Application Privacy Policy

Effective Date: October 15, 2025

This Application Privacy Policy Applies to Learning A-Z Platforms Services and ExploreLearning LLC suite of products.

This Privacy Policy applies to the personal information collected, used and disclosed by Lazel, Inc. operating through its Learning a-Z and ExploreLearning brands (collectively, “we”, “us” or “our”), in connection with our processing of your personal information both outside of and as part of your use of our Learning Applications Services (“Services”).

Some of our Services are delivered through local education agencies who contract with us to provide those Services to their enrolled students and/or teachers, which we refer to here as “Enterprise Platform Services.” We also provide applications and Services directly to teachers, which we refer to here as “Direct Platform Services.” We also may provide learning applications and Services to students enrolled by their parents or guardians not as part of an educational institution customer. We refer to those Services as “Learning Platform Services at Home.” For clarity, "students" in this Privacy Policy includes all learners engaged in our platform Services regardless of age, unless specified otherwise.

When we refer to Enterprise Platform Services, Direct Platform Services, and Learning Platform Services at Home combined, we call them “Learning Platform Services” except that some specific differences between Learning Platform Services and Learning Platform Services at Home (such as how we may respond to inquiries or customer requests) will be specifically identified and addressed.

This Privacy Policy does not apply to our employees, candidates, or application for employment with us which is covered in our Human Resources Privacy Statement.

This Privacy Policy does not apply to our data collection and use practices outside of our Services. If you engage with us directly, such as by visiting our general commercial websites, attending a conference we sponsor, or requesting information from us in relation to our business, please see our Website Privacy Policy to learn more about how we process personal information in that context.

We typically perform Enterprise Platform Services under a contractual agreement with your school or institution through which you obtain our Services. For Enterprise Platform Services, we will process your personal information in accordance with the Enterprise Platform Services agreement with your school or sponsoring institution which may contain obligations about use of your personal information different from those stated in this Privacy Policy.

When our Learning Platform Services are used by a school, school district, teacher or other educational institution, we may collect or have access to personal information from a student’s educational record (“Student Data”). We provide the Learning Application Services as a “School Official” under the provisions of the Family Educational Rights and Privacy Act (“FERPA”). That means that we collect, retain, use, and disclose Student Data only for or on behalf of the educational institution for the purposes of providing the Services specified in our agreement with the educational institution, and for no other commercial purpose. Under applicable state privacy laws, we collect, retain, use and disclose Student Data as a service provider or processor to our educational institution customers. We do not own or control Student Data and collect Student Data only subject to the direction and control of the educational institution. Our collection, use, and disclosure of Student Data is governed by our contractual agreements with the educational institution, by FERPA, the Children’s Online Privacy Protection Act (“COPPA”) and applicable state laws relating to the collection and use of personal information of students.

This Privacy Policy and our Services are designed to comply with COPPA. We do not knowingly collect personal information from a child under 13 unless and until an educational institution customer, parent, or guardian has authorized us to collect such information. When our customers contract with us to provide the Learning Platform Services for students under the age of 13 years old, we rely on the educational institution customer, parent, or guardian to provide appropriate consent and authorization for a student under 13 to use the Service and for LAZ to collect personal information from such student, as permitted by COPPA.

When a parent or guardian signs up to provide our Learning Platform Services at Home to a child under 13, we will seek the appropriate consent directly from the parent or guardian before collecting any personal information from the child.

We do not knowingly collect personal information from children under 13 other than through our Learning Platform Services with appropriate consent from a parent, guardian, teacher, or education institution customer. If you are aware of any processing of personal information of children under 13 outside of these Services, please contact us at the contact information in the How You May Contact Us and How to Exercise Privacy Rights section of this Privacy Policy.

If we make any material changes to our privacy practices as described in this Privacy Policy, we will provide you or your institution with prior notice of those changes before they take effect. You will be given a reasonable opportunity to consent to such changes. Depending upon the nature of the changes, your opt-in or opt-out consent will be honored, although your choice may impact our ability to provide, and your ability to continue to use, the Services.

Personal information describes information that can be used to directly or indirectly contact or identify an individual. When we use the term personal information, this includes Student Data.

We may process pseudonymized and de-identified data for secondary business purposes to enhance, improve, or develop products and Services generally, analyze the performance of products and Services, and conduct educational research or statistical analysis. However, we will not use pseudonymized or de-identified data for secondary business purposes if we are restricted from doing so in accordance with contracts or applicable law.

When we use the term “process” or “processing” we mean collection, use, storage, disclosure, transmission, or any activity whatsoever related to, or which uses, that data.

In providing our Services we strive to only collect and process data elements which are reasonably necessary, proportionate, and not excessive for the uses for which we need to process that data.

We collect and process personal information from parents and guardians, teachers, school administrators, and students. Usually, this information is collected by us when schools, teachers, or parents submit it to us when registering to use our products.

We collect and process the following types of personal information from parents and guardians, teachers, and school administrators:

· First and last name, postal mailing address, email;

· Demographics;

· Account credentials, such as username and password;

· Commercial information related to your use of our Services;

· School associated with account;

· Usage data (licensed apps and use statistics);

· Phone device;

· Browser agent information and other network and device identifiers, such as IP address;

· Professional or employment information relating to teachers (such as current role at school), employer name, languages used;

We may collect and process the following types of student personal information as part of the Services:

· Student First and Last Name; (Optional; only required for Autorostered students);

· Student Username;

· Student Password;

· Grade ; Optional; required for some Autoroster sources)

· School ID (optional);

· Teacher First and Last Name;

· Teacher Email;

· Teacher Password;

· School Leader/Admin First and Last Name;

· School Leader/Admin Role;

· School Leader/Admin Email Address;

· School Leader/Admin Password;

· School Leader/Admin Phone Number (optional);

· School Name;

· School Address;

· IP Address;

· Date/Time of Requests;

· Browser User Agent;

· Browser Session Identifier;

· Pronunciation Sound Log;

· Http Endpoint and Query Parameters; and

· Student API Calls; and

· Sound Logs

We process personal information to provide, maintain, support and develop our Services to you and your authorized users and as described in this Privacy Policy and for no other reason, except where we obtain your advanced consent after you are notified of those other purposes for which we seek to use the information and those purposes are permitted by applicable law.

We do not sell or process personal information of students arising from the use of our Services to target marketing or advertising to them.

We do not build personal profiles of students from data arising from the use of our Services for any purposes except as is specifically required to support the educational purposes for which we are engaged, or as specifically authorized or instructed by the school, teacher, and/or parent or guardian of that child.

We will not process personal information of students using our Services beyond that needed for authorized educational (school) purposes or as specifically authorized by the parent/guardian and/or educational institution customer.

We also process the above personal information for the following purposes, to the extent permitted by applicable law:

We may create and use De-identified Data for educational research, product improvement, benchmarking, and development of best practices. "De-identified Data" means data from which all personally identifiable information and individually identifying attributes have been removed in accordance with applicable law (including 34 CFR § 99.31(b) under FERPA) such that there is no reasonable basis to believe individual students could be identified.

We will:

· Use De-identified Data only for the purposes stated above

· Not attempt to re-identify De-identified Data or authorize others to do so

· Not use or publish materials utilizing De-identified Data in any way that identifies Customer or any student without prior written consent

· Retain De-identified Data only as long as necessary for the stated purposes

· Comply with all applicable federal and state student privacy laws

This provision does not authorize use of personally identifiable student information for purposes other than providing the educational services contracted by Customer, except as may be separately authorized in writing or as permitted by applicable law.

In order to support the Services, we engage and disclose personal information to third party service providers (“Service Providers”).

Depending upon the Services in which you participate, we may also have to send personal information to other third parties who are not service providers of ours, and whose information practices are not governed by agreements we have with them where they must process information in accordance with our directives. For example, we provide Learning Platform Services that may involve awarding and managing certificate credentials for teacher achievements and completion of training courses, or if students enroll in online schooling for which transcripts and subject and grade level completion are necessary. In those cases, we usually participate with other companies to which we send information about teachers or students upon completion of learning milestones or training. Those companies typically manage that information in accordance with their own privacy practices and we do not control how they use the information. We will provide you with additional notices if you, or your students, participate in programs requiring release of that information, what type of information we release, who the third parties are, and where you can find out more information about their privacy management practices before sending your information to those companies, so you may advise us if you wish to participate, or do not wish to do so. We will not provide Student Data to these third parties without express consent of the educational institution, parent, or guardian. We will provide you with further information about how you may exercise your rights to prevent sharing with those entities, or if the Services you, or your institution, selected require us to share as part of the service.

Depending upon the third-party Services you, or your institution, might use to access our Services, we might be obliged to release certain information about use of the Services, such as if your institution uses third party rostering or identity management Services.

