Floreo VR

Last Updated: October 3, 2025

Introduction

At Floreo Inc. (“Floreo,” “we,” “our,” and/or “us”), your privacy is important to us. In this privacy policy (the “Privacy Policy”), we tell you (the “user”) what information we collect and share with others, and how we use it. Floreo provides proprietary digital solutions consisting of immersive virtual reality software, mobile applications and content via our websites and the services accessed through our websites (collectively, the “Floreo Service(s)”) to users of our Services. In general, users consist of: (i) End-users, who are typically parents, organizations, clinicians, and educators who are the account creators of the Floreo Service; and (ii) Learners (users of our Services (“Learners”), who are mixed-age users supervised by end-users (“End-users”) when participating in interactive VR sessions in the Floreo Service. We want you to know that we take strong measures to keep any personal information you give us safe. We use strict business rules and strong security methods to make sure your personal info stays private and is only used for what we say in this Privacy Policy. This policy is meant to show you that we are responsible and clear about how we handle personal information. We promise that any personal info we collect and keep will be: (i) used fairly and honestly; (ii) only used for specific and clear reasons, not for anything else; (iii) just the right amount and related to what's needed; (iv) accurate and kept up to date; and (v) kept safe from unauthorized or unfair use, and protected from accidents like losing or damaging it.

Application and Scope of this Privacy Policy

This Privacy Policy generally applies to any personal information (as defined below in the section entitled Definition of Personal Information) collected or generated by Floreo from or about our End-users and other individuals with whom we deal, which may include potential customers. This Privacy Policy also governs personal information collected about Floreo websites’ users and explains how we use and disclose personal information that we collect from people who visit our websites and otherwise interact with us through any of our websites associated with our domains: Floreo.com (such as www.floreovr.com (“website”)). It also explains how we use cookies and similar technologies.

Definition of Personal Information

In this Privacy Policy, personal information means “any information about an identifiable individual”. This can include, for example, our End-user’s names, contact information, email addresses, account details, services used, and End-user’s health condition (sometimes in school settings called “Personally Identifiable Information” (“PII”)). It might also include technical details like IP addresses or browsing history (pages accessed, date and location of access), but only when this information can identify an individual. Personal information that is combined and where personal information has been de-identified and removed and can't be traced to a specific individual (“Anonymous Information”) is not treated as personal information.

In some cases, we might be considered a Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”) for certain Covered Entities (as defined under HIPAA), and this means that we may have specific rules on how we use your Protected Health Information (“PHI”). When acting as a Business Associate, we can only use or share your PHI or personal information as required by law or allowed by a special agreement (called a Business Associate Agreement) with a specific healthcare organization. Please be aware that when you give other individuals access to your PHI or personal information, they may be able to use, reproduce, distribute, display, transmit, and/or communicate the data to others and the public. We shall not have any responsibility for access, use, or disclosure of your PHI or personal information by people you authorized to have access to your user account.

When acting as a Business Associate, we may only use or disclose your PHI or personal information as required by law or as permitted by the Business Associate Agreement (“BAA”) that we have in place with a specific Covered Entity. Please be aware that when you give other individuals access to your PHI or personal information, they may be able to use, reproduce, distribute, display, transmit, and/or communicate the data to others and the public. We shall not have any responsibility for access, use, or disclosure of your PHI or personal information by people you authorized to have access to your user account.

Managing your Information Preferences

You may opt out of receiving marketing e-mails from us by using the unsubscribe link in the

relevant email. If you have questions regarding this Privacy Policy, please e-mail us at privacy@floreovr.com.

Information We Collect

Information You Provide to Us

In general, we collect most of our information directly from our End-users with their consent. Additionally, we collect information from our Learners with the consent of their parents, if they have not reached the age of majority in their place of residence.

