MOXIEPRO PRIVACY POLICY
Last Updated: March 20, 2024
Embodied, Inc. (Embodied) cares about your privacy and wants you to be fully informed of the information we collect and how we use it to offer our products and services, including MoxiePro, our interactive smart assistive robot. Along with our companion commercial eCommerce website https://moxierobot.com/pages/moxiepro (Commercial Site), Moxie Robot Application (Moxie Robot App), Embodied’s Global Robotics Laboratory (G.R.L.) children’s website www.globalroboticslab.com (the “G.R.L. site”), and Embodied’s proprietary Artificial Intelligence (AI) SocialX® platform, MoxiePro was designed with the help of child development experts to support the emotional and social development of children ages 5 - 10. Corporate information about Embodied, our online store, more information about Moxie and our AI, are available at https://moxierobot.com/pages/moxiepro. Parents and purchasers must be 18 or older to shop online or register through the Parent App.
This Multi-User or Clinician / Educator Privacy Policy is for clinicians and educators who purchase MoxiePro and use MoxiePro with multiple children or students. For simplicity, this privacy policy will be referred to as the Multi-User privacy policy. Clinicians may be any members of a clinical care team including physicians, nurses, physician assistants, child life specialists, social workers, or therapists. Educators may be school personnel, counselors, aides, or administrators. Educators may also be individuals engaged in afterschool programs. For simplicity in this document, Clinicians, Educators and other medical or educational users who register multiple children as mentors may be referred to as Resource Providers. Also, in this document, if there is a reference to a parent, that could mean a parent, a guardian, or a foster parent.
The resource provider will set up the Moxie Robot parent application so the resource provider receives the summary reports on each child’s interactions with MoxiePro. The resource provider will then register each of the children before the child has an interaction with MoxiePro.
If a clinician is utilizing MoxiePro in a medical facility or a private medical entity, the clinician should make sure to follow the medical facility’s or private entity’s policies, rules, and guidelines for utilizing technology when interacting with children. Embodied is not responsible for the clinician following the medical facility’s or private entity’s policies, rules, and/or guidelines.
This Privacy Policy does not address Health Insurance Portability and Accountability Act (HIPAA) regulations. MoxiePro, as discussed in detail below, does not collect any personal health information and does not make any medical diagnosis. The clinician may review the information collected by MoxiePro and may enter personal health information or diagnostic information into the child’s health record or another medical record system at the clinician’s office or the medical facility at which the clinician is operating. However, MoxiePro does not interface and/or communicate directly with a medical facility’s computing system. Accordingly, Embodied is not responsible for the clinician’s entry of information and is not responsible for this data being compliant with any medical information-related rules and/or regulations. Embodied’s standalone MoxiePro does not collect Protected Health Information (i.e., information that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual). Embodied also does not believe that it is a Covered Entity because Embodied does not provide health care services, health care plan services or health care clearinghouse services. Further, Embodied does not believe it is a Business Associate because it does not use or disclose individually identifiable health information to perform or provide functions, activities, or services for a covered entity, such as claims processing, data analysis, utilization review or billing. Accordingly, clinicians and clinicians’ organization are solely responsible for adhering to the HIPAA regulations.
If an educator is utilizing MoxiePro in a school facility, university, or afterschool program, the educator should make sure to follow the school’s or university’s policies, rules, and guidelines for utilizing technology when interacting with children. Embodied is not responsible for the educator following the policies, rules, and/or guidelines of the school or university.
MoxiePro, as discussed in detail below, does not collect any student education record information. The educator may review the information collected by MoxiePro and may enter certain information and/or conclusions into a student’s education record. However, MoxiePro does not interface and/or communicate with a school’s or an educational institution’s computing system. Accordingly, Embodied is not responsible for the educator’s entry of information into a student’s education record and is not responsible for any entered data being compliant with any education-related rules and/or regulations.
Embodied is committed to compliance with the Children’s Online Privacy Protection Act (COPPA) and is working with PRIVO®, a COPPA Safe Harbor organization, to obtain verifiable parental consent for their child to use MoxiePro. MoxiePro is fully COPPA (Child Online Privacy Protection Act) Safe Harbor certified. COPPA’s purpose is to provide parents control in protecting their children’s privacy online and our certification means that parents can feel safe knowing that Embodied abides by leading data integrity and security procedures. In addition, PRIVO will be utilized to verify the identify of the resource provider.
Embodied is a member of the PRIVO Kids Privacy Assured COPPA Safe Harbor Certification Program (“the Program”). The Program certification applies to the digital properties listed on the validation page that is viewable by clicking on the PRIVO Seal. PRIVO is an independent, third-party organization committed to safeguarding children's personal information collected online. The PRIVO COPPA certification Seal posted on this page indicates Embodied has established COPPA compliant privacy practices and has agreed to submit to PRIVO’s oversight and consumer dispute resolution process. If you have questions or concerns about our privacy practices, please contact us at 855 945-3411 or privacy@embodied.com. If you have further concerns after you have contacted us, you can contact PRIVO directly at privacy@privo.com.
Our Children’s Privacy Statement may be found at https://moxierobot.com/pages/childrens-privacy-policy.
Protecting your privacy and the security of the data entrusted to us are at the heart of how we develop our products, services and platform. We also want resource providers and parents to know how to exercise their right to access, correct or delete the information they entrust to us. During setup and registration of the Moxie Robot Parent App and MoxiePro, a resource provider will be asked to obtain full verifiable parental consent to Embodied’s data collection practices, which are described herein, from the parents of every child with who they are utilizing MoxiePro.
