Rhithm, Inc Privacy Policy

Effective as of February 11, 2022

Rhithm, Inc. (“Rhithm”, “we”, “us”, or “our”) develops research-based social emotional learning  and wellness products designed for use in classrooms, healthcare settings, and at home. This Privacy Policy describes our practices regarding information we collect through our  websites, including https://rhithm.app/ and any other interactive features or services owned or  controlled by Rhithm that post a link to this Privacy Policy (each, a “Service” and collectively,  the “Services”), as well as any information we collect offline and combine in our databases.  Certain features discussed in this Privacy Policy may not be offered on each Service at any  particular time. Note that we may combine the information we collect from you through all of  our Services to use information gathered to better inform families and health professionals  about a child’s states of being. 

Note about Children: As required by applicable law and our Terms of Service, children under  the age of 13 in the U.S. (and a higher age if required by the applicable law in another country)  may only use our Services with the express prior consent of a parent or legal guardian, unless  they are doing so with the consent of a teacher, school, or district who is providing such  consent in compliance with COPPA and/or the child is being provided access to our Services by  an education institution that has an active contract with Rhithm, wherein the education  institution acknowledges that Rhithm is a “school official” under FERPA. If you are a Teacher,  School Administrator, or District Administrator you must obtain all necessary parental consents  before allowing students to use the Services. If we learn that Personal Information of a child has  been collected on our Services without prior parental consent, then we will take appropriate  steps to delete this information. If you are a parent or guardian (“Parent”) and discover that  your child under the age of 13 (or a higher age if required by applicable law) has a registered  account with our Services without your consent, please contact your child’s school and contact  Rhithm to request that we delete that child’s personal information from our systems. 

For more information about how Rhithm treats information collected about children please  review the “How does Rhithm protect children’s information?” section of this Privacy Policy.

1. What is this policy? 

WE FULLY DESCRIBE OUR PRIVACY PRACTICES BELOW IN THIS PRIVACY POLICY. THIS SUMMARY  PROVIDES AN OVERVIEW OF SOME IMPORTANT INFORMATION REGARDING OUR USE AND  SHARING OF YOUR INFORMATION. PLEASE READ THE ENTIRE PRIVACY POLICY VERY  CAREFULLY. BY USING ANY SERVICE, YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY IN ITS  ENTIRETY. 

Information Sharing: 

Remember that if you create a Profile (as defined below) or share Personal Information with  other users on the Services, your information may be visible to others. However, student data  will only be visible to their teachers and appropriate school and district administrators. Note  that we do not share your Personal Information with third parties for their marketing purposes;  however, we may share your Personal Information under certain limited circumstances. For 

more details, please review the section below entitled “Will Rhithm share any of the  information it collects?” 

Third-Part Content, Links to Other Sites, and Rhithm Content Found Outside of the Services We work with service providers to provide us with information regarding traffic on the Services,  including the frequency of use and the actions users take when visiting the Services and to  provide us with information regarding the use of the Services. We may work with hosting  providers to host our application and learning management systems that provide us with  directory information for the purposes of rostering the application. Certain content provided  through the Services may be hosted and served by third parties. In addition, the Services may link to third  party websites or content over which Rhithm has no control and which are governed by the privacy  policies and business practices of those third parties, though Rhithm will assess any third party  relationships we have as it relates to their Data Collection Practices, Advertising to Students,  Data Security, etc and ensure they are in alignment with our internal practices. Click here to  access a list of all third parties we work with. If you have questions regarding our use of third  parties please contact our Data Governance Officer and CEO at data-governance@rhithm.app or at 940-268-1029, or write to us at 100 W. Oak St #G-106, Denton, TX 76201. For more  information about data we receive from third parties, please refer to “Third Party Services and  Information Third Parties Provide About You” below. 

2. What information does Rhithm collect? 

Information Shared With Us 

1) Registration and Other Information You Provide 

The Services may collect “Personal Information” (which is information that can reasonably be  used alone or in combination with other reasonably available information, to identify or contact  a specific individual). Personal Information includes, but is not limited to, student data,  metadata, and user content. This may include a name, email address, student ID, password,  assessment data or usage information. Any information combined with Personal Information  will be treated as Personal Information. 

2) Your Account 

Your Account Page: Note that students do not create accounts; however, certain student  information is collected through the school or school district as described below: 

Student Information Collected (Minimum required fields for rostering the Rhithm App™): First name 

  • Last name 
  • School and Classroom enrollment 
  • Unique identifier (including email address, Classlink SourcedID or CleverID) Student Information Collected (optionally shared by school or district and used to enrich data  to facilitate deeper reporting and data analysis by school and/or district leaders) Demographic information (optional)

Student Information we Collect as part of the Service 

  • Student assessment data 
  • Rhithm’s emoji-based check in data reflects users’ subjective reports of their  current mental, emotional, energy, physical, and social states. The check-in  provides space for students to enter custom comments which may be viewed by  their teachers and administrators.  

Teacher Information Collected (Minimum required fields for rostering the Rhithm App™): First name 

  • Last name 
  • Email Address 
  • Classroom Enrollments 
  • School and District 
  • Unique identifier (including email address, Classlink SourcedID or CleverID) Teacher Information we Collect as part of the Service: 
  • Teacher assessment data 
  • Rhithm’s emoji-based check in data reflects users’ subjective reports of their  current mental, emotional, energy, physical, and social states. The check-in  provides space for students to enter custom comments which may be viewed by  their administrators. 

School Administrators (Minimum required fields for providing access to the Rhithm App™): First name 

  • Last name 
  • Email address 
  • School and District 
  • Unique identifier (including email address, Classlink SourcedID or CleverID) Administrator Information we Collect as part of the Service: 
  • Administrator assessment data 
  • Rhithm’s emoji-based check in data reflects users’ subjective reports of their  current mental, emotional, energy, physical, and social states. The check-in  provides space for students to enter custom comments which may be viewed by  their district administrators. 

District Administrators (Minimum required fields for providing access to the Rhithm App™): First name 

  • Last name 
  • Email address 
  • District 

District Administrator Information we Collect as part of the Service: 

  • District Administrator assessment data 
  • Rhithm’s emoji-based check in data reflects users’ subjective reports of their  current mental, emotional, energy, physical, and social states. The check-in  provides space for students to enter custom comments. 

3) Third Party Services and Information Third Parties Provide About You The Services may permit interactions between the Services and a third-party feature or  service. These third parties may provide us with information about you. Similarly, if you 

publicly post information on a third-party platform, such as a social media site, that references  Rhithm or one of the Services, your post may be published on our Services in accordance with  that third party’s terms. These features may collect your IP address or other unique identifier,  

which page you are visiting on our website, and may set a cookie to enable the third-party  feature to function properly for the sole purpose of providing our services. When you use a  third-party feature through the Services, the third party may also have access to information  about you and your use of our Services. Your interactions with third-party links and features are  governed by the privacy policies of the third parties. 

You may access our Services through a third party platform that provides a school with access  to our Services. If you access the Services through a third party, your data may be on their  servers and is subject to their privacy policies. 

The information we collect is subject to this Privacy Policy. The information collected and stored  by the third party remains subject to the third party’s privacy practices, including whether the  third party continues to share information with us, the types of information shared, and your  choices with regard to what is visible to others on that third party website and service. The  third party may allow you to remove the application or feature, in which case we will no longer  collect information about you through the application or feature, but we may retain the  information previously collected in compliance with all applicable laws. 

Information We Collect Automatically 

Like other websites and online services, we and our analytics providers, vendors and other  third-party service providers may automatically collect certain “Usage Information” whenever  you access and use the Services. For example, we may collect information regarding how often  a user accesses certain features. 

Usage Information may include the browser and operating system you are using, the URL that  referred you to our Services (if applicable), the search terms you entered into a search engine  that lead you to our Services (if applicable), all of the areas within our Services that you visit,  and the time of day you used the Services, among other information. We may use Usage  Information for a variety of purposes, including to select appropriate content to display to you  and to enhance or otherwise improve the Services and our products. 

