MetaMetrics®’ Global Privacy Policy

Updated October 2024

Introduction and Key Definitions

This is the Global Privacy Policy (this “Privacy Policy”) of MetaMetrics, Inc., (“MetaMetrics”, “we,” “our” or “us”). We want our visitors to learn about our services, and we help educators, researchers, parents, students, and other authorized users to easily put the Lexile Framework® for Reading, Lexile Framework® for Oral Reading and the Quantile Framework® for Mathematics to work. In this Privacy Policy we describe the information we may collect about you through our Sites (as defined in our Terms of Use), how we use that information, circumstances in which we share it, how we protect it, and the rights and choices you may have with regard to your information. Please read this Privacy Policy carefully before accessing or using our Sites. By accessing or using any of our Sites, you accept and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, do not access or use our Sites.

This Privacy Policy is incorporated into our Terms of Use. Any capitalized terms not defined in this Privacy Policy have the definitions set forth in the Terms of Use.

In the event we add future Sites or services that affect the terms of this Privacy Policy, we will revise accordingly. References to “you” or “your” pertain to all our site visitors, registered users, or Hub members throughout this Privacy Policy.

What is our general approach to your Personal Information?

We do not sell Personal Information as that term is commonly defined in applicable privacy laws. We use reasonable efforts to protect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with you or your household (your “Personal Information”).

We know that when users provide Personal Information to an organization it is an act of trust. That trust is something we take seriously. MetaMetrics works to ensure that the Sites observe compliance standards for online privacy, security, business practices, honest transactions, and availability. This Privacy Policy explains the steps we take to protect Personal Information shared with us through the Sites or when you otherwise interact with us, including how we collect it, who has access to it and what is done with it.

NOTICE AT COLLECTION

What categories of Personal Information do we collect?

The categories of Personal Information we collect and use include the following (these are examples and may be subject to change):

Identity Data	Information such as your name; address; email address; telephone number; age and/or age range; or other account-related information; and information you provide in connection with your application to be an employee or to otherwise collaborate with us.
Contact Data	Identity Data that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, and information you provide to us when you contact us by email or otherwise communicate with us.
General Location Data	Non-precise information about your location as determined based on your IP address.
Device/Network Data	Browsing history, search history, and information regarding your interaction with our Sites (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs and pixel tags.
Commercial Data	Information about the services for which you have registered and transactions you enter into with us, and similar information.
Inference Data	Personal Information used to create a profile about you, which may include your preferences, reading or writing levels, abilities, aptitudes, and other data or analytics provided about you or your account by our third party partners or data aggregators.
Audio/Visual Data	Data collected if you submit audio or video recordings to our Sites or services, as well as any other audio or video files you may submit to us, in addition to voice mails, call recordings, and the like.
User Content	Unstructured/free-form data that may include any category of Personal Information, e.g. data that you give us in free text fields such as comment boxes, answers you provide when you participate in sweepstakes, contests, votes and surveys, including any other Personal Information which you may provide through or in connection with our Services.
Sensitive Personal Information	Personal Information deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Information: “Account Log-In Data” Information you need to log-in to your account on our services, including your user name and password. “Financial Data” Information such as bank account details, payment card information, including similar data defined in Cal Civ Code § 1798.80(e), which is collected only to the extent you have subscribed to one of our paid services.

What are the purposes for which we collect and use Personal Information?

Information we collect automatically

Some information, typically including Device/Network Data, is collected automatically when you visit the Sites. This information may not on its own reveal your name or contact information, but it may include device and usage information, such as your IP address, browser, device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use the Sites and other technical information.

