Privacy

…AKA: Lots of Legal Stuff

Overview

As the industry leaders in connected play, we are passionate about protecting your privacy. This is just a brief summary for you to get the gist of the information we collect and why. Some of our toys collect different types of information, so make sure to check our toy-specific privacy policies as well. See below for our full privacy policy and fine print, written in legalese.

Trust is our priority

We limit the information we collect from children using our toys, and give parents control over their children’s information.

Learn more about parental controls >

Collection & Use of Data

Information about you: We may collect information about you, such as your name, age, gender, and username. We use this to provide our service and personalize it for you. For example, we use this information:

  • to set up and maintain your account;
  • so our creations can greet you by name and preferred pronoun;
  • to localize our services;
  • to age-tag our subject matter;
  • to deliver age-appropriate content; and
  • to manage your warranty.

Contacting You: We may collect information about you, such as your name, age, gender, and username. We use this to provide our service and personalize it for you. For example, we use this information:

  • deliver toys;
  • send support or administrative emails regarding the service;
  • send emails about new toys, deals, awesome content and more; and
  • help us provide support.

Tip:  If you want to unsubscribe from our marketing emails (although we’re not sure why you would), simply click the unsubscribe link at the bottom of any Sphero email and tell us “it’s not you, it’s me” to soften the blow.

Data from our toys: We collect data from our toys, like when it crashes or how the toy is working. We use this information to, for example:

  • provide the smoothest play experience we can; and
  • create analytics about how our toys work.

User Controls: Several of our toys process data about the commands you give when you use audio or visual controls. The data is only processed on your toy or device in real-time. We don’t store these inputs on our servers.

User Content: Our toys or applications may allow you to record video or audio content, or provide text content. Unless we tell you otherwise, like in Sphero Edu, these are processed and stored only on the device and shown when you want to play them.

Activity History: This is a record of your progress, like a ‘saved game’ in video game terms. We use this so you can keep up with what you’ve done with our toys and on your account.

Analytics: We collect some data if you visit our Site, such as data about the pages you visit, how you use the site, etc. We use this data to:

  • help improve our site, and
  • in some cases, as part of advertising.

Learn more about the data we collect >

Learn more about how we use data >

How we share your data

We don’t share your data often, but we do share it in a few ways:

Parents/Teachers
If you use Sphero Edu in school, we share data with teachers and with parents to make sure they can keep track of their children’s information.
Service providers
Sometimes we ask smart people to do neat things for us, like analyzing how our toys and websites are used, hosting in the cloud, and managing our mailing list.
Other parties
We share data in a few other ways, like when we need to because the law (or our lawyers) tells us we have to.

Learn more about data sharing >

You’re in Control!

We make sure you have control over your data and how we use it. If you don’t want to get messages from us or want to close an account, you can do so at any time. Plus, if you want to delete your in-app data from our live systems, just email our team at support@sphero.com and we’ll take care of it (though we may still retain copies of your records in our routine backups). See below for more information about your data rights.

Security

Important information sent to our servers is encrypted in transmission. This is a fancy way of saying we use a code to make sure only the right people can read it. We regularly update our apps and servers to incorporate new and improved security practices and we regularly engage third-party security experts to audit our infrastructure. While many of our toys are hackable and we encourage people to learn, experiment, and build on our platforms, we do put security measures in place to prevent our robots from being used in nefarious ways. Find or suspect a vulnerability in our system? Let us know at security@sphero.com.

Learn more about our security >

International Users

Sphero’s HQ is in the (really awesome!) city of Boulder, CO. That means we have to transfer international data to the U.S. If you’re in the EU, we do this as part of a program called “Privacy Shield” that helps protect your data.

Learn more about international transfers >

Questions? Comments? Concerns? We’re here to help!

Contact support@sphero.com and we’ll set your mind at ease. You may also reach Sphero’s Data Protection Officer at dpo@sphero.com.

The Fine Print

Main Privacy Policy

Last Updated: May 25, 2018

Sphero, Inc. (“Sphero”, “we” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and disclose information from users of our main website and other sites under the Sphero.com domain, located at www.sphero.com (including any subdomains or versions, the “Site”), the applications linking to this Privacy Policy (the “Applications”), and the services provided through the Site (together with the Site and Applications, the “Services”).