Parents or resource providers can opt-out of parental consent to Embodied’s data collection practices at any time although this may mean that some of the Embodied Services will not be operational. If the parents or resource providers opt-out of the data collection practices, MoxiePro will become non-operational because MoxiePro's operation relies on audio and video data processing.
Details about what information Embodied collects when a Resource Provider purchases MoxiePro may be found in Section 4 of this privacy policy.
Any material changes to the MoxiePro privacy policies will be communicated to schools via email 30 days in advance of implementation. Emails will be sent by Embodied using the Klaviyo email system to the email address associated with the original purchaser. At the end of the 30 days, Embodied will publish the changes on the live MoxiePro privacy policy website as well as update the MoxiePro privacy policy summary in the Moxie Robot App.
TABLE OF CONTENTS
1. SECURITY
2. YOUR PRIVACY RIGHTS
A. California Privacy Rights
3. WHAT INFORMATION DO WE COLLECT DURING SETUP OF THE MOXIE ROBOT APP AND MOXIEPRO?
A. When Do the Moxie Robot App and Moxie Pro Collect Data?
B. What Information Does the Moxie Robot App Collect and Why Does the Moxie Robot App Collect It?
C. What Information Does MoxiePro Collect and Why Does MoxiePro Collect It?
D. Recovering Data and Troubleshooting
E. The Moxie Robot App and MoxiePro Share Information with The Following Third Parties
F. Mobile App Store
G. Retention Timeframes
4. WHAT INFORMATION DO WE COLLECT WHEN A RESOURCE PROVIDER PURCHASES MOXIEPRO?
5. WHAT INFORMATION DO WE COLLECT AT G.R.L. SITE?
A. Personal Information the G.R.L. Site Collects
B. When Does the G.R.L. Site Collect Personal Information?
C. Why Does the G.R.L. Site Collect Information?
6. DATA HANDLING POLICIES IN THE EVENT OF MEMBER COMPANY BANKRUPTCY, SALE, OR MERGER
7. CERTIFICATIONS
8. CONTACT US WITH YOUR QUESTIONS
1. SECURITY
The Embodied Products were developed with security in mind.
Where possible, data collected by MoxiePro is processed and stored locally. Embodied takes steps to protect and secure data that cannot be limited to on-device processing during transmission and in the cloud through encryption and other measures. We take steps to securely send and store data, and only work with business partners and cloud service providers who provide assurances that they will do the same.
Embodied segregates certain personal information and other information about users or the device into separate databases, which are secured and encrypted. When a resource provider sets up an account in the Moxie Robot App, a recovery key is automatically assigned to the resource provider. This key is unique to the resource provider and not accessible to Embodied. The resource provider will need their recovery key to access their data and the children’s data if the resource provider changes devices through which they pair MoxiePro, or need a new MoxiePro.
Embodied strives to protect the information provided to and/or collected by us when you use the Embodied Services through commercially reasonable administrative, technical, and organizational safeguards. While Embodied works hard to protect your information, no security method is 100% secure. Thus, Embodied cannot guarantee that the security methods and/or precautions we take are failure proof.
We recommend that the resource provider learn about and use security tools, habits, and practices to protect the online security of the resource provider, parents, and the parents’ family members, such as protecting the recovery key from others and having a backup copy of the recovery key in a safe and secure location. Embodied will never ask the resource provider for the recovery key, and the recovery key should only be used by the account holder.
2. YOUR PRIVACY RIGHTS
If you are a resident of California or a resident of Nevada, you have certain privacy rights as described in this section.
A. California Privacy Rights
If you reside in California, we are required to provide additional information to you about how we use and disclose your information. You may also have additional rights with regard to how we use your information. We have included this California-specific information below.
Uses and Disclosure of Your Information - Consistent with Sections 3, 4 and 5 of this Multi-User Privacy Policy, we collect certain categories and specific pieces of information about individuals that are considered "personal information" in California. As detailed below, we may collect this personal information from you and other third parties. We may collect, share and disclose personal information for the business and commercial purposes described below.
Do Not Sell: Subject to certain exceptions, California residents have the right to opt out of the "sale" of their personal information. We do not sell personal information of children or information collected from our Moxie Robot App to third parties for their advertising or marketing purposes. We do not monetize the information you provide; however, we work with third party advertisers on our Commercial Site to provide relevant advertising, which may be considered a “sale.” Please review our Cookie Policy below for information on third parties we work with. To exercise your Do Not Sell rights, please contact Embodied at (855) 945-3411 or support@embodied.com. Only the Commercial Site includes marketing and remarketing cookies. The Moxie Robot App, the MoxiePro and the G.R.L. Site do not utilize these cookies. To opt out of sharing your information and receiving personalized ads at our Commercialite through our third party advertising partners, you may contact them directly or use the opt-out tools available from the Digital Advertising Alliance at https://optout.aboutads.info/?c=2&lang=EN or the Network Advertising Initiative at https://optout.networkadvertising.org/?c=1. Opt-outs are browser and device-specific. If you decide to opt out, ads may still be delivered, but they might be less relevant to you and your interests. Whatever decision you make, you can change it at any time.