How we use this information: This information is primarily needed to maintain the security and operation of the Sites, and for our internal analytics and reporting purposes, however we also use this information to improve our Sites and services, to determine which features of our Sites are most popular with our users, and to otherwise better understand our users’ preferences.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). “Cookies” are small text files that are placed on your device by a Web server when you access The Sites. We may use both session Cookies and persistent Cookies to tell us how and when you interact with the Sites, as well as to keep you logged-in to our Sites, and to otherwise improve your experience on our Sites. We may also use Cookies to monitor aggregate usage, remember your preferences, and to customize and improve the Sites. Unlike persistent Cookies, session Cookies are deleted when you navigate away from the Sites and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Sites. Some “essential” Cookies are required for our Sites to function properly, and other “non-essential” Cookies are helpful to enable certain features, but you are still able to use our Site without them (although certain features or functionality may be disabled). You may modify your preferences with regard to our use of non-essential Cookies by reviewing our Cookie Policy and selecting your preferences with regard to non-essential Cookies. Please note that some Service Providers that we engage may also place their own Cookies on your device. Note that this Privacy Policy covers only our use of Cookies and does not include use of Cookies by any Third Party or Service Provider you visit directly. Both should have their own privacy policies.
Web Beacons. Pages of the Sites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Information you voluntarily provide

We collect Personal Information from and about you when you voluntarily provide it to us, in addition to Personal Information and other data we collect automatically when you visit the Sites. Depending on the Site you have accessed, or the other ways in which you interact with us, we may collect different types of information as outlined below.

Website/Services Users

Generally: We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data when you visit our Sites. You may also be able to create an account, enroll in marketing communications, or use various services through our Sites, which are further described below. We use this Personal Information as necessary to operate our Sites, such as keeping you logged in, delivering pages, etc., for our Business Purposes described below, and our other legitimate interests, such as:

ensuring the security of our websites, mobile applications and other technology systems; and
analyzing the use of our Sites, including navigation patterns, clicks, etc. to help understand and make improvements to the Sites.

Account Creation: Some of our Sites enable you to register to create an account. If you do this, we will collect Account Log-In Data, Identity Data and Contact Data, including the username, email address, and password you provide. We may also collect General Location Data based on your IP Address, and Device/Network Data when you access our Sites. On some Sites we may also request additional Personal Information associated with your account (such as your age, company name, school, or other data indicated in the form when you create your account). We use Account Log-In Data, Identity Data and Contact Data in connection with logging you in to our Sites, managing your account and your use of our Sites and services.

Subscriptions: If you purchase a subscription to one of our Sites, we will collect Account Log-In Data, Identity Data, Contact Data, Financial Data and Commercial Data,. Some Sites may additionally require role (educator, parent, researcher), General Location Data such as country or US state, and company. We process this Personal Information as necessary to perform or initiate a subscription with you, process your order, payment, or refund, carry out fulfillment and delivery, document transactions, and for our Business Purposes.

For certain subscriptions, we may also require that you provide Financial Data, Identity Data and Contact Data, including billing information, to our payment processor Service Provider, Stripe Elements. Note that qualifying educators in Lexile and Quantile partner states can subscribe to some of our Sites for free and thus without the need to provide billing information. All registered users may voluntarily submit additional Personal Information, like their first and last name, into their Profile information and select mailing lists to which they wish to subscribe.
Payment card data is subject to the Payment Card Industry Data Security Standard (PCI DSS), which is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. If you submit a payment to us via credit or debit card, you will be transferred to the site of our third party payment processor, Stripe Elements, a pre-built user interface (UI) component created by Stripe, Inc. When you enter into a paid subscription for one of our Sites, sensitive credit card data is exchanged using direct communication between the Stripe UI component in your browser and the Stripe service. MetaMetrics has no access to this data. We do not collect, control, see or store any of the card data entered into Stripe Elements. The Stripe service creates a token and returns it to our web service as a record of successful payment. This token is a virtual object that represents the actual, sensitive data, which is designed to better protect your data.
See Stripe’s Privacy Policy for more details available at www.stripe.com/privacy.

Special Offers and Demonstration Versions: We may offer limited time, seasonal, early or limited access, special purpose or demonstration versions of our Sites or tools. In such cases we may collect additional Personal Information, which may include Identity Data, Contact Data, General Location Data, and Commercial Data, tied to the registrant’s email, role, country, and state, and potentially also including grade level, math or reading level, school district, and quantile measure, depending on the offering. Where applicable, we may permit users to provide student data in order to customize the registered user’s use of the offered service.

