Introduction
This Privacy Notice for Eduverse, Ltd ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at https://meritk12.com or any website of ours that links to this Privacy Notice
- Use Merit โ a web-based Positive Behavioral Interventions and Supports (PBIS) management platform developed and operated by Eduverse, Ltd, designed for use by Kโ12 school districts, individual schools, and their authorized personnel, including district administrators, school administrators, teachers, and support staff. Merit enables educational institutions to recognize and reinforce positive student behaviors through a structured point-based system. The Platform provides role-based access across four user types: District Administrators, School Administrators, Teachers and Staff, and Students. Merit is operated as a software-as-a-service (SaaS) platform delivered by Eduverse, Ltd under a contractual agreement with each participating educational institution. In the context of applicable education privacy law, including FERPA, the educational institution served by the Platform acts as the data controller, and Eduverse, Ltd acts as a data processor operating on the institution's behalf.
- Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at legal@meritk12.com.
Summary of Key Points
This summary provides key points from our Privacy Notice. You can find more details about any of these topics by using the section headings below.
- What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.
- Do we process any sensitive personal information? Some information may be considered "special" or "sensitive" in certain jurisdictions. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.
- Do we collect any information from third parties? We do not collect any information from third parties.
- How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
- In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
- How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
- What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
- How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
1. What Information Do We Collect?
Personal information you disclose to us
We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information we collect may include: names, email addresses, phone numbers, usernames, passwords, and contact or authentication data.
Sensitive Information
When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information: student data and account login information.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Google API
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. How Do We Process Your Information?
We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To respond to user inquiries and offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
3. When and With Whom Do We Share Your Personal Information?
We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.
4. Do We Use Cookies and Other Tracking Technologies?
We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://meritk12.com/legal#cookies.
5. How Long Do We Keep Your Information?
We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. Eduverse, Ltd retains platform data for the duration of the institution's active service agreement. Following contract termination, or upon written request from an authorized district or school administrator, institutional data will be removed from active systems. Eduverse, Ltd reserves the right to retain data as required by applicable law or for legitimate business purposes such as dispute resolution and legal compliance.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. How Do We Keep Your Information Safe?
We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
7. What Are Your Privacy Rights?
You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.
Withdrawing your consent
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the contact details provided in Section 11 below. Please note that this will not affect the lawfulness of the processing before its withdrawal.
Cookies and similar technologies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies, though this could affect certain features or services of our Services. For further information, please see our Cookie Notice: https://meritk12.com/legal#cookies.
If you have questions or comments about your privacy rights, you may email us at legal@meritk12.com.
8. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems and applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
9. Do United States Residents Have Specific Privacy Rights?
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
Categories of Personal Information We Collect
The following table shows the categories of personal information we have collected in the past twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details such as real name, alias, email address, account name, online identifier | YES |
| B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment | YES |
| C. Protected classification characteristics | Gender, age, date of birth, race and ethnicity, national origin | NO |
| D. Commercial information | Transaction information, purchase history, financial details | NO |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, online behavior, interactions with websites | NO |
| G. Geolocation data | Device location | NO |
| H. Audio, electronic, sensory, or similar information | Images and audio, video or call recordings | NO |
| I. Professional or employment-related information | Business contact details, job title, professional qualifications | NO |
| J. Education Information | Student records and directory information | YES |
| K. Inferences drawn from collected personal information | Inferences drawn to create a profile about an individual's preferences and characteristics | NO |
| L. Sensitive personal Information | Personal data from a known child and account login information | YES |
We only collect sensitive personal information as defined by applicable privacy laws or the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
We will use and retain the collected personal information as needed to provide the Services. Categories A, B, J, and L are retained for as long as the user has an account with us.
Sources of Personal Information
Learn more about the sources of personal information we collect in Section 1 above.
How We Use and Share Personal Information
Learn more about how we use your personal information in Section 2 above.
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
Your Rights
You have rights under certain US state data protection laws. These rights include:
- Right to know whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling
Depending upon the state where you live, you may also have additional rights including rights related to accessing categories of personal data, obtaining lists of third parties to whom data was disclosed, and correcting how personal data has been profiled, as permitted by applicable law.