Deletion, Access and Information Requests - Subject to certain exceptions, as a California resident, a resource provider or a parent has the right to: (i) request deletion of their and/or their children’s personal information; (ii) obtain access to their or their children’s personal information; and (iii) receive information about the categories of personal information about them or their children that we have "sold" (as that term is defined under California law) to "third parties" (as that term is defined under California law) and also that we have disclosed for a "business purpose" (as that term is defined under California law). This Privacy Policy describes the categories of information we collect.
Deletion Requests: If a resource provider or parent would like us to delete their or their children’s personal information, please contact customer support at support@embodied.com for more information on how you can exercise these rights. You will need to provide us certain information, including the resource provider’s email address, so that we may verify your request and communicate with you regarding your request. If the resource provider has a MoxiePro but has lost their recovery key or access to the Moxie Robot App, we are unable to fulfill requests to delete all Moxie data because of the steps we have taken to minimize our ability to link to personal information in our system.
Access Requests: If the resource provider or parent would like to access their or their children’s personal information, please contact customer support at support@embodied.com for more information on how they can exercise these rights. You will need to provide us with certain information, including the resource provider’s email address, so that we may verify your request and communicate with you regarding your request. If the resource provider has a Moxie Pro robot but has lost their recovery key or access to the Moxie Robot App, we are unable to fulfill requests to access all MoxiePro data because of the steps we have taken to minimize our ability to link to personal information in our system.
You may also contact Embodied at (855) 945-3411 for assistance in exercising any of the California rights described above.
Should the resource provider or parent wish to request the exercise of these rights as detailed above, we will not discriminate against them by offering them different pricing or products, or by providing them with a different level or quality of products, based solely upon this request.
California Shine the Light - Under California Civil Code § 1798.83, as a California resident, the resource provider may opt out of companies disclosing personal information to third parties for their direct marketing purposes. Embodied does not disclose personal information to third parties for their direct marketing purposes.
Nevada Privacy Rights - Subject to certain exceptions, under Nevada Revised Statutes 603A, Nevada residents may opt out of the “sale” of personal information covered under the statute. Embodied does not sell personal information that is covered by this statute.
Do Not Track - At this time, we do not take steps to respond to do not track signals available on some browsers. The resource provider or parent can manage their cookie preferences using their own browser settings to accept or block some or all cookies or receive notice so they can consent to cookies. If the resource provider or parent blocks all cookies, some features of the Embodied Services may be unavailable to them.
3. WHAT INFORMATION DO WE COLLECT DURING SETUP OF THE MOXIE ROBOT APP AND MOXIEPRO?
No child can begin interacting with MoxiePro until a parent has provided verifiable parental consent.
As described in detail below, to use Moxie Pro, a resource provider must set up a Moxie Robot App account and provide certain information, like the resource provider’s name and email address. Once the resource provider sets up the account, the resource provider will complete the PRIVO verification process to verify they are who they say they are (e.g., identity verification). Resource providers will then register child users in the app, which will require them to provide certain information like the child’s first name and birthdate, and the parent’s name and email address. As children are registered by the resource provider, parents will receive an email from our partner PRIVO to complete the parental verification process and provide verifiable parental consent to allow the resource provider to start using MoxiePro with their child. Until at least one parent provides verifiable parental consent (VPC) through the PRIVO process, the resource provider’s account will not be active for that child to engage with MoxiePro and the child will not be able to engage with MoxiePro. Personal information collected to verify parents will be retained as long as necessary to provide the service and can be deleted on request.
The Moxie Robot App allows resource providers to set focus on developmental goals for a child, including cognitive, social, and emotional developmental goals, and to track a child’s progress with Moxie Pro. This Moxie Robot App account data is securely stored separately from other data.
We describe below when the Moxie Robot App and MoxiePro collect data and what data is collected.
A. When Does The Moxie Robt App And MoxiePro Collect Data?
We collect information from the resource provider and the child in the following circumstances: 1) when the resource provider shares it voluntarily and if the child’s parent verifies that a child’s information can be collected; and 2) when we collect it automatically via MoxiePro’s microphones, inertial motion unit (IMU), sensors and/or cameras during interactions with the child.
The Moxie Robot App and MoxiePro do not utilize cookies or similar technologies to track individuals, but data is automatically collected through the microphones, IMU, sensors, and/or cameras.
The Moxie Robot App collects personal information from the resource provider when the resource provider establishes their account, and personal information about a parent and their child when the resource provider registers a child user in the app, such as the child’s first name and birthdate and the parent’s name and email address. The personal information collected is detailed below in the section entitled “What Information Does the Moxie Robot App Collect and Why Does the Moxie Robot App Collect It.”
When MoxiePro is turned on using the power switch on its base, it will take some time for MoxiePro to start up and get ready. Several icons will appear on the screen, after which MoxiePro’s screen will turn purple showing MoxiePro’s eyes closed. During this period, MoxiePro will begin collecting and using audio data. Audio Data is transmitted in encrypted form to Google’s Automatic Speech Recognition (ASR) server (which is waiting to hear the commands “Hello Moxie” or “Moxie, Please Wake-Up”). No Audio Transcript Data will be generated or stored until a wake-up command is used, and MoxiePro will not collect and use Video Data during this period. When MoxiePro is ready to begin interacting, dream bubbles will appear on the screen. When MoxiePro hears the commands “Hello Moxie” or “Moxie, Please Wake Up”, its eyes will open and it will then be in operational mode.
