to follow your Parent-Approved Grom Account, and your linked Parent-Approved Grom Account has the option to accept or deny their request.

Add Comments
Users can type comments on any public content that allows comments.

Share Content
All the video posts in the app can be shared through Direct Message/ Chat within the app. No sharing to other platforms is available to users within the Grom App.

Record Public Video Post
Users can record videos from their phones for 60 seconds and save them for the public or solely for their friends to view.

Record Private Video Post
Users can record videos from their phone for 60 seconds and save them but these videos will not be viewable by any other users. For non-parent approved users these will be saved to their device data and not be sent to our database.

Save Video Drafts
Users can save videos that were recorded to be posted at a later time or date.

Add Description to Video Post
Users can add a description to their video post.

Direct Message/ Chat with Users
Users can participate in Direct Messages/ Chats with other Grom Account Users.

(The Grom app uses facial tracking technology including ARkit to capture users' AR Gromatar Selfie to be used as their avatar and hide their real identity. The app also uses this technology to connect AR face filters for use in our camera feature, and another way for kids to hide their personal identity. We do not store any facial data on users, or collect any PlI/ with this technology.)

7. GROM MEMBER INFORMATION

Unsolicited Information Shared by Child Users
‍There is limited personal information we collect from Parent Accounts and Grom Accounts on sign-up as explained above in this policy. We will not solicit information from a user other than as described above. If a Grom Account has not been approved for full access to the Grom App because a parent has not completed the consent and approval process, the Grom Account will be unable to participate in activities that allow for user-generated content.

User-Generated Content
When a Parent-Approved Grom Account engages in some of our user-generated online activities, including Comments, or Video Posts with descriptions, they may share information that could be considered child-user-generated personally identifiable information (PII). While there is no foolproof system to control child-user-generated PII, in addition to our AI video filtering service monitoring all user-generated content on the Grom app 24/7, we have live moderators that actively review all content and video approvals during active posting hours. These live moderators can address video posts before making them publicly available on the app and delete comments immediately should they be determined to contain child user PII. However, you should be aware that any PII your child provides in comments may be read, collected, or used by other members who access them. The user-generated features within the Grom Social App are direct messaging, comments, and posting a 60-second video with a description.

General Collection of Non-Personal Information
We collect information through technology to make our mobile app more interesting and useful to you and for various purposes related to our business. For instance, when you come to our app, we collect your IP address. An IP address is associated with the access point through which you access the Internet, and it is typically controlled by your Internet Service Provider (ISP). Standing alone, your IP address is not personally identifiable information (PII). We may use IP addresses to collect information regarding the frequency and geographic location from which our guests visit various parts of our mobile app.

Persistent Identifiers
The Grom app collects information through a variety of technical methods. We may use the information collected through these technical methods for many purposes, including delivering content based on popular or trending interests and tracking user sessions for internal operations to measure user engagement within the app, identify features used most, and create new features or improve app performance and user experience.

Website Analytics
Our website gromsocial.com uses Google Analytics which allows us to understand how you interact with our website. These insights allow us to improve content and build better features that enhance your experience. These cookies track limited data points for traﬃc analysis. Data collected from users on our website includes the number of users, session statistics, approximate geolocation, and browser and device information as listed below in section 9 third-party disclosures.

8. THIRD-PARTY DISCLOSURES

The Grom app uses some third-party services in our application. However NO personal information is shared with any third parties, they do collect anonymous data to track the usage of their services. The third parties that collect this information are listed in the table below.

Third-Party Name

Description

Link to Privacy Policy

Data Shared

DeepAR Camera SDK

AR Camera SDK allows users to record videos using AR masks.

• Application ID running the SDK,
• Device screen resolution,
• Device OS version,
• Random generated seed number,
• Date of accessing DeepAR SDK features.

https://www.deepar.ai/privacy

Img.ly Video Editor

Video editor SDK allows users to edit their recorded videos.

Anonymous number of video exports made by the Video Editor SDK during a month.

https://img.ly/privacy-policy

The Grom website (gromsocial.com) is a promotional and informational tool about the Grom app. No user-generated content or data is submitted. We utilize Google Analytics for traffic analysis.

Third-Party Name

Description

Link to Privacy Policy

Data Shared

analytics.Google.com

Website traffic analytic tool, for monitoring traffic specifically on the Grom website.

