Privacy

Royo Privacy Policy

Privacy Policy Last Updated: March 7, 2025

Table Of Contents

1. Categories of Personal Data We Collect and Process
2. Purposes of Processing and Legal Bases for Processing
3. Data Retention
4. Sources of Personal Data
5. Creation of Personal Data
6. Sensitive Personal Data
7. Disclosure of Personal Data to Third Parties
8. Description of Third Party Service Providers
9. Selling and Sharing of Personal Data
10. Consent
11. Children’s Privacy
12. Direct Marketing
13. Cookies and Similar Technologies
14. Data Security
15. Mergers, Acquisitions and other Corporate Transactions
16. Contact Us
17. U.S. State Data Privacy Law Disclosures 
18. Definitions

‍

This Privacy Policy explains how we collect, use, process and disclose information about you. The Privacy Policy may be amended or updated from time to time to reflect changes in our practices with respect to the collection, use, processing and disclosure of information about you, or changes in applicable law. We encourage you to read it carefully, and to regularly check this page to review any changes we might make. To the extent any material changes to your rights or our data processing practices are made we will notify you by email prior to any changes becoming effective. 

‍

This Privacy Policy is issued by Royo, Inc., with its principal office at 119 E Weber Ave., Stockton, California 95202 (together, “Royo”, “we”, “us” and “our”), and is addressed to individuals outside our organization with whom we interact, including customers and visitors to our Sites, and users of our Services (together, “you”). Defined terms used in this Policy are explained in Section (O) below. You have certain rights regarding the information we collect about you depending on the state in which you reside. Those rights are explained in Sections (J) and (N) below.

‍

Notice at Collection

The table below briefly summarizes Royo’s collection and purpose for using personal data. This selection also serves as our Notice at Collection for purposes of the California Consumer Privacy Act (CCPA).

‍

‍

We take every reasonable step to ensure that your Personal Information are only retained for as long as they are needed in connection with a lawful purpose.

‍

(A) Categories of Personal Data We Collect and Process

‍

To provide our products and services, we collect and Process the following categories of Personal Data about you: 

‍

Identifiers and categories of Personal Data

• Personal details: given name(s)
• Contact details: email address.
• Consent records: records of any consents you have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).

Protected Classifications 

• Financial information: credit card number, debit card number of other financial information

Audio, electronic, visual, thermal, olfactory, or similar information

• Voice recording files

Education information 

• Student’s name

‍

(B) Purposes for Processing Personal Data

‍

‍‍

(C) Data Retention

‍

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows: 

‍

1. we will retain Personal Data in a form that permits identification only for as long as: 

1. we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or

2. your Personal Data are reasonably necessary and proportionate to carry out the purpose for which it was collected set out in this Policy, or another disclosed purpose that is compatible with the context in which the Personal Data was collected.

plus:

2. the duration of:

1. any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and

2. an additional two (2)-month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),

and:

3. in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

‍

‍

During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.

‍

We will not retain a child's Personal Information for any longer than is necessary for educational purposes or legal obligations, or to provide the Service for which we receive or collect the child's Personal Information.

‍

If a student's Student Account is inactive for twelve months or more (meaning no student has logged into their account for twelve months), Royo will automatically delete the Student Account. Please note that certain content within a Student Account, such as book or avatars created may be kept after deletion of a Student Account.

‍

Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:

• permanently delete or destroy the relevant Personal Data; or
• anonymize the relevant Personal Data.

‍

(D) Sources of Personal Data

‍

We collect or obtain Personal Data about you from the following sources:

‍

• Data provided to us: We obtain Personal Data when those data are provided to us (e.g., where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application). 
• Relationship data: We collect or obtain Personal Data in the ordinary course of our relationship with you (e.g., we provide a service to you, or to your school).
• Site data: We collect or obtain Personal Data when you visit any of our Sites or use any features or resources available on or through a Site. 
• Registration details: We collect or obtain Personal Data when you use, or register to use, any of our Sites, Apps, products or services. We may also obtain Personal Data from your employer in order to grant you access to our Sites, Apps, products or services. 
• Third party information: We collect or obtain Personal Data from third parties who provide it to us (e.g., marketing partners).