In addition, we automatically collect your IP address or other unique identifier (“Device  Identifier”) for any computer, mobile phone or other device (any, a “Device”) you may use to  access the Services. A Device Identifier is a number that is automatically assigned to your  Device used to access a Service, and our servers identify your Device by its Device Identifier.  Some mobile service providers may also provide us or our third-party service providers with  information regarding the physical location of the Device used to access a Service, internet  service provider (ISP), date and time of your visit, browser language, browser type, referring  and exit pages and URLs, amount of time spent on particular pages, which parts of our Services  you use, which links you click, search terms, operating system, traffic and related statistics,  keywords, and/or other general browsing or usage data. Usage Information is generally non-

identifying, but if we associate it with you as a specific and identifiable person, we treat it as  Personal Information. Usage Information is collected via tracking technologies: 

Cookies 

Like many other websites and apps, we use “cookies” (a small file sent to your computer by a  website or device to allow the website or app to store information which uniquely identifies  you) or other similar software to collect data in order to assist our users and provide them with  a more personal experience visits in our Website or apps. For example, cookies help our  systems recognize you if you return to our Services shortly after exiting them. You can always  disable cookies at your browser or device’s settings, but please note that if you do so, some (or all) of the features and functionality of our Services may not be available to you. 

How We Respond To Do Not Track Signals: 

Please note that your browser setting may allow you to automatically transmit a “Do Not Track”  (DNT) signal to websites and online service you visit. DNT is a privacy preference that users can  set in certain web browsers to inform websites and services that they do not want certain  information about their webpage visits collected over time and across websites or online  services. However, we do not recognize or respond to browser-initiated DNT signals, as the  internet industry is still working to determine what DNT means, how to comply with DNT, and  how to create a common approach to responding to DNT. To find out more about “Do Not  Track”, please visit http://www.allaboutdnt.com. 

3. How does Rhithm protect children’s information 

Protecting the privacy of young children is especially important to Rhithm. For that reason, we  created certain features designed to help protect Personal Information relating to children who  are less than 13 years of age or older if required by applicable law (“Child Users”). Rhithm does not knowingly permit Child Users to use our Services without prior, express  consent from a parent or legal guardian, except through agreements with schools or districts or  as otherwise permitted under the Children’s Online Privacy Protection Rule (COPPA) and the  Family Educational Rights and Privacy Act (FERPA). If we learn that Personal Information of a  Child User has been collected on our Services without prior parental consent, then we will take  appropriate steps to delete this information. If you are a parent or guardian (“Parent”) and  discover that your child under the age of 13 (or a higher age if required by applicable law) has a  registered account with our Services without your consent, please contact your child’s school  and contact Rhithm to request that we delete that child’s personal information from our  systems. 

How does a child use the Services? 

Child Users cannot access or use the Services without first receiving a prompt from their school.  Rhithm obligates districts, schools, and teachers (or other authorized individuals) to first execute a customer agreement and/or obtain any necessary parental consents before  permitting children to access or use the Services. 

What children’s information is visible to others? 

No student’s profile is made available or visible to the public through Rhithm. If a teacher 

utilizes certain features on a device in the classroom, other students may be able to view  information that is displayed by the teacher in the classroom, but students cannot view each  other’s individual student profiles. Information from a child’s assessments may be shared with  health professionals with parental consent. 

Parents: 

To review your Child User’s data you must request the information from your child’s teacher or  school. 

A Note about FERPA: 

Certain records collected or maintained by Rhithm are subject to FERPA. FERPA provides  parents (or students if over the age of 18) with certain rights with regard to those records. For  more information on those rights and other important information about FERPA, please see  Rhithm’s FERPA Policy.

4. How does Rhithm use the information it collects? 

We may use information about you, including Personal Information, the information you  provide in your Profile, User Content, and Usage Information for the following purposes: 

  1. To provide the Services. We use your personal information to verify your registration,  allow you to participate in features we offer, contact you regarding the Services, and to  allow other users to contact you. We will never contact a student directly. 
  2. To operate the websites. Your personal information may be used to tailor content,  recommendations and offers we display to you, both on the Services and elsewhere  online, as well as to maintain or improve our Services. 
  3. To send marketing communications. Anyone may sign up to receive communications  from us regarding new or existing offerings or other materials that may be of  interest. Recipients who have opted-in to such communications may unsubscribe at any  time by clicking on the unsubscribe link in any email. Children under the age of 18 are  prohibited from signing up for these communications and we will unsubscribe any  person under the age of 18 that we become aware of signing up to receive these  communications. 
  4. To create anonymous data for analytics. We may make information anonymous by  excluding information that makes it personally identifiable to you, and use that  anonymous data for our lawful business purposes. 
  5. For compliance, fraud prevention, and safety. We use your personal information as we  believe is necessary or appropriate to (a) enforce our terms and conditions; (b) protect  our rights, privacy, safety or property, and that of you or others; and (c) protect,  investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal  activity. 
  6. To comply with law. We use your personal information as we believe necessary or  appropriate to comply with applicable laws, lawful requests, and legal process, such as  to respond to subpoenas or requests from government authorities.
  7. With your consent. In some cases, we may ask for your consent to collect, use, or share  your personal information, such as when required by law or agreements with third  parties. 

Please note that information submitted on the Services via a “Contact Us” or other similar  function may not receive a response. We will not use the information provided via these  functions to contact you for marketing purposes unrelated to your request unless you agree  otherwise. 

5. Will Rhithm share any of the information it collects? 

Rhithm does not share your Personal Information with third parties for their marketing  purposes in compliance with all applicable laws. Rhithm may share non-Personal Information,  such as aggregate or de-identified user statistics, demographic information and Usage  Information with third parties. 

We also may share your Personal Information with third parties with your consent (if  permissible under applicable law), as disclosed at the time you provide us with information, and  as described below or otherwise in this Privacy Policy: 

  1. Service Providers: We will share your Personal Information with third parties to provide  services to us or you in connection with the Services, but subject to confidentiality  obligations, which limit their use and disclosure of such information. For example, we  may provide certain Personal Information, such as teacher contact information, to  companies that provide services to help us with our business activities, sending our  emails, or offering customer service. We will not share any user’s assessment data  without first obtaining the appropriate consents. We do not receive credit card  information (full numbers or last four digits) because payments are made via wire  transfer or other reasonable means for school accounts. 
  2. Administrative, Legal Reasons & Academic Integrity Investigations: We may also disclose  your information, including Personal Information, in response to a subpoena, court  order, or when otherwise required by law; in response to bankruptcy proceedings; to  defend our rights; in response to a request from law enforcement; to provide  information to a claimed owner of intellectual property who claims that content you  have provided to us infringes on their rights; upon request of or as otherwise authorized  by an academic institution connected to an investigation into academic integrity; to  protect and/or defend any applicable Terms of Service or other policies applicable to the  Services; or to protect the personal safety, rights, property or security of any  organization or individual. We may also use Device Identifiers, including IP addresses, to identify users, and may do so in cooperation with copyright owners, Internet service  providers, wireless service providers or law enforcement agencies in our discretion.  These disclosures may be carried out without your consent or without notice to you. 
  3. Business Transitions: Rhithm may share Personal Information with its parent,  subsidiaries and affiliates, and investors primarily for business and operational purposes  so long as any recipient agrees to comply with this Privacy Policy and applicable law with  regard to such Personal Information. In the event that Rhithm goes through a business  transition, such as a merger, acquisition by another company, or sale of all or a portion 

of its assets, bankruptcy, or other corporate change, including, without limitation,  during the course of any due diligence process, your information, including Personal  Information, will likely be among the assets transferred. You will be notified via email  and/or a prominent notice on Services of any completed change in ownership or uses of  your Personal Information, as well as any choices you may have regarding your Personal  Information. This Privacy Policy will become binding upon the new owner of the  information until amended. We will provide you with notice of an acquisition within  thirty (30) days following the completion of such a transaction, by posting on our  homepage and by email to your email address that you provided to us. If you do not  consent to the use of your personal information by such a successor company, subject  to applicable law, you may request its deletion from the company. In the unlikely event  that Rhithm goes out of business, or files for bankruptcy, we will protect your personal  information, and will not sell it to any third-party. 

  1. Testimonials: We may display personal testimonials of satisfied adult users on our  Services in addition to other endorsements. With your consent, we may post your  testimonial along with your name. If you wish to update or delete your testimonial, you  can contact us?

6. How does Rhithm work with third parties?

No Third-Party Advertising 

Rhithm will never use any student data to advertise or market to students or their parents. We  will not mine student data for any purposes other than those agreed to by the parties. Data  mining or scanning of user content for the purpose of advertising or marketing to students or  their parents is prohibited. 

Third-Party Providers 

We work with service providers to provide us with information regarding traffic on the Services,  including the features used when visiting the Services and to provide us with information  regarding the use of the Services. 

Third-Party Content, Links to Other Sites, and Rhithm Content Found Outside of the Services Certain content provided through the Services may be hosted and served by third parties. In  addition, the Services may link to third party websites or content over which Rhithm has no  control and which are governed by the privacy policies and business practices of those third  parties, though Rhithm will assess any third party relationships we have as it relates to their  Data Collection Practices, Advertising to Students, Data Security, etc and ensure they are in  alignment with our internal practices. 

Please also note that Rhithm content may be included on web pages and websites that are not  associated with us and over which we have no control. These third parties may independently  collect data. Rhithm is not responsible or liable for the privacy practices or business practices of  any third party. 

For more information about data we receive from third parties, please refer to “Third Party  Services, and Information Third Parties Provide About You” above.

7. What happens if I access Rhithm’s services through a mobile device? 

If you use the Services through a mobile device, you agree that Rhithm may store and use that 

information for security purposes (for example, for user verification or authentication and to  ensure that our APIs are being used appropriately).

8. How does Rhithm protect and store my information? 

Rhithm takes data security very seriously. Rhithm takes commercially reasonable technical,  physical, and administrative security measures designed to protect the Personal Information  submitted to us, both during transmission and upon receipt, and at rest. Such measures vary  depending on the sensitivity of the information at issue. Measures taken to protect your data  include the following: 

  • We periodically review our information collection, storage and processing practices,  including physical security measures, to guard against unauthorized access to systems. We continually develop and implement features to keep your personal information safe  – for example, all traffic to and from our application is over secure, encrypted protocols  (SSL/TLS). 
  • We ensure passwords are stored securely using encryption and salted one-way hashing. Administrators are knowledgeable of security practices and harden the infrastructure  with necessary patches. 

Please note that no method of transmission over the Internet, or method of electronic storage,  is completely secure. Therefore, while we strive to use commercially reasonable means to  protect your Personal Information, we cannot guarantee its absolute security. 

How will Rhithm handle a data breach or security incident? 

In the event that Rhithm becomes aware of a data breach impacting your Personal Information,  we will provide notification in compliance with all applicable laws. For example, we may post a  notice on our homepage or elsewhere on the Service, and may email you at the email address  you have provided to us. Depending on where you live, you may have a legal right to receive  notice of a security breach in writing. 

Rhithm has procedures in place that are designed to stop threats that may expose personally  identifiable information, restore Services to full functionality, and document and take proactive  steps to ensure the incident cannot be repeated. Rhithm will also preserve necessary evidence  for investigation by security professionals and law enforcement as appropriate. In the unlikely  event of an unauthorized disclosure of records, Rhithm will follow its internal procedures,  which articulates how to report the problem to internal and external stakeholders. The  notification process includes any information that can identify which customers and students  may have been impacted, the data that may have been accessed, Rhithm’s process to inform  affected customers, and steps to prevent the incident from happening again as appropriate. 

In the unlikely event of an unauthorized disclosure of Data, Rhithm has implemented a process  for responding to incidents and notifying affected individuals and, if applicable, law  enforcement personnel. If you have any questions about security on our Services, you can  contact us at support@rhithm.app.

9. How can I opt-out of sharing, providing, or receiving certain information? Providing Personal Information: You can always decline to share personal information with us, 

or even block all cookies. However, it is important to remember that many of Rhithm’s features  may not be accessible, or may not function properly – for example, we may not be able to remember your language preferences for you. 

Email Communication: You can opt-out of receiving further communications by clicking the  unsubscribe button at the bottom of an email. Rhithm may continue to send you Service related emails, as we believe necessary to provide the Services. Rhithm will never email  students.

10. How can I access and manage my personal information? 

You may be able to review the information you provided to us on a Service and make any  desired changes to the information, or to the settings for your account on that Service, by  logging in to your account for that Service and editing or deleting the information. Note that  certain accounts may have limitations regarding the ability to delete information. Even after  information is deleted, we may maintain it in backup or archive form unless you request  permanent deletion or the account is terminated.

11. What communications will I receive from Rhithm and how do I limit them? Rhithm may post notices on the homepage. 

Rhithm may send adult users information by email. You may choose to stop receiving certain  emails from Rhithm by using the unsubscribe button at the bottom of the Rhithm email.  However, we reserve the right to send you information on our behalf and on behalf of third  parties in connection with providing the Services. If you no longer want to receive information  from us, you will need to close your account for that Service.

12. How do I close my account? 

If you use an account through your school or school district and you wish to close your account  with one of our Services, please contact your school or school district and at their direction we  will remove your Personal Information and Profile, if applicable, from the active databases for  the Service(s) you request through your school or school district. Please let your school or  school district know which Service(s) you wish to close.

13. How long does Rhithm keep my information? 

We keep personal information until it is deleted, or until we no longer need it to provide you  with the Service. We will not retain student personal information for any longer than is  necessary for educational purposes and legal obligations, or to provide the Service for which we  receive or collect the student personal information. In addition, we only keep student personal  information for as long as the student’s account is active, unless we are required by law or the  student’s school to retain it, or need it to protect the safety of our users. Note that some  content may be kept after an account is deleted for school legal compliance reasons (e.g.  maintenance of “education records” under FERPA or “student records” under various state  student privacy laws). 

You understand and agree that Rhithm may continue to have Personal Information in archive  files or similar databases. You further agree that Rhithm has no obligation to delete aggregated 

or de-identified information. Rhithm may retain and use aggregated and de-identified  information for any purpose consistent with laws and regulations. 

Even if your account is closed, information may remain in backup or archive records and we  may retain certain data relevant to preventing fraud or future abuse or for legitimate business  purposes, such as analysis of aggregated, non-personally-identifiable or de-identified data,  account recovery or if required by law. All retained data will continue to be subject to the  applicable privacy policy for the Service.

14. How will Rhithm notify me of changes to this policy? 

We may revise our Privacy Policy from time to time. You can see when the last update was by  looking at the “Last Updated” date at the top of this page. If we make any significant changes,  we’ll provide prominent notice by posting a notice on the Service or the Rhithm Website and  notify you by email (using the email address you provided), so you can review and make sure  you know about them. 

We encourage you to review this Privacy Policy from time to time, to stay informed about our  collection, use, and disclosure of personal information through the Service and Rhithm  Website. If you don’t agree with any changes to the Privacy Policy, you may terminate your  account. By continuing to use the Service or the Rhithm Website after the revised Privacy Policy  has become effective, you acknowledge that you accept and agree to the current version of the  Privacy Policy.

15. What if I do not live in the U.S.? 

The Services are not currently intended for users outside the United States. If you are located  outside of the United States, please be aware that the Services are operated in the United  States and any information we collect will be transferred to and processed in the United States.  By using the Services, or providing us with any information, you fully understand and  unambiguously consent to this transfer, processing and storage of your information in the  United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in  the country where you reside and/or are a citizen.

16. How can I contact Rhithm? 

If you have questions or comments about this Privacy Policy, please contact our Data  Governance Officer and CEO via email at data-governance@rhithm.app or by mail at: PO Box 77256 

Fort Worth, TX 76177

Schedule Your Demo
(For Prospective Customers)
Schedule your Training
(For Existing Customers)

© Copyright Rhithm, Inc. 2021