Rapunzl Privacy Policy

Last Updated January 1st, 2022

We at Rapunzl Investments, LLC (“Rapunzl,” “we,” “us,” “our”) care about you (“you”, “user”, “learner”, “educator” and/or "business professional" as appropriate) and how your personal information is used and shared. We take your privacy seriously and are committed to creating a safe and secure environment for learners of all ages.

This Policy applies to all Rapunzl products, services, and websites owned and operated by Rapunzl (the “Services”) and is designed to help you understand what information we collect, why we collect it, and what we do with it. Thank you for taking the time to carefully read it.

1. ABOUT RAPUNZL

Rapunzl provides users with a mobile and web-based, real-time investment simulator to manage near-real-time, $10,000 stock and cryptocurrency portfolios on most internet-connected smartphones, computers, and tablets.

Rapunzl’s simulator is paired with a personal finance curriculum that is geared towards middle and high school students. Educators access this curriculum through Rapunzl’s Educator Dashboard to facilitate bringing Rapunzl’s program into the classroom.

By using these Services, you acknowledge that Rapunzl will handle your personal information as described in this Policy. Your use of our Services, and any dispute over privacy, is subject to this Policy and our Terms of Service located at https://www.rapunzl.com, which may from time to time be amended.

2. PERSONAL INFORMATION WE COLLECT

Rapunzl’s digital learning platform offers personal educational courses on different critical skills in the K-12, Higher Education, and Adult markets. We may collect information about you directly from you and automatically through your usage.

A. Information We Collect:

Where you register with us, or communicate to us, depending on the Service, we may collect the following information:

a. Contact information and common identifiers, including first name, last name, email address, and phone number

b. Login details, including username and password

c. Employment & Education Details, including information about a user’s employment or educational role, company details, school or organization name, and details of whether an individual is an educator.

d. Preferences & personalization, based on user-specific implementations and information about user activities within the Service, including information about the content modules a user views, starts or finishes including data and time stamps, assessments or scores, and related information, and other information about a user’s activities and use of the Services in order to ensure our digital learning is appropriately teaching the desired critical skill.

e. Date of Birth in order to support compliance with the Children’s Online Privacy Protection Act (“Coppa”). Date of Birth is not viewable externally, but is used with a daily cron every night to update a over/under 13 flag within the Rapunzl system.

Rapunzl explicitly does not collect geolocation data, biometric data, or health data in any cases. For users under the age of 13, we only collect the first name and first initial of the last name. We do not send any messages to email addresses for students under 13, with the exception of confirming the email address is a valid email to verify students for scholarship competitions.

B. Information We Collect Automatically

We collect information automatically about users via a variety of methods, such as cookies, JavaScript, and log files. This information may include user IP addresses, browser types, domain names, device type, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall traffic and navigation patterns for the Service.

C. Cookies

We use cookies to track visitor activity on our platform, such as the pages visited and time spent on our Service. Most browsers allow users to refuse cookies, however, many of our Services may not function properly with cookies disabled.

D. Clear GIFs, pixel tags and other technologies

Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs, including web beacons, web bugs and pixel tags, in connection with our Services to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

E. Third-Party Analytics

From time to time we may use various tools to evaluate usage of our Service. We use these tools to help us improve our services, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services.

By way of example, GA4 is one of the tools we may use. To learn more about Google’s privacy practices, please review the Google privacy policy at https://www.google.com/policies/privacy/.

You can also download the Google Analytics Opt-out Browser Add-on to prevent data from being used by GA4 at https://tools.google.com/dlpage/gaoptout.

F. Information Business Professionals May Provide

If you want to request a demo of any Services and have a conversation with one of our product experts to learn how Rapunzl can power your education initiatives, you may provide us with the following information: First & Last Name, Email Address, Phone Number, Job Title, Company or School of Employment, and Communication Preferences.

G. Information Obtained from Third Parties/Public Sources:

We use third party service providers to enhance our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you, for example via LinkedIn. We do not obtain or use any identifiable information about children for marketing purposes.