How to Exercise Your Rights
To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at legal@meritk12.com, by visiting https://meritk12.com/contact, or by referring to the contact details at the bottom of this document.
Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.
Request Verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.
Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at legal@meritk12.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
California "Shine The Light" Law
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact details provided in Section 11 below.
10. Do We Make Updates to This Notice?
Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
11. How Can You Contact Us About This Notice?
If you have questions or comments about this notice, you may email us at legal@meritk12.com or contact us by post at:
Eduverse, Ltd
PO Box 72
Delaware, OH 43015
United States
12. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
13. Third-Party Service Providers
Merit relies on a small number of third-party service providers to deliver the Platform. Each provider processes data only as necessary to perform its designated function, under appropriate data processing agreements with Eduverse, Ltd. We do not authorize any provider to use your data for their own marketing or commercial purposes.
The following providers are currently used in connection with the Merit platform:
| Provider | Role | Data Processed | Privacy Policy |
|---|---|---|---|
| Supabase | Authentication, database hosting, and row-level security for the Merit platform | Account credentials, user roles, all platform data stored in the Merit database | supabase.com/privacy |
| Resend | Transactional email delivery โ welcome emails, scheduled PBIS reports, and renewal reminders | Recipient email addresses and email content necessary to deliver each message | resend.com/privacy |
| OAuth sign-in for institutions that use Google Workspace accounts for staff authentication | Email address and identity token from the authenticated Google account | policies.google.com/privacy | |
| Vercel | Hosting and content delivery for the meritk12.com marketing website and app.meritk12.com application | Standard server request logs including IP addresses of website visitors | vercel.com/legal/privacy-policy |
This list reflects providers used at the time of the last update to this policy. If Eduverse, Ltd engages a new third-party provider that will process personal information, this section will be updated prior to that provider's use. Institutions with questions about any provider may contact us at legal@meritk12.com.
1. Acceptance of Terms
By accessing or using Merit ("the Platform"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, you may not access or use the Platform. These Terms constitute a legally binding agreement between you and Eduverse, Ltd ("Company," "we," "us," or "our").
The Platform is intended for use by Kโ12 educational institutions and their authorized staff and students. Use by individuals outside of an authorized institution is prohibited without prior written consent from Eduverse, Ltd.
2. Description of Service
Merit is a web-based Positive Behavioral Interventions and Supports (PBIS) management platform developed and operated by Eduverse, Ltd. The Platform enables educational institutions to recognize and reinforce positive student behaviors through a structured point-based system, manage school and classroom reward stores, generate recognition reports, and administer automated report delivery. Merit is operated as a software-as-a-service (SaaS) platform delivered under a contractual agreement with each participating educational institution and is designed for use on laptop and desktop devices through a web browser.
3. Account Registration and Authorized Access
Access to Merit is provisioned exclusively by authorized institutional administrators. Individual users โ including teachers, staff, and students โ do not self-register and may only access the Platform under credentials issued by the Institution.
The Institution is responsible for: (a) the accuracy and completeness of all account information it provides to Eduverse, Ltd; (b) ensuring that all provisioned users are authorized to access the Platform in their designated role; and (c) promptly removing or deactivating access for any individual whose authorization has ended, including staff departures, student transfers, or role changes. The Institution accepts responsibility for all activity conducted through accounts it creates and maintains.
You are responsible for maintaining the confidentiality of your credentials. You must notify your administrator immediately if you believe your account has been compromised.
4. FERPA Compliance and Institutional Responsibility
The educational institution ("Institution") entering into a service agreement with Eduverse, Ltd retains ownership and control of all student education records, as defined under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. ยง 1232g. Eduverse, Ltd accesses student education records solely in its capacity as a "school official" with a "legitimate educational interest," as those terms are defined under FERPA, and only for the purpose of providing and improving the Merit platform under the Institution's direction.
The Institution is solely responsible for ensuring that its use of Merit complies with FERPA, including obtaining any parental or eligible student consent required before sharing education records with Eduverse, Ltd. Eduverse, Ltd will not disclose student education records to any third party except as directed in writing by the Institution, as required by applicable law, or as otherwise permitted under FERPA.