Inquiries and Support

Certain pages on some of our Sites enable you to submit inquiries or requests to us, in which case we may collect Identity Data, Contact Data, User Content, Account Log-In Data, Commercial Data, and potentially Device/Network Data. These Sites collect this Personal Information when users complete an inquiry or request for more information using our online form. These forms typically collect the following information: first and last name, phone number, email address, organization name, organization type, areas of interest. We may share this information with our third party service providers, including storing the information in cloud-based contact management systems, and providing the information to third parties who assist us with our email marketing and other communications.

Any user of our Sites wishing to obtain support must provide an email address. Without this information we cannot answer your questions. When submitting a support question to us through Hub Support Contact Us you must not only provide a valid email address, but also first and last name, US state if applicable, country, role, and your specified request. Some of our Sites offer multiple levels of access, some of which may require users to register or purchase a subscription, in which case we would collect Financial Data, and others which are available without registration or subscription. Differences between levels of access may require corresponding differences in data collection practices.

We may also collect Identity Data, contact Data, Account Log-In Data, Commercial Data, or Audio/Visual Data if you contact us for support via phone or video conference.

Oral Reading Performance Measurement

You may be able to submit oral reading samples to some of our Sites, in which case we may collect Identity Data, Contact Data, Account Log-In Data, User Content, Audio/Visual Data, and potentially Device/Network Data. These Sites may enable users to record themselves reading a presented passage or to upload an audio file of themselves or others reading. When we collect oral reading samples, data collected may include the reader’s grade (if a student), session ID, date and time of the recording, and prior ability information used to calculate current oral reading ability. Information we send back as a result of the analysis may also be linked to data or files retained in our system. We may use a Third Party provider for automated speech recognition (ASR). Once processed, an informational Lexile oral reading ability measure is displayed. This measure is not to be used for educational placement of a child or for identification of speech disorders or other diagnosis of an adult.

Listening Content Measurement

You may be able to submit audio books and audio passages to some of our Sites, which may involve collection of Identity Data, Contact Data, Account Log-In Data, User Content, Audio/Visual Data, and potentially Device/Network Data. We may process Inference Data as part of our analysis These Sites may enable users to upload one or more audio files as an audio complexity measurement job. When we collect Listening Content, data collected may include the user’s name, user ID, company name, company ID, session ID, date and time of the upload, audio title, publisher name, ISBN, job name and job number, and other bibliographic data as may be relevant. Information we send back as a result of the analysis may also be linked to data or files retained in our system. Once processed, a Lexile listening complexity measure is displayed or sent.

Note, however, that when you submit a voice recording through one of our Sites, it may be processed by a Third Party ASR provider. Data sent by MetaMetrics to a Third Party is anonymized and is encrypted while in transit, protecting all Personal Information connected with the reader. To the extent that the reader is a child, we encourage you to review and approve the third party’s Privacy Policy prior to submitting your child’s voice recording to them. We may use one or more third parties and do not control or direct their processing of your Personal Information, and as such we are not responsible for their management of your data.

Marketing Communications

We may use Account Log-In Data, Identity Data, Contact Data, Inference Data, and Device/Network Data for marketing communications, including to send you emails regarding other MetaMetrics products and services we believe would be of interest to you, and when you open or interact with those emails. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase. See your rights and choices below to opt out of marketing communications.

Information collected from other sources

We may collect limited data from schools with which we have a relationship, public databases, marketing partners, and other outside sources. This may include Identity Data, Contact Data, General Location Data, Device/Network Data, and Inference Data. All Personal Information that you provide on or to a Third Party or that is collected by a Third Party is provided directly to the controller, owner or operator of the Third Party and is subject to the owner’s or operator’s privacy policy. We do not monitor or control any data you provide to Third Parties. Thus, we are not responsible for the content, privacy or security practices of a Third Party. To assure the protection of your Personal Information, we recommend that you carefully review the privacy policies of any Third Party you access. You assume the risk of providing any information you provide to a Third Party.

Business Purposes of Processing

We and our Service Providers process Personal Information for several common business purposes, depending on the context of collection, your rights and choices, and our legitimate interests. We generally process Personal Information for the following “Business Purposes,” however, further details on how we use specific categories of Personal Information in various aspects of our business is provided above.

Providing our Sites and Services

We process any Personal Information as is necessary to provide the Sites, and as otherwise necessary to fulfil our obligations to you, e.g. to provide you with the information and Sites you request, to manage our organization, to collect amounts owing to us, to maintain business records for reasonable periods and to satisfy regulatory requirements.

Internal Processes and Service Improvement

We may use any Personal Information we process through our Sites as necessary in connection with our improvement of the design of our Sites, understanding how our Sites are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Sites. Additionally, we may use Personal Information to understand what parts of our Sites are most relevant to our users, how users interact with various aspects of our Sites, how our Sites perform, etc., or we may analyze use of the Sites to determine if there are specific activities that might indicate an information security risk to the Sites or our users. This processing is subject to certain user rights and choices as described further below.

Compliance, Safety & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Information subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Information in extraordinary circumstances.

Aggregate Analytics

When an individual visits our Sites, our organization processes Personal Information as necessary in our creation of aggregate analytics to better understand how our Sites are used, to make sure our content and services are served correctly, and to improve the performance of our Sites. The resulting aggregate data will not contain information from which an individual may be readily identified.

Personalization

We process certain Personal Information in connection with our legitimate business interest in personalizing our Sites. For example, aspects of the Sites may be customized to you based on your interactions with our Sites and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

How long do we keep Personal Information?

In general, we keep Personal Information as long as it is reasonably necessary in connection with the purpose for which it was provided, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. For data collected from registered Members, we will keep Personal Information for as long as a Member maintains registration and or subscription in good standing. Once those registrations or subscriptions lapse or terminate, unless a written agreement between us and a Member provides otherwise, we may keep Personal Information for as long as needed only to meet regulatory requirements or business requirements. Any kept Personal Information will remain subject to the restrictions on sharing and use outlined in this Policy for as long as it resides with us.

We generally consider the following factors when we determine how long to retain data (without limitation):

Retention periods established under applicable law;
Industry best practices;
Whether the purpose of processing is reasonably likely to justify further processing;
Risks to individual privacy in continued processing;
Applicable data protection impact assessments;
IT systems design considerations/limitations; and
The costs associated continued processing, retention, and deletion.

We will review retention periods periodically and may pseudonymize or anonymize data held for longer periods.

Do we sell your Personal Information or “share” it for behavioral advertising purposes?

We do not “sell” or “share” (for behavioral advertising purposes) your Personal Information (as that term is defined under applicable privacy laws), and as such you do not have to Opt-in or Opt-out of any sale or sharing of Personal Information.

DISCLOSURES OF PERSONAL INFORMATION

What and how do we disclose to Service Providers?

In order to operate our business it may sometimes be necessary to disclose Personal Information with contractors and other service providers. Personal Information disclosed to Service Providers may include Contact Data, Identity Data, Commercial Data, Device/Network Data, General Location Data, Audio/Visual Data, Inference Data, and User Content. In limited situations, depending on the services provided by the Service Provider, we may provide them Financial Data. For example, we may share Personal Information with the companies that host our Sites, provide analytics and other functionality on our Sites, host or provide our database of current and potential customers, help us send emails and other communications, or provide other services to us. In addition, we may share Personal Information with individual contractor scientists and software developers as may be required.

As noted above, we use third-party service providers to analyze audio recordings. When the recording is submitted to the third party for processing, we share only Audio/Video Recording Data, and no other personal identifiers are shared. Results from the third party are combined with our own processes to calculate the reader’s proficiency results. In doing so, we connect the proficiency results with the Personal Information you provided.

All Service Providers are bound by a legal contract to keep Personal Information confidential. They can use Personal Information only for the purposes for which we disclose it.

Google Analytics-- We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics is a web analysis tool we use to help us analyze the interaction of visitors with our Sites. Thus, we can improve your experience on our Sites. Google Analytics uses Cookies. The information generated by the Cookie regarding your use of the Sites are usually transferred to a server belonging to Google. The information saved by the Cookies includes, for instance, the time of your visit on the Sites, the frequency with which the visitor has called up the Sites, and from where the visitor has accessed the Sites. To determine the latter value, Google initially records the IP address of the user. However, we have activated the IP anonymization on the Sites. On behalf of the Sites, Google will use the aforementioned information to analyze your usage of the Sites, to compile reports on the Sites’ activities and to provide further services associated with the usage of the Sites and the Internet. You can prevent Google Analytics from saving the Cookies by a corresponding setting in your browser software. However, by doing so you may disable some functions of the Sites. In addition, you can prevent the recording of the data generated by the Cookie and relating to your usage of the Sites (including your IP address) to Google and the processing of these data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout. Further information on data protection with regard to Google Analytics can be found at said link.

