Privacy Policy.

1. Introduction and Overview

At Multiple Natures International, LLC ("Multiple Natures," "MNI," "Company," "we," "our," or "us"), we take the protection of your information seriously. Educational institutions, students, parents, practitioners, and individual users trust us with important information. We are committed to handling that trust with care.

1.1 Purpose of This Policy

This Privacy Policy explains in clear terms:

• What information we collect and why we collect it.
• How we use and protect your information.
• Your rights regarding your information.
• Our specific commitments to educational institutions and students.
• Our commitments regarding AI-powered tools, and which products do and do not use AI.

1.2 Important Terms and Definitions

• "Personal Information" means information that can identify you, such as your name, email address, or phone number.
• "Educational Records" means student records protected under FERPA (Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g) and applicable state laws.
• "Student PII" has the meaning given under New York Education Law § 2-d and 8 NYCRR Part 121.
• "Service" refers to our assessment tools, training programs, APIs, and related offerings.
• "Users" includes students, educators, administrators, practitioners, and any other individuals using our services.
• "AI-Powered Tool" means a Service that processes your inputs through a third-party large-language-model API to generate output.
• "Non-AI Tool" means a Service that uses deterministic algorithmic computation or static delivery, with no large-language-model processing.

1.3 Policy Updates and Notifications

Minor Changes

• We will update the "Last Updated" date at the top of this policy.
• Changes will be reflected at https://multiplenatures.com/privacy.
• Minor changes take effect when posted.

Material Changes

Material changes are significant updates that affect how we collect, use, or share your information. When we make material changes:

• Advance notice. We notify you at least thirty (30) days before changes take effect.
• For schools and educational institutions, we send direct notifications to designated administrators.
• You receive notice through one or more of: direct email to your registered address, prominent notice when you log in, or in-product banner.
• Clear communication. We provide a summary of what is changing, explain how it affects your privacy rights, and highlight any new choices.
• Consent. Where legally required, we obtain new consent before applying changes. For educational data, we obtain the necessary school authorizations.

Special Notice for Educational Data

For changes affecting student data or educational records:

• Schools receive direct administrator notifications.
• Changes are explained in education-specific terms and mapped to FERPA, COPPA, and NY Education Law 2-d obligations.
• Schools may review and adjust their data-sharing preferences.
• We provide guidance for communicating changes to parents and guardians.

Your Choices When We Update the Policy

• Review the changes before they take effect.
• Update your privacy preferences.
• Download or request your data.
• Discontinue use of our services if you do not agree.

1.4 Company Information and Contact Details

Multiple Natures International, LLC — New Jersey Company Code 0400753446

• Address: 1512 Palisade Ave., #12N, Fort Lee, New Jersey 07024, USA
• Email: support@multiplenatures.com
• Phone: (201) 917-0086
• Privacy questions: support@multiplenatures.com with "Privacy Policy Question" in the subject line

We aim to respond to privacy inquiries within two (2) business days, and to formal rights requests within thirty (30) days.

1.5 Our Commitment to Privacy

• Following all applicable privacy laws and regulations.
• Protecting student privacy under FERPA, COPPA, and NY Education Law § 2-d.
• Using information only for legitimate educational and business purposes.
• Being transparent about our practices, including which tools use AI and which do not.
• Responding promptly to your privacy questions and concerns.

1.6 Acceptance of Terms

By accessing or using MNI's website, tools, services, APIs, or related products, you acknowledge and agree to the terms of this Privacy Policy. If you do not accept these terms, or the specific terms agreed to when taking our assessments, you are not permitted to use our website, tools, services, or related products. Your continued use of our platform constitutes your acceptance of this Privacy Policy.

2. Educational Institution Privacy Commitments

We understand that educational institutions trust us with sensitive information about their students and staff. This section explains our specific commitments to protecting educational data and complying with education-privacy laws, including FERPA (20 U.S.C. § 1232g; 34 C.F.R. Part 99), COPPA (15 U.S.C. §§ 6501–6506; 16 C.F.R. Part 312), and New York Education Law § 2-d (8 NYCRR Part 121).

2.1 Our Educational Privacy Framework

As a provider of educational assessment tools and training services, we maintain strict standards for protecting student and institutional data. We commit to:

• Protecting student privacy as required by FERPA, COPPA, and NY Education Law § 2-d.
• Using educational data only for legitimate educational purposes.
• Maintaining transparency about our data practices.
• Empowering schools to maintain control of their data.

2.2 School Data Ownership and Control

Schools retain full ownership and control of all data they share with us:

• Schools retain complete ownership of their data at all times.
• We use school data only to provide our contracted services.
• Schools may request complete deletion or return of their data at any time.
• We will not transfer or sell school data.
• All school data remains under the school's direct control.

2.3 FERPA Compliance

When MNI provides services to a school or school district subject to FERPA, MNI acts as a "school official" with a "legitimate educational interest" under 34 C.F.R. § 99.31(a)(1)(i)(B), pursuant to a written agreement with the educational institution. As a school official, MNI:

• Performs an institutional service or function for which the school would otherwise use its own employees.
• Is under the direct control of the school with respect to the use and maintenance of education records.
• Uses education records only for the authorized educational purpose and does not re-disclose personally identifiable information from education records to any other party without the consent of the parent or eligible student, except as permitted by FERPA.
• Does not use education records for marketing, advertising, profiling, or any commercial purpose.
• Honors parent and eligible-student rights of inspection, review, amendment, and complaint through the school district as records custodian.