In operational mode, MoxiePro collects Audio Data and Video Data utilizing its camera, microphones, and sensors. MoxiePro is equipped with mechanisms for resource providers, parents and children to know when it is on. In operational mode, if the LED bar is blue, MoxiePro is listening for input. If the LED bar is pulsing blue, MoxiePro is processing the input it received. If the LED bar is pulsing pink, MoxiePro is speaking. The data collection practices during operational mode are discussed below in the Section entitled “What Data Does MoxiePro Collect and Why Does MoxiePro Collect It.”
After a child finishes interacting with MoxiePro and says “Moxie, Please Go to Sleep”, MoxiePro will go into standby mode. In standby mode, the LED bar will be lavender but the screen will be off. While in standby mode, MoxiePro is only listening for the “Hello Moxie” command. Audio Data is collected by the microphones when MoxiePro is in standby mode but is not transmitted to the Google ASR servers because the voice recognition of the “Hello Moxie” command is performed on the MoxiePro device. The collected Audio Data is not stored. Once it receives the “Hello Moxie” command, MoxiePro returns to operational mode and audio and video collection will activate.
B. What Information Does the Moxie Robot App Collect and Why Does the Moxie Robot App Collect It
MoxiePro is designed to put the resource provider and/or the parent in control of the child’s experience and use. The child cannot use MoxiePro unless the parent has provided verifiable parental consent.
The Moxie Robot App collects information from the resource provider to serve their needs, communicate with the resource provider, manage our content, allow the resource provider to track the child’s progress in meeting developmental goals that are set, and improve Embodied Services and products. The Moxie Robot App may collect the following information from the resource provider:
Login information for accessing the resource provider’s account
Personal contact information to allow Embodied to contact the resource provider, including their name and email address.
Child’s first name, last name, and birthdate; child nickname (or name child would like to be called).
User’s (child’s)’s topics of interest, nickname or preferred name, user’s activity preferences, user’s learning focus, and user’s interaction style and accessibility (if verifiable parental consent has been obtained for the child).
Parent name and email address to allow PRIVO to send an email to parents to complete the parental verification process and provide verifiable parental consent to allow the resource provider to start using MoxiePro with their child.
Child developmental goal information that resource providers choose to input to the Parent App (if verifiable parental consent has been obtained for the child).
Event information such as birthdays of a child’s family members or appointments (if verifiable parental consent has been obtained for the child).
Whether or not a resource provider is selecting MoxiePro operation features such as no sound effects, no visual effects, slowed down speech, longer pauses for input, and/or limited heads-up display. Please note that this can be adjustable for each registered child.
Embodied also collects information about the device the resource provider is using to access the Moxie RobotApp, like the device ID and IP address. We also collect anonymized information about page views in the Moxie Robot App and about pages in the Moxie Robot App that malfunction or crash. This information helps us analyze usage and update and improve our services.
The Moxie Robot App does not utilize cookies. The online app stores from where the Parent App may be downloaded may collect the number of times the Moxie Robot App is downloaded and application usage.
The cloud server utilizes Google Firebase to generate Moxie Robot App usage analytics for Embodied regarding the resource provider’s use of the Moxie Robot app, including minutes the Moxie Robot App is being utilized, which menu screens resource providers utilize and/or other Moxie Robot App usage statistics. The Moxie Robot App usage analytics are aggregated for all resource providers utilizing the Moxie Robot App. The Moxie Robot App usage analytics are encrypted and stored in the cloud server. You can read more about how Google uses your personal information here: https://policies.google.com/privacy.
The cloud server utilizes Crashlytics to store an anonymized number of page views and page crashes or malfunctions in the Moxie Robot App and to report on that data to Embodied.
The Moxie Robot App may receive or collect an identity verification indicator from PRIVO to verify the resource provider’s identity and also does the same for the parent of each child. We do not collect or receive any of the information provided to PRIVO to verify anyone’s identity. If necessary, an Embodied trained operative may assist the resource provider in completing the PRIVO parental verification process.. Personal information collected to verify parents will be retained as long as necessary to provide the service and can be deleted on request.
Using the Moxie Robot App, the resource providers may access each registered child’s personal information, update the child’s personal information, or change and update goals for the child. Resource providers may activate or deactivate notifications received from Moxie regarding Moxie’s status or new missions available for the child. The Moxie Robot App may receive the following information from MoxiePro about each registered child once an account is established and MoxiePro is paired with the Moxie Robot App: Activity Data (such as books read, calculated reading comprehension, calculated vocabulary level, amount of time spent interacting or reading, badges or trophies received, activity patterns) and Insight Data (data generated through the AI engine that provides insights on each registered child’s developmental progress). This data is encrypted and stored on MoxiePro as well as the cloud server and may be accessed by the Parent App.
Resource Providers will need a recovery key to recover data in case MoxiePro is replaced and the data needs to be reloaded.