• Number of users
• Session statistics
• Approximate geolocation
• Browser and device information

https://policies.google.com/privacy?hl=en

9. YOUR CALIFORNIA PRIVACY RIGHTS

If you have questions or concerns about our third-party disclosure policy.
Please contact us by mail, email, or phone.
‍
Email: support@gromsocial.com
‍
Mail: Member Services Grom Social Enterprises
2060 NW Boca Raton Blvd. Suite 6
Boca Raton FL 33431

Call: 1.844.704.4766

10. PARENT ACCOUNTS AND ACCESS TO INFORMATION

At any time, parents can access the information collected on their child by creating their Grom Parent account and linking to their child's Grom Account. With a Grom Parent account, you will be able to see all your connected Grom Account information that has been saved to their Grom Account profile as public or private. As a Grom Parent, you will be able to see all public info posted by other Grom users in the app. As a parent you can monitor your child's chat messages, allowing you as the parent to see the full message between your linked Parent-Approved Grom Account and another Parent-Approved Grom Account. This is the only area where parents can see info considered not public, from another Grom Account not linked to their parent account. This also works for other Parent Accounts seeing your linked Parent-Approved Grom Account’s full chat message with their linked Parent-Approved Grom Account.

Per COPPA, please contact Grom Social at support@gromsocial.com if you would like to access the PII that we have collected from you or users under 16 years old, correct any errors, request to have this information deleted, or request that we no longer collect, use, or maintain the PII collected from users under 16 years old. Please be sure to send requests from the parent email address provided when creating your Grom Parent account and include the username of the linked Grom Account. To protect you and users under 16 years old privacy and security, we will take reasonable steps to help verify your identity before granting you access to the PII that we collect and maintain about you or your child.

Grom Accounts with no Grom Parent will only have a birthdate, fictitious username, IP, and password data saved for that user no other PII or data will be collected from these users.Grom Accounts without a parent linked can be deleted from the Grom Account settings. This will remove any stored data on our servers associated with the Grom Account.Parent-linked Grom Accounts can be deleted by the parent or the Grom Account user.

11. DATA RETENTION

We will retain all user information described above, for as long as the user's account is active or as needed to provide services. We will retain and use the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Parents have the right to delete their Grom Parent Account and linked Grom accounts in the app or by request to support@gromsocial.com or other listed contact methods.

13. PUSH NOTIFICATIONS

Grom Accounts may receive push notifications relating to activities on the Grom App on the user’s mobile device. Push notifications are off by default. After the Parent Account provides verifiable parental consent for the Grom Account, then the Parent Account will have the option to turn on push notifications for that Grom Account. Push Notifications may be deactivated at any time by changing the notification settings in the Grom Account’s profile settings or on the user's mobile device settings.

14. CONTACT GROM SOCIAL

If you have questions or wish to send us comments about this Privacy Policy, please contact Grom Social:

Email: support@gromsocial.com

Mail: Member Services Grom Social Enterprises
2060 NW Boca Raton Blvd. Suite 6
Boca Raton FL 33431

Call: 1.844.704.4766

15. EFFECTIVE DATE AND PRIVACY POLICY CHANGES

The Privacy Policy set out above is effective as of July 8, 2024, and it applies to all information previously obtained by Grom Social. We reserve the right to change the Privacy Policy at our sole discretion. Grom Social users will be informed of any such change by notifying users of the new Privacy Policy on the app. The effective date of any change to the Privacy Policy will be clearly marked. As required by law, we will not use personally identifiable information (PII) in ways that are materially different from the ones described in this Privacy Policy without also providing notification of such practices and obtaining consent to any such different uses. If we make material changes to this policy, we will notify you by email of the change becoming effective. If we make material changes to how we use personal information collected from users under 16 years of age, we will notify parents by email in order to obtain verifiable parental consent for the new uses of the user's PII.

16. A FINAL NOTE TO PARENTS

The Internet offers a world of opportunity for children. Your guidance and involvement are essential to help ensure that children have a safe and rewarding online experience. We encourage you to stay involved in and informed about what your child is doing online or on a mobile app. Your efforts to instill responsible information practices will help steer your children to age-appropriate websites or mobile apps and will go a long way toward ensuring that your children have enriching experiences online or on social media apps. Violations of the terms within this Privacy Policy may be reported to the Palm Beach County Sheriff's Office in Florida, USA. Finally, please be aware that we are not a 24-hour helpline, and we are not trained health professionals. If you are looking for crisis hotlines, refer to The American Psychological Association for a list of hotlines available for help.