Merlyn Solution
Privacy Policy

< Back to Symphony Classroom Terms and Privacy Policy
Last Updated and Effective 08/31/2021

INTRODUCTION AND SCOPE OF THIS POLICY

This Privacy Policy describes how Merlyn Mind, Inc. (“Merlyn Mind,” “we,” “our,” or “us”) collects, uses, shares, stores, and otherwise processes Personal Information that is submitted to us or that we otherwise obtain or collect through the Merlyn Solution and its services. This Privacy Policy does not apply to other Merlyn Mind websites or applications, including www.merlyn.org, which is governed by the privacy policy available here.

Table of contents

1 DEFINITIONS

For purposes of this Privacy Policy, the following definitions apply:

  • “Instructor” means an instructor, teacher, school official, representative, or agent employed by, working at the direction of, or under the control of the Institution, or a school or educational authority representative under the control of the Institution, who is age 18 or older. The Instructor is authorized by the IT Administrator to use and deploy the Merlyn Solution.

  • “Institution” means the school or educational authority that uses or deploys the Merlyn Solution pursuant to Merlyn Mind’s Customer Agreement.

  • “Institution Users” refers to Instructors and IT Administrators, collectively. “Institution Users” does not include Participants.

  • “IT Administrator” means the individual(s) specifically designated and authorized by the Institution to Register and Onboard the Symphony Classroom AI Hub and/or Instructor(s) through the IT Administration Portal.

  • “Merlyn Solution” means the “Symphony Classroom AI Hub”, Desktop Application, Browser Extension, Remote, Merlyn Instructor Portal, IT Administration Portal and associated software and hardware, and Updates made available by Merlyn Mind from time to time, which may include software and technology of Merlyn Mind’s third-party licensors.

  • “Personal Information” means information that identifies or relates to a specific, natural person that is protected under applicable laws, including Voice Audio.

  • “Voice Audio” means spoken or audible speech, utterances, phrases, and sounds from or by a natural person within range of the Merlyn Solution.

  • “Wake Word” means the word(s) designated to activate the Merlyn Solution (e.g., “Hey, Merlyn”).

Other capitalized terms not defined in this Privacy Policy have the meaning ascribed to them in our Terms of Use.

2 INFORMATION WE COLLECT

As described in this Privacy Policy, Merlyn Mind collects certain Personal Information from or about Institution Users and Participants (collectively, “you” or “your”) in connection with the Institution’s use and deployment of the Merlyn Solution and provision of its services.

Institution Users

We may collect the following information regarding Institution Users:

  • Identifiers and contact information, such as first name and last name, email address, street address, job title, phone number, username, and password;

  • Voice Audio from Institution Users that is captured by the Merlyn Solution;

We also generate transcripts of (i) Voice Audio captured by the Merlyn Solution, and (ii) the Merlyn Solution’s responses to recognized commands.

Participants

The Merlyn Solution is designed to support classroom orchestration under the direction of the Institution and its Institution Users. Institutions and their Institution Users may elect to provide certain student roster information and may permit Participants, including students, to interact with the Merlyn Solution in accordance with Merlyn Mind’s Customer Agreement and applicable law. Merlyn Mind may collect the following information regarding Participants:

  • Student roster information, such as name and email address, if Institutions or Institution Users submit this information to Merlyn Mind or the Merlyn Solution;

  • Voice Audio from Participants that is captured by the Merlyn Solution;
    We also generate transcripts of
    (i) Voice Audio captured by the Merlyn Solution, and
    (ii) the Merlyn Solution’s responses to recognized commands.

In addition, ambient classroom noise and Participant Voice Audio may be captured by the Merlyn Solution, even if the Participant is not directly interacting with or commanding the Merlyn Solution, as further detailed in this Privacy Policy.

MERLYN MIND DOES NOT USE VOICE AUDIO FOR PURPOSES OF IDENTIFYING INDIVIDUAL STUDENTS.

For more information on our commitment to protecting student data privacy, see Section 5 of this Privacy Policy:Additional Information Regarding Children and Student Data Privacy Protections.