The recovery key is stored in the device running the Moxie Robot App (e.g., the device’s flash drive or hard drive). Information on how to save the recovery key is provided in the Moxie Robot App when the recovery key is assigned. When Moxie Pro is paired with the Moxie Robot App for a registered child, an Analytics User ID (AUID) is automatically assigned by the robot for that registered child and is the vehicle by which the Moxie Robot App is able to retrieve information about each registered child’s progress with MoxiePro. In other words, an AUID will be assigned for each registered child. These AUIDs are not known to Embodied. MoxiePro shares the AUID with the Moxie Robot app through a channel encrypted with the recovery key (also not accessible by Embodied) when paired with the Moxie Robot App to allow MoxiePro to interact with each registered child in a way that is not identifiable to Embodied. That is why a resource provider must either be using the Moxie Robot App or have the recovery key to request access to or deletion of any child’s personal information; without it, Embodied is unable to identify which data, such as Audio Transcript Data, Primary User Datapoints, and Facial Expression Datapoints, relates to a specific individual or MoxiePro. Within the Moxie Robot App we have added a feature that allows the resource provider to click on a button to share the AUID so Embodied can assist in troubleshooting. Please see Recovering Data and Troubleshooting.
Please note: if a resource provider changes devices or email accounts, they must have the recovery key to access prior data.
A resource provider may also revoke consent in the Moxie Robot App to allow Embodied to collect a specific child’s data through MoxiePro but this will render MoxiePro inoperable for that child.
A resource provider may deactivate their account in the Moxie Robot App. When a resource provider deletes or deactivates their account, all of the registered children’s personal information under the resource provider’s account is deleted along with the resource provider’s personal information. The aggregated, anonymized data collected when MoxiePro is operational is not deleted.
C. What Information Does MoxiePro Collect and Why Does MoxiePro Collect It
MoxiePro is equipped with a camera, microphones, a number of speakers, an inertial motion unit (to determine direction and velocity) and other sensors to interact with a child. MoxiePro captures video and audio of the child. The sensors are utilized to identify if and where other objects or persons may be located in a room or other interactions, such as if a child is touching or hugging MoxiePro, if MoxiePro has been picked up and moved, and what direction and velocity MoxiePro may have been moved. Embodied utilizes our proprietary AI platform (SocialX®) to analyze data, to provide and improve our services, and to develop new content, features, services and products. Embodied has implemented strong measures to secure personal data to offer the child the benefits of MoxiePro. Where possible, data is processed and stored locally on the Moxie device to avoid sending personally identifiable information into the cloud. Embodied takes steps to protect and secure data that cannot be limited to on-device processing during transmission and in the cloud through encryption and other measures.
After a resource provider has registered a child to use MoxiePro and the child’s parent has provided verifiable parental consent for the child to use MoxiePro, MoxiePro may collect the following information from the child.
Data will be automatically recorded by MoxiePro in the form of video files and audio files and is linked to the associated AUID. Anyone in range of the video or audio recording capabilities of MoxiePro may be recorded, including the child or others in the vicinity at the time the robot is recording.
Audio Data and Audio Transcript Data - The recorded Audio Data is encrypted and sent to our cloud service provider, Google Cloud STT, who automatically transcribes the audio files to create audio transcription files and deletes the audio recording after creating the audio transcription file. This file is the Audio Transcript Data. The Audio Transcript Data is securely transmitted to MoxiePro and used to interact with the user, and then transmitted through MoxiePro to a separate cloud storage area. In certain circumstances, e.g., like when specific questions are asked to MoxiePro about subjects not able to be handled by the natural language processing on the Embodied Cloud Servers, some audio transcript data may be communicated to our third-party cloud natural language processing (NLP) provider, OpenAI. The third-party NLP provider may provide responsive Transcript Data that is utilized (after filtering by Embodied) to respond to the child. The audio transcript data communicated to our third-party NLP provider does not include the AUID so the third-party NLP provider cannot link the received Audio Transcript Data to any particular user. The third-party NLP provider does not store the received Audio Transcript Data. Our cloud storage service provider does not have access to the Audio Transcript Data; only Embodied has access. The Audio Transcript Data are used by Embodied to understand the content of the recorded Audio Data, respond to the child, and improve the AI. The Audio Transcript Data will remain on a secure and encrypted server after data collection has been completed. The Audio Transcript Data may be stored for 18 months. Embodied has access to the Audio Transcript Data, but cannot link the Audio Transcript Data to any particular user, account or device. To request to access or delete the Audio Transcription Data associated with a child registered under a resource provider’s account, the resource provider must first contact Embodied to request access or delete this data and thus must share the child’s AUID with Embodied through the Moxie Robot App. Parents can request that the resource provider provides them access to the data or deletes the Audio Transcript Data. The Audio Data is deleted when the transcripts are made.
Video Data - The recorded Video Data will be automatically processed locally on the MoxiePro device to create facial expression datapoints. The recorded Video Data does not leave MoxiePro, is utilized to create the Facial Expression Datapoints, and is deleted after the Facial Expression Datapoints have been created. The recorded Video Data is not transmitted from MoxiePro.
Facial Expression Datapoints - The Facial Expression Datapoints allow Embodied to determine facial expressions of the child and/or analyze the emotion of the child in order to enhance the interaction between MoxiePro and child. The Facial Expression Datapoints will be transmitted to the cloud storage service provider and are encrypted during transmission and storage. The Facial Expression Datapoints are only accessible to Embodied and are not accessible by the cloud service provider. The Facial Expression Datapoints may be stored for 18 months. Embodied has access to the Facial Expression Datapoints, but cannot link it to any particular user, account or device. To request to access or delete the Facial Expression Datapoints associated with a registered child under the resource provider’s account, the resource provider must first have their recovery key and also the child’s AUID. Parents must contact the resource provider to view, access or delete the Facial Expression Datapoints associated with their child.