3. COMPLIANCE WITH CHILDREN’S ONLINE PRIVACY PROTECTION ACT

Rapunzl particularly values the privacy of young learners and has outlined the following section to ensure compliance with COPPA and FERPA while outlining specific considerations to protect young learners.

A. Who Collects Information About Young Learners

Rapunzl operates these Services and will collect children’s personal information as described in this Privacy Policy. Even if Rapunzl digital learning courses are offered in conjunction with an outside partner, the partner will not receive any individual personal information from users of the digital learning courses, including children.

B. Parents Rights

Parents may ask us to stop collecting information from their child by emailing us at privacy@rapunzl.com. If this occurs, the child will not be able to complete any courses as we must disable their use of courses to prevent information being collected.

C. Other Information We Collect About Children.

We collect information about children’s performance and activities with our Services, including completion of courses. This information is for internal use only and will not be disclosed to other entities; and, we do not use this information in personally identifiable form for our own commercial purposes.

D. How We Use Children’s Information

We use personal information collected from children for the purpose of enhancing the functionality of our Services, and to respond to customer service and technical support issues and requests.

E. Unique Identifiers

We never use unique identifiers to track users across third-party apps or websites. We only collect and use unique identifiers, such as IP addresses, as necessary to operate our Services, including to maintain or analyze their functionality, perform network communications, authenticate users or personalize content, and protect the security or integrity of users and our Services.

F. Aggregate or De-identified Information

We may use aggregate or de-identified information about children for research, analysis, the enhancement of our Services, and similar purposes. When we do so, we strip out names, e-mail, contact information, and other personal identifiers. We may use aggregate or de-identified information for the following purposes: To better understand how users access and use our Services, to improve our Services and respond to user desires and preferences, and to conduct research or analysis.

G. How We Share Children’s Information

We do not sell children’s personal information, and a child may not make his or her protected personal identifiable information public through our services. We may disclose the personal information that we collect about children, however, such cases will only occur in order to comply with the law, and to protect Rapunzl and other users of our Services in certain situations as described below.

Business Transfers: If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the personal information we have collected from our users to the other company.

To Protect Us and Others: We also may disclose the personal information we collect in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process. We also may disclose the personal information we collect where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service, Competition Rules, or Privacy & Data Security Policy, as evidence in litigation in which Rapunzl is involved.

With Parents: Parents may request information about the information we have collected from their child by contacting us at privacy@rapunzl.com.

Aggregate and De-Identified Information: We may also use and share aggregate or de-identified information about users with third parties for grant reporting and accountability purposes.

4. HOW WE USE PERSONAL INFORMATION

Rapunzl generally uses the information we collect as follows:

A: To provide the Services directly to learners, where applicable, including creating login details for learners.

B: To communicate about users’ use of the Services, respond to users’ inquiries, and fulfill customer service requests via email and phone, when permissible and users are over 13.

C: To better understand how users access and use our Service, in order to improve our Service with more personalized learning opportunities and to troubleshoot any technical issues that occur while using the Services.

D: To send users communications about digital courses, services and other information we think may be of interest to them. If the user is a business professional who has requested further information on our products, we may also enhance our marketing database using publicly available information to tailor our communications and ensure these are relevant to the user’s industry and of interest to the user.

E: To develop aggregated reports and related analysis regarding user activities.

F: To comply with applicable legal obligations, including responding to a subpoena or court order, or investigating, preventing, or taking action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Policy.

5. SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES

Rapunzl does not sell any user personal information and does not share any user protected personal identifiable information for purposes of targeted advertising, data mining, or marketing research purposes. We share the information we collect with the following third parties for the following business purposes:

A. Authorized Entities

If you access the Services through, or are granted access to the Services by, a school, school district, college, university, person, institution, employer, or other organization (an “Authorized Entity”), we will share the information we collect about you with the Authorized Entity or its representatives.

Such information may include, but is not limited to: course progress/completion; assessment scores; email address; user ID/identifying tag or username, and additional aggregated data the Authorized Entity requests.

B. Social Media Sharing

Our platform explicitly prohibits a user from sharing information such as assessment scores through social media outlets, such as Facebook and Twitter.

