MirrorTalk Privacy

Privacy

Swivl, Inc. Privacy Policy effective Oct 31, 2024

Last Updated: Oct 31, 2024

Privacy Policy Overview

This policy, including any applicable Subscription Agreement (collectively, the “Privacy Policy”), tells you how Swivl (“Swivl”, “we” or “us”) uses personal information collected through Mirror Services.

Swivl is a Privacy Pledge Signatory and works to safeguard student privacy regarding the collection, maintenance, and use of student personal information.

This site is a service intended for users in educational settings with policies aimed to protect children and student data. The policies are separate and unique from our website Swivl.com. The main purpose of Swivl.com is marketing. It is not intended for use or by users in educational settings and thus does not gather student data. When you click on a link from Mirror Service to one of our other sites, you are going to a separate site and your use will be governed by the terms of that site and no longer be governed by the terms of this site. Please refer to the posted policies of each site for more information.

Please read this Privacy Policy before using the site or submitting any personal information. By using the site, you are accepting the practices described in this Privacy Policy.

We may revise and update this Privacy Policy from time to time. We will provide notice and require consent for any material changes to this policy before using.

Summary of updates Oct 31, 2024

Organized information into separate sections for data collection, usage, and sharing, and added a dedicated compliance section for Google API Services User Data Policy. See previous policy for reference.

Use of Cookies/Do Not Track
How we Collect, Use and Disclose Non-Personal Information
What Personal Information We Collect
- Personal Information
- Non-Personal Information
How We Use Your Information
How We Share Your Information
Google API Services User Data Policy Compliance
Google OAuth (Google LLC)
Sign in with Apple (Apple Inc.)
How We Use and Disclose Personal Information
Compliance with FERPA and COPPA
Children’s Privacy
Retention of Data and Authorized Data Processors
How To Access and Control Your Information
Other Situations That Require Sharing Data
Information for Residents of the European Economic Area or Switzerland and outside the USA
Information for California Residents
Contact Us

Additional Resources:

Use of Cookies/Do Not Track

Mirror Services uses cookies to store users’ preferences and to record session information, for purposes of managing and improving the service. We do not link the information we store in cookies to any personal information you submit while on our site. You may be able to configure your browser to accept or reject all or some cookies, or notify you when a cookie is set, so check the “Help” menu of your browser to learn how to change your cookie preferences. We do not respond to “do-not-track” signals or other mechanisms that allow users to signal their preferences on the collection of their personal information over time and across third-party web sites or online services.

To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our service.

How we Collect, Use and Disclose Non-Personal Information

For each visitor to our website, we collect non-personally-identifiable information including IP address, profile information, aggregate user data, preferences, technical session information, browser type (“non-personal information”). If you arrived at our website via a link from another webpage, we also may receive aggregate or otherwise anonymous statistical information about your visit to our site. We also use information collected from cookies and other anonymous identifiers to improve your user experience and the quality of our services. If you give us personal information, we may remove the identifiers and aggregate it, in which case it also becomes non-personal information. We will not use non-personal information for any reason other than the purpose for which it was collected or authorized for use. We may use or share aggregate non-personal information for any reason.

What Personal Information We Collect

Personal Information

For the purposes of this Policy, “personal information” is any information that identifies or can be used to contact a particular individual. The types of personal information we may receive through the Services are determined by our users and, as such, are not under our control. The personal information we receive includes the following categories.

Contact information – first name, last name, email address, position, institution.

When you register for our Services, you may provide personal information such as your name, email address. Additionally, when you connect with Google, we access your Google account information, including your name, email address, and profile picture URL.

User Account and web portal information – user account or web portal username and log-in password, user audio/video files, transcription files, and transaction histories, and other information that we may request or that you may provide relating to your account. Video/audio files might contain personal information of the user.

Communications information – copies of communications and inquiries you have submitted to us, including through email, calls, and features available on our website.

We also may collect and store personal information about other people that you provide to us. If you use our website to send others information that may interest them or messages through our system, we may store your personal information, and the personal information of each such recipient. Similarly, if you use our website to share and/or distribute content (including videos, transcripts, comments or other submissions), and such content contains personal information about others, such information may be stored in order to allow for such uploading, sharing and/or distribution.

Non-Personal Information

You should know that we may collect and aggregate personally identifiable information from Mirror Service and may anonymize that information for our own research or internal purposes. Once such data has been anonymized, it cannot be traced back to you, in which case it is no longer considered “personal information”.

If you give us personal information, we may remove the identifiers and aggregate it, in which case it also becomes non-personal information. We will not use non-personal information for any reason other than the purpose for which it was collected or authorized for use. We may use or share aggregate non-personal information for any reason.

Device and Usage Information: We collect details about how and when you use our website and Services, including information about the device you use to connect to our website or software, your IP address, usage frequency and duration of your usage, pages viewed, referring websites or search terms, and information about your interaction with our website and software.

How We Use Your Information

We only use or process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized for use. We may use personal information we collect to provide the service or transaction you requested, and importantly, to maintain and improve the services we provide, including for example by providing you with a better user experience when accessing our services. We may use your personal information to respond to your requests. Our use of information other than for the purpose of completing a requested transaction or service is on an opt-in basis. This means that you will not receive communications from us regarding, for example, specials, new products or new services, unless you have given us affirmative permission to receive such communications.

Google User Data: Your Google user data (name, email address, and picture URL) is not shared with third parties, except as necessary to provide our services (e.g., account authentication and verification). Mirror Service’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We will not share any of your user data that can be used to personally identify you with third-party platforms integrated with Mirror Services in compliance with applicable data protection laws and regulations.

Aggregated or Anonymized Data: We may share aggregated or anonymized data with third parties for research or analytics, to the extent permitted by applicable law. This data will not personally identify individual users.

Google API Services User Data Policy Compliance

Mirror Service’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. For more details, please refer to the Google API Services User Data Policy.

Google OAuth (Google LLC)

While using our Mirror Services, you may be asked to grant authorization and share your data to Google OAuth (“Google OAuth”).

Sign in with Apple (Apple Inc.)

Sign in with Apple is a registration and authentication service provided by Apple Inc. In cases where users are required to provide their email address, Sign in with Apple may generate a private relay address on behalf of users that automatically forwards messages to their verified personal email account – therefore shielding their actual email address from the Owner.

How We Use and Disclose Personal Information

When the information we collect about you is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or share it with third parties, to the extent permitted by applicable law.

Compliance with FERPA and COPPA

Swivl complies with FERPA and COPPA when applicable to us. When FERPA applies, we act as a “school official” to our educational institution customers. As such, we are under the direct control of the educational institution and use students’ personal information only to provide our services to the educational institution. To the extent COPPA applies, the educational institution is responsible for providing us with any necessary consent on behalf of students’ parents or guardians to permit the use of Mirror by students.

Children’s Privacy

Pursuant to COPPA, this section of the privacy policy is intended to inform parents, guardians, and educators about Swivl’s practices for collecting, using, and disclosing personal information from children under the age of thirteen.

Children under the age of thirteen (for U.S. users) and sixteen (for non-U.S. users) can use the Mirror services with consent from a parent or legal guardian. An educator can also provide consent and assume responsibility for obtaining the appropriate parental consent. Swivl does not knowingly accept, collect, maintain or use any information from any child under the age of thirteen (for U.S. users) or sixteen (for non-U.S. users) without the appropriate consent. If a child whom Swivl knows or suspects to be under the age of thirteen (for U.S. users) or sixteen (for non-U.S. users) sends personal information to us online without appropriate consent, we will only use that information to respond directly to that child, notify the parents or legal guardians, or seek parental or other appropriate consent. Parents can at any time request deletion of data or of the entire account.

The types of information we collect from children: see section titled “What Personal Information We Collect”. Please note that we do not require children to disclose more information than is reasonably necessary to participate in and utilize the Mirror services.

How we collect the information: We collect the foregoing types of personal information from children when they register for and use of the Mirror services. As discussed above, we may collect certain information regarding children automatically through their use of the site, including through the use of cookies and similar technologies. We do not allow individuals under the age of sixteen to use the sharing and social media functionality in the Mirror services.

How we use the information we collect from children: We use the information we collect from children to register them for and provide them with the Mirror services. We may also use the information to assist us in updating and improving the Mirror services. We do not use the information for purposes unrelated to the Mirror services.

Third parties to whom we disclose personal information from children: see our list of sub processors. Please note that no other “operators” (as defined by COPPA) may collect or maintain personal information from children through the Mirror services.