‍‍

(E) Creation of Personal Data

‍

We also create Personal Data about you in certain circumstances, such as records of your interactions with us, and details of your past interactions with us.

‍‍

(F) Sensitive Personal Information

‍

We collect Sensitive Personal Information such as financial account, debit card, or credit card number in combination with any required security or access code through our third party payment processor. 

‍

(G) Disclosure of Personal Data to Third Parties

‍

We may disclose Personal Data to: our vendors and service providers; legal and regulatory authorities; any party as necessary in connection with legal proceedings; any party as necessary for investigating, detecting or preventing criminal offenses; or any purchaser of our business.

‍

We also disclose the following categories of Personal Data to the recipients and for the business purposes detailed in the chart below.

‍

‍

(H) Description of Third Party Service Providers

‍

Royo uses the following third party service providers to process Personal Information for certain purposes as identified below:

‍

‍

(I) Selling and Sharing of Personal Data

‍

Royo does not sell or share your Personal Data nor the Personal Data of minors under sixteen (16) years of age.

‍

(J) Consent

‍

If you are a teacher or school representative, or use the Service on behalf of a company or other organization, note that Royo provides its Service upon explicit consent given by you when signing up. Prior to signing up, we will direct you to our Terms and Conditions and this Privacy Policy. When signing up, you will be declaring to have read such terms and policies and to consent to them. Remember, nonetheless, that you will be able to withdraw your consent at any time by deleting your account and the Student Accounts in accordance with this Policy's instructions.

‍

(K) Children’s Privacy

‍

Consistent with the Children’s Online Privacy Protection Act (COPPA), Royo does not knowingly collect any Personal Information from children under the age of 13 (or the applicable age of consent in local jurisdictions) without the express authorization of the school to do so based on the provision of the Service to students on the school’s behalf. Royo collects and uses Personal Information - such as student name, IP address and voice recording,- that is collected from students at the direction of and under the control of a school. Royo relies on the school’s representation that it has provided appropriate notice to, and obtained consent from, the student’s parents, for the use of third party service providers such as Royo and the collection of Personal Information from children under 13, consistent with requirements under the Children’s Online Privacy Protection Act (COPPA) and other applicable data protection laws. Royo does not enable children to make their Personal Information publicly available. 

‍

As a third party operator, Royo relies on school consent for all underage children under COPPA. Royo operates as a School Official under the Family Educational Rights and Privacy Act (FERPA) regulations and complies with these regulations as it relates to children under the age of 13. If you are a teacher and you do not have the authority to act as the agent of the parent, please do not sign up for our Service until the school has approved the use of Royo. We continuously review and update our practices to ensure compliance with COPPA and FERPA requirements.

‍

Consistent with COPPA and FERPA, Royo permits parents to access, correct, delete or revoke prior consent to the collection of their children’s Personal Information. To do so, a parent must submit a verifiable request via email to dev@royo.ai.  In order to verify your requests to exercise your rights, we will compare the Personal Information we have about you to pieces of Personal Information we will request in the course of processing your request. The Personal Information required for verification may include your name, email address, phone number, or postal address.

‍

Students can have their own account (“Student Account”) to create books and customize their avatar. In order to have a Student Account created, students will need to have the Student Account created at school by their teacher which allows them to then login through the use of a class text code.

‍

‍

(L) Direct Marketing

‍

We Process Personal Data to contact teachers and school officials via email, telephone, direct mail or other communication formats to provide them with information regarding Sites, Apps, products or services that may be of interest. If we provide Sites, Apps, products or services to teachers and school officials, we may send information to them regarding our Sites, Apps, products or services, upcoming promotions and other information that may be of interest , using the contact details that  provided to us, subject always to obtaining prior opt-in consent to the extent required under applicable law. 

‍

You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances, we will continue to contact you to the extent necessary for the purposes of any Sites, Apps, products or services you have requested. 