C. Third-Party Sponsors

Rapunzl works with third-party sponsors to bring the Services to some users free-of-charge. In such situations, Rapunzl will only share anonymized and/or aggregated user information with those third-party sponsors.

This may include aggregated and/or anonymous demographic and geographic profiles to demonstrate the learning progress of these categories of Services users.

D. Legal Disclosures

We may disclose a Services user’s information, including personal information, where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes.

We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Services or the general public.

E. Service Providers

We may employ independent contractors, vendors and suppliers to provide specific services related to the Service, such as server and network hosting and maintaining the Service, providing credit card processing and fraud screening, and email and marketing services.

F. Business Transfers

We reserve the right to transfer information, including personal information, to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of Rapunzl or any of its Affiliates, including as part of a bankruptcy proceeding. We may disclose personal information about Services’ users to our affiliated companies. Our affiliates’ use of your personal information will be in accordance with the terms of this Privacy Policy.

6. DATA SECURITY & PRIVACY

A. General Approach

Rapunzl commits to implementing all applicable state, federal, and local data security and privacy requirements. Our approach includes regularly reviewing and updating our data protection policies to align with current laws and regulations. We also conduct regular audits to ensure system integrity and review data security. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online.

B. Risk Mitigation Through Industry Best-Practices

Rapunzl enforces internal policies and procedures for data security and privacy in order to protect users’ personally identifiable information and maintain system integrity. We conduct regular risk assessments, security tests and vulnerability audits to identify and mitigate potential vulnerabilities. Rapunzl implements strict access controls to limit data access to authorized personnel only, ensures secure data handling and storage practices by using encryption protocols for all data in transit and at sensitive data at rest, and regularly updates and patches front-end and back-end software to protect against vulnerabilities. Rapunzl also utilizes firewalls and intrusion detection systems.

C. Management of Security and Privacy Incidents

In the event of data security or privacy incidents, Rapunzl has established a comprehensive plan to detect, respond, notify, and remediate. Rapunzl currently utilizes live-monitoring systems to detect potential breaches and unauthorized disclosures. In the event of a suspected or proven security breach, within the first 15 minutes, suspicious activity should be detected and reported to the Rapunzl security team for verification. Over the next 45 minutes, affected systems will be isolated, critical data backed up, and key stakeholders notified. A root cause analysis will be conducted within the following 24 hours to understand and eradicate the breach. A full report of the vulnerability and scope of the security breach will then be shared with all stakeholders within the following 48 hours.

D. Training for Officers and Employees

All officers, employees, and assignees of Rapunzl who have access to Protected Information receive comprehensive training on federal and state laws governing data confidentiality. Training is conducted before employees gain access to Protected Information and is refreshed annually or as needed to address new risks and regulations. The training includes: Understanding key legislation such as FERPA, COPPA, and HIPAA; best practices for data handling and security; and procedures for reporting and responding to data breaches and unauthorized disclosures.

E. Management of Subcontractors

Rapunzl may engage subcontractors to support its services. To ensure Protected Information is safeguarded, we conduct thorough due diligence on sub-contractors’ data security practices.

F. Parent & Guardian Access To Information

Upon written request, Rapunzl provides parents of younger learners with access to review and submit written corrections to their children’s information, as well as request that the data is deleted where permitted under law.

G. Data Return, Transition, Deletion, or Destruction

Upon contract termination or expiration, Rapunzl will handle Protected Information as directed by the relevant parties in order to remain compliant with applicable local, state and federal laws.

This includes, but is not limited to returning data in a secure manner, assisting with the transition of data to a successor contractor if required, and securely deleting or destroying data using industry-standard methods, ensuring that no residual information remains accessible.

H. Warranties

Rapunzl implements reasonable and appropriate physical, administrative and technical safeguards to help us protect user personal information from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of user information.

Where appropriate, these safeguards include encryption – Rapunzl uses TLS encryption for data transfers. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information a user transmits to us and the user does so at their own risk.

7. US CONSUMER PRIVACY RIGHTS

A. Additional Privacy Rights

Five states afford consumers in those states additional privacy protections. These states are: California Consumer Privacy Act, Colorado Privacy Act, Connecticut Act Concerning Personal Data Privacy & Online Monitoring, Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act.

The additional privacy protections provided by those laws include: the right to know what information businesses collect disclose; the right to access a copy of a user’s data; the right to request deletion or correction of the user’s data; and the right to opt out of the sale of the user’s data or the sharing of the user’s data for purposes of targeted behavioral advertising. As such, Rapunzl does not sell user personal information or share user personal information for purposes of targeted advertising.

B. Exercising Your Privacy Rights.

To request access to or deletion of user personal information, or to exercise any other data rights under the laws set forth above, please contact Rapunzl through our website.

We will verify user identity where required prior to fulfilling the request, which may require government identification. Authorized agents may be used to submit rights requests, in which cases we will take steps to verify the user’s identity and that the agent has authority to act on the user’s behalf.

C. Request to Remove or Update Data

If a user mistakenly posts personal information in a Public Area or if parents want to request the deletion of their student’s data, you can send us an email to request that we remove it by contacting us at privacy@rapunzl.com.

If a user would like to amend their profile information, you may log in to your account and do so or email us at privacy@rapunzl.com. You should understand that in some cases, we may retain copies of such information in our systems or databases where required or permitted by law.

D. Request to Opt-Out of Emails

Where we have permission, we may send periodic marketing emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email or by contacting us at privacy@rapunzl.com. 

Please note that it may take up to 10 business days for us to process opt-out requests.

If a user opts-out of receiving emails about recommendations or other content we think may interest the user, we will still send the user service emails about their Rapunzl account or any services they have requested or received from us.

E. Response Timing and Format

We will respond to a consumer privacy request within the time period required under any applicable privacy laws. If we require more time, in accordance with applicable privacy laws, we will inform the user of the reason and extension period in writing.

8. CHANGES TO OUR PRIVACY POLICY

Rapunzl may amend this Privacy Policy from time to time. We will provide notice of any material changes made to our Privacy Policy by prominently posting the revised Policy with an updated date of revision on our homepage. We encourage users to check this page periodically for any changes.

If we make any material changes that affect information we have previously collected about users, we will provide users with notice (or in the case of a child, to your parent or legal guardian - or to the school/educational institution who will make it available to the user or their parent or legal guardian), via email or within the Service.

9. HOW TO CONTACT US

If you have any questions about this Privacy Policy or our security measures at Rapunzl, or where applicable to appeal a decision we’ve made regarding your privacy rights, please contact us at hello@rapunzl.com. 

Our mailing address is 323 West Schiller Street, #1W, Chicago, Illinois 60610 and we can be reached by phone at 312-618-9956.

Rapunzl connects investors with simulated stock portfolios & stock trading competitions. Join the thousands of others investing alongside their friends & competing for free prizes!

rapunzl personal finance app facebook page social icon

rapunzl personal finance app twitter page social icon

rapunzl personal finance app linkedin page social icon

rapunzl personal finance app mail link social icon

Pricing data is provided by Nasdaq Inc and Coinbase Inc. All information provided 'as is' for informational purposes only. This information is not intended for trading purposes nor is it intended as advice. Neither Rapunzl nor any of its independent providers is liable for informational errors, incompleteness, or delays, or for actions taken in reliance on information contained herein. By accessing the Rapunzl platform you agree not to redistribute the information found therein.

The information contained on this website and from any communication related to this website is for information purposes only. Rapunzl Investments LLC (Rapunzl) does not hold itself out as providing any legal, financial or other advice. Rapunzl also does not make any recommendation or endorsement as to any investment, advisor or other service or product or to any material submitted by third parties or linked to this website. In addition, Rapunzl does not offer any advice regarding the nature, potential value or suitability of any particular investment, security or investment strategy. The material on this website does not constitute advice and you should not rely on any material in this website to make (or refrain from making) any decision or take (or refrain from making) any action. All investment, borrowing or tax decisions should be made with the advice of an appropriately qualified and licensed advisor.