Privacy Policy

GROM LOGO

All members of Grom Social agree to these Rules of Conduct when posting content in the Grom Social Mobile App.

1. Overview

At Grom Social, Inc., we are dedicated to protecting your privacy and handling any personal information we obtain from you with care and respect. This Privacy Policy covers the use of information collected by Grom Social related to your use of our website www.gromsocial.com and our mobile Grom Social applications.

To help ensure a rewarding experience for our visitors, we are providing you with this Privacy Policy that describes the information practices of the website and our mobile Grom Social App, including how we collect, use, and disclose personal information.

Although we acknowledge that no place is completely safe and no online safety measure will work all of the time, we are committed to providing a fun, entertaining, and safe website and mobile application for our users. We are dedicated to safeguarding personal information collected on the website and the mobile app. We work hard to ensure that our Privacy Policy and our information practices adhere to the Federal Trade Commission’s Children’s Online Privacy Protection Act (“COPPA”) and the General Data Protection Regulation (GDPR).

Grom Social is designed specifically for children under the age of 16. We are dedicated to protecting their privacy and handling any personal information we obtain with care and respect. COPPA requires that we inform parents and legal guardians about how we collect, use, and disclose personal information from children under 16 years of age. COPPA also requires that we obtain the consent of parents and guardians of children under 16 years of age prior to allowing them to use certain features of our website and mobile app. Below, we explain how we do that for these children. Also, when we use the term “parent” below, we mean to include legal guardians. When we use the terms “personal information,” “personally identifiable information,” or “personal data,” we mean information that can specifically identify you or your child.

Grom Social is very committed to helping kids learn about proper netiquette and how to protect their privacy. Parents also have the ability to monitor their child’s activity on Grom Social by creating a parent account on the Grom Social app. The Grom Parent account will set the children’s permissions to use the features of the Grom Social app, and allow the parent to control all data submitted to our system about their child. Should a parent see child-generated content in any area of the app that they deem to be personally identifiable information (PII), they can request removal of the content by contacting us at support@gromsocial.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

As required by General Data Protection Regulation (GDPR), the following identifies the data controller and data protection officer.
Data Controller: Grom Social Inc
Data Protection Officer: Dan Putnam
Address: 2060 NW Boca Raton Blvd Suite 6 Boca Raton, FL 33431
Email: support@gromsocial.com

The FAQ section on our website is updated periodically with common questions and information, but if you have questions or concerns regarding this Privacy Policy, please email us anytime at support@gromsocial.com. To learn more about COPPA, you may consult this simple, one-page informational guide from the kidSAFE Seal Program www.kidsafeseal.com/knowaboutcoppa.html

2. THE INFORMATION WE COLLECT

There are two different methods of collecting data in the Grom Social App. The first is data entered by the user, and the second is data that is automatically obtained public information made available by visiting our website and/or downloading our mobile app.

Children must be registered members to access certain areas of the Grom Social Mobile App.

Automatically collected data

(1) Internet Protocol (IP) Address – this is a number identifier associated with your computer/device. We use this to verify your host or network interface and location by country origin only.

Requested information from child to create a Grom account:
(1) Username (required): Providing a username that does not resemble their real name or any personal information. Safe username suggestions are provided for children if they choose.
(2) Birthdate (required): A birthdate is required to ensure kids are under the age of 16.


Requested information from Parent to create parent account:
(1) Parent email address (required): The parent email address is used to contact parents about any policy changes, resetting forgotten parent passwords and provides us verification of support requests pertaining to their child's Grom account.(2) Full Name (required): Providing first and last name to associate with your account. This will not be seen to the public, only by your childrens’ Grom account.
(3) Birthdate (required): A birthdate is required by COPPA to verify the age is of a parent and not a child under 13 years of age. This is stored to guard parent account access.
(4) Password (required): This is an alphanumeric password with special characters created by the user to access their Grom Parent account.

Technology / API’s
We do not collect, keep, or share any data used by technologies such as ARCore, ARkit, Photo and Camera APIs, or any other software aimed at depth image and face recognition, like the TrueDepth API of iOS devices. 

Our Use of Apple’s TrueDepth technology 
We use TrueDepth API technology in our apps to project character masks and filters on users’ faces in real time. In order to use such technology, it is necessary to access the apps through a supported device and allow them camera access.The camera video images and feed as well as the depth data obtained from TrueDepth API are used only for the purpose of using app features. None of the user's face data is shared with third parties, saved remotely, or used for purposes other than the use of the app.