Further information about handling user data can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Please check this Privacy Policy regularly for updates on other Service Providers that may be used in connection with the Sites or contact us at Hub Support Contact Us for the most recent list of our Service Providers with whom we share your information.

What and how do we disclose to other third parties?

Fulfilling your requests. Some of our Sites include the ability for you to share content or information with third parties you designate. If you give us an email address to use the “share” feature within a tool, we will transmit the contents of that email and your email address to the recipients.

Affiliated entities and corporate transactions. We may share Personal Information with our current or future subsidiaries and affiliates in order to streamline provision of services or for other business purposes. In addition, if we contemplate a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, it is possible that we would need to share Personal Information with another organization during the due-diligence process, following the transaction, or otherwise in connection with a corporate event.

Partners. We may disclose your Personal Information to partners, such as schools or school boards, in order to provide our Sites.

Legal disclosures. We may also share Personal Information to comply with a court order, law or legal process. This includes a government or regulatory request. Before we do that, we would provide the user with notice of the requirement. If the user so chooses, a protective order or another remedy could be sought. If after providing that notice we still must share the demanded Personal Information, we will share no more than that portion of Personal Information which, on the advice of our legal counsel, the order, law or process specifically requires us to share. Note, some of these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Information as your home jurisdiction. We may, in our sole discretion (but without any obligation) object to the disclosure of your Personal Information to such parties.

Other parties. We may share Personal Information with third parties as we deem appropriate in order to enforce or apply our Terms of Use, Additional Terms, or other agreements, including for billing and collection purposes, to prevent fraud, and to obtain advice about legal and financial matters.

ADDITIONAL INFORMATION

Children’s Information

We do not directly collect personal information from children through our Sites. We may receive data provided by a parent regarding their child (which may include the child’s Identity Information, Audio/Visual Data, or Sensitive Personal Information), or by a state, school district or teacher containing information regarding a child or groups of children, however, any group information is aggregated and anonymized such that it no longer is considered Personal Information under applicable laws. If you believe that we have collected Personal Information directly from a child under the age of 13 (in the U.S.) or 16 (typically the applicable age in European countries) without following the proper procedures, please notify us via email to support@lexile.com

What data security measures do we take?

MetaMetrics has reasonable safeguards to help prevent unauthorized access to, disclosure of, or misuse of your Personal Information. However, we cannot guarantee that your Personal Information will never be shared or otherwise processed in a manner inconsistent with this Privacy Policy (for example, as a result of unauthorized acts by third parties that violate applicable law or our Terms of Use). If you register for a membership with the Hub or similar Sites we offer, you will be asked to select a password to help protect your Personal Information. These passwords help us verify your identity before granting access or making corrections to any of your Personal Information. You should never share your password with anyone. MetaMetrics will never ask you for your password in a phone call or email. You are responsible for maintaining the secrecy of your passwords and any account information. When subscribing for Premium membership through the Hub you also provide your credit card information. It is transmitted using Secure Sockets Layer (SSL) technology to help prevent unauthorized access or misuse of that information. (PCI-compliance requires following the Transport Layer Security 1.2 rules.) SSL is the standard security technology for establishing an encrypted link between a web server and a browser. Make sure you see a full “lock” symbol and https in the status bar of your browser. Browsers like Firefox 63 and above, Google Chrome 70 and above, Safari 6.2 and above employ some version of the lock symbol to indicate security. If the lock symbol is not visible, do not enter any information. Direct any issues or concerns to our support community for further guidance at Hub Support Contact Us. Finally, the computers/servers in which MetaMetrics stores Personal Information are kept in a secure environment. Please note that to the extent your Personal Information is shared with a service provider or other third party, we cannot guarantee, nor will we be responsible for, the security measures of those third parties.