‍

(M) Cookies and similar technologies

‍

Cookies are small text files that may be stored on your device when you visit a website. They are generally used to make websites work, to keep track of your movements within the website, to remember your login details, to remember your preferences and interests, and so on. There are different types of cookies, and they can be distinguished on the basis of their origin, function and lifespan. Important characteristics of cookies include the following:

‍

• First party cookies are cookies that are placed by the website you are visiting, while third party cookies are placed by a website other than the one you are visiting. Please note that we do not control the collection or further use of data by third parties. 

‍

• Necessary cookies are necessary to allow the technical operation of a website (e.g., they enable you to move around on a website and to use its features).

‍

• Performance cookies collect data on the performance of a website such as the number of visitors, the time spent on the website and error messages.

‍

• Functionality cookies increase the usability of a website by remembering your choices (e.g. language, region, login, and so on).

‍

• Targeting/advertising cookies enable a website to send you personalized advertising.

‍

• Session cookies are temporary cookies that are erased once you close your browser while persistent or permanent cookies stay on your device until you manually delete them or until your browser deletes them based on the duration period specified in the persistent cookie file.

‍

More information on all aspects of cookies can be found on www.allaboutcookies.org. Please note that Royo has no affiliation with, and is not responsible for, this third party website.

‍

Why do we use cookies?

‍

We may use cookies to:

• distinguish between visitors; 
• improve the use and the functionality of our Sites;
• process your purchase orders; 
• tailor our Sites and products to your needs and preferences; and
• analyse how our Sites are used and compile anonymous and aggregate statistics.

‍

We do not use information collected by cookies to create visitor profiles to perform targeted advertising.

‍

What types of cookies do we use?

‍

We may also use web beacons (or clear GIFs) and other similar technologies in addition to, or in combination with, cookies. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website or in an email and it helps us to understand the behaviour of visitors to our Sites. More information on web beacons can be found at http://www.allaboutcookies.org/faqs/beacons.html. Please note that Royo has no affiliation with, and is not responsible for, this third party website.

‍

How can you control cookies and web beacons? 

‍

Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set your browser to warn you before accepting cookies, or you can set it to refuse them. Please refer to the 'help' button (or similar) on your browser to learn more about how you can do this.

‍

Disabling cookies may impact your experience on our Sites.

‍

If you use different devices to access our Sites, you will need to ensure that each browser of each device is set to your cookie preference.

‍

More information on how to manage cookies is available from: http://www.allaboutcookies.org/manage-cookies/. Please note that Royo has no affiliation with, and is not responsible for, this third party website.

In addition, you may opt-out from certain cookies by visiting the following third party websites and selecting which company cookies you would like to opt-out from: http://www.aboutads.info/choices/#completed and http://www.youronlinechoices.com/. Please note that Royo has no affiliation with, and is not responsible for, these third party websites.

‍

(N) Data Security

‍

We have implemented commercially reasonable data security measures designed to protect the confidentiality, integrity and availability of your Personal Data, including against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised uses. 

‍

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely. If Royo becomes aware of a breach of security of its systems or data, we will perform an investigation, contain the incident and comply with applicable state and federal data breach notification laws.     

‍

(O) Mergers, Acquisitions or other Corporate Transactions

‍

Over time, Royo may grow and reorganize. We may share your information, including Personal Data with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your Personal Data in a way that is consistent with this Privacy Policy.

In the event of a change to our organizations such that all or a portion of Royo or its assets are acquired by or merged with a third-party, or in any other situation where Personal Data that we have collected from users would be one of the assets transferred to or acquired by that third-party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your Personal Data as per this policy (unless and until you give consent to a new policy). 

‍

‍

(P) Contact Us

If you have any questions about this Privacy Policy, how Royo obtains and uses your Personal Data, or our policies and procedures relating to your Personal Data, please contact us by e-mail at dev@royo.ai  or by postal mail at:

ROYO, Inc.