3.DATA SECURITY PRACTICES

Grom Social operates with collecting as little personal information as possible about your child. Even though we only collect limited personal information this information is kept behind firewall and SSL encryption. With this safety infrastructure in place, we still follow data security practices to make sure this data is secure.

Guidelines for Administration and IT teams
Each user/employee with access is background checked and signs a confidentiality agreement before obtaining their required access.
Each user shall be identified by a unique user ID so that individuals can be held accountable for their actions.
The use of shared identities is permitted only where they are suitable, such as training accounts or service accounts.
Each user shall read this data security policy and the logon and logoff guidelines, and sign a statement that they understand the conditions of access.
Records of user access may be used to provide evidence for security incident investigations.
Access shall be granted based on the principle of least privilege, which means that each program and user will be granted the fewest privileges necessary to complete their tasks.

Network Access

All employees and contractors shall be given network access in accordance with business access control procedures and the least-privilege principle.
Segregation of networks shall be implemented as recommended by the company's network security research. Network administrators shall group together information services, users and information systems as appropriate

User Responsibilities
a. All users must lock their screens whenever they leave their desks to reduce the risk of unauthorized access.
b. All users must keep their workplace clear of any sensitive or confidential information when they leave.
c. All users must keep their passwords confidential and not share them.

Application and Information Access
a. All company staff and contractors shall be granted access to the data and applications required for their job roles.
All company staff and contractors shall access sensitive data and systems only if there is a business need to do so and they have approval from higher management.
Sensitive systems shall be physically or logically isolated in order to restrict access to authorized personnel only.

Access to Confidential, Restricted information
Access to data classified as ‘Confidential’ or ‘Restricted’ shall be limited to authorized persons whose job responsibilities require it, as determined by the Data Security Policy or higher management.
The responsibility to implement access restrictions lies with the IT Security department.

4. THE REGISTRATION PROCESS

Once the initial sign up process is completed by the child, the child is granted access to their Grom account with limited access. A Grom Parent account must be created to grant the child parental permission to use all the features in the Grom app. Grom Parent accounts are created by clicking on the “I’m A Parent” button on the first screen in the app, or at any parental block screen within the child’s Grom Social account, displayed when the child attempts to access features that require parental approval. The Parent will have the ability to delete their child’s account by email, once an email address is supplied through the Grom Parent account and verified. If a parent email is supplied but not verified it will only live on our system for 14 days without verification. Non-Parent-Approved Grom members have limited access to app features as noted below.

During the registration process, we will collect and store certain information from you and your child. As described in this Privacy Policy, we only directly collect PII submitted by Grom Parent accounts. PII is kept private and is not shared publicly or with third parties except as described in this Privacy Policy.

5. ACCOUNT TYPES

There are THREE account types on Grom Social App. Depending on your age and verifiable parental consent, each account type has specific limitations to access within the app. Below are the descriptions of each account type.
Grom Guest
This is a user who downloads the app and registers as a child with username and password. Grom Guest users will be allowed to watch feed content and will not be allowed to enter any data or interact with any Grom users or data. When Grom Guest users try to access these features, they will be prompted with a parental block screen where parents can register a Grom Parent account to grant permission for their child.
Non-Parent-Approved Grom
A Non-Parent-Approved Grom is a child under the age of 16 who’s Grom account is connected to a Grom Parent account, but the parent approval process using our secure video approval method has not been completed by the parent and approved by our administration staff. The Non-Parent-Approved Grom features will remain limited the same as a Grom Guest account explained above.
Parent-Approved Grom (Child)
A Parent-Approved Grom Child account is an account that is Parent approved and has access to all app features that have been permitted by a parent. Using a Grom Parent account created in the account registration process, the parent/guardian can choose to approve a child to become a Parent-Approved Grom, and are required to activate and/or approve their child’s account by verifiable parental consent. As required and approved by the Federal Trade Commission’s Children’s Online Privacy Protection Act (“COPPA”) parents may provide verifiable parental consent using the secure video approval method for parent approval. Approval is only required by a parent, for each child Grom accounts connected to the parent account.