INTERNATIONAL DATA

Legal Basis for Processing

We process your Personal Information in accordance with applicable data protection laws. If you are subject to the GDPR, we process Personal Information in accordance with one of the required legal bases. For example, when you voluntarily provide Personal Information to us, we primarily process it with your consent, or in order to fulfill a contract with you. Information we collect automatically is typically processed in accordance with our legitimate business interests, such as to improve our Sites and services. We may also process certain Personal Information to the extent required by applicable legal requirements.

International Data Transfers

MetaMetrics is a U.S. company. If you are located outside the United States and choose to provide information to us, we transfer at least some Personal Information to the United States for processing, and our service providers may process Personal Information in the United States and elsewhere. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to the United States, we will protect it as described in this Notice. Data we collect may be transferred to, stored, and processed in any country or territory where one or more of our affiliates or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect Personal Information that we transfer in line with this Privacy Policy.

If you are located in the European Economic Area (“EEA”), please note that some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Information to other territories, we will put in place appropriate safeguards designed to ensure that your Personal Information will be protected and processed in accordance with this Privacy Policy and the requirements of applicable data protection laws, including, when applicable, the General Data Protection Regulation (“GDPR”) or the UK GDPR (as defined in UK Data Protection Act 2018). We may transfer Personal Information from the EEA to the US using the EU or UK (as applicable) standard contractual clauses or other lawful mechanisms.

PERSONAL INFORMATION RIGHTS AND CHOICES

How can you exercise rights in your Personal Information?

At any time, Members of the Hub or our other Sites offering subscription options can change their Personal Information stored in The Profile page. Members can also choose to opt-out of MetaMetrics’ mailing lists with immediate impact. Members can also close their Hub memberships by following the directions listed in the Hub for immediate closure of the membership. Closing a membership will not trigger the deletion of Personal Information. Regardless of whether you are a Member, depending on where you live, and subject to our obligations under applicable laws, you may have certain rights and choices regarding your Personal Information. Please note, these rights may vary based on the country or state where you reside, and our obligations under applicable law.

Verification of Rights Requests

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Information. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf. We may require that you match Personal Information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Information to you if prohibited by law.

Regional Rights:

Access Rights: You may have the right to receive certain information, such as the following (these rights, and the applicable types of data and time periods, will vary depending on the laws applicable to the state or country in which you reside):
- Access to and/or a copy of certain Personal Information we hold about you.
- You may have the right to obtain certain Personal Information in a portable format.
- California residents also have the right to obtain information about: 1) the categories of Personal Information we have collected or disclosed about you; (2) the categories of sources of such information; (3) the business or commercial purpose for collecting or selling your Personal Information; (4) the categories of third parties to whom we disclosed Personal Information; and (5) the right to confirm whether we are processing your Personal Information.
Erasure: You may have the right to request that we delete certain Personal Information we have about you. We may either decide to delete your Personal Information entirely, or we may anonymize or aggregate your Personal Information such that it no longer reasonably identifies you. Certain Personal Information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide our services to you, we may be required to retain certain information for legal purposes, and there may be other reasons we may need to keep certain Personal Information under various applicable laws. In addition, if you ask us to delete your Personal Information, you may no longer be able to access or use some of our tools or services.
Correction: You may have the right to request that we correct certain Personal Information we hold about you.
Limitation of Processing: Certain laws may allow you to object to or limit the manner in which we process some of your Personal Information, including the ways in which we use or share it. For example, you may have these rights if the processing was undertaken without your consent in connection with our legitimate business interests (although we may not be required to cease or limit processing in cases where our interests are balanced against your privacy interests).
Regulator Contact: You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Information. To do so, please contact your local data protection or consumer protection authority.
Postings by Minors: Users of our Sites under the age of 18 in certain jurisdictions have the right to require that we delete any content they have posted on one of our Sites.
Non-Discrimination: California residents have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
Other: You may have the right to receive information about the financial incentives that we offer to you, if any. You may also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.

If you believe that you have specific rights under your jurisdiction and you would like to exercise any of these rights, please submit a support request through Hub Support Contact Us or email us at support@lexile.com . Other than marketing opt-out and do-not-sell requests, you will be required to verify your identity before we fulfill your request. In certain jurisdictions, you may be able to designate an authorized agent to make a request on your behalf, subject to certain requirements of your applicable law. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf, and we may be required to take additional verification measures under applicable law.

