Last Updated: March 2, 2026

YONDR APP PRIVACY POLICY

This Privacy Policy ("Policy") explains how Yondr, Inc. and its affiliates (collectively "Yondr", "we", "us" or "our") collects, stores, uses, and discloses personal data about you, how we use it, how and when it may be shared, the rights and choices you have with respect to your personal data, how we communicate with you and how you can make requests or submit inquiries to us about your personal data.

About Us
What Does This Policy Cover
How Is This Policy Updated
Information We Collect
How We Use Your Personal Data
Disclosure of Personal Data
How We Protect Your Personal Data
Cookies and Other Information Collection Tools
Social Media and Other Third-Party Links and Services
Retention of Personal Data
Your Privacy Rights and Choices
Children's Privacy
International Data Transfers
Contact Us
Region-Specific Terms

ABOUT US

Yondr works with educators, artists, organizations, and individuals around the world to create phone-free spaces where genuine connection, focus, and creativity can flourish in the absence of technology.

WHAT DOES THIS POLICY COVER

The Services are designed for use by students who are 13 years of age or older in connection with a participating school's device use policy. While schools may purchase or sponsor access to the Services, students individually download and register for the app.

The Services are not intended for use by the general public or by children under the age of 13 without prior coordination with Yondr and appropriate consent as required by law.

Schools are responsible for determining whether use of the Services complies with applicable laws and school policies, including obtaining any required parental consents.

This Policy applies to personal data we collect both online and offline, including personal data we collect through our website, yondrapp.com (the "Site"), in connection with any of our mobile applications and other products and services we provide you that reference this Policy (together with the Sites, the "Services"), and any other interactions you may have with us including at or through conferences, events, visits to our offices, electronic newsletters or communications.

In this Policy, "personal data" means any information that identifies, relates to, describes, is reasonably capable of being associated with or reasonably can be used to identify an individual or household and other data that is linked to personal data or is otherwise defined as "personal data," "personal information," or "personally identifiable information" by applicable laws.

This Policy does not apply to any products, services, websites, or content that are offered by third parties or have their own privacy policy.

HOW IS THIS POLICY UPDATED

We may modify this Policy from time to time. If we make changes, we will revise the "Last Updated" date at the top of the Policy on our Sites and use reasonable efforts to provide you additional notification, such as by sending you an email notification. We encourage you to review this Policy each time you visit our Sites or use our Services to stay informed of our privacy practices and the choices available to you.

INFORMATION WE COLLECT

We collect the minimal amount of information from students necessary to create accounts on our Services. We may ask students to provide a unique username, a unique email, a password, their first and last name and a unique code they have been given by their teacher or school administrator to enroll in the Services.

We use this information to provide the Services to the student, for security and safety purposes, or as required by law or to enforce our Terms of Use. We will not require students to provide more personal information than is reasonably necessary in order to participate in the Services. If we discover that we have collected information from a student under the age of 13 or other student in a manner inconsistent with the Family Educational Rights and Privacy Act ("FERPA"), the Children's Online Privacy Protection Act ("COPPA") or any applicable state laws or regulations, we will take appropriate steps to delete the information. We do not disclose any personal information about children to third parties, except to service providers necessary to provide the Services, as required by law, or to protect the security of the Services or other users. Information collected from students (including personal information and information collected automatically) is never used or disclosed for third-party advertising, including any kind of first- or third-party behaviorally targeted advertising, and children's personal information is never sold or rented to anyone, including marketers or advertisers.

No student's profile is made available or visible to the public, or to any other students, through Yondr.

SCHOOLS AND ADMINISTRATORS SHALL MAKE A RESPONSIBLE USE OF THE SERVICE AND AVOID COMPROMISING CHILDREN'S PERSONAL INFORMATION AT ALL TIMES WHEN ACCESSING THE DASHBOARD. YONDR SHALL NOT BE HELD LIABLE FOR THE INAPPROPRIATE USE OF THE SERVICE BY THE SCHOOL OR THE ADMINISTRATOR.

Below are the categories of personal data we collect and the sources of this information.

Information You Provide to Us

We collect personal data from you when you use our Services, send us an email, fill out a form, subscribe to our newsletter, respond to a survey, interact with us on social media, or otherwise communicate with us.

Types of information we may collect include:

Student information:

Information	Why We Collect It	How It's Used
First Name	Required for account creation. Allows admin to identify students on the compliance dashboard.	Displayed on the dashboard next to the student's status.
Last Name	Same as above.	Displayed on the dashboard.
Email Address	Required for account creation, email verification, password resets, and login.	Authentication. Sending account emails (verification, password reset). Displayed on dashboard.
Password (hashed)	Required for authentication.	Stored as a secure hash. Plain-text password is never stored or accessible to anyone.

School administrator information:

Information	Why We Collect It	How It's Used
Admin name	Created during school setup.	Identifies the admin in the system.
Admin email	Required for login and account setup.	Authentication, password reset, invitation email.
Password (hashed)	Required for authentication.	Stored as a secure hash.

Communications with us: Including through meetings with our representatives, website forms, and contact with our Service; and
Any additional information: that you choose to provide.

In some cases, we may also collect information you provide about others. We will use this information to fulfill your requests and will not send communications to your contacts unrelated to your requests unless they separately create an account, engage with us or consent to receive communications from us.

Information Collected Automatically When You Interact With Us

We and our service providers may automatically log personal data about you, your computer or mobile device, and your interaction over time with the Services, such as:

Device information. We may collect information about your device(s) such as Internet Protocol ("IP") addresses, device permissions, compliance status and timestamps, browser type and version, domain names, access times, log information, error messages, device type, unique device identifiers, operating system, information about your use of the Services, data regarding network connected hardware and other technical information such as protocol status and sub-status, bytes sent and received and server information.
Lock/unlock timestamps. We may collect information about when a student locks and unlocks their phone.
Compliance status. We may collect information about the current state of your phone, such as whether it is locked or unlocked, offline, or noncompliant.
School association. We may collect information about which school you attend, based on the unique school url you use during the sign-up process.
Log and Diagnostic Information. We may automatically collect technical logs and diagnostic data, such as error reports, crash dumps, performance data, and information about how the Services are functioning.
Security Data. We may collect information such as error logs, authentication data, and information used by our payment processors to detect and prevent fraud.
Account creation date. We may collect information on the date on which you sign up for the Services.

Information We Collect From Other Sources

We do not use advertising cookies, tracking pixels, or similar cross-site tracking technologies.

We may collect limited technical information necessary to operate and secure the Services, such as device type, operating system version, app version, and basic diagnostic or error information. This information is used solely to provide, maintain, and improve the Services and is not used for advertising purposes.

We do not collect personal information from publicly available databases or other third-party sources.

Information We Infer or Derive

We may derive information or draw inferences about you based on the personal data we collect or have otherwise received about you.

Information We Do Not Collect

Without limiting the above, we do not collect the following types of information:

Location/GPS data
Browsing history
App usage data
Text messages or call logs
Photos, videos, or files
Contacts
Microphone or camera
School roster data
Grades or academic records
Behavioural or disciplinary records

HOW WE USE YOUR PERSONAL DATA

Depending on how you interact with us and the Services you or your organization utilize, we use your personal data:

Provide and Improve Products and Services. To provide, activate, operate, maintain, develop, enhance, improve, support, troubleshoot, and manage our Services and your accounts on our Services, monitor and analyze trends, usage, and activities, and to perform services requested by you;
Respond to You. To provide Services support and respond to your requests, inquiries, comments and concerns;
Service Communications. To notify you about changes, updates and other announcements related to our Services and send you technical notices, updates, security alerts, safety and support messages, and other transactional or relationship messages;
Safety and Security. For safety and security, including to detect and protect against fraud or illegal activities, security incidents, and harm to rights, property or safety of Yondr, users of our Services or others;
Research and Development. To conduct research and development and develop new products and services;
Corporate Transactions. To process personal data in the context of a merger, consolidation, reorganization, sale of our assets, financing or acquisition of all or a portion of our business to another company, or other corporate transactions;
Comply with Legal and Financial Obligations. To comply with our legal and financial obligations (including complying with court orders, discovery requests, subpoenas and other legal obligations), resolve disputes, enforce our agreements, and exercise our legal rights;
Your Consent. To process your personal data in accordance with your consent or when you intentionally direct or instruct us to do so; and
Other Notified Purposes. To carry out any other purpose conveyed to you at the time the information was collected.

DISCLOSURE OF PERSONAL DATA

We may disclose your personal data as follows or as otherwise described in this Policy:

Affiliates and Subsidiaries. We disclose your personal data to our affiliates and other organizations under common control for the purposes described in this Policy;
Third Parties You Intentionally Interact With. We disclose your personal data to third parties when you use our Services to intentionally interact with those third parties or direct us to interact with those third parties;
Vendors and Service Providers. We disclose your personal data to our vendors and service providers, such as those that provide hosting services and analytics, to perform the functions for which we engage them;
Corporate Transactions. We disclose your personal data as part of, in connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business to another company, or other corporate transactions;
Aggregated, Anonymized, or De-Identified. We disclose aggregated, anonymized, or de-identified information, which cannot reasonably be used to identify you;
Law Enforcement and Individuals Involved in Legal Proceedings. We disclose your personal data when we believe doing so is reasonably necessary to comply with applicable law or legal process or other legal reasons, including:
- When we reasonably believe disclosure is required to comply with a subpoena, court order, or other applicable law, regulation or legal process;
- To enforce, remedy, or apply our agreements and contractual rights;
- To protect our property (including intellectual property) or protect the rights, property or safety of others;
- To support external auditing, compliance and corporate governance functions; and
- To prevent, detect, and remedy fraud, cybersecurity attacks or illegal activity.
With your Consent or Direction. We disclose personal data with your consent or at your direction, including if we notify you that your personal data will be shared in a particular manner and you provide such personal data.

HOW WE PROTECT YOUR PERSONAL DATA

We implement commercially reasonable physical, technical and procedural measures to help protect personal data from unauthorized access or use; however, the transmission of information via the internet is not completely secure or private. If you have questions about the security of personal data we collect, please contact us using the information provided below.

COOKIES AND OTHER INFORMATION COLLECTION TOOLS

A cookie is a small file containing a string of characters that is sent to your computer when you visit a website or use an online service. When you visit the website or use the online service again, the cookie allows that website or online service to recognize your browser or device. Cookies may store unique identifiers, user preferences and other information.

Mobile Application

The mobile application does not use cookies, tracking pixels, advertising identifiers, or third-party analytics software development kits (SDKs).

The mobile application uses standard mobile authentication tokens to maintain login sessions. It also uses device-native operating system features (such as Apple's Screen Time framework on iOS and Accessibility Services on Android) to enforce phone-use policies, and NFC functionality to trigger lock and unlock events. These technologies do not function as cookies and are not used for cross-site tracking or advertising.

The mobile application collects compliance-related information, such as lock and unlock timestamps and policy identifiers, solely for the purpose of providing the Services.

School Administrator Dashboard

The web-based School Administrator Dashboard uses a strictly necessary session cookie for authentication purposes. This cookie is generated by the application server and enables administrators to remain logged in during an active session.

The session cookie does not track users across websites.
It does not collect information for advertising or analytics purposes.
It expires automatically at the end of the session or after a short period of inactivity.

These cookies are strictly necessary to make our Services function properly. These cookies ensure basic functionalities and security features of the Dashboard.