Primary User Images - The camera on Moxie will initially capture images of the primary user (the child) during their interaction with Moxie, which are referred to as Primary User Images. Moxie will generate Primary User Image Datapoints from the Primary User Image(s). The Primary User Image is then deleted from Moxie. The Primary User Image Datapoints are utilized by MoxiePro to verify that MoxiePro is speaking to the primary user during conversation interactions, and to respond appropriately to the primary user. Please note: During interaction with Moxie, images of other individuals may be captured if they are within the field of view of the camera. MoxiePro may process these images to determine if this individual is the Primary User, and may ask “who are you,” or “are you my mentor” to confirm.
If another user asks MoxiePro to remember them, that user’s image will be captured. MoxiePro will create the other user’s image datapoints and discard the other user’s image. Audio transcripts will be generated from any conversation the other user has with MoxiePro. The other user’s image datapoints and audio transcripts will be stored in the primary user’s profile because MoxiePro is setup for the primary user. MoxiePro is meant to interact with one individual at a time, and no child can interact with MoxiePro unless their parent has provided verifiable parental consent. If other child users interact with MoxiePro during the primary user's session and those other users do not have parental consent to use MoxiePro, the customer is not following Embodied's guidelines.
The Primary User Image Datapoints will be encrypted and securely transmitted to the cloud storage service provider. Embodied has access to the Primary User Image Datapoints, but cannot link it to any particular user, account or device. MoxiePro may communicate with the other individuals, but is designed to call only the primary child user by name. This comparison is performed within MoxiePro and there is no communication with the cloud storage service provider. Primary User Datapoints are deleted if an account is inactive for 36 months.
To request to access or delete the Primary User Image Datapoints associated with a child registered under their account, the resource provider must first contact Embodied to request to access or delete the data and then must share the registered child’s AUID with MoxiePro through the Parent App. Parents must contact the resource provider to view or access data associated with their child so that the resource provider can contact Embodied. Embodied does not have access to the information as it is encrypted using the Recovery Key, but Embodied can link it to the user or device and can therefore delete Primary User Image Datapoints if requested by a parent.
Activity Data - MoxiePro collects certain Activity Data, such as how long children are using Moxie, if children read a book with the robot, how many missions the children have completed with MoxiePro, badges and trophies earned, and other information to help a resource provider to track a child’s general activities and progress. The Activity Data is generally summary information about the child’s activities. Data on children’s interactions with MoxiePro and activities and progress are encrypted and stored with the cloud service provider, but in a separate database from the Audio Transcript Data, Facial Expression Datapoints, Primary User Image Datapoints, Moxie Interaction Data, Insight Data, and other personal information. The Activity Data on a particular child’s interactions and progress is accessible through the Moxie Robot App or with the recovery key and linked to the robot ID accessible by Embodied. Activity data is deleted after 36 months.
Moxie Interaction Data - Moxie Interaction Data is data associated with the child’s interactions with MoxiePro, such as the Audio Transcript Data (collected through MoxiePro’s microphones), Facial Expression Datapoints and Primary User Image Datapoints (collected through MoxiePro’s camera), whether and where other objects or persons may be located in a room (collected through MoxiePro’s camera), responses communicated to MoxiePro, and/or what MoxiePro facial animations are utilized. In addition, touch sensors are utilized to determine if a child is touching or hugging MoxiePro. The Moxie Interaction Data is collected and processed on MoxiePro and is utilized to enhance the child’s interaction with MoxiePro and is associated with the AUID. The Moxie Interaction Data is then encrypted and transmitted to the cloud service provider and stored in the same account as the anonymized Insight Data, Audio Transcript Data, and Facial Expression and Primary User Image Datapoints. The Moxie Interaction Data is stored for three months with precise timestamps, and for eighteen months with relative timestamps. To request to access or delete the Moxie Interaction Data associated with a child registered under the resource provider’s account, the resource provider must first contact Embodied to request access to view or delete and then must share the registered child’s AUID with Embodied through the Moxie Robot App. Parents must contact the resource provider to view or access Moxie Interaction Data associated with their child so that the resource provider can contact Embodied.
Insight Data – Insight Data is data derived from the Embodied proprietary AI engine that analyzes how the child is doing in achieving missions and goals and progress towards achieving those goals, such as improvements in language skills, how long the child was engaged with the robot, number of words read per minute. Insight Data is just that: it is data derived from the Moxie Interaction Data, Facial Expression Datapoints, Audio Transcript Data and other data to provide an analytical assessment of the child’s progress. Activity Data and Insight Data are available to resource providers while using the Parent App or with the recovery key. The Insight Data is maintained for the life of the account. For inactive accounts, this Insight data is stored 36 months, then it is deleted.
Moxie Sensor and Telemetry Data – Embodied collects computer sensor and telemetry data from MoxiePro to troubleshoot problems and improve hardware and software operations. This data is associated with the robot ID but stored separately from other data for three months.