Several of our products’ applications and, where applicable, products, have their own additional privacy policy, available in the respective application.

This Privacy Policy does not apply to websites, applications, or services that display or link to different privacy statements; in the event of a conflict or inconsistency between this Privacy Policy and a product/application’s privacy policy, the latter will govern.

1. Acknowledgement

Your use of any of our Services indicates your acknowledgement of the practices described in this Privacy Policy. We may update it from time to time, and we will provide notice of these changes if we believe it is necessary. Unless we require your consent, you agree those updates by continuing the use the Services.

2. Types of Data We Collect

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):

3. Information You Provide to Us

Identity Data
First name, last name, age or birthday, gender, username/password
Contact Data
Email and mailing address
Payment Data
Credit card, bank account, or other information used in payments
User Content
Text inputs, images, audio/videos recordings, or other content you provide to the Services
User Controls
Audio or visual inputs (e.g. camera inputs) used to control a device
Job Data
Information you include if you apply for a position at Sphero, like resume, personal and contact information, social profiles, and any additional files you submit.
Social Media Data
We may collect Personal Data when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites. This may include information such as “Likes”, demographic information, or the fact that you viewed or interacted with our content.

4. Information We Collect Automatically

Device Data
Data about the device you use to access our Services, e.g. device type, its software version, or carrier
Toy Data
Data about your toy, how the toy or Application is used or operates, such as diagnostic data, MAC Address or device identifier depending on the toy, accelerometer data from crashes, and the like
Usage Data
Data about the use of our Services, including analytics information how you use our Services, e.g. clickstream data from our Site, information on how long users stay or what you do on our Site, whether a page or email was loaded/opened, and the like

5. How We Process data

Subject to your Rights and Choices below, we generally process your data in the following ways:

A. To Provide our Services

We generally use the Personal Data as necessary to provide our Services, or complete transactions you request. For example:

  • We use identity and contact data to create your account, where applicable.
  • When you reserve or buy a toy, we will process the identity data, payment data, and contact data you give us that is necessary to complete the transaction.
  • If you provide us feedback or contact us via email, we will use your contact data and user content to help carry out your request.
  • When you make postings on Sphero Edu or our social media pages, the contact information and user content you give us will be stored on our third party servers and other users may be able to see it.
  • When you interact with the Services, we use usage data to understand what you like and don’t like in order to improve the services.
  • If you apply to work at Sphero, we use the Job Data to evaluate your application and contact you about it.

B. Toy Operation

Our toys are interactive, and we are always working to improve our toys and make sure everything works. For example:

  • We process user controls and user content on the toy or device to help you interact with or control the toys, or store your content for use by the toy.
  • We use device data and toy data to understand a user’s engagement in an activity or feature, for example which activities you played on the toy and data about any crashes during use.
  • We use contact and identity data to help personalize the content, e.g. greeting you by username, tracking in-game progress, using the right language, or showing you age-appropriate activities.

C. Analytics

We are always working to improve our Site and want to keep visitors informed about our toys and Services. For example:

  • We use usage data when you visit our Site to manage traffic and help us understand and improve the design, usability, and other aspects of our Site.
  • We use usage data and device data to help improve our Application and Services, internal operations, and systems.
  • We may also create de-identified or aggregate data records from Personal Data by excluding or changing information that makes the information personally identifiable to you. We use this data for a variety of purposes, such as to analyze request and usage patterns so that we may enhance the content of our Services and improve Site functionality.

D. Marketing Communications

We use your Contact Data for promotional marketing if you have purchased a toy or agreed to receive such emails. For example, if you have chosen to provide your Contact Data, we may send you newsletters, surveys, offers, and other promotional materials related to our Services, and for other direct marketing purposes. We do this to promote our toys and issue our direct marketing.