119 E Weber Ave.

Stockton, California 95202

United States of America 

209-817-4127

‍

‍

(Q) U.S. State Data Privacy Law Disclosures

‍

Disclosures and Consumer Rights under the California Consumer Privacy Act

‍

Under the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act), we must disclose our practices regarding the collection, use, and disclosure of the Personal Information of California Residents (“Consumers”). Consumers are also afforded additional rights with regard to the Personal Information we collect about them that include the rights of access, deletion, correction, opt-out of the sale and sharing of Personal Information, and to be free from discrimination. This section of our Privacy Policy includes the disclosures and the Consumer Rights required by the CCPA. We also describe the methods by which a Consumer may exercise these rights and some of the statutory exceptions that may apply.

‍

• For the categories of Personal Information we process, please see Section (B) of this privacy policy. 
• For a description of the purposes for processing Personal Information, please see Section (E) of this privacy policy. 
• For the categories of Personal Information that we share with third parties, please see Section (H) of this privacy policy.
• For categories of third parties with whom we share Personal Information, please see Section (H) of this privacy policy. 

‍

Consumer Rights under the California Consumer Privacy Act

‍

If you are a Consumer, the CCPA grants you the following rights regarding your Personal Information. Generally, in order to verify your requests to exercise your rights, we will compare the Personal Information we have about you to pieces of Personal Information we will request in the course of processing your request. The Personal Information required for verification may include your name, email address, phone number, or postal address. We will deliver a response to you within 45 days of receiving your verifiable consumer request. To exercise your rights under the CCPA, please follow the instructions described in this section.

‍

Right to Know About Personal Information. Consumers have the right to submit a verifiable consumer request that we disclose the following in a readily useable format, covering the 12-month period preceding the verifiable consumer request:

‍

• The categories of Personal Information we collect about you;
• The categories of sources from which your Personal Information is collected;
• The business or commercial purpose for collecting, selling, or sharing Personal Information;
• The categories of third parties with whom we disclose your Personal Information;
• The specific pieces of Personal Information that we collected about you;
• The categories of Personal Information that we shared, and for each category identified, the categories of third parties to whom we shared that particular category of Personal Information; and
• The categories of Personal Information we have disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Information.

‍

Verifiable consumer requests to know may be submitted through email at: dev@royo.ai . 

‍

Right to Request Deletion of Personal Information. Consumers have the right to request that we delete any Personal Information that we have collected from them. However, we are not required to comply with a request to delete where it is necessary for us to retain the Personal Information in order to:

‍

• Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
• Help to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for those purposes. 
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
• Comply with legal obligations.
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

‍

Verifiable consumer requests to delete may be submitted through email at: dev@royo.ai .

‍

Right to Correct. Consumers have the right to request that we correct inaccurate Personal Information maintained about them. However, we are not required to comply with a request to correct where we have a good-faith, reasonable, and documented belief that a request is fraudulent or abusive, or if we have determined based on the totality of the circumstances, that the contested Personal Information held by us is more likely than not accurate and therefore does not require correction. In assessing the totality of the circumstances, we will consider: (a) the nature of the Personal Information; (b) how we obtained the contested information; and (c) documentation relating to the accuracy of the information, whether provided by you, by us, or another source. 

‍

We will accept and consider any documentation that you provide in connection with a request to correct. We may require you to provide documentation supporting a request to correct depending on: (a) the nature of the Personal Information at issue; (b) the nature of the documentation upon which we consider the Personal Information to be accurate (e.g., whether the documentation is from a trusted source or is otherwise verifiable); (c) the purpose for which we collect, maintain, or use the Personal Information (e.g., if the Personal Information is essential to the functioning of the Website, we may require more documentation); and (d) the impact on you. We will only use such documentation provided for the purpose of correcting your Personal Information and to comply with our record-keeping obligations for consumer requests. 

‍

Verifiable consumer requests to correct may be submitted through email at: dev@royo.ai .