Resource providers can honor requests from parents to review or delete their and their child’s information, and refuse to permit further collection or use of their child's information by contacting us. If the resource provider would like us to delete the registered child’s personal information, please contact customer support at support@embodied.com for more information on how the resource provider can delete the child’s personal information. You will need to provide us certain information, including the resource provider’s email address, so that we may verify your request and communicate with you regarding your request. If you have a Moxie Pro robot but lost your recovery key or access to the Moxie Robot App, we are unable to fulfill requests to delete all Moxie Pro data because of the steps we have taken to minimize our ability to link to the child’s personal information in our system. Access Requests: If a parent would like to access the child’s personal information, please have the resource provider contact customer support at support@embodied.com for more information on how you can exercise these rights. The resource provider will need to provide us with certain information, including the resource provider’s email address, so that we may verify the request and communicate with the resource provider regarding the request. If you have a Moxie Pro robot but lost the recovery key or access to the Moxie Robot App, we are unable to fulfill requests to access all MoxiePro data because of the steps we have taken to minimize our ability to link to the child’s personal information in our system.
Utilization of Child Nickname and Interests – As noted above in Section 3.B, a Parent or Resource providers provides the following information regarding each specific user or child: nickname or preferred name; user’s topics of interest, user’s activity preferences, user’s learning focus, and user’s interaction style and accessibility (collectively “user’s preference parameters”). This user’s preference parameters are stored for the life of the account in the user’s account.
MoxiePro utilizes the user’s preference nickname or preferred name to enhance verbal communications with the user. MoxiePro may generate prompts including a user’s nickname or preferred name in order for MoxiePro’s conversation response to include the user’s nickname or preferred name. The generated prompt may be sent to Embodied’s cloud servers or to a third-party cloud NLP provider (e.g., OpenAI), which generate MoxiePro’s conversation response. MoxiePro’s generated prompt does not include the child’s AUID. MoxiePro’s prompt and the MoxiePro’s conversation response are not stored in the Embodied servers or third-party servers. The use of the nickname or preferred name will increase the personalization of the user’s communication with MoxiePro.
The user’s preference parameters may also be utilized to assist in setting up a recommended activity schedule for the user. In these cases, an activity scheduler module may utilize the user’s preference parameters to generate a user schedule request prompt and may communicate the user schedule request prompt to Embodied’s cloud servers and/or third-party NLP cloud servers (e.g., OpenAI). A recommender module may receive a recommended activity or mission list in response from the Embodied cloud servers and/or third-party NLP cloud servers. The user schedule request prompt does not include the user or child’s AUID. The user schedule request prompt and the recommended activity or mission list will not be stored on the Embodied cloud servers and/or third-party NLP cloud servers. The utilization of the preference parameters by the activity scheduler module is designed to recommend activities and missions that are in line with what the user may like to engage in with MoxiePro. This is designed to increase engagement time and focus during the user’s interaction with MoxiePro.
You may also contact Embodied at (855 945-3411) for assistance in exercising any of the California rights described above.
D. Recovering Data and Troubleshooting
MoxiePro is a complex product that has been designed with privacy and security in mind. Embodied needs access to certain information to provide services, allow children to interact with MoxiePro, help children engage in activities and work towards achieving goals, and deploy the AI to provide insights to the resource provider. Embodied has built the Moxie Robot App to allow a resource provider to see the registered child’s activities and progress. Embodied’s data management procedures are designed to restrict Embodied’s access to most data associated with an identifiable child, but we also want to assist the resource providers in troubleshooting issues or answering questions. That is why we have created a process that allows a resource provider elect to share the AUID with customer service.
As a reminder, the AUID is an encrypted ID created on MoxiePro and sent during initial pairing with Moxie Pro and the Moxie Robot App. The AUID is linked to the recovery key, but both are unknown to Embodied. Embodied will never ask a resource provider for the recovery key or child’s analytical user ID (AUID), unless a resource provider reports a problem, then Embodied will ask the resource provider for permission to “add a share my AUID” button on the help page of the Parent App. Having a mechanism to allow Embodied to access the AUID in the Moxie Robot App allows Embodied to work with the resource provider to troubleshoot problems, or respond to requests to access or delete information. When the customer receives the “share my AUID” button, and affirmatively clicks on the button, Embodied personnel can access the Moxie Interaction Data, Facial Expression Datapoints, Audio Transcript Data, and Insight Data associated with the AUID to assist the customer with the request. Access is limited to the help session and this data is otherwise not visible to Embodied in a way that is linked to a particular child.
E. The Moxie Robot App and MoxiePro Share Information with The Following Third Parties
The Moxie Robot App utilizes Privacy Vaults Online (“PRIVO”) to verify the resource provider’s identity, verify the parent’s identity and also to confirm that the parent has provided verifiable parental consent for the associated registered child pursuant to COPPA. To do that the resource provider and the parent must share certain information with PRIVO. You may learn more about PRIVO’s privacy policy at https://www.privo.com/privo-privacy-policy. Embodied does not receive the information the resource provider or parent provided to PRIVO for identity verification but is notified that the resource provider has been verified, the parent has been verified and that the parent of each registered child has provided verifiable parental consent.
MoxiePro shares raw voice data with Google to perform speech recognition of the registered child’s voice. You can read more about how Google uses your personal information here: https://policies.google.com/privacy.
Embodied shares some Audio Transcript Data with our third-party natural language processor (NLP), OpenAI. You can read more about how OpenAI uses your personal information here: https://openai.com/privacy/.
The Moxie Robot App and MoxiePro do not allow links to social networks.
The Moxie Robot App and MoxiePro do not share personal information with third parties for marketing purposes.
Finally, we may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful requests for information we receive, or to otherwise protect our rights, the rights of parents, children and resource providers using Moxie or other third parties.