E. Behavioral Advertising

We, and certain third parties operating on or through our Site, may engage in online behavioral advertising. This form of advertising includes various parties and service providers, including third party data controllers, engaged in the processing of personal data in connection with advertising. We may collect usage data and social media data from you and provide it directly to a third party for targeting on a third party platform. Sometimes, these third parties may collect this information directly (e.g. a Facebook “Like” button).

The parties that control the processing of Personal Data for behavioral advertising purposes may build a profile of you containing this information, and may be able to identify you across sites, devices, and over time. These services may also track whether you view, interact with, or how often you have seen an ad, or whether you complete a purchase for a good or service you were shown in an advertisement. See your Rights and Choices below, or Facebook or Twitter’s privacy policies, for information about how you can limit or opt out of this processing.

F. Support

We use information you give us in connection with your support requests, for example, to help solve issues, troubleshoot the toys, manage your account, or respond to your inquiries.

If you are a child under applicable law, we will only contact you regarding support in compliance with applicable law.

We may use third parties to help provide support to you.

G. Consent

We may use any Personal Data you give us by consent in accordance with that consent. For example, if you provide Job Data, we will use it to evaluate your application.

 

6. Cookies and Similar Technologies

To make our Site and Services more useful to you, we and certain third parties may process usage and other data when you interact with cookies and similar technologies on our Site. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

“Cookies” are small pieces of information that a website stores on your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site and Services. You may remove persistent cookies by following Internet browser help file directions. Web beacons are electronic images that we use on our Sites and Services and in our emails that, when loaded, provide us with information, such as where users navigate on a Site, or whether an email is opened. See below for your choices regarding these technologies.

We use generally use usage data, cookies, and similar technologies as follows:

  • for “essential” or “functional” purposes, such as to enable various features of the Services like remembering passwords or staying logged in during your session;
  • for social media integration e.g. via third-party social media cookies, when you share information using a social media sharing button or “like” button on our Site, or you engage with our content on or through a social networking website such as Facebook or Twitter;
  • for analytics purposes, consistent with our legitimate interests in how our Services are used or perform, how users engage with and navigate through the Site, what sites users visit before visiting our Site, how often they visit our Site, whether an email was received or opened, and other similar information; and
  • subject to any consent required by law, for the purpose of displaying advertisements via retargeting to those users who have visited our Site, or for targeting advertising to visitors to our Site.

Note: We do not place advertising cookies on your browser, nor serve targeted advertisements to you if you have only visited the following Sphero sub-Sites: https://www.sphero.com/marvel/spider-manhttps://www.sphero.com/pixar/lmq, https://edu.sphero.com.

7. Data Sharing

We may share information we collect with a variety of parties, depending upon the purpose for and context in which you provided that information. We generally share data with the following types of recipients:

A. Parents/Schools

Consistent with the Sphero Edu Privacy Policy, applicable law, and your choice, we share Personal Data, including User Content with parents and teachers.

B. Service Providers

In connection with our general business operations, toy/Service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share your Personal Data with service providers or sub-processors who provide certain services or process data on our behalf. See the Data Processor List below for more information.

C. Affiliates

In order to streamline certain business operations and develop toys and services that better meet the interests and needs of our customers, and inform our customers about relevant toys and Services, we may share your Personal Data with any of our current or future affiliated entities or subsidiaries.

D. Marketers

In order to deliver certain advertisements and develop better toys and Services, we may share certain Personal Data collected from our Site (as described in the Cookies and Similar Technology section above) with trusted third parties for marketing, advertising, or similar commercial purposes.

E. Corporate Events

Your Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

F. Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or to protect the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties.