‍

Right to Non-Discrimination. Consumers have the right to be free from discrimination when they exercise their Consumer rights under the CCPA, and should you exercise those rights we cannot:

‍

1. Deny you goods or services.
2. Charge you a different price or rate for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Provide you a different level of quality of goods or services.
4. Suggest that you may receive a different rate for goods or services or a difference level or quality of goods or services.
5. Retaliate against an employee, applicant for employment or independent contractor for exercising their rights. 

‍

Notice of Financial Incentive.  

‍

We may offer various financial incentives. You may opt-in to the financial incentive program by accepting the offer and submitting the requested Personal Information. In order to participate in some of these financial incentives, you may be asked to provide Personal Information. Participation in any financial incentive program is optional and participants may withdraw at any time. To opt-out of the program and forgo any ongoing incentives, you may unsubscribe from our emails (for email-based incentives), or you may submit a request via email to dev@royo.ai . with the subject line “Financial Incentive Opt-Out” and include the Personal Information you submitted and the name of the applicable program or promotion. 

‍

The financial incentives we offer to consumers are reasonably related to the value of your data to our business, based on our reasonable but sole determination. We estimate the value of your Personal Information by considering the expenses incurred by the business related to the collection, storage and retention of consumers’ Personal Information in the context of the financial incentive offered and the expenses related to the provision of the financial incentive and our products. From time to time, we may provide additional terms that apply to a particular financial incentive, which will be presented to you at the time you sign up for the financial incentive.

‍

Authorized Agent. Under the CCPA, you may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require your authorized agent to provide us with a signed permission form demonstrating they are authorized to submit a request on your behalf. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.

‍

Nevada Privacy Rights

‍

We do not currently sell Personal Information as defined by applicable law in Nevada. 

‍

Disclosures and Consumer Rights under the Texas Data Privacy and Security Act

‍

Under the Texas Data Privacy and Security Act (“TDPSA”), we must disclose our practices regarding the collection, use, and disclosure of the Personal Data of Texas residents (“Texas Consumers”). Texas Consumers are also afforded additional rights with regard to the Personal Data we collect about them that include the rights of access, deletion, and correction. This section of our Privacy Policy directs you to the disclosures required by the TDPSA and describes the rights afforded to Texas Consumers. We also describe the methods by which a Consumer may exercise these rights. 

‍

TDPSA Disclosures

‍

• For the categories of Personal Data we process, please see Section (B) of this privacy policy. 
• For a description of the purposes for processing Personal Data, please see Section (E) of this privacy policy. 
• For the categories of Personal Data that we share with third parties, please see Section (H) of this privacy policy.
• For categories of third parties with whom we share Personal Data, please see Section (H) of this privacy policy. 

‍

Texas Consumer Rights under the TDPSA

‍

• Consumer Requests: Under the TDPSA, we are a Controller of your Personal Data. If you are a Texas Consumer, the TDPSA grants you the rights described below, regarding your Personal Data. If we are unable to authenticate your request using commercially reasonable efforts, we may request that you provide additional information, such as name, email address, phone number, or postal address, to authenticate your request. 

‍

• Process to Appeal Declined Requests: If we decline to take action on your request, we will notify you within 45 days of receipt of your request. In the event we decline to take action on your request, you may submit an appeal within 30 days of receiving such notice. You may submit an appeal through email at: dev@royo.ai. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, we will provide you with an online mechanism, if available, or other method through which you may contact the Texas Attorney General to submit a complaint. 

‍

To exercise your rights under the TDPSA, please follow the instructions described in this section.

‍

• Right to Access Personal Data: Consumers have the right to confirm whether or not we are processing their Personal Data and to access such Personal Data. 

‍

Verifiable consumer requests to confirm and access may be submitted through email at: dev@royo.ai .

‍

• Right to Correct Personal Data: Consumers have the right to correct inaccuracies in the consumer’s Personal Data, taking into account the nature of the Personal Data and the purposes of the processing of the consumer’s Personal Data. 

‍

Verifiable consumer requests to correct may be submitted through email at: dev@royo.ai .

‍

• Right to Delete Personal Data: Consumers have the right to delete Personal Data provided by or obtained about the consumer. 