6. FEATURE LIST

Features:

Create a 3D Gromatar

Users can create a 3D character that serves as their online persona in GROM.

Use the Custom Camera

Users can utilize the custom camera to create augmented reality videos with filters, stickers, text, and more!.

Follow Users

Users can follow other users and have users follow them. This lets users see all the public/private friend video posts that their friends post.

Accept User Follow Request

Users can request to follow your child, and your child has the option to accept or deny their request.

Like Content

Users can show they like something they find in the app by liking it.

Add Comments

Users can type comments on any public content that allows comments.

Share Content

All the video posts in the app can be shared through Direct Message / Chat.

Record Public Video Post

Users can record videos from their phone for 60 seconds and save them for the public or solely their friends to view.

Record Private Video Post

Users can record videos from their phone for 60 seconds and save them but these videos will not be viewable by any other users. For non-parent approved users these will save to their device data and not be sent to our database.

Save Video Drafts

Users can save videos that were recorded to be posted at a later time or date.

Add Description to Video Post

Users can add a description to their video post.

Direct Message / Chat with Users

Users can participate in Direct Message / Chats with other Grom Users.

(The Grom app uses facial tracking technology including ARkit to capture users' AR Gromatar Selfie to be used as their avatar and hide their real identity. The app also uses this technology to connect AR face filters for use in our camera feature, and another way for kids to hide their personal identity. We do not store any facial data on users, or collect any PII with this technology.)

7. SUBSCRIPTIONS

Note: there are currently no subscriptions included in the GROM app as of the release date.

There are two forms of subscriptions, Grom Subscription and Parent Subscription. Each type of subscription is a monthly auto-renewed payment to continue to receive the subscription services. Both forms of subscriptions are managed by the Grom Parent account.

Grom Subscriptions - removes all advertisements for the child Grom users. One Grom subscription will work for all Grom’s connected to the parent with a completed account set up.

Grom Subscription is an auto-renewed payment of .99¢ per month per user to remove all advertisements in the app for that user. This is available to both IOS and Android users.

8. GROM MEMBER INFORMATION

Unsolicited Information Shared by Child Users

There is limited personal information we collect from parents and children on sign up as explained above in this policy.We will not solicit information from a child other than described above. If a child has not been approved for full access to the Grom Social App because his or her parent has not completed the consent and approval process, the child will be unable to participate in activities that allow for user-generated content.

User-Generated Content

When a Grom Social Member engages in some of our user-generated online activities, including Comments, or Video Posts with descriptions, they may share information that could be considered child-user-generated personally identifiable information (PII). While there is no foolproof system to control child-user-generated PII, Grom Social helpers are monitoring the website 24/7 and are able to address and delete posts and photos immediately should they be determined to contain child user PII. However, you should be aware that any PII your child provides in these areas may be read, collected, or used by other members who access them. The user-generated features within the Grom Social App are: direct messaging, comments, and posting a 60-second video with a description.

Additional Information Shared by Child Users

Invite a Friend: Grom Social’s “Invite a Friend” program allows a Grom Social Member to refer a friend to Grom Social via their username. Child members who have not yet been approved by a parent do not have access to the “Invite a Friend” feature.

General Collection of Non-Personal Information

We collect information through technology to make our mobile app more interesting and useful to you and for various purposes related to our business. For instance, when you come to our app, we collect your IP address. An IP address is associated with the access point through which you access the Internet, and it is typically controlled by your Internet Service Provider (ISP). Standing alone, your IP address is not personally identifiable information. We may use IP addresses to collect information regarding the frequency with and geographic location from which our guests visit various parts of our mobile app.

Cookies

Our mobile app collects information through a variety of technical methods, including but not necessarily limited to cookies. Cookies are pieces of information that a mobile app sends to your computer while you are viewing the website. We use cookies to make it easier for you to navigate our app, to store passwords so that you don’t have to enter them more than once, and to track and target the interests of our users to enhance the experience on our app. We also may use technical methods to analyze the traffic patterns on our app, such as the frequency with which our users visit various parts of our app.

We may use the information collected through these technical methods for many purposes, including delivering content, tracking, and enhancing our users’ experience on our mobile app. We do not link the information we store in cookies to any personally identifiable information you or your child submit while on our mobile app.