8. Data Processor List

Provider Function Product Privacy Notice Geo
AWS Hosting provider All Amazon Web Services Privacy Policy U.S.
Elastic Cloud Cloud services All Elastic Cloud’s Privacy Policy U.S.
Google Cloud Cloud services for Toy Data (no Personal Data) All Google Cloud Privacy Policy. U.S.
Shopify Storefront and toy orders Site Shopify’s privacy policy U.S.
Celery Ad click-through for store Email Celery privacy policy U.S.
SendGrid Email marketing and ads Email Sendgrid privacy policy U.S.
Flurry Toy Data analytics (no personal data) Toys/Apps Flurry analytics privacy policy U.S.
Aiven Cloud Services Toys/Apps Aiven privacy policy U.S.
Clever School application management and communication Edu Clever privacy policy U.S.
Workbench Application and Service hosting, analytics, etc. Toys/Applications Workbench privacy policy U.S.
Youtube Video hosting Edu Youtube Privacy Guidlines U.S.
Amplitude Data Analytics Sphero Play Amplitude Privacy Policy U.S.
Sailthru Mail and marketing management platform Email Sailthru’s Best Practices Notice and Privacy Statement U.S.
Aureon Chat/Support Site Aureon Privacy Policy U.S.
Gorgias Support Site Gorgias Privacy Policy U.S.
Google Web analytics and remarketing, Crash Analytics (Crashlytics) Site Google Privacy Policy U.S.
Lotame Online behavioral marketing Site Lotame Privacy Policy U.S.
IMM Online behavioral marketing Site IMM Privacy Policy U.S.
Bing Online behavioral marketing Site Bing Privacy Policy U.S.
Jobvite Recruiting/Application Tracking Site Jobvite Privacy Policy U.S.
Fedex Corssborder Order Shipping Site Fedex Crossborder Privacy Policy Global Ex-U.S.

9. Your Rights and Choices

You, or your parent/guardian (if you are a child), may exercise the below Rights and Choices by emailing us at dpo@sphero.com. Our mailing address is Sphero, Inc., Attn: DPO, 4772 Walnut St., Suite 206, Boulder, CO 80301.

A. Your Rights

Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you have the following rights in your Personal Data. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. Note: we may not have access to or control over all or some Personal Data controlled by education partners and others. Please contact these third parties directly for data rights requests regarding information these third parties control, and we will assist the you as appropriate in the fulfillment of your request.

Access
You may receive a list of your Personal Data that we process to the extent required and permitted by law.
Rectification
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly to the Application or Service via your account settings menu.
Erasure
To the extent required by applicable law, you may request that we delete your Personal Data from our systems. You may request erasure of your Contact Data by emailing us at dpo@sphero.com.
Data Export
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Objection
Where we process data in accordance with our legitimate interests, you can object to that processing to the extent allowed by law. You can stop future collection of all data by the Application by uninstalling it.
Regulator Contract
You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
California Rights
Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. This request must be written, signed, and mailed to us at the address above.

B. Your Choices

You may use some of our Services without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process:

Consent
If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing
You may opt out of or withdraw your consent to direct marketing communications. You may cease direct marketing from us in relation to any Service that collects your email by emailing support@sphero.com, or by clicking the unsubscribe link in any promotional email we send you.
Cookies & Similar Tech
If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. Please note this does not necessarily opt you out of being delivered advertising. You may continue to receive generic ads. You must opt out of third party services directly via the third party. You may view a list of other third party service providers who collect information, and/or opt out of such collection of information about you, by visiting https://www.networkadvertising.org/choices/ or https://www.aboutads.info/choices. Please note, at this time, our Service does not respond to your browser’s do-not-track request. You may opt out as follows:

10. Data Retention

Subject to the earlier exercise of your Rights and Choices, we will store your Personal Data as long as you have an account on the Services. We may keep your email as long as you do not revoke your consent to direct marketing. We will store your Site Data as long as we deem reasonably necessary to provide the Services. We store log data, which may contain Personal Data, for less than three months. Our data warehouse, which does not store any Personal Data, stores information indefinitely. We are developing ways to retain your data for shorter periods, and will update this Privacy Policy accordingly.

11. Security

We use appropriate technical and organizational means to protect your Personal Data. For example, we use SSL to encrypt data in transit. We encrypt passwords at rest. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure and we do not warrant complete security of your Personal Data or the Services. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us is compromised), please immediately notify us of the problem.

12. International Transfers

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework. Contact us for more information regarding the mechanisms to ensure adequate protection of data subject to EU Law.

13. EU Users

We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework. Contact us for more information regarding the mechanisms to ensure adequate protection of data subject to EU Law.