‍

Verifiable consumer requests to delete may be submitted through email at: dev@royo.ai .

‍

• Right to Data Portability: Consumers have the right to obtain a copy of their Personal Data that the consumer previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another Controller without hindrance. 

‍

Verifiable consumer requests for data portability may be submitted through email at: dev@royo.ai .

‍

• Right to Opt-Out: Consumers have the right to opt out of processing of their Personal Data for purposes of (i) targeted advertising, (ii) the sale of Personal Data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. However:
  
  • We do not engage in targeted advertising.
  • We do not sell Personal Data. 
  • We do not engage in profiling. 

‍

Verifiable consumer requests to opt-out of targeted advertising may be submitted through email at: dev@royo.ai .

‍

15. Definitions

‍

• “California Resident” means (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State of California who is outside the state for a temporary or transitory purpose.

‍

• “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.

‍

• “Controller” means an individual who, or legal entity that, alone or jointly with others determines the purpose and means of processing personal data in the context of TDPSA

‍

• “Personal Data” means information that is linked or reasonably linked to an identified or identifiable individual. In the context of TDPSA “Personal data” does not include de-identified data or publicly available information.  

‍

• “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:

(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

(B) Any Personal Information described in subdivision (e) of Section 1798.80.

(C) Characteristics of protected classifications under California or federal law.

(D) Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

(E) Biometric information.

(F) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website publication, or advertisement.

(G) Geolocation data.

(H) Audio, electronic, visual, thermal, olfactory, or similar information.

(I) Professional or employment-related information.

(J) Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).

(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

(L) Sensitive Personal Information.

‍

In the context of COPPA, “Personal Information ” means individually identifiable information about an individual collected online, including: (1) a first and last name; (2) a home or other physical address including street name and name of a city or town; (3) a online contact information as defined in this section; (4) a screen or user name where it functions in the same manner as online contact information, as defined in this section; (5) a telephone number; (6) a Social Security number; (7) a persistent identifier that can be used to recognize a user over time and across different Web sites or online services. Such persistent identifier includes, but is not limited to, a customer number held in a cookie, an Internet Protocol (IP) address, a processor or device serial number, or unique device identifier; (8) a photograph, video, or audio file where such file contains a child's image or voice; (9)Geolocation information sufficient to identify street name and name of a city or town; or (10) information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.

‍

• “Process”, “Processing” or “Processed” means any operation or set of operations that are performed on Personal Information or Personal Data, whether or not by automated means, such as the collection, use, storage, disclosure, analysis, deletion, or modification of Personal Information or Personal Data.

‍

• “Processor” means any person or entity that Processes Personal Data or Personal Information on behalf of the Controller (other than employees of the Controller).

‍

• “Sell,” “selling,” “sale,” or “sold,’’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for monetary or other valuable consideration. In the context of TDPSA “sell,” “selling,” “sale,” or “sold” means the exchange of personal data for monetary consideration by a controller to a third party.

‍

• “Sensitive Data” means personal data that includes (A) data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation or citizenship or immigration status, (B) the processing of genetic or biometric data for the purpose of uniquely identifying an individual, or (C) precise geolocation data. In the context of TDPSA, “Sensitive Data” also includes Personal Data collected from a known child.
  condition, or medical treatment or diagnosis by a health care professional. In the context of the TDPSA, “Sensitive Data” includes citizenship and immigration status.

‍

• “Sensitive Personal Information” means:

1) Personal Information that reveals:

(A) A consumer’s social security, driver’s license, state identification card, or passport number.

(B) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

(C) A consumer’s precise geolocation.

(D) A consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership, citizenship status, or immigration status.

(E) The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

(F) A consumer’s genetic data.

2)(A) The processing of biometric information for the purpose of uniquely identifying a consumer.

(B) Personal Information collected and analyzed concerning a consumer’s health.

(C) Personal Information collected and analyzed concerning a consumer’s sex life or sexual orientation.

‍

• “Share”, “Shared” or “Sharing” means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioral advertising for the benefit of a business in which no money is exchanged. 

‍

‍