Device Pairing and Usage Information

When using the Merlyn Solution, we may access and collect information from Institution Users’ device or browser, or from other devices in the classroom that connect with the Merlyn Solution. This may include information such as the device’s IP address, including device location derived from the IP address, device ID, browser type and machine model, the length of time that the Merlyn Solution is powered on, the type and number of requests made of the Merlyn Solution, and extended display identification data (“EDID”) of devices connecting to the Merlyn Solution as well as information about the commands provided to the Merlyn Solution, which may include browsing history, location, and websites stored in the bookmarks or similar section of the browser when interacting with the Merlyn Solution (collectively, “Usage Information”).

When an Institution User Pairs their Instructor Device through an Institution’s third-party single sign-on provider supported by the Merlyn Solution, we have access to the files and related information within the Institution User’s drive that the Institution User shares with Merlyn Mind in order to respond to the Institution User’s commands and interactions with the Merlyn Solution. For example, when the Institution User Enrolls with a Google account and agrees to the necessary permissions, Merlyn Mind will be provided with the ability to display files or other content in the Institution User’s Google Drive if the Institution User commands it. Merlyn Mind does not store files from Institution Users’ Google Drive accounts and does not access such files except as necessary to provide the services and in accordance with the Institution User permissions and commands.

De-identified Data

We may create and retain de-identified data, and we may use aggregated, de-identified data for legally permissible purposes.

3. HOW WE COLLECT PERSONAL INFORMATION

We collect Personal Information as described in this Privacy Policy, including when you submit it to us, during the course of the Institution’s use and deployment of the Merlyn Solution as described above, and as follows:

How We Collect Voice Audio and Transcripts

The Merlyn Solution is activated when: (i) the Merlyn Solution recognizes an utterance as the Wake Word; or (ii) the Remote push-to-talk button is used to communicate with the Merlyn Solution.

  • Prior to activation of the Merlyn Solution: While the Merlyn Solution is powered on and before it is activated, the Merlyn Solution will capture all Voice Audio in order to recognize the Wake Word. Until the Merlyn Solution is activated, any Voice Audio received by the Merlyn Solution is overwritten and deleted programmatically in periodic, brief intervals. Merlyn Mind does not generate a transcript of the Voice Audio unless the Merlyn Solution is activated.

  • Upon activation of the Merlyn Solution: Once the Merlyn Solution is activated, the Merlyn Solution records Voice Audio that occurs in proximity with the delivery of a recognized command. The Merlyn Solution subsequently generates a transcript of the Voice Audio, and the Merlyn Solution then no longer retains the Voice Audio.

Please note, the Merlyn Solution also may capture, and be activated by, Voice Audio, including background voices, spoken words, or noise, that are not intended as the Wake Word or as a command, but that the Merlyn Solution may misinterpret as the Wake Word or a command (e.g., if the Merlyn Solution misinterprets an utterance as the Wake Word). As noted above, after the transcript is generated, Merlyn Mind no longer retains the Voice Audio.

For additional information on how we use and share Voice Audio, see Section 4 of this Privacy Policy: How We May Use and Disclose Personal Information.

How We Collect Other Personal Information

  • Device Onboarding and Enrollment: We collect Personal Information during the Onboarding and Enrollment process. The Institution or Institution User may also have the option to provide us with student roster information consisting of student first and last names and email addresses during Enrollment. This information may be provided directly from the Institution or Institution Users or through an Institution’s third-party provider supported by the Merlyn Solution.

  • Institution Users’ Communications with Us: We may also collect Personal Information when Institutions or Institution Users communicate with or submit information to us, including submitting inquiries, participating in surveys, or requesting information or support for the services. Additionally, we may collect Personal Information
    when Institution Users subscribe or sign up to receive communications, materials, or other information from us.