We may also be asked by educational institution customers to release personal information to other third parties under our Enterprise Platform Services if we are required to release it per our contract with our Enterprise Platform Services customers. Typically, these releases are to other public institutions for their research purposes. The data elements to be released are controlled under the discretion of the Enterprise Platform Services customer requirements and we will cooperate with the customer to make the disclosures in accordance with its instructions. If you have questions or concerns about such disclosures, you should inquire of your school institution whether they require us to release personal information, what types, and what your rights are with respect to those instructions to us.

We may disclose personal information to other third parties to the extent necessary to evaluate or engage in a business sale, financing, investment, divestment, merger, acquisition, or other business combination. If we disclose personal information for the business purposes, we will take steps designed to ensure that any other successor business adheres to the same privacy practices as we set forth in this notice.

Student personal information is retained for so long as necessary and required to support the Enterprise Platform Services as per our contracts with schools. If educational institutions do not instruct us to delete data, or our contracts do not specify time periods for retention, we reserve the right to delete inactive account information, including Student Data, in a reasonable period of time, which will not exceed one year from the last activity in an account.

For Direct Platform Services, student data is processed during the term an active licensing agreement is in place and is deleted within 45 days after the end of that licensing agreement; however, depending upon our back-up systems retention times such information may be maintained in backups for up to 180 days after termination of the Learning Platform Services. We follow our security and privacy notices and provisions at all times during which we process this personal information.

For Learning Platform Services at Home, personal information is retained for so long as necessary and required to support our Services to you and for a reasonable period of time after that as necessary for our legal compliance obligations.

We retain limited teacher and parent/guardian personal information such as name, address, and email associated with licensing and billing information for a period of up to 7 years for financial accounting, auditing, and legal compliance purposes.

We are headquartered in the United States and currently the Learning Platform Services is designed for individuals located in the United States. The United States may have privacy and security laws that differ from those in your country. If you are located outside of the United States, be advised that any information you provide to us will be transferred to, stored in, and accessed by people in the United States. By submitting information to us, you authorize its transfer, storage, and access within the United States. Some of the recipients of data identified above may be located in countries that do not provide an equivalent level of protection as your home country. Where required by applicable law, your continued use of our Services indicates your consent to our privacy practices as described in this Privacy Notice.

Applicable laws may give you certain rights with respect to your personal information that we process.

For Enterprise Platform Services and Direct Platform Services, we support access to, correction, and deletion of Student Data by our educational institution customer and/or teachers by cooperating and assisting the school and teachers to meet their requirements for access, correction, and deletion, or by responding to requests we receive from schools. If we receive such a request directly from a student or parent, we will advise the corresponding educational institution or teacher customer of the request and we will follow all lawful instructions from the institutions and teachers.

For Learning Platform Services at Home, parents, guardians, and/or students may make rights requests under COPPA and under any applicable state privacy laws by contacting us at the contact links below.

For the rest of our Services, you may be entitled to additional rights, including:

1. The right to know what personal information we process about you, including categories of data, sources of it, the business purposes for collecting, selling, or sharing it, and the categories of third-party service providers to which it may be disclosed.

2. The right to request that we delete personal information we have collected about you, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies. Examples when we may deny your request to delete include:

i. when we must retain your information to complete a transaction request or provide the Services to you;

ii. take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

iii. detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

iv. debug products to identify and repair errors that impair existing intended functionality;

v. exercise free speech, ensure the right of another person to exercise their free speech rights, or exercise another right provided for by law;

vi. comply with other applicable laws;

vii. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;

viii. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; and/or,

ix. otherwise comply with a legal obligation.

3. The right to correct inaccurate personal information we maintain about you.

4. The right to opt-out of the processing of personal information for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. We do not process your personal information for any of these purposes.

5. The right not to receive discriminatory treatment for exercising your privacy rights.

6. In some states, if we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us as outlined below and specifying you wish to appeal. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the appropriate regulatory authority for your state.

Educational institution administrators, teachers, parents, guardians, and students may contact us at the contact information set forth in this section, if they wish to exercise any privacy rights, or if you have any questions, comments, or wish to report a problem or complaint relating to our privacy practices, you may contact us by

​Attn: Customer Service Manager

LEARNING A-Z

1840 E RIVER RD STE 220

TUCSON AZ 85718-5997

USA

If you believe your privacy rights have been violated or are unsatisfied with our response, you may file a complaint with the iKeepSafe Safe Harbor Program. Consumer complaints can be submitted via email to [email protected]