A. Controller

Sphero, Inc., a Delaware corporation, is the data controller for Personal Data collected under this Privacy Policy, provided that Sphero Robotics UK Limited, a wholly-owned subsidiary of Sphero, Inc., processes certain human resources data in the UK. In certain cases (e.g. when we partner with schools or shippers) our partner may be a joint controller with respect to certain Personal Data we provide it.

B. Legal bases for processing

The legal bases of our processing of your Personal Data are in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at dpo@sphero.com. For more information on specific legitimate interests for processing by our Applications or toys, see their respective privacy policies.

Processing purpose Legal Basis
Use:

  • Analytics
  • Marketing Communications
  • Behavioral Marketing
  • Support
  • Cookies and Similar Technologies

Disclosure:

  • Service Providers
  • Affiliates
  • Marketers
  • Corporate Events
These processing activities are within our legitimate interests, including without limitation:

    • Direct marketing
    • Personalization and customization of the Services for individual users
    • Determining the effectiveness of marketing campaigns
    • Localizing our Services
    • Creating, supporting, providing, and supporting innovative toys, Applications, and features that enable people, including children, to enjoy toys and Applications that promote their well-being; and
    • Securing our Services and network, investigating suspicious activity or violations of our Terms of Use or policies; and protecting the safety of Personal Data, including preventing exploitation or other harms to which users may be particularly vulnerable.

 

  • We balance our interests with any potential impact on you when we process your Personal Data for our legitimate interests. You may object to this processing as permitted by applicable law.
Disclosure:

  • Legal Disclosures
Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.
Use:

  • Consent
  • Cookies and Similar Technologies
Where we rely on your consent you have the right to withdraw it anytime in the manner indicated in the Services or by contacting us at dpo@sphero.com.

 

C. Privacy Shield & Dispute Resolution

We comply with the principles of the Privacy Shield Framework. Our adherence to Privacy Shield reflects our commitment to protect the privacy of our EU users when we collect, process, and transfer Personal Data collected from EU citizens. We adhere to the Privacy Shield principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse/enforcement/liability.

Furthermore, we require third-party recipients of EU citizens’ Personal Data to agree to respect these principles, and we accept liability for third parties’ processing of EU citizens’ data to the extent required by law.

We encourage EU (and U.S.) users to contact us if they have any concerns about our compliance with this Privacy Policy and the Privacy Shield Framework. Send any questions or concerns to legal@sphero.com. Sphero will respond to complaints from E.U. citizens within 45 days. You may view the list of Privacy Shield companies here.

If any Privacy Shield-related complaints cannot be resolved between an EU user and Sphero, we have committed to refer such unresolved complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. If required by law, we will work with the appropriate panel of DPAs or individual DPA in the EU to resolve disputes. Under certain circumstances, these dispute resolution processes may result in your ability to invoke binding arbitration. The services of JAMS are provided at no cost to you.

As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the Privacy Shield Framework and this Privacy Policy, and you may direct complaints to the FTC in the event the dispute resolution processes described above is unsatisfactory.

14. Contact Information.

Sphero welcomes your comments or questions regarding this Privacy Policy. Please contact us at:

Sphero, Inc.

Attn: Legal, Privacy Policy

4772 Walnut St, Suite 206

Boulder, CO 80301

legal@sphero.com

Sphero’s Data Protection Officer may be reached at dpo@sphero.com. Please include “Attention: Data Protection Officer” in your email.

15. Specific Privacy Policies.

Several of our products’ applications and, where applicable, products, has its own additional privacy policy, available below and in the respective application. This Privacy Policy controls with respect to any subject not explicitly covered in an individual privacy policy.

Sphero Edu & Child Privacy Policy

Sphero Play App Privacy Policy

Spider-Man Privacy Policy

Ultimate Lightning McQueen Privacy Policy

Sphero Mini Privacy Policy

Star Wars App Privacy Policy

Force Band Privacy Policy

BB-8 Application Privacy Policy

16. Changes to This Privacy Policy.

This Privacy Policy is subject to occasional revision. If we make any changes to this Privacy Policy, we will change the “Last Updated” date above.

© 2018 Sphero All Rights Reserved