The Dashboard does not use advertising cookies, performance cookies, analytics cookies, or third-party tracking technologies.

No Advertising or Cross-Site Tracking

We do not use cookies or similar technologies for interest-based advertising, behavioral tracking, or marketing campaigns. We do not permit third-party advertising networks to collect information through the Services.

Managing Cookies

Because the mobile application does not use cookies, there are no cookie settings to manage within the app.

Administrators accessing the web-based Dashboard may control or block session cookies through their browser settings; however, doing so may prevent the Dashboard from functioning properly.

No Third-Party Advertising or Social Media Integrations

The Services do not include social media plug-ins, social sharing tools, embedded third-party content, or integrations with social networking platforms such as Facebook, Instagram, LinkedIn, TikTok, or X.

We do not permit third-party advertising networks to collect information through the Services.

Limited External Links

The Services may contain limited links to external websites for informational purposes (for example, support documentation or legal notices). If you choose to visit an external website, the privacy practices of that website will be governed by its own privacy policy. We are not responsible for the privacy practices or content of third-party websites that are not operated by us.

Service Providers

We may use third-party service providers to host, maintain, and support the Services (for example, cloud hosting providers or infrastructure vendors). These service providers process information solely on our behalf and under contractual obligations to protect it. They are not permitted to use personal information for their own marketing or advertising purposes.

RETENTION OF PERSONAL DATA

We will retain your personal data for as long as is necessary to fulfil the purpose for which this data was collected and for the business purposes explained in this Policy.

Even after we stop providing Services directly to you, and even if you close your account, we may retain your personal data to the extent permitted by applicable law:

to comply with our legal and regulatory obligations.
to protect against fraudulent or abusive activity on our Service.
to exercise, establish or defend legal claims.

In cases where we keep personal data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law. Our retention periods will vary depending on the type of data involved, but generally, to determine the appropriate retention period for personal data, we consider:

the amount, nature, and sensitivity of the personal data;
the potential risk of harm from unauthorized use or disclosure of your personal data;
whether such information is needed to provide services;
whether there is a contractual or legal need to retain the data;
the purposes for which we process your personal data and whether we can achieve such purposes through other means; and
applicable legal requirements.

Student accounts and compliance data are retained for the duration of the school's contract.

When a student is removed from the system (or the school's contract ends), their data is deleted within 90 days.

YOUR PRIVACY RIGHTS AND CHOICES

Consistent with applicable law, you may have certain rights regarding personal data we process. These rights may vary depending on your state or country of residence.

To submit a privacy rights request, please contact us using the information provided in the "Contact Us" section below.

While it is our policy to respect the rights of individuals, please be aware that your exercise of these rights is subject to certain exemptions and exceptions, and some of these rights might be limited (for example, the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to deliver services to you, defend our rights or meet our legal and regulatory obligations.

If you contact us to exercise any of these rights, please note that we may only implement requests with respect to the personal data associated with you as an individual. We may need to verify your identity before implementing your request and will try to comply with your request as soon as reasonably practicable and in accordance with the timelines required under applicable law. If we cannot verify your identity or your ownership rights to the data, we may not be able to service your request until you provide proper documentation.

No Sale or Marketing Use of Personal Data

We do not sell personal data.
We do not share personal data with third parties for advertising or marketing purposes.
We do not use student personal data for behavioral advertising.

Because we do not engage in direct marketing, students will not receive marketing communications from us.

We may send administrative communications necessary to provide the Services, such as account notifications, security alerts, support responses, or important legal notices. These communications are service-related and cannot be opted out of while using the Services.

Access, Correction, and Deletion

You may have the right to request access to and receive details about the personal data we maintain about you and how we process it, correct inaccuracies, or request that we delete your personal data by contacting us as indicated below.

Withdraw Consent

Where you have provided your consent for us to use your personal data and subject to applicable law, you have the right to withdraw your consent and we will apply that preference going forward.