Parents, guardians, or educators (as appropriate) may review the personal information we maintain about their child, require us to correct or delete the personal information, and/or prohibit the further collection or use of the child’s personal information. To do so, follow the instructions in the “How to Access and Control Your Information” section below.

Retention of Data and Authorized Data Processors

Users are responsible for determining the duration necessary to retain content for their purposes. When the purpose is complete, it is recommended that users delete the content. Note that content deleted by the user is retained for 30 days for recovery purposes due to accidental deletion (per user request) and then removed permanently from the Mirror storage servers. This ensures that data is not retained any longer than is required.

We may share your personal information with our authorized service providers (sub-processors) that perform certain services on our behalf. These services may include providing customer service, performing business analysis and supporting our website functionality or other services that are necessary to operate the site. We do not disclose any personal information to authorized service providers from Student Account holders beyond what is necessary to operate the site. See our List of Sub-processors.

We do not disclose any personal information from student account holders with our business partners. We may share personal information of non-student users with the businesses with which we partner to offer certain products and services. When you elect to engage in a particular offer or program from a third party (for example, through any link that may appear on our website), you authorize us to provide your email address and other information to that third party.

How To Access and Control Your Information

You, as well as the educational institutions and teachers who have authorized your access, have the right to request a copy of your information, to object to our use of your information, to request the deletion of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Our Services give you the ability to access and update certain information about you from within the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.

If you no longer wish to use our Services and you wish to delete your account, please contact Mirror Support as shown in the Contact Us section.

Teachers and school administrators using the service may receive promotional communications and may opt out of such communications by using the unsubscribe link within each email or by contacting us as shown in the Contact Us section to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services

In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
When we believe disclosure is appropriate in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Legal Terms or other agreements or policies.
In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Information for Residents of the European Economic Area or Switzerland and outside the USA

European Union customers should review Data Processing Addendum, which reflects the parties’ agreement with respect to the Processing of Personal Data in connection with the requirements of Data Protection Laws.

Because the United States has not received an “adequacy finding” from the European Commission under Article 45 of the General Data Protection Regulation (GDPR), Swivl relies on lawful mechanisms for transfer available under Article 46 of the GDPR, as well as derogations for specific situations as set forth in Article 49. Swivl collects and transfers personal information to the United States only with your consent, to perform its contract with you, or to fulfill a compelling legitimate interest that does not outweigh your rights or freedoms. Swivl has withdrawn from the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. While Swivl was a signatory to the EU-U.S. Privacy Shield Framework, that Framework has been invalidated by European and Swiss regulators. As a new framework is developed, Swivl will rely on appropriate standard contractual clauses approved by European regulators for data transfers from the EU, Switzerland, or U.K. to the United States.

EU and Swiss individuals with inquiries or complaints regarding our personal data processing should contact Swivl at eudatarep@swivl.com or by mail at Swivl Inc, 1450 El Camino Real, Menlo Park, CA 94050, or the appropriate data protection authorities in the European Economic Area.

Mirror’s services are hosted and operated entirely within the United States. Any information you submit to us is presumed to be hosted on servers located within the USA. By submitting information to us you consent to this transfer of your personal information to the United States. To meet the adequacy and security requirements for data transfers from customers that operate in the EU or for whom we may process personal information relating to individuals in the EU, Swivl offers Standard Contractual Clauses approved by the European Commission as part of its standard data processing addendum.

Information for California Residents

As indicated above, Swivl does not control the purposes and means of processing personal information. As such, it is not a “business” pursuant to the California Consumer Privacy Act (“CCPA”). From time to time, Swivl may provide Services to customers that are “businesses” and will enter into contracts that prohibit Swivl from retaining, using, or disclosing the personal information for purposes other than those specified in the parties’ contract. In that event, Swivl is a “service provider” pursuant to the CCPA. If you have questions about the processing of your personal information, about your rights under the CCPA, or wish to exercise those rights, please contact the relevant Swivl customer acting as the “business.” To the extent you submit such inquiries to us, we will forward them to our customer and work with the customer to address your inquiry, as appropriate.

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, send an email to support@swivl.com

How we Approach Security

We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration, or destruction. We will use our reasonable efforts to limit access to your personal information to our authorized personnel and approved processors, and these employees and vendors are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal information.

Contact Us

If you have any questions, please contact us at:

Swivl, Inc.

1450 El Camino Real, Menlo Park, CA 94025

support@swivl.com