5. COPPA โ Children's Online Privacy Protection
Merit may be used by students under the age of 13. Where applicable, the Institution operates as the operator's agent under the school consent exception to the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. ยง 6501 et seq., and is responsible for obtaining any verifiable parental consent required under COPPA before authorizing students under 13 to access the Platform.
Eduverse, Ltd collects personal information from students solely at the direction of and under the authority of the Institution. Eduverse, Ltd does not use student personal information for advertising, does not build commercial profiles of students, and does not disclose student information collected through Merit for any purpose unrelated to providing the educational service contracted by the Institution.
6. Student Data Protection
Eduverse, Ltd will not sell, rent, trade, or otherwise disclose student data to any third party for commercial purposes. Student data will not be used to target students with advertising, develop commercial products, or build profiles for purposes unrelated to the educational service provided under this agreement.
Student data collected through Merit is used solely to operate, maintain, and improve the Platform for the benefit of the contracting Institution and its students. Eduverse, Ltd acknowledges that applicable state student privacy laws โ including but not limited to California's Student Online Personal Information Protection Act (SOPIPA), New York Education Law ยง 2-d, and similar statutes โ may impose additional obligations, and agrees to comply with those obligations to the extent applicable to its role as a service provider to educational institutions.
7. Data Ownership
The Institution retains full ownership of all student data, staff data, behavioral recognition records, and any other institutional content entered into or generated through the Platform. Eduverse, Ltd claims no ownership interest in any institutional data or student education records.
Eduverse, Ltd's right to access and process institutional data is limited to what is necessary to provide the Platform under the terms of the service agreement. Upon contract termination or written request from an authorized institutional representative, Eduverse, Ltd will delete institutional data from active production systems in accordance with the data retention terms set forth in our Privacy Policy, subject to any legal obligations requiring retention.
8. Acceptable Use โ Educational Purpose Limitation
The Platform may only be used for lawful Kโ12 educational purposes consistent with the institution's behavioral support, recognition, and reporting objectives. Users may not:
- Attempt to access, view, or modify data beyond their authorized role within the Platform
- Use the Platform to harass, bully, intimidate, or harm any student, staff member, or other individual
- Upload, transmit, or store content that is unlawful, offensive, or unrelated to the educational purpose of the Platform
- Attempt to reverse engineer, decompile, or extract source code from the Platform
- Introduce malicious code, viruses, or any content designed to disrupt or damage the Platform or its users
- Use the Platform to collect or process personal data beyond what is authorized by the Institution and consistent with these Terms
- Use the Platform in any manner that could violate FERPA, COPPA, or other applicable laws
The Institution is responsible for communicating these acceptable use requirements to its authorized users and for taking appropriate action when violations occur.
9. Pilot Program Terms
Eduverse, Ltd offers a 6-Month Pilot program at a flat rate per school building, as described in the applicable pricing documentation. The Pilot is a time-limited trial of the Platform and is governed by these Terms of Service except where Pilot-specific terms are expressly stated.
At the conclusion of the Pilot period, access to the Platform will be suspended and a lockout screen will be presented to all users in the Institution. Institutional data will be preserved for a reasonable period following Pilot expiration to allow the Institution time to transition to a standard annual agreement or request data deletion. The Pilot does not obligate the Institution to enter into a standard annual agreement, and Eduverse, Ltd makes no representations regarding the continuation of pricing, features, or terms beyond the Pilot period.
To convert a Pilot to a standard annual deployment, the Institution should contact Eduverse, Ltd at getmerit@meritk12.com prior to the Pilot end date.
10. Data Breach Notification
In the event of a security incident that results in unauthorized access to, disclosure of, or acquisition of personal information stored or processed through the Platform, Eduverse, Ltd will notify the affected Institution within 72 hours of confirming that a breach has occurred. Notification will include a description of the incident, the categories and approximate number of individuals and records affected, steps Eduverse, Ltd has taken or is taking to address the breach, and contact information for Eduverse, Ltd's designated incident response contact.
The Institution โ as the data controller under applicable education privacy law โ is responsible for notifying affected students, families, and regulatory authorities as required by FERPA and applicable state breach notification statutes. Eduverse, Ltd will cooperate fully with the Institution to support its notification obligations and will provide all information reasonably necessary for the Institution to carry out those obligations.
Security incidents should be reported to Eduverse, Ltd immediately at legal@meritk12.com.
11. Intellectual Property
The Platform and its content, features, and functionality are owned by Eduverse, Ltd and are protected by copyright, trademark, and other intellectual property laws. Nothing in these Terms grants you ownership of any part of the Platform.
Institution data โ including student records, behavior configurations, and transaction history โ remains the property of the institution, as set forth in Section 7 above.
12. No Warranty
THE SERVICE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. USE OF THE SERVICE IS AT YOUR OWN RISK. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
WITHOUT LIMITING THE FOREGOING, EDUVERSE, LTD, ITS SUBSIDIARIES, AFFILIATES, AND LICENSORS DO NOT WARRANT THAT: (A) THE CONTENT IS ACCURATE, RELIABLE, OR CORRECT; (B) THE SERVICE WILL MEET YOUR REQUIREMENTS; (C) THE SERVICE WILL BE AVAILABLE AT ANY PARTICULAR TIME OR LOCATION, UNINTERRUPTED, OR SECURE; (D) ANY DEFECTS OR ERRORS WILL BE CORRECTED; OR (E) THE SERVICE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
ANY CONTENT DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS ACCESSED AT YOUR OWN RISK. EDUVERSE, LTD DOES NOT WARRANT, ENDORSE, GUARANTEE, OR ASSUME RESPONSIBILITY FOR ANY PRODUCT OR SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE SERVICE OR ANY HYPERLINKED WEBSITE, AND WILL NOT BE A PARTY TO OR IN ANY WAY MONITOR ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS.
Some states do not allow the exclusion of implied warranties, so the above exclusions may not apply to you. This agreement gives you specific legal rights, and you may also have other rights which vary from state to state. The disclaimers and exclusions under this agreement will not apply to the extent prohibited by applicable law.
13. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EDUVERSE, LTD, ITS AFFILIATES, AGENTS, DIRECTORS, EMPLOYEES, SUPPLIERS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THE USE OF, OR INABILITY TO USE, THE SERVICE.
UNDER NO CIRCUMSTANCES WILL EDUVERSE, LTD BE RESPONSIBLE FOR ANY DAMAGE, LOSS, OR INJURY RESULTING FROM HACKING, TAMPERING, OR OTHER UNAUTHORIZED ACCESS TO OR USE OF THE SERVICE OR YOUR ACCOUNT OR THE INFORMATION CONTAINED THEREIN. EDUVERSE, LTD ASSUMES NO LIABILITY OR RESPONSIBILITY FOR ANY: (I) ERRORS, MISTAKES, OR INACCURACIES OF CONTENT; (II) PERSONAL INJURY OR PROPERTY DAMAGE OF ANY NATURE WHATSOEVER RESULTING FROM YOUR ACCESS TO OR USE OF THE SERVICE; (III) UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY PERSONAL INFORMATION STORED THEREIN; (IV) INTERRUPTION OR CESSATION OF TRANSMISSION TO OR FROM THE SERVICE; (V) BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE TRANSMITTED TO OR THROUGH THE SERVICE BY ANY THIRD PARTY; OR (VI) ERRORS OR OMISSIONS IN ANY CONTENT OR FOR ANY LOSS OR DAMAGE INCURRED AS A RESULT OF THE USE OF ANY CONTENT POSTED, TRANSMITTED, OR OTHERWISE MADE AVAILABLE THROUGH THE SERVICE.