Additional State Law Rights (Where Applicable)

Depending on your location and subject to applicable law, you may have the following additional rights regarding the personal data we control about you:

The right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data;
The right to request that we correct inaccuracies in your personal data that we maintain;
The right to request that we restrict the use of your personal data in certain circumstances, such as while we consider another request that you have submitted (including a request that we make an update to your personal data);
The right to request that we export your personal data that we hold to another company or organization, where technically feasible;
Where we process your personal data based on our legitimate interests, you may also have the right to object to the processing of your personal data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your personal data when you object;
The right to request that we delete personal data about you, subject to certain exceptions;
The right not to be discriminated against for exercising these rights;
The right to opt out of using personal data for targeted advertising; and/or
The right to appeal any decision by us relating to these rights.

We do not share your information for targeted advertising, profiling, or sales. Where state laws provide a right to opt out of such activities, those rights do not apply to the Services.

California Privacy Disclosures

In addition to the rights described above, California residents may have certain rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"). These laws provide California residents with rights that may include the right to know what personal information is collected, used, disclosed, or retained; the right to request deletion or correction of personal information; the right to limit certain uses of sensitive personal information (where applicable); and the right not to be discriminated against for exercising privacy rights.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as defined under California law. We use personal information solely to provide, maintain, secure, and improve the Services and as otherwise described in this Privacy Policy.

Where the Services are provided in connection with a school program, certain personal information may be processed on behalf of the school, and requests relating to such information may be directed to the school in accordance with applicable law.

This Privacy Policy is intended to comply with the California Online Privacy Protection Act ("CalOPPA"), which requires operators of commercial websites and online services that collect personal information from California residents to post a conspicuous privacy policy describing their data practices and how users may exercise their rights.

CHILDREN'S PRIVACY

FERPA Compliance

The Family Educational Rights and Privacy Act ("FERPA") generally prohibits schools from disclosing personally identifiable information from a student's education records to a third party without prior written consent from a parent or eligible student, subject to certain exceptions.

Students individually download and register for the Services. The Company does not require schools to provide student names, email addresses, or other education records in order to enable student access to the Services.

However, to the extent a school uses the Services as part of its instructional or classroom management program, certain data generated through student use of the Services—such as device lock and unlock timestamps or compliance status—may be shared with or maintained by the school. If such data is maintained by the school and directly relates to an identifiable student, it may constitute an "education record" under FERPA.

Accordingly, schools must either obtain any required parental consent or ensure that their use of the Services satisfies an applicable FERPA exception. Typically, schools may rely on the "school official" exception when a service provider:

Performs an institutional service or function for which the school would otherwise use its own employees;
Is under the direct control of the school with respect to the use and maintenance of education records; and
Uses education records only for authorized educational purposes.

To the extent compliance data constitutes education records under FERPA, the Company will act as a service provider to the school and will use such information solely to provide the Services, in accordance with the school's instructions and applicable law.

Nothing in the Services requires a school to disclose education records to the Company without appropriate authorization, and each school remains responsible for determining its own compliance obligations under FERPA.

COPPA Compliance

The Services are intended for use by students who are 13 years of age or older. The Company does not knowingly collect personal information from children under the age of 13 without appropriate consent in accordance with COPPA.

Students register for and use the Services individually. Schools do not provide student personal information to the Company in order to enable student access to the Services.

If a school intends to permit Minors to use the Services, the school must notify the Company in advance so that appropriate parental consent mechanisms and contractual arrangements can be implemented as required by COPPA. In such cases, the school will be responsible for obtaining any legally required parental consent or for confirming that it has authority to provide consent on behalf of parents consistent with applicable law.

If Yondr becomes aware that personal information has been collected from a child under 13 without the required consent, Yondr will take reasonable steps to delete such information as required by applicable law.

Parents or guardians who believe that their child under 13 has provided personal information without proper consent may contact Yondr at support@overyondr.com to request review or deletion of such information.

State Law Compliance

Our Services are designed to support schools in protecting student privacy and handling student data in accordance with applicable state laws. Many states have enacted, or may enact, laws that restrict the collection, use, disclosure, or commercial exploitation of student information, and require reasonable safeguards to protect such data.

Schools and districts using our Services are responsible for identifying and complying with the student privacy requirements in their jurisdiction. We will cooperate with schools to help support compliance and provide the necessary information regarding our privacy practices.

The following highlight key state-specific laws and how our Services are designed to support compliance:

Key State-Specific Student Privacy Laws

California – SOPIPA (Cal. Bus. & Prof. Code §22584): Prohibits the sale of student personal information, targeted advertising, and commercial profiling. Our Services do not engage in these activities and limit data use to providing the Services and supporting school compliance.
California – AB 1584 (Ed. Code §49073.1): Requires student records to remain under school control and mandates privacy and security terms in contracts with third-party service providers. Compliance data is processed only under the school's direction. We do not receive any student records.
Other States (Examples): Many states, including Colorado, Connecticut, Delaware, Maryland, New Hampshire, Oregon, and Utah, have enacted or are enacting student privacy laws with provisions similar to SOPIPA. These generally restrict commercial use of student data, targeted advertising, and require reasonable security measures. Our Services are designed to support schools in complying with these laws where applicable.

Note: This list is illustrative and not exhaustive. Schools and districts are responsible for confirming which state laws apply to their use of the Services, and we will cooperate to support compliance under these requirements.

INTERNATIONAL DATA TRANSFERS

We may process and store your personal data in the United States and other countries which may have less-protective data protection laws than the region in which you are situated. Please note that this processing, including storage, may involve cross-border transfers of your personal data. In certain situations, we may be required to disclose personal data in response to lawful requests from officials (such as law enforcement or security authorities).

Where applicable law requires a data transfer mechanism, we use one or more of the following:

Transfers to certain countries or recipients that are recognized as having an adequate level of protection for personal data under applicable law;
EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner's Office;
or other legal methods available to us under applicable law.

CONTACT US

You may contact us using the information below.

Yondr, Inc.
2332 S Centinela Ave
Los Angeles, CA 90064

Email: support@overyondr.com

REGION-SPECIFIC TERMS

ADDITIONAL INFORMATION FOR RESIDENTS OF THE EEA, UK AND SWITZERLAND

If you are a resident of the European Economic Area ("EEA"), Switzerland or the United Kingdom, you may have certain rights and protections under applicable law regarding the processing of your personal data. In the event of a conflict between the rest of our Policy, this Additional Information for Residents of the EEA, UK and Switzerland notice will prevail as to data subjects and their rights under the applicable privacy law.

Legal Basis of Processing

When we process your personal data as described in this Policy, we are required to have a legal basis to do so. The legal bases we use are as outlined below:

Processing on the basis of performance of a contract: where your information is necessary to enter into or perform our contract with you or the organization you represent;
Processing data on the basis of consent: where you have given us consent for us to process your personal data for a specific purpose. When processing is based on consent, you have the right to revoke such consent at any time;
Processing data on the basis of our legitimate interests: where we use your information to achieve a legitimate interest, including providing, improving and maintaining our Services, communicating with our current and prospective customers, suppliers and partners, managing our relationships with our customers, vendors and partners, sharing your personal data with our affiliates as well as service providers and vendors, and developing new Services; and
Processing data because we have a legal obligation to do so: We process your personal data when it is necessary for us to defend a claim or resolve a dispute or when we need to use your personal data to comply with our legal obligations, including payment of taxes, responding to law enforcement agencies and other governmental bodies (when required by applicable law), retaining business records required to be retained under applicable law, and complying with court orders and other legal process.

If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see:

For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
For individuals in the UK: https://ico.org.uk/global/contact-us/
For individuals in Switzerland: https://www.edoeb.admin.ch/en