Opt-Out of Sale and “Sharing” for Behavioral Advertising

MetaMetrics does not currently “sell” or “share” for behavioral advertising (as defined by the California Consumer Privacy Act and other U.S. state laws) any Personal Information subject to this Privacy Policy, and we do not exchange Personal Information for any type of financial incentive. However, if you wish to be placed on our “do not sell or share” list in the event that we begin selling Personal Information or sharing it for behavioral advertising purposes in the future, please submit a request through Hub Support Contact Us or send an email to support@lexile.com and request to be added to this list.

Categories of Sensitive Personal Data Used or Disclosed

For purposes of CCPA, we may use or disclose the following categories of Sensitive Personal Information: Account Log-In Data and Financial Data. However, we only process Sensitive Personal Information for certain limited purposes as permitted under the CCPA, such as performing Services as reasonably expected, to prevent, detect, and investigate security incidents, to resist malicious, deceptive, fraudulent, or illegal actions, to ensure the physical safety of natural persons, for short-term transient use, to verify or maintain the quality or safety of a product, service, or device, or for purposes that do not infer characteristics about individuals.

Cookies, Similar Technologies, and Targeted Advertising:

Opt-Out: If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Manage Cookies page located at https://policies.metametricsinc.com/Manage_Cookies.pdf. You may need to opt out of cookies and similar technologies on third-party sites directly via the third party. For example, to opt-out of Google’s analytic and marketing Sites, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out. Do Not Track. Please note that our Sites do not currently respond to browser-based “do not track” signals. We will respond to any similar signals in the future as may be required by applicable law.

Additional Marketing Rights and Choices:

Opt-out of Marketing: All individuals have the right to opt-out of receiving marketing communications from MetaMetrics at any time. You may exercise your choices regarding marketing communications by clicking on the “unsubscribe” link in emails we send you, or you can please submit a request through Hub Support Contact Us or email support@Lexile.com(opens in a new window).
Direct Marketing: California residents and residents of certain other states may have the right to request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.
Withdrawing Your Consent/Opt-Out: You may withdraw any consent you have provided at any time. The consequence of you withdrawing consent might be that we cannot perform certain Sites for you, such as location-based Sites, personalizing or making relevant certain types of advertising, or other Sites conditioned on your consent or choice not to opt-out.

CHANGES AND QUESTIONS

How should you track changes to this Privacy Policy?

We may update this Privacy Policy from time to time. We will post a link to the updated policy in the footer of all covered sites if changes are made, so we encourage you to visit any of our Sites regularly to stay up to speed on changes to this Privacy Policy.

Additionally if using the Hub, Members will be informed via the Hub’s notification system. Your continued use of the service constitutes your agreement to this Privacy Policy and any updates.

Where should you direct questions to us about this Privacy Policy?

If at any time you have questions or concerns about our privacy practices in general or this Privacy Policy in particular, please feel free to contact us by sending an email to support@lexile.com (opens in a new tab).

ADDITIONAL CCPA MANDATORY DISCLOSURES

For purposes of the CCPA, we add these supplemental disclosures, which are described in further detail above in this Privacy Policy.

Categories of Personal Information collected in the last 12 months: Identity Data, Contact Data, General Location Data, Device/Network Data, Commercial Data, Inference Data, Audio/Visual Data, User Content, Account Log-In Data, Financial Data.
Sources from which we collected Personal Information: information you voluntarily provided, automatic collection (cookies and similar technologies), third-party partners/customers (schools, etc.), third party service providers.
Business Purposes of collecting Personal Information include: providing our Sites and services, creating accounts, providing subscriptions, providing information you requested, improving our Sites and services, inquiries and support, compliance, and analytics.
Categories of Personal Information disclosed for a Business Purpose in the last 12 months (business purposes for these disclosures are as described above):
- Disclosed to Service Providers, Partners, Affiliates, Google Analytics, or Disclosed With Consent: Identity Data, Contact Data, General Location Data, Device/Network Data, Account Log-In Data.
- Disclosed to Service Providers: Audio/Visual Data, Financial Data.
We have not “sold” or “shared” Personal Information (as defined by the CCPA) in the last 12 months.