In HTML emails that we send our users, we may use technical methods for a number of purposes, including to determine whether our users have opened or forwarded those emails and/or clicked-on links in those emails, to customize the display of banner advertisements and other messages after a user has closed the email, and to determine whether a guest has made an inquiry or purchase in response to a particular email. These technical methods may enable us to collect and use information in a form that is personally identifiable information.

9. ADVERTISING

There is no current advertising in the Grom app. We reserve the right to include advertising at a later date, only if it is safe for kids, and does not track any personal information for delivering ads. 

10. PARENT ACCOUNTS AND ACCESS TO INFORMATION

At any time, parents can access the information collected on their child by creating their Grom Parent account and connecting to their child’s Grom Social Account. With a Grom Parent account you will be able to see all your child’s information that has been saved to their Grom Account profile as public or private. As a Grom Parent you will be able to see all public info posted by other Grom users in the app. As a parent you can monitor your child’s chat messages, allowing you as the parent to see the full message between your child and another child. This is the only area where parents can see info from another child that is not considered public. This also works for other parents seeing your child’s full chat message with a child they are parents of.

In accordance with COPPA, please contact Grom Social at support@gromsocial.com if you would like to access the personally identifiable information that we have collected from you or your child, correct factual errors in such information, request to have this information deleted, or request that we no longer collect, use, or maintain the personal information collected from your child. Grom Accounts with no Grom Parent will only have a fictitious username and password data saved for that user no PII will be collected from these users. Please be sure to send removal requests from the parent email address provided when creating your Grom Parent account and include your child’s username. To protect you and your child’s privacy and security, we will take reasonable steps to help verify your identity before granting you access to the personal information that we collect and maintain about you or your child.

11. DATA RETENTION

We will retain your or your child’s information for as long as your child’s account is active or as needed to provide services. We will retain and use the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Parents have the right to approve or delete their child’s accounts. They may also request their child’s information or provide their child’s name, Grom Name, and email address in order to create the account. Parents may request to delete their child’s account by emailing us at support@gromsocial.com. Please include the child’s username and parent email address.

12. PROMOTIONAL COMMUNICATIONS

By following the unsubscribe instructions in the emails you receive, you may opt out of receiving promotional emails. If you choose to opt out of promotional emails, you may still receive emails about your account, subscription, and membership activity.

13. PUSH NOTIFICATIONS

Your child may receive push notifications relating to activities on the Grom Social App on your child’s mobile device after parent authorization is granted.. Push Notifications may be deactivated at any time by changing the notification settings in your child’s Grom Social profile settings or on your child’s mobile device settings.

14. CONTACT GROM SOCIAL

If you have questions or wish to send us comments about this Privacy Policy, please send an email to Grom Social at support@gromsocial.com or write us at:

Attn: Member Services Grom Social Enterprises
2060 NW Boca Raton Blvd. Suite 6
Boca Raton FL 33431

Please be assured that any personal information that you provide in communications to the above email and postal mail addresses may be used to send you promotional materials, unless you request otherwise.

15. EFFECTIVE DATE AND PRIVACY POLICY CHANGES

The Privacy Policy set out above is effective as of October 8, 2021, and it applies to all information previously obtained by Grom Social. We reserve the right to change the Privacy Policy at our sole discretion. Grom Social users will be informed of any such change by notifying users of the new Privacy Policy on the app. The effective date of any change of the Privacy Policy will be clearly marked. As required by law, we will not use personally identifiable information in ways that are materially different from the ones described in this Privacy Policy without also providing notification of such practices and obtaining consent to any such different uses. If we make material changes to this policy, we will notify you by email to the change becoming effective. If we make material changes to how we use personal information collected from children under 13, we will notify parents by email in order to obtain verifiable parental consent for the new uses of the child’s personal information.

16. A FINAL NOTE TO PARENTS

The Internet offers a world of opportunity for children. Your guidance and involvement are essential to help ensure that children have a safe and rewarding online experience. We encourage you to stay involved in and informed about what your child is doing online or on a mobile app. Your efforts to instill responsible information practices will help steer your children to age-appropriate websites or mobile apps and will go a long way toward ensuring that your children have enriching experiences online or on social media apps. Violations of the terms within this Privacy Policy may be reported to the Palm Beach County Sheriff’s Office in Florida, USA. Finally, please be aware that we are not a 24-hour helpline, and we are not trained health professionals. Grom Social may refer users to crisis hotlines.