  • Third-Party Sources: We may collect certain Personal Information from third-party sources utilized by an Institution, such as the Institution’s single sign-on provider. This Personal Information includes the Institution User’s name, email address, and account credentials (e.g., username and password). We may also access files and other information and content that Institution Users make available in their third-party drives that are Paired with the Solution. As noted above, Merlyn Mind does not store files from Institution Users’ Google Drive accounts and does not access such files except as necessary to provide the services and in accordance with the Institution User permissions and commands.

4. HOW WE MAY USE AND DISCLOSE PERSONAL INFORMATION

WE DO NOT USE VOICE AUDIO FOR THE PURPOSE OF IDENTIFYING INDIVIDUALS. WE DO NOT SEND MARKETING MESSAGES TO STUDENTS OR USE OR SHARE STUDENT PERSONAL INFORMATION FOR MARKETING OR ADVERTISING PURPOSES.

We use student Personal Information to provide the Merlyn Solution and services in support of the legitimate educational
interests of the Institution as governed by our agreement with that Institution, and subject to the requirement that the Institution obtain any necessary consents to use and deploy the Merlyn Solution.

We use and disclose Personal Information to provide the Merlyn Solution and as described in this Privacy Policy, including for the following purposes:

Categories of Personal Information

How We May Use and Disclose Personal Information

Voice Audio and Transcripts

  • To provide and maintain the Merlyn Solution: We use Voice Audio in order to provide the Merlyn Solution and its services, including to respond to recognized commands and Wake Words and to generate transcripts of Voice Audio, as described above. We may share Voice Audio and transcripts with our third-party providers in order to facilitate the delivery of the Merlyn Solution and to provide certain features and services on our behalf, such as voice processing, technical support, and maintenance. As noted above, after Voice Audio is overwritten or a transcript is generated, Merlyn Mind no longer retains that Voice Audio.

  • To provide customer support, as needed, such as for troubleshooting, debugging, and to resolve customer support issues.

  • We do not use or share Voice Audio or transcripts for marketing or advertising purposes.

Identifiers and contact information

  • To provide and maintain the Merlyn Solution, as described above.

  • To contact and communicate with Institutions and Institution Users and to provide customer support, including to resolve a problem or support issue, notify Institutions and Institution Users about changes to the Merlyn Solution, and to otherwise communicate and request feedback on Institutions’ and Institution Users’ experiences with the Merlyn Solution.

  • To provide Institutions and Institution Users and marketing materials, such as updates and offers about our products, or requests for feedback or participation in surveys. At any time, recipients may unsubscribe from further communication on any electronic marketing communication by using the link labeled “unsubscribe” available in each email communication or by contacting us at privacy@merlyn.org.

Uses and Disclosures for Legal and Safety Purposes

  • In certain cases, we may also use or disclose Personal Information:

  • To protect our rights or the rights and safety of you or other third parties, or as necessary in the event of a court order, regulatory inquiry, or other lawful request.

  • In relation to a known or suspected illegal activity, unlawful use, or violation of our agreements or terms of use, and for fraud, loss, or crime prevention, including to share Personal Information with entities assisting us in investigations or prevention efforts and as may be required by applicable law.

  • In connection with legal or regulatory obligations: We may use and disclose Personal Information as necessary or appropriate to protect our rights or the rights and safety of you or other third parties, to enforce agreements and to assert and defend against legal claims, and for legal and compliance purposes or as otherwise necessary in the event of a court order, regulatory inquiry, or other lawful request.

  • In the event of a reorganization, merger, sale, assignment, bankruptcy, or similar business change: Subject to applicable law, we may need to transfer Personal Information to a re-organized entity or a successor organization in connection with the sale or reorganization, including for purposes of conducting due diligence to determine whether to proceed with any such transaction. If any such transaction occurs, the purchaser will be entitled to use and disclose the Personal Information collected by us in the same manner that we are able to, and the purchaser will assume the rights and obligations regarding Personal Information in accordance with this Privacy Policy.

Categories of Third Parties With Whom We May Share Personal Information

  • We will share or disclose your Personal Information with the following third parties or categories of third parties for the purposes described above:

  • Providers of single sign-on and authentication services used by an Institution and supported by the Merlyn Solution, whose services may also be used to provide the Merlyn Solution with roster information (including Google, in circumstances where Institution Users Enroll with a Google Account).