Age Requirements for All Users. The Floreo Services are designed and intended for End-users who are at least 18 years old and Learners of mixed-ages. By using our websites, you affirm that: i) you are at least 18 years of age or older; or ii) if you are under the age of 18 years old, that you have obtained the requisite parental or legal guardian consent to use our Services. We are not liable for any damages that may result from an End-user’s or Learner’s misrepresentation of age. Although Learners may not create Floreo accounts, parents or legal guardians of Learners under the age of 18 years old must agree to these terms on a Learner’s behalf when creating an account and profile on a Learner’s behalf. Where a school, clinic, or other authorized organization creates a Learner account, Floreo will treat such creation as confirmation that appropriate parental or legal guardian consent has been obtained and will rely on the school’s or organization’s authorization as evidence of that consent.

Inquiries, Registration and Profile Information. We may collect the name, contact information, e-mail address and any information provided to us upon someone making an inquiry or contacting us by phone, mail, or through our websites or upon an individual signing up to receive our newsletter. When you sign up for an account, we ask you for your email address and password. Once you create an account, you will be able to create one or multiple Learner accounts associated with your account. When you create a Learner account, we ask you to insert a text identifier that will be used to identify the Learner, as well as the Learner’s birth date. We do not request other PII information for Learners using the accounts. We do NOT collect Learner emails or addresses, only the adult End-users who create the individual Learner accounts. Other information collected may include the following:

the End-users’ name, phone number, physical address, or other contact information;
any disclosed medical information or diagnosis and other clinical notes and information;
any health plan or payor information you choose to provide; and
any information you submit in response to any survey we send.

Payment Information. We may collect information when End-users purchase and use our Services. If you sign up for a subscription, your payment information, such as any credit or debit card information you provide, may be collected and stored by us and/or the payment processors with which we work.

Communications. If you contact us directly, we may receive additional information about you. For example, when you contact customer support, we may receive your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services. Certain features we offer include an option to provide us with feedback. The feedback feature does identify the customer account email but does not identify the specific Learner submitting it. The feedback option is voluntary and the information a Learner submits to us will only be used for improving these features. If we receive PII through a feedback form we take steps to immediately delete that information.

Information We Collect When You Use Our Services

Floreo Mobile App Subscription. Your website subscription may also provide access to the Full Access level of our mobile apps. If you choose to download any such app and log into it with your website subscription username and password, we collect limited usage information in connection with user logins in order to monitor subscription compliance. This information is maintained in accordance to this policy. If you have purchased your subscription in-app, we do not collect any user information.

Push notifications on mobile apps: We may send Floreo mobile app push notifications from time to time in order to update you on news, events, or promotions. You may turn these notifications off at the device level if you no longer wish to receive them. If you choose to receive push notifications, we will need to collect certain information about your device - such as operating system and user identification information - in order to ensure they are delivered properly. We also collect the user time zone, which is set on the device, to ensure that we send notifications at an appropriate time of the day. We do not combine this information with other PII.

Mobile analytics on mobile apps: We use mobile analytics software to allow us to better understand the functionality of our mobile apps' software on your phone. This software may record information such as how often you use the apps, events that occur within the apps, aggregated usage, performance data, and from where the apps were downloaded. While this information does link to the customer email address, we do not link this information to any Learner PII you submit within the mobile apps.

While Using Certain Generative AI Interactive Content. If you opt in to using certain interactive content, such as content using generative AI technology, you may provide us with your audio recordings (“Audio Recordings”) or any text, video or images that you upload and provide us in the context of the Services. If you provide Audio Recordings, this may contain the Personal Information of third parties. Before you do so, please make sure you have the necessary permission of such third parties before sharing Personal Information. As used herein, third parties include anyone other than the subscription holder, such as a Learner or anyone else who may be present during the use of the Services. If you provide Audio Recordings, Floreo may convert such Audio Recordings to transcripts. We may train our technology on de-identified transcripts or text you provide to create lesson recommendations or more accurate or personalized Services.

Portal. We may collect information pertaining to the End-users’ use of our client portal, such as time and duration of use information pertaining to the device used to access the portal, such as device attributes (operating system, hardware version, browser type), language and time zone.

Device Information. We receive information from devices, including IP address, web browser type, mobile operating system version, phone carrier and manufacturer, application installations, device identifiers, and push notification tokens.

Usage Information.To help us understand how you use our Services and to help us improve them, we automatically receive information about your interactions with our Services, like the account you use, the lessons you view, the progress you make on those lessons, the tasks completed within those lessons, task scores, progress on certain skills, pages or other content you view, searches you conduct, any content you post, and the dates and times of use.
Mobile Device Management. We may utilize mobile device management (“MDM”) solutions to ensure the security and proper functioning of mobile devices used to access our Services. This may involve remotely monitoring and managing devices to enforce security policies, install or update software, and protect against unauthorized access or data breaches. By accessing our services through a MDM mobile device, you consent to the use of MDM solutions as necessary for the protection of your personal information and the security of our systems.
Head Mounted Displays. If you use our services through a head-mounted display (“HMD”) device, such as iPhones, Meta Quest or Pico, we may collect certain information to optimize your experience and improve our services. This may include data related to your interactions within virtual environments, device usage metrics, and technical information about the HMD device itself. We will use this information in accordance with our Privacy Policy to provide and enhance our services, as well as for analytics and research purposes. Additionally, End-users are required to abide by the hardware manufacturer's own privacy policies and review those policies to understand how their data is handled by the manufacturer.

Website and Social Media

Technical Information. When you visit our websites, we may collect, using electronic means such as cookies, technical information. This information may include information about your visit to our websites, including the IP address of your computer and which browser you used to view our websites, your operating system, resolution of screen, location, language settings in browsers, time and duration of use, device attributes (such as operating system, hardware version, browser type), language settings in browsers, time zone, third party information such as from partnered advertisers or social media sites as detailed in the Social Media section of this Privacy Policy, the site you came from, keywords searched (if arriving from a search engine), the number of page views, information you entered and advertisements you have seen. This data is used to measure and improve the effectiveness of our websites or enhance the experience for our customers. For instance, it may be used to ensure that the products advertised on our websites are available in your area or that we are not showing you the same ads repeatedly. We treat this information as personal information when it is associated with your account or contact information. For instance, we may collect and use the following type of information when you visit and/or interact with us on our websites:

Information from Cookies and Similar Technologies. We may collect information using cookies or similar technologies. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser/app. A persistent cookie remains after you close your browser/app and may be used by your browser/app on subsequent visits to the Service. We do not use cookies to collect PII and we do not combine such general information with other PII to identify a Learner. You can block the use of cookies by activating the settings in your browser. To learn more about browser cookies, including how to manage or delete them, look in the Tools or Help section of your Web browser, or visit allaboutcookies.org. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete, or choose not to accept, cookies from our Services, you may not be able to utilize the features of our Services to their fullest potential.
Analytics. We use Google Analytics, Meta Pixels and other similar analytics providers to collect and process certain analytics data on user website activities, including, but not limited to, page views, source and time spent on our websites. This information is depersonalized and is displayed as numbers, meaning that it cannot be tracked back to individuals. Google provides some additional privacy options described at www.google.com/policies/privacy/partners/ regarding Google Analytics’ cookies.

We do not collect customer’s web search history across third party websites or search engines. However, if a customer navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find us. Our website does not honor "do not track" signals transmitted by users' web browsers, so we encourage you to visit the following link if you would like to opt out of certain tracking: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. Note that if you wish to opt out, you will need to do so separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox®, Safari®).

Third Parties. This Privacy Policy only addresses the use and disclosure of information by Floreo. Other websites that may be accessible through the Floreo websites have their own privacy policies and data collection, use and disclosure practices. We encourage you to familiarize yourself with the privacy statements provided by all third parties prior to providing them with information or taking advantage of an offer or promotion. We may use a variety of third-party service providers, such as analytics companies, to understand usage of our Services. We may allow those providers to place and read their own cookies, electronic images known as web beacons or single-pixel gifs and similar technologies, to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties. If you wish to opt out of third-party cookies, you may do so through your browser as mentioned above.
Satisfaction Survey. When you visit our websites, you may, from time to time, be invited to participate in a satisfaction survey. In such case and if you decide to participate in our survey, we may collect your postal code, email address and other information deemed important to complete such survey. We will only use your information for quality assurance purposes.
Users Only of Legal Age of Majority. Our websites and the services accessed through our websites are designed and intended for adults – specifically parents, clinicians and educators who provide supervised interactive VR sessions for mixed age users. By using our websites, you affirm that you are at least 18 years of age or older and have obtained any required parental or guardian approval for use with Learners under the age of 18. We are not liable for any damages that may result from a user’s misrepresentation of age.
International Visitors to our Websites. In some countries, we are not permitted to send cookies to the browser of a user without the prior consent of the affected user. In this case, we will seek such consent. This section assumes that either the use of cookies is not restricted by applicable law, or if it is restricted that the individual has explicitly consented to the use of the cookies.

How We Use the Information We Collect

We use the information we collect from End-users and Learners to:

provide, improve, expand, personalize, and promote our Services;
to establish, develop and preserve our business relationship respectively with End-users and other individuals with whom we deal;
create, establish and administer End-users’ accounts and to respond to customer inquiries;
to authenticate the identity and preserve the privacy of End-users contacting Floreo by telephone, electronic means or otherwise;
for internal training and quality assurance purposes;
provide our Services to End-users and monitor their use of our products and Services to ensure that our products and Services are adequately supported and implemented;
to enable participation in interactive features of our Services;
understand and analyze how our Services are used;
assess Learner progress and compare it to other Learners;
understand and assess the interests, wants and changing needs of End-users with a view to developing new products, services, features, and functionality;
provide reminders to End-users and otherwise communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Services;
provide personalized products and Services as well as to recommend training videos or testimonials to End-users;
subject to our End-user’s Right to Withdraw Consent provided in the Privacy Policy, to conduct surveys on the quality of the products, Services or customer service or to provide our End-users with offers for additional products or services that we feel may be of interest to our customers or that we believe meet our Customer’s changing needs;
send you text messages and push notifications;
to receive payment for the products and Services that you receive;
to manage our businesses and ensure the efficiency, reliability and security of our systems and networks;
find and prevent fraud, harm or liability; and
for compliance purposes, including enforcing our Terms of Use, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

If you apply for employment with Floreo, the personal information submitted with your job application will be used for recruitment and other customary human resources purposes. For example, we may send you information about new job opportunities within Floreo as well as other career development resources.’

Unless required or authorized by law, Floreo will not collect or use personal information for any other or new purpose without obtaining further consent. For details on how we use information collected via our websites, please refer to the Website and Social Media section of this Privacy Policy.

How We Share the Information We Collect

Health Professionals. We may provide your referring healthcare provider with copies of your records or reports that will assist them in your treatment and healthcare during your treatment or after you have completed your treatment using our Services if you have instructed us to do so, either through our client portal where you can request an email report which you can then share with your healthcare professional, or through other means.

Vendors and Third-party Affiliated Service Providers. We may hire service providers, which may be Business Affiliates, to perform services on our behalf. This may include, without limitation, a person or an organization retained by Floreo to perform work on its behalf. We provide them with a limited amount of information which is necessary in order for them to provide the services required. They are prohibited from using the information for purposes other than to facilitate and carry out the services they have been engaged to provide. These service providers are not permitted to disclose this information to others. A list of our third-party subprocessors can be found at https://floreovr.com/privacy/third-party-subprocessors.

Content Providers. We may be required, under the licensing agreements that we have with third party content providers, to share video engagement and usage metrics and statistics, although the information shared with such content providers will, at all times, be provided on an aggregate level, and will never identify an End-user on an individual basis.

Learner Content. We may provide End-users the ability to share content, such as Learner-driven curriculum or recorded sessions, at their direction. If you choose to share your information and/or content with other End-users, your profile information, such as your profile photo, may be visible to those End-users.

De-identified and Aggregated Data. Where legally permissible, we may share information about End-users with our partners in aggregated or de-identified form that can’t reasonably be used to identify you or your End-users. This means we may redact or remove the personal information that could be used to identify you like your name and contact information, and use the remaining non-personal, de-identified data to aggregate and analyze it for business or other legitimate purposes such as product and Service improvements, research, publications and documents, and to help us better understand pediatric behavioral health issues and patient populations. Before sharing this information with third parties, any resulting research or analyses will be de-identified and aggregated in a form that is designed to prevent anyone from identifying you.

Regulators. We may share any information we receive with the U.S. Food and Drug Administration (“FDA”) and similar agencies in the U.S. and other countries and the U.S. Department of Health and Human Services, with the Institutional Review Board (“IRB”) and other groups that review research studies to help protect people who join these studies.

As Required By Law and Similar Disclosures. From time to time, Floreo may be compelled to disclose personal information in response to a law, regulation, court order, subpoena, valid demand, search warrant, government investigation or other legally valid request or enquiry. In these circumstances, Floreo will protect the interests of its End-users by making reasonable efforts to ensure that orders or demands comply with the laws under which they were issued, that it discloses only the personal information that is legally required and nothing more, and that it does not comply with casual requests for personal information from government or law enforcement authorities. We may also disclose information to our accountants, auditors, agents and lawyers in connection with the enforcement or protection of our legal rights. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful or to law enforcement and emergency services providers, in an emergency or where required or permitted by law. We may release certain personal information when we have reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of others and ourselves, in accordance with or as authorized by law. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through our Services.

Business Transaction. We may disclose personal information to a third party or potential transactional partners in connection with consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, your personal information will remain protected by applicable privacy laws. In the event the transaction is not completed, we will require the other party not to use or disclose your personal information in any manner whatsoever and to completely delete such information.

Consent. We may also disclose your information with your permission.

Information We Do NOT Collect or Use.

We do not collect, use or share PII other than as described in our privacy policy, or with the consent of a parent or legal guardian as authorized by law, or otherwise as directed by an applicable district or school or as required by contract or by law.
In no event shall we use, share or sell any Learner PII for advertising or marketing purposes.
Third Parties. Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy will not apply to your activities or any information you disclose to these third parties.

How We Store and Process Your Information

We strive to maintain security policies and procedures that are designed to protect your information.

Our servers are located in a secured, locked, and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, U.S.-based, off-site data center.

While we do actively collect PII, we take extra measures to ensure the safety of Learner data and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted. Data stored in our databases is encrypted at rest as well.

Governance policies and access controls are in place to ensure that the information of each customer, school, or other subscriber is separated, and all subscribers can only access their own data.

Only limited Floreo personnel have access to the database, and personnel only access it when necessary to provide services.

We follow standardized and documented procedures for coding, configuration management, patch installation, and change management for all applicable servers, and we audit our practices at least once a year.

While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. We have established a Data Breach Policy and Disaster Recovery Plan to swiftly address any potential data breaches, losses or disasters. In the event of a data breach, our policy includes a thorough investigation to determine the extent of the breach and the nature of the data compromised. We are committed to promptly notifying the affected subscriber(s), and when appropriate, coordinating with them to support notification of affected individuals, Learners, and families when there is a substantial risk of harm from the breach or a legal duty to provide notification. Our goal is to ensure transparency, mitigate potential risks, and uphold the privacy and security of our End-user’s data.

Data Retention.

We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Subcontractors.

Subcontractors’ with access to Learner data information are required to sign Non-Disclosure Agreements and must return or destroy all Floreo property and data at the end of their contracts.

Data Breach Protocol.

Floreo maintains a contact list of key administrators for each End-user. Should a data breach occur, these administrators will be notified via email as soon as it is known what breach, exposure or data loss may have occurred.

Your Choices

Sharing Preferences. Within our portal, we provide you with settings to allow you to set your sharing preferences for content you post to our Services. To change whether certain information is publicly viewable, you can adjust the settings in your account.

Email Subscriptions. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt-out of receiving promotional messages from us, you will continue to receive administrative messages from us.

Right to Know and Delete. You have the right to know certain details about our data practices. In particular, you may request the following from us:

The categories of personal information we have collected about you.
The categories of sources from which the personal information was collected.
The specific pieces of personal information we have collected about you.

In addition, you have the right to delete the personal information we have collected from you. To exercise your right to know, please send an email to: privacy@floreovr.com.

In the request, please specify whether you are seeking the categories of information we collect or the specific pieces of personal information. To delete your account, please send an email to: help@floreovr.com. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

California Residents. The California Consumer Privacy Act (CCPA) provides that California consumers with the right to request access to their personal data, additional details about our information practices and deletion of their personal information (subject to certain exceptions). California consumers also have the right to opt out of sales of personal information, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We will not discriminate against you if you choose to exercise your rights under the CCPA.

You may request, no more than twice in a twelve (12) month period, access to the specific pieces of personal data we have collected about you in the last twelve (12) months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a legitimate business or commercial purposes, and the categories of third parties with whom we share your personal information. You may make these requests by contacting using the contact information provided below in the “How to Contact Us” Section below. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

You may request, no more than twice in a twelve (12) month period, transportable copies of your personal information that we have collected about you in the last twelve (12) months. You may make these requests by contacting using the contact information provided below in the “How to Contact Us” Section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by contacting us using the contact information provided below in the “How to Contact Us” Section below. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California Resident and would like to exercise your rights under CCPA, please submit a written request using the information provided in the “How to Contract Us” section below. Our privacy team will examine your request and respond to you as quickly as possible.

U/EEA and UK Residents (GDPR/UK GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the General Data Protection Regulation (“GDPR”) and UK GDPR. These include the right to:

Access your personal data
Rectify inaccurate or incomplete personal data
Erase your personal data (“right to be forgotten”)
Restrict processing of your personal data
Object to processing based on legitimate interests or direct marketing
Data portability, meaning to receive a copy of your personal data in a structured, commonly used, and machine-readable format
Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal

To exercise these rights, please contact us at privacy@floreovr.com or our GDPR Data Protection Representative noted below. We may require verification of your identity before responding.

Legal Basis for Processing under GDPR
We process your personal data only where we have a lawful basis under GDPR/UK GDPR, including:

Consent (e.g., parental consent for Learners)
Performance of a contract (e.g., providing Services to enterprise customers)
Compliance with legal obligations
Legitimate interests (e.g., product improvement, customer support), provided such interests are not overridden by your rights and freedoms.

International Transfers
Personal data collected by Floreo may be transferred to and processed in the United States. We will implement appropriate safeguards, including standard contractual clauses approved by the European Commission or UK authorities, to ensure an adequate level of protection for your personal data.

Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law or contract.

Data Protection Representative
Pursuant to Article 27 of the GDPR, Floreo has appointed GDPR Local Ltd. as its Data Protection Representative in the European Union. EU/UK individuals may contact them directly regarding all requests related to data protection and privacy matters:

GDPR Local Ltd.
Email: contact@gdprlocal.com

International Visitors Outside of EU/EEA

Our sites are hosted and operated in the United States. For now, all personal information is processed in the United States. However, Floreo intends to establish a dedicated technical stack in the European Union by early 2026, after which EU/EEA personal data will be processed and stored within the EU. If you are accessing the Services from outside the United States or the EU/EEA, please be advised that the laws of the United States may not provide the same level of data protection as those in your jurisdiction. For EU/EEA and UK residents, please see the section “EU/EEA and UK Residents (GDPR/UK GDPR)” above, which describes your rights and the safeguards we apply to international data transfers.

Children’s Privacy

We recognize the need to provide further privacy protections with respect to personal information we may collect from children using our Solution. When we collect personal information from children, we take the following steps to protect children’s privacy:

informing parents, through this Privacy Policy about our information practices with regard to children, including the types of personal information we may collect, the uses to which we may put that information, and whether and with whom we may share that information;
in accordance with applicable law, obtaining consent from parents for the collection of personal information from their children, or for sending information about our products and services directly to their children;
limiting our collection of personal information from children to no more than is reasonably necessary to use our Solution; and
giving parents access or the ability to request access to personal information we have collected from their children and the ability to request that the personal information be changed through our patient portal.

Children under the age of 13 may not register or create accounts through our Services, or otherwise provide us with personal information. If you learn that a child has provided us with personal information in violation of this Privacy Policy, you may alert us at privacy@floreovr.com.

School Data Compliance

We understand the obligation educational agencies, districts and school systems have to comply with applicable privacy and data protection laws, such as the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA) in the U.S. and the Freedom of Information Privacy Protection Act (FIPPA) in Canada. Our Privacy Policy is structured to be compliant with FERPA, COPPA and FIPPA, and we support schools in their compliance efforts and facilitate their alignment with FERPA, COPPA and FIPPA.

Under the terms of our contracts with schools, we agree to act as a "School Official" as defined by FERPA, meaning that we:

Perform an institutional service or function for which the school or district would otherwise use its own employees;
Have been determined to meet the criteria set forth in the school's or district's annual notification of FERPA rights for being a School Official with a legitimate educational interest in the education records;
Are under the direct control of the school or district with regard to the use and maintenance of education records; and
Use education records only for authorized purposes and will not re-disclose Personally Identifiable Information from education records to other parties (unless we have specific authorization from the school or district to do so and it is otherwise permitted by FERPA or FIPPA).

Under the terms of our contracts with schools, we agree to the state specific data security and privacy requirements, as amended from time to time, and the following state laws are incorporated herein by reference, to the extent that any of the provisions apply to Floreo’s possession and use of Learner and school PII:

New York State Education Law 2-d and the Parent’s Bill of Rights Regarding Data Privacy and Security, which can be accessed at http://www.nysed.gov/student-data-privacy/bill-rights-data-privacy-and-security-parents-bill-rights
California Student Online Personal Information Protection Act, (Cal. Bus. & Prof. Code § 22584(i)
Connecticut Student Data Privacy Law, (Connecticut General Statutes §§ 10-234aa through 10-234dd)

How to Contact Us

You can update your account and profile information through your profile settings. If you have questions about your privacy on our Services, this Privacy Policy, or information we have about you, or you believe that we are not complying with the principles set out in this Privacy Policy, please contact us at privacy@floreovr.com.

You may also file a complaint by contacting us at privacy@floreovr.com. Please provide as much detail as possible about your complaint so we can fully investigate and respond effectively. We take all feedback seriously and commit to address your concerns thoroughly and respectfully.

If you wish to report a security breach, please contact us at security@floreovr.com.

iKeepSafe Safe Harbor Program

We participate in the iKeepSafe Safe Harbor Program. If your complaint involves data privacy practices that have not been resolved satisfactorily, you may contact iKeepSafe through their consumer complaint process. Please visit https://ikeepsafe.org/contact for more information or email them directly at privacy@ikeepsafe.org.

Changes to this Privacy Policy

We will post any adjustments to the Privacy Policy on this page, and the revised version will be effective when it is posted. If we materially change the ways in which we use or share personal information previously collected from you through our Services, we will post changes on our website and notify you through our Services, by email, or other communication.

This policy has been updated as follows:

On February 25, 2020 to update privacy and security procedures and to describe FERPA compliance for school customers in various states.

On July 7, 2020 to update privacy and security procedures to include compliance with the Canadian FIPPA privacy requirements.

On March 21, 2022 added ability to request deletion of collected data.

On May 22, 2024 to update managing information preferences, our software and hardware descriptions, technical information, description of data collected, data retention process, FERPA notice requirements, and California CCPA compliance requirements of data privacy to be compliant with iKeepSafe Safe Harbor Program.

On October 30, 2024 to add details of how we collect and share information while using our optional Generative AI Interactive content.

On January 17, 2025 to clarify websites and services are for account holders over 18 and intended use is a coached experience with mixed use learners.

On October 3, 2025 added information for GDPR and UK GDPR rights and procedures.