NOTWITHSTANDING ANYTHING TO THE CONTRARY, EDUVERSE, LTD'S TOTAL LIABILITY TO ANY INSTITUTION OR USER FOR ANY CAUSE WHATSOEVER, REGARDLESS OF THE FORM OF THE ACTION, SHALL AT ALL TIMES BE LIMITED TO THE TOTAL FEES PAID BY THE INSTITUTION TO EDUVERSE, LTD IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
This limitation of liability applies whether the alleged liability is based on contract, tort, negligence, strict liability, or any other basis, even if Eduverse, Ltd has been advised of the possibility of such damage. Some states do not allow the exclusion or limitation of incidental or consequential damages, so the above limitations may not apply to you.
Nothing in this section limits Eduverse, Ltd's liability for damages arising from its own gross negligence, willful misconduct, or intentional breach of its obligations under applicable student data protection laws, including FERPA and COPPA.
14. Indemnity
You agree to defend, indemnify, and hold harmless Eduverse, Ltd and its subsidiaries, agents, managers, and other affiliated companies, and their employees, contractors, agents, officers, and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney's fees) arising out of or related to:
- (i) your use of and access to the Service, including any data or content transmitted or received by you;
- (ii) your violation of any term of this Agreement, including without limitation your breach of any of the representations and warranties herein;
- (iii) your violation of any third-party right, including without limitation any right of privacy or intellectual property rights;
- (iv) your violation of any applicable law, rule, or regulation;
- (v) any content or information submitted via your account, including without limitation misleading, false, or inaccurate information; or
- (vi) your negligent or willful misconduct.
Notwithstanding the foregoing, this indemnification obligation shall not apply to claims arising solely from Eduverse, Ltd's own gross negligence, willful misconduct, or intentional breach of its obligations under applicable law. Eduverse, Ltd reserves the right, at your expense, to assume exclusive defense and control of any matter subject to indemnification by you, and you agree to cooperate with that defense.
15. Modifications to Terms
We may update these Terms from time to time. We will notify institutions of material changes via email to the administrator of record at least 30 days before the changes take effect. Continued use of the Platform after changes become effective constitutes acceptance of the updated Terms.
16. Governing Law
You agree that: (i) the Service shall be deemed solely based in the State of Ohio, USA; and (ii) the Service shall be deemed a passive one that does not give rise to personal jurisdiction over Eduverse, Ltd, either specific or general, in jurisdictions other than the State of Ohio. This Agreement shall be governed by the internal substantive laws of the State of Ohio, without respect to its conflict of laws principles.
The parties acknowledge that this Agreement evidences a transaction involving interstate commerce. Notwithstanding the preceding sentences with respect to substantive law, any arbitration conducted pursuant to the terms of this Agreement shall be governed by the Federal Arbitration Act (9 U.S.C. ยงยง 1โ16). The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded.
You agree to submit to the personal jurisdiction of the federal and state courts located in Ohio for any actions for which Eduverse, Ltd retains the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of our copyrights, trademarks, trade secrets, patents, or other intellectual property or proprietary rights, as set forth in the Arbitration provision below.
17. Arbitration
READ THIS SECTION CAREFULLY BECAUSE IT REQUIRES THE PARTIES TO ARBITRATE THEIR DISPUTES AND LIMITS THE MANNER IN WHICH YOU CAN SEEK RELIEF FROM EDUVERSE, LTD.
In the unlikely event that Eduverse, Ltd has not been able to resolve a dispute with you after sixty (60) days, we each agree to resolve any claim, dispute, or controversy (excluding any Eduverse, Ltd claims for injunctive or other equitable relief) arising out of or in connection with or relating to these Terms of Service, or the breach or alleged breach thereof (collectively, "Claims"), by binding arbitration by the Judicial Mediation and Arbitration Services ("JAMS") under the Optional Expedited Arbitration Procedures then in effect for JAMS, except as provided herein.
The arbitration will be conducted in the State of Ohio, USA, unless you and Eduverse, Ltd agree otherwise. Each party will be responsible for paying any JAMS filing, administrative, and arbitrator fees in accordance with JAMS rules. The award rendered by the arbitrator shall include costs of arbitration, reasonable attorneys' fees, and reasonable costs for expert and other witnesses, and any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.
Nothing in this Section shall be deemed to prevent Eduverse, Ltd from seeking injunctive or other equitable relief from the courts as necessary to protect any of Eduverse, Ltd's proprietary interests.
ALL CLAIMS MUST BE BROUGHT IN THE PARTIES' INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING. THIS WAIVER APPLIES TO CLASS ARBITRATION, AND, UNLESS THE PARTIES AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS. YOU AGREE THAT, BY ENTERING INTO THESE TERMS OF SERVICE, YOU AND EDUVERSE, LTD ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING OF ANY KIND.
18. Contact
For questions about these Terms, contact us at legal@meritk12.com.
Key Terminology
This reference guide defines key terms used across Merit's Privacy Policy, Terms of Service, Cookies Policy, and Data Breach Policy. These definitions are provided for clarity and are consistent with applicable law.
Privacy & Data Terms
Any information that identifies or can reasonably be used to identify a specific individual โ for example, a name, email address, student ID, or login username.
Under FERPA, records directly related to a student maintained by an educational agency or institution. In Merit, this includes point balances, transaction histories, and account data.
Any personal information relating to an enrolled student, including account credentials, behavioral recognition records, point history, and store redemption records collected or processed through Merit.
Any operation performed on personal data โ including collection, storage, retrieval, use, transmission, or deletion.
The entity that determines the purposes and means of processing personal data. In Merit, the educational institution is the data controller; Eduverse, Ltd acts as the data processor.
An entity that processes personal data on behalf of the data controller. Eduverse, Ltd processes student and staff data on behalf of the institution under a service agreement.
Authorization to process personal data. Student access to Merit is authorized at the institutional level. Parent or guardian consent required under COPPA is managed by the educational institution.
The principle that only data strictly necessary for a specified purpose should be collected. Merit collects only what is needed to provision accounts and deliver the Platform's features.
The length of time personal data is kept. Merit retains institution data for the duration of the active service agreement. Following contract termination or a written deletion request, data is removed from active systems per our Privacy Policy.
The process of irreversibly altering data so that individuals cannot be identified. Anonymized data is no longer considered personal information under applicable privacy law.
A formal request by an individual (or their representative) to access, correct, or delete their personal information. Merit's DSAR portal is available via the Privacy Policy.
A temporary cookie that authenticates a user's session and is automatically deleted when the browser is closed. Merit uses session cookies solely for authentication โ no persistent, advertising, or tracking cookies are used.
Legal & Regulatory Terms
The Family Educational Rights and Privacy Act (20 U.S.C. ยง 1232g). A US federal law protecting the privacy of student education records and restricting their disclosure without consent.
The Children's Online Privacy Protection Act (15 U.S.C. ยง 6501 et seq.). A US federal law imposing requirements on operators of websites and online services used by children under 13.
The Student Online Personal Information Protection Act. California law prohibiting operators from using student data for targeted advertising or building commercial profiles of students.
Under FERPA, a contractor who performs a service for the institution and has a legitimate educational interest in student records. Eduverse, Ltd acts as a school official in processing student records through Merit.
A FERPA standard permitting a school official to access education records when needed to perform professional duties. Merit's processing of student data qualifies under this standard.
A category of personal data requiring heightened protection, including data from known children and account login credentials. Merit processes these categories only as necessary to provide the Platform.
Platform & Service Terms
The Merit web-based PBIS management platform developed and operated by Eduverse, Ltd, accessible at app.meritk12.com under a service agreement with an educational institution.
The Kโ12 school district or individual school that has entered into a service agreement with Eduverse, Ltd to use the Merit platform.
An individual provisioned by the Institution to access Merit in one of four roles: District Administrator, School Administrator, Teacher/Staff, or Student. No self-registration is permitted.
A software delivery model in which an application is hosted remotely and accessed via the internet under a subscription or service agreement. Merit is delivered as a SaaS platform.
Merit's full-service subscription track, priced per student and per school with Year 1 implementation fees and Year 2+ support fees, under a 1-, 2-, or 3-year contract term.
A time-limited trial of the Merit platform at a flat rate per school building. The Pilot does not obligate the Institution to enter into a standard annual agreement.
As used in the Terms of Service, "Services" refers collectively to the Merit platform, the meritk12.com website, and any related products or offerings provided by Eduverse, Ltd.
Questions, comments, suggestions, or feedback about the Services sent directly to Eduverse, Ltd. By submitting feedback, you grant Eduverse, Ltd the right to use it for any lawful purpose without compensation.
The Platform's source code, design, features, and content are owned by Eduverse, Ltd and protected by copyright, trademark, and other applicable laws. Institutional data remains owned by the Institution.
Security & Breach Terms
An unauthorized access to, use, disclosure, modification, or destruction of personal information โ or a failure of security safeguards that makes such access reasonably likely.
Any event that compromises or poses a risk to the confidentiality, integrity, or availability of personal information stored or processed through Merit. Not all security incidents constitute a data breach.
The timeframe within which Eduverse, Ltd is obligated to notify an affected Institution of a confirmed data breach. Merit's policy sets this at 72 hours from confirmation of a breach.
The immediate steps taken to isolate and stop a security incident โ such as revoking access, disabling compromised accounts, or taking affected systems offline to prevent further data exposure.
1. Purpose and Scope
This Data Breach Response Policy describes how Eduverse, Ltd ("Eduverse, Ltd") identifies, responds to, and reports security incidents that may involve unauthorized access to, disclosure of, or acquisition of personal information stored on or processed through Merit.
This policy applies to all Eduverse, Ltd employees, contractors, and third-party service providers who handle personal information on behalf of Eduverse, Ltd or its institutional customers.
2. What Constitutes a Data Breach
A data breach occurs when there is unauthorized access to, use, disclosure, modification, or destruction of personal information โ or a failure of safeguards that makes such access reasonably likely. This includes:
- Unauthorized access to systems containing student or staff personal information
- Theft or loss of devices or credentials that provide access to personal information
- Accidental disclosure of personal information to unauthorized parties
- Malware, ransomware, or other attacks that compromise data integrity or confidentiality
3. Detection and Internal Response
When a potential breach is identified by any Eduverse, Ltd employee or system:
- Immediate containment. The affected system or access path is isolated as quickly as possible to prevent further unauthorized access or data loss.
- Internal escalation. The incident is reported to the Eduverse, Ltd security and legal team within 2 hours of discovery.
- Assessment. We determine the nature and scope of the breach โ what data was affected, how many individuals are impacted, and how the breach occurred.
- Remediation. We take steps to address the root cause, patch vulnerabilities, and restore secure operation.
4. Notification to Institutions
In the event of a security incident that results in unauthorized access to, disclosure of, or acquisition of personal information stored or processed through the Platform, Eduverse, Ltd will notify the affected Institution within 72 hours of confirming that a breach has occurred. Notification will include:
- A description of the incident, including the date of the breach and the date of discovery
- The categories and approximate number of individuals and records affected
- Steps Eduverse, Ltd has taken or is taking to address the breach
- Steps the Institution may wish to take to protect affected individuals
- Contact information for Eduverse, Ltd's designated incident response contact
Notification will be delivered to the Institution's primary administrator contact by email, and by phone if the breach is assessed as severe.
The Institution โ as the data controller under applicable education privacy law โ is responsible for notifying affected students, families, and regulatory authorities as required by FERPA and applicable state breach notification statutes. Eduverse, Ltd will cooperate fully with the Institution to support its notification obligations and will provide all information reasonably necessary for the Institution to carry out those obligations.
Security incidents should be reported to Eduverse, Ltd immediately at legal@meritk12.com.
5. Notification to Individuals
In many Kโ12 contexts, the educational institution โ as the data controller โ is responsible for notifying affected students and families, consistent with FERPA and applicable state breach notification laws. Eduverse, Ltd will cooperate fully with institutions to support this process and will provide all information institutions need to carry out their obligations.
Where Eduverse, Ltd is independently required by law to notify individuals directly, we will do so in accordance with applicable requirements.
6. Regulatory Reporting
Where a breach triggers regulatory reporting obligations under applicable law (including state breach notification statutes), Eduverse, Ltd will make required filings within the legally prescribed timeframes. We will inform affected institutions of any regulatory filings that reference their data.
7. Post-Incident Review
Following the resolution of any security incident, Eduverse, Ltd conducts a post-incident review to identify contributing factors, assess the effectiveness of our response, and implement changes to reduce the likelihood of recurrence. Findings are documented internally and, where material, shared with affected institutions.
8. Contact
To report a suspected security incident or breach, contact legal@meritk12.com immediately. For technical security concerns, you may also contact support@meritk12.com.
1. Overview
This Cookies Policy explains how Eduverse, Ltd uses cookies and similar technologies in connection with the Merit platform (app.meritk12.com) and the Merit marketing website (meritk12.com). We use cookies minimally and only where necessary for the platform to function.
We do not use cookies for advertising, behavioral profiling, or cross-site tracking. We do not sell or share cookie data with third parties for marketing purposes.
2. What Is a Cookie?
A cookie is a small text file placed on your device by a website or web application when you visit it. Cookies allow the site to remember information about your visit โ such as whether you are logged in โ so you don't have to re-enter information each time you navigate between pages.
Cookies can be session cookies (deleted when you close your browser) or persistent cookies (stored on your device for a set period). They can be set by the site you are visiting (first-party cookies) or by third-party services embedded in that site (third-party cookies).
3. Cookies We Use
The Merit Platform (app.meritk12.com)
The Merit application uses one category of cookies: strictly necessary session cookies. These cookies are set when you log in and are used solely to authenticate your identity and maintain your session while you use the platform. Without them, you would be required to log in again on every page you visit.
- Type: First-party, session cookie
- Purpose: Authentication and session management
- Duration: Deleted when you close your browser or log out
- Data stored: A secure session identifier โ not your name, email, or any personal information
No persistent cookies, advertising cookies, analytics cookies, or third-party tracking cookies are set by the Merit application.
The Merit Website (meritk12.com)
The meritk12.com marketing website does not set any cookies. It does not use analytics platforms, advertising networks, or tracking tools of any kind.
The website loads web fonts from Google Fonts (fonts.googleapis.com). When your browser requests a font file from Google's servers, Google receives standard browser request data including your IP address. This interaction is governed by Google's Privacy Policy. No cookies are set by Google Fonts in this context.
4. What We Do Not Use
Merit does not use, and has no plans to use, any of the following:
- Advertising or targeting cookies
- Third-party analytics cookies (e.g., Google Analytics, Mixpanel, Hotjar)
- Social media tracking pixels (e.g., Facebook Pixel, LinkedIn Insight Tag)
- Web beacons or tracking pixels of any kind
- Browser fingerprinting
- Cross-site tracking technologies
- Persistent cookies on the marketing website
5. Student Data and Cookies
Student accounts in Merit are subject to heightened protections under FERPA and COPPA. The session cookie used for student authentication serves no purpose other than keeping the student logged in during their active session. No student behavioral data, point history, or personally identifiable information is stored in or transmitted via cookies.
6. Managing Cookies
Because Merit uses only strictly necessary session cookies, there is no cookie consent mechanism โ these cookies are required for the platform to function and are automatically deleted when your session ends.
You may configure your browser to block or delete cookies at any time. However, blocking session cookies will prevent you from logging in to the Merit platform. Instructions for managing cookies vary by browser:
- Google Chrome: Settings โ Privacy and security โ Cookies and other site data
- Mozilla Firefox: Settings โ Privacy & Security โ Cookies and Site Data
- Apple Safari: Preferences โ Privacy โ Manage Website Data
- Microsoft Edge: Settings โ Cookies and site permissions โ Cookies and site data
Clearing cookies will log you out of the Merit platform. Your account data, point history, and platform settings are stored server-side and are not affected by clearing browser cookies.
7. Changes to This Policy
If Eduverse, Ltd introduces new cookies or tracking technologies in the future, this policy will be updated prior to their use, and institutions will be notified in accordance with our Terms of Service update notification process. We are committed to not introducing advertising or behavioral tracking technologies into the Merit platform.
8. Contact
Questions about this Cookies Policy or Merit's data practices may be directed to legal@meritk12.com.