  • Providers of technology and services that enable the Merlyn Solution to process Voice Audio (for example, Google’s Speech-to-Text Technology).

  • Third parties whose services are integrated with the Merlyn Solution to respond to specific commands; for example, to tell you the time, or the weather.

  • Cloud service providers (including Amazon), whose services we use to store personal information collected through the Merlyn Solution.

  • Companies that assist us with our sales, marketing and customer relationship management activities (such as Salesforce). (We use these companies to maintain our business relationship with the Institution. These companies do not have access to student Personal Information).

  • Companies that assist us with our sales, marketing and customer relationship management activities (such as Salesforce). (We use these companies to maintain our business relationship with the Institution. These companies do not have access to student Personal Information).

Other service providers and sub-contractors, including suppliers of technical and support services, which may require certain Personal Information in order to help us provide the Merlyn Solution and its services. You can find a full list of those third parties here. We may share your Personal Information with our group companies under our common control or within our corporate family for the purposes described in this Privacy Policy.

5. ADDITIONAL INFORMATION REGARDING CHILDREN AND STUDENT DATA PRIVACY

As noted above, we use student Personal Information only to support the legitimate educational interests of the Institution as governed by our agreement with that Institution, and we require the Institution to obtain any necessary consents to use and deploy the Merlyn Solution.

Family Educational Rights and Privacy Act (FERPA)

As applicable, we ask Institution customers to designate us as a “school official” as the term is used in FERPA, 34 C.F.R. §99 et. seq. As a “school official,” we agree to be bound by the relevant provisions of FERPA, including that we will remain under the “direct control” of our Institutions with respect to the use and handling of any FERPA-protected “education records.”

Participants Under Age 13

We operate in compliance with the Children’s Online Privacy Protection Act (“COPPA”) and applicable laws covering children’s Personal Information. If our Institutions choose to use the Merlyn Solution in environments with Participants under age 13 or otherwise under the age of consent in their country, we ask the Institution to obtain any necessary prior, verifiable parental consent. If we become aware that a minor Participant has provided us with, or we have otherwise collected, Personal Information without appropriate consent, we will take steps to delete it and comply with other applicable COPPA obligations.

6. HOW TO ACCESS AND MODIFY YOUR INFORMATION

Institution Users may review, correct, update, or request that we delete their Personal Information or that of their Participants by contacting us at privacy@merlyn.org. Institution Users may also update their information in their account settings.

Since the Merlyn Solution is used under the direction of Institutions, parents and legal guardians should work directly with their Institution to review, modify, or request deletion of their child’s Personal Information submitted to and stored by the Merlyn Solution, if applicable. We will work with Institutions as needed to facilitate addressing those requests.

8. DATA RETENTION

We retain Personal Information for as long as is necessary to fulfill the purposes for which we obtained the Personal
Information, including to provide the Merlyn Solution and its services, or for such longer period as may be required or permitted by applicable law. We will also retain Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and policies.

Subject to applicable law, it is our policy to delete Personal Information within 90 days of contract termination, or within 30 days of a valid deletion request or notification from an Institution of an Institution User account termination, unless we are required by law to retain such information for a longer period. As noted above, after Voice Audio is overwritten or a transcript is generated, Merlyn Mind no longer retains that Voice Audio. It is our policy to de-identify transcripts within six (6) months of the transcript being generated.

We retain de-identified information, including aggregated, de-identified information for legally permissible purposes, including to develop and improve our educational products and to demonstrate the effectiveness of the Merlyn Solution, including in our marketing materials.

9. SECURITY

We implement information security safeguards designed to protect Personal Information against risks of loss, unauthorized access, destruction, misuse, modification, or inadvertent or improper disclosure. Please note, however, the Internet is not perfectly secure, and we cannot fully eliminate security risks associated with the storage and transmission of Personal Information.

11. ADDITIONAL DISCLOSURES FOR UNITED KINGDOM (UK)/EUROPEAN UNION (EU)/EUROPEAN ECONOMIC AREA (EEA) RESIDENTS

When we provide the Merlyn Solution to Institutions and Institution Users located in the UK and EU/EEA, we generally function in the capacity of a “data processor” under the European Union General Data Protection Regulation (GDPR) and the UK GDPR, and our processing of Personal Information is governed by our agreement with that Institution and in accordance with this Privacy Policy.

Legal Bases for Processing Where Merlyn Mind Acts as Controller

Merlyn Mind does not function in the capacity of a data controller for any student Personal Information. In limited cases, we function in the capacity of a data controller with respect to Institution User Personal Information, as provided below, each as further described in Section 4 (How We May Use and Disclose Personal Information):

  • To administer and manage Institution User account credentials. Our legal bases for these practices are performance of a contract, to enable us to perform our obligations, and to provide you with access to the Merlyn Solution.

  • When communicating with Institutions and Institution Users (other than for support purposes), such as to provide Institutions and Institution Users marketing materials or to request feedback or participation in surveys. Our legal basis for these practices is consent, where legally required.

  • If necessary, when processing Personal Information for legal and safety purposes. Our legal basis for these practices is compliance with our legal obligations.

Data Subject Rights

If you are based in the UK or EU/EEA, subject to applicable law, you may have the following rights regarding your Personal Information: the right to request confirmation from us as to whether or not we are processing your Personal Information, and where we are processing your Personal Information; the right to, access, update, or modify or correct your Personal Information; to request deletion of such Personal Information; and to object to or request that we restrict certain processing, including that related to marketing, to receive a machine-readable copy of the Personal Information concerning you that you provided to us; or request us to transfer such data to an applicable third-party in certain circumstances. You also have the right to lodge a complaint with a supervisory authority and may also make a request to restrict how we use your information while a complaint is being investigated.

In addition, where you provided your consent in respect of any processing by us of your Personal Information, you may withdraw such consent by sending an email to privacy@merlyn.org.

If you have any queries or complaints about our collection, use, or storage of your Personal Information, or if you wish to exercise any of your rights in relation to your Personal Information, please contact us at privacy@merlyn.org.

Please note, the above rights may be subject to various exclusions and exceptions under the law, and, under certain circumstances, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. We will respond to reasonable requests as soon as reasonably practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to address the request. Where we have received your information through our customers, or where we are otherwise operating as a processor, we may refer you to the entity with whom you have a direct relationship in order to implement your request, pursuant to applicable law.

If you have additional questions regarding the rights described above, you can contact us by sending an email to privacy@merlyn.org or by using the details provided in the “Contact Information” section.

12. TRANSFER OF DATA TO THE UNITED STATES

If you are located outside of the United States, please be aware that your information may be transferred to, processed, and/or maintained in the United States. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. If you are located outside of the United States, the transfer of Personal Information may be necessary to provide you with the requested information and services and/or to perform any requested transaction. If we transfer your Personal Information outside of the United Kingdom or EEA, we will take measures to ensure that your Personal Information is transferred and protected adequately in accordance with this Privacy Policy

13. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy in the future. If we make non-material changes, we will notify you by email or by contacting our privacy contact at the Educational Institution via the email address we have in our records, or as otherwise required by applicable law. If we make material changes to this Privacy Policy, we will provide the notice as described above, and will also request consent as required by applicable law. The “last updated” date at the top of this policy indicates when the Policy was last revised. We encourage you to review this Privacy Policy often to stay informed of how we may process your information.

14. CONTACT INFORMATION

For additional information regarding our privacy practices, please contact us by email at privacy@merlyn.org or by mail at:
Merlyn Mind, Inc.

405 Lexington Avenue, Suite 3504
New York, NY 10174

Our UK representative is:
Merlyn Mind UK Limited
3rd Floor, Chancery House St Nicholas Way
Sutton
Surrey
United Kingdom SM1 1JB

You can contact our UK representative at uk_representative@merlyn.org.