F. Mobile App Stores
The resource provider may be required to register with and/or log onto a third-party mobile app store before they can download the Embodied Moxie RobotApp. When downloading the Moxie Robot App, the app store provider may also collect certain device and app-related information. Embodied does not control the privacy policies or requirements of the app stores. Therefore, you should review the terms of use and privacy policies of the app stores before downloading and then using the Moxie Robot App and check your device settings for control options.
G. Retention Timeframes
Below is a chart with Embodied’s Data Retention Timeframes for the Different Categories of Data Collected by MoxiePro.
|
Type of Data |
Retention Period |
|
Raw Audio Data |
Deleted After Speech-to-Text Conversion |
|
Raw Video Data |
Deleted after the Facial Expression Datapoints have been created. |
|
Audio Transcript Data |
Stored for 18 months |
|
Facial Expression Datapoints |
Stored for 18 months |
|
Primary User Image Datapoints |
Stored for life of account unless account is inactive for 36 months |
|
Activity Data |
Activity Data is stored for 36 months |
|
Moxie Interaction Data |
Stored for 3 months with precise timestamps, and for 18 months with relative timestamps. |
|
Insight Data |
Stored for 36 months |
|
Moxie Sensor and Telemetry Data |
Stored for 3 months |
4. WHAT INFORMATION DO WE COLLECT WHEN A RESOURCE PROVIDER OR INSTITUTION PURCHASES MOXIE?
Please note that if an institution, entity or individual resource provider purchases MoxiePro directly from Embodied through a Purchase Order and/or financial information (e.g., bank information or card information), Embodied may utilize the Purchase Order and/or financial information to initially process the payment, but does not retain the financial information. Instead, Embodied (or the purchaser) creates an account with our third-party eCommerce Vendor to handle the transaction and/or shipping information for the MoxiePro. However, the financial information will not be retained.
5. WHAT INFORMATION DO WE COLLECT AT G.R.L. SITE
The G.R.L. Site allows a child to engage in activities, play self-contained games and to learn about the history and backstory of MoxiePro.
A. Personal Information the G.R.L. Site Collects
You do not need to own a MoxiePro to visit the G.R.L. Site to explore characters, games and activities. If you do not own a MoxiePro and your child visits the G.R.L. Site, the G.R.L. Site will not collect personal information about your child.
If a resource provider owns a MoxiePro and visits the G.R.L. Site, the G.R.L. Site utilizes a persistent authentication cookie to connect the G.R.L. Site a registered child uses with the MoxiePro robot the child interacts with and to let the G.R.L. Site know it is the same user logging in with the same MoxiePro.
The persistent authentication cookie allows the child to not have to go through the connection process repeatedly. The G.R.L Site has access to the operating system of the computing device that is connecting to the G.R.L. Site.
The G.R.L. Site will communicate with Embodied cloud servers to determine an age range of the child engaging in games on the G.R.L. site. The age range will be provided after authentication and login to the G.R.L. site. This age range information is used to provide age-related levels of games located on the G.R.L. site and is not stored on the G.R.L. site after the session is over.
Embodied utilizes Google Analytics to collect aggregated and anonymized information about activity on the G.R.L. Site. Included in this information is data regarding operating systems of mobile devices connecting to the G.R.L. Site. This operating system information is aggregate information which is anonymized. For example, the information collected may be that ten users have visited page A and ten users have visited page B on a certain day. However, no information is collected regarding who the users are. This information is only utilized by Embodied personnel.
B. When Does the G.R.L. Site Collect Personal Information
At the G.R.L. Site, the persistent authentication cookie collects information when a registered child MoxiePro user logs into or enters the G.R.L. Site to support the activities and enable reports to resource providers.
Google Analytics is utilized as users visit the G.R.L. Site.
C. Why Does the G.R.L. Site Collect Information
The G.R.L. Site utilizes a first-party authentication cookie to allow for easier login.
Google Analytics is utilized to improve the performance and design of the G.R.L. Site.
6. DATA HANDLING POLICIES IN THE EVENT OF MEMBER COMPANY BANKRUPTCY, SALE, OR MERGER
If Member Company Embodied is subject to a sale or merger, the data handling policies should remain in place (and thus should not change) because the new Company (or acquiror) would still have to abide by the Children’s Online Privacy Act. Further, the new Company (or acquiror) would also have to abide by FERPA regulations in order to sell into any education markets. During the diligence and post-sale & merger phase, the Member Company Embodied will relay the data handling policies and requirements to the new Company or buyer.
If Member Company Embodied becomes insolvent or is involved in a bankruptcy proceeding, the Member Company will provide the bankruptcy trustee with the data handling policies necessary to continue to run the business if the member company can continue to operate. The Member Company Embodied will communicate with the bankruptcy trustee the vital data handling policies necessary to have the MoxiePro robots engage and interact with customers.
7. CERTIFICATIONS
MoxiePro is fully COPPA (Children’s Online Privacy Protection Act) Safe Harbor certified by PRIVO.
8. CONTACT US WITH YOUR QUESTIONS
If you have any questions, please don’t hesitate to contact us!
Embodied, Inc.
Attn: Mario Munich, Chief Technology Officer
385 E. Colorado Blvd., Suite 110
Pasadena, CA 91101
(855) 945-3411
security@embodied.com
PRIVO®
Attn: Claire Quinn, Chief Privacy Officer
(703) 569-0504
For Frequently Asked Questions about Artificial Intelligence and MoxiePro, you can view our FAQ here.