2.4 New York Education Law § 2-d and 8 NYCRR Part 121

For deployments with New York State educational agencies, including the New York City Department of Education, MNI commits to:

• Data Privacy Agreement (DPA). Executing a DPA with each New York educational agency before any Student PII is transferred.
• Parents' Bill of Rights. Adopting and adhering to the educational agency's Parents' Bill of Rights for Data Privacy and Security and supplementing it with the information required under 8 NYCRR § 121.3.
• NIST CSF. Implementing administrative, operational, and technical safeguards aligned to the NIST Cybersecurity Framework, as required by 8 NYCRR § 121.5.
• No commercial use. Not selling Student PII or using or disclosing Student PII for any marketing or commercial purpose, and not permitting any other party to do so.
• No AI training. Not using Student PII to train, fine-tune, or improve any AI or machine-learning model — by MNI or by any of our subprocessors.
• Encryption. Encrypting Student PII in transit (TLS 1.2+) and at rest (AES-256 or equivalent).
• Subcontractor flow-down. Ensuring any subcontractor or assignee with access to Student PII is contractually bound to materially equivalent data-protection obligations.
• Breach notification. Notifying the educational agency of any unauthorized release of Student PII without unreasonable delay, and within the timeframes required by § 2-d and the applicable DPA.
• Return or deletion. On expiration or termination of the agreement, deleting or returning Student PII as instructed by the educational agency.

2.5 Protection of Student Information

For all students, we:

• Collect only the minimum information necessary for educational services.
• Require appropriate authorization for data collection.
• Never use student information for marketing or advertising purposes.
• Never sell student information.
• Maintain strict access controls.
• Delete information when no longer needed for educational purposes.

2.5A Google Sign-On and Google Classroom Rostering

When a school enables Google sign-on, we use Google only to authenticate the user and match the user to the school's authorized MN account. When a school separately authorizes Google Classroom roster import, we may import the specific Classroom courses and roster memberships selected by the school.

• Sign-on data: Google subject ID, email address, email verification status, and display name where available.
• Classroom roster data: course ID, course name, section, course state, teacher/student Google profile IDs, email addresses, display names, and course membership.
• Sync logs: run time, course ID, counts, exception categories, and operator ID; logs avoid student personal information where possible.
• What we do not access: Gmail, Google Drive, Google Calendar, assignments, submissions, grades, guardian data, parent-portal data, scheduling data, or attendance data.
• Disconnect: when a school disconnects Google Classroom, we revoke or delete the stored Classroom access token and stop future Classroom imports. Already-imported MN records remain under the school's normal retention and deletion rules unless the school requests deletion.

2.6 Special Protections for Children Under 13

In compliance with COPPA, when MNI products are licensed to and deployed by a school for use with students under 13 in the United States solely for educational purposes, MNI relies on the FTC-recognized "school authorization" framework for verifiable parental consent. Under this framework:

• The school may consent on behalf of parents to collection of personal information from students under 13, strictly for the educational program and for no other commercial purpose.
• We provide the school with all notices required under 16 C.F.R. § 312.4 prior to deployment.
• We do not condition a child's participation on disclosure of more personal information than is reasonably necessary (16 C.F.R. § 312.7).
• Parents retain the right to review their child's personal information, request deletion, and refuse further collection (16 C.F.R. § 312.6); requests are routed through the school and honored within thirty (30) days.
• We retain student personal information only as long as reasonably necessary to fulfill the educational purpose, and securely delete it thereafter (16 C.F.R. § 312.10).
• We implement reasonable security procedures to protect student information (16 C.F.R. § 312.8).

2.7 Business Changes and Data Protection

• All privacy obligations will continue to be honored.
• School data will only transfer to entities maintaining equivalent protections.
• Schools will be notified of any ownership changes affecting their data.
• Schools maintain the right to terminate service and request data deletion or return.
• No school data will be sold or transferred without school authorization.

2.8 Educational Institution Responsibilities

• Obtain necessary parental consents under applicable law.
• Inform us of any special privacy requirements.
• Maintain appropriate access controls for school staff.
• Notify us of any privacy concerns or potential breaches.
• Review our privacy practices periodically.

2.9 Data Security in Educational Settings

• Encryption of all student information in transit and at rest.
• Restricted access based on educational role.
• Regular security reviews and dependency scanning.
• Employee training on educational privacy laws (FERPA, COPPA, NY Ed Law 2-d).
• Incident response protocols aligned to NIST CSF.
• Background checks for personnel with access to Student PII, where required by contract or law.

3. Information We Collect and Process

3.1 Assessment, Diagnostic, and Training Services

What we collect:

• Your name and contact information (email, phone number).
• Professional background and credentials.
• Academic performance information and certifications.
• Assessment responses and computed results.
• Career interests and goals.
• Date of birth and gender (for demographic purposes only, where collected).
• Training participation records.

Why we collect this: to create and manage your account, deliver personalized assessments, generate accurate reports and recommendations, track progress and outcomes, and provide appropriate training materials.

Legal basis: contract performance with you to provide our services (GDPR Art. 6(1)(b)).

Retention: three (3) years after providing services, to maintain records and support ongoing professional development, except where a different period is required by an educational agreement, applicable law, or your deletion request.

3.2 Service Communications

What we collect: email address, communication preferences, service usage history.

Why: to send service updates, share educational resources, inform you about new features, and respond to requests.

Legal basis: consent or legitimate interest in maintaining service relationships (GDPR Art. 6(1)(a) or (f)).

Retention: three (3) years after your last interaction with us, unless you withdraw consent earlier.

3.3 Support and Inquiries

What we collect: name and contact details, nature of inquiry, time and date of communication, content of messages, supporting documents you provide.

Why: to address questions or concerns, improve services, maintain quality, track resolution.

Legal basis: legitimate interest in providing customer support (GDPR Art. 6(1)(f)).

Retention: two (2) years after your last inquiry.

3.4 Educational Institution Data

What we collect: school representative names and titles, professional contact information, contract details, account history, institutional relationships.

Why: