Glimmer Platform Privacy Policy

1. Information We Collect

When you use the Glimmer Platform, we may collect information in the following categories:

A. Student and Classroom Information

Information may be entered by teachers or administrators, or directly provided by students as part of their learning experience. This may include:

• Student names or identifiers (first name, last initial, or ID number)
• Grade level and classroom enrollment
• Learning progress, work submissions, and in-platform responses (from students)
• Reflections, goals, interests, or other self-reported inputs (from students)
• Teacher feedback and notes on assignments or performance

B. Educator Information

Information used to manage accounts and communication, such as:

• Name, role, and school email address
• Teaching preferences or instructional content created on the Platform

C. Technical Information

Automatically collected, non-personal data used to maintain the Platform, such as:

• Browser type, device type, and IP address
• Login timestamps and usage analytics

Glimmer does not collect financial or unrelated personal data.

2. How We Use Information

We use collected information solely to:

• Provide and improve Glimmer's educational tools and insights
• Support teaching, learning, and student goal-setting
• Maintain and secure the Platform
• Communicate about service updates or technical issues

We do not sell personal data, use it for targeted advertising, or share it for marketing purposes.

3. Data Security

We maintain industry-standard administrative, technical, and physical safeguards to protect information from unauthorized access, disclosure, or destruction. This includes:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and authentication
• Regular security monitoring and vulnerability testing
• Employee confidentiality training

4. FERPA Compliance

Glimmer complies with the Family Educational Rights and Privacy Act (FERPA) to protect the privacy of student education records and personally identifiable information (PII). We handle all data on behalf of schools and educators solely for educational purposes and never disclose student information without authorization or consent as permitted under FERPA.

5. COPPA Compliance

In compliance with the Children's Online Privacy Protection Rule (COPPA):

Because Glimmer limits the use of personal information collected from users under the age of 13 ("Child" or "Children") to the educational context authorized by a school or educator, by signing up for Glimmer on behalf of a school or classroom, the educator represents that this authorization is based on verified parental consent to disclose data under COPPA for each Child registered within the Platform.

With the noted exception above, Glimmer does not knowingly collect personally identifiable information from anyone under the age of 13. However, we may unknowingly collect and retain information about Children on our servers if such data is submitted by users over the age of 13. For example, if a teacher uploads class materials containing a student's name and age, this information may be stored as part of that content.

If you believe that we have inadvertently collected information from a child without proper authorization, please contact us at support@learnwithglimmer.com, and we will delete the data promptly.

6. Data Breach Response

In the event of an unauthorized release, disclosure, or acquisition of personal or student data that compromises its security, confidentiality, or integrity, Glimmer will:

• Notify affected users and/or partner schools within 24 hours of confirming the incident, unless law enforcement requests a delay.
• Provide available details including the nature of the incident, the types of information involved, the estimated date of occurrence, and steps taken to address it.
• Comply with all applicable federal and state laws regarding breach notification and mitigation.
• Maintain a written Incident Response Plan consistent with industry standards and provide a summary upon request.

7. Data Retention and Deletion

We retain information only as long as needed to provide educational services or as required by law. Upon request from a school or user, Glimmer will permanently delete or return personal or student data within 30 days.

8. AI Model Processing

Glimmer may use AI model providers (e.g., OpenAI OpCo) as a data processor to generate educational insights, recommendations, or feedback.

For AI processing, direct identifiers (such as names and emails) are decoupled from the data payload before it is sent to any AI model. While the content itself (e.g., a handwriting sample) is processed to generate feedback, the data is never used to train models and is deleted after a 30-day period, during which the data may be accessed solely for purposes of abuse monitoring and platform security, and not for the development, improvement, marketing, or operation of services or for any other secondary purpose.

9. Children's Privacy

Students cannot independently create Glimmer accounts. Educators manage all access for minors, and parents or guardians may request access to or deletion of their child's data by contacting us directly.

10. Updates to This Policy

We may update this Privacy Policy periodically to reflect product or legal changes. The "Last Updated" date will always indicate the current version, and we will notify users of any significant updates.

11. Contact

Glimmer Labs, Inc.
New York, NY
support@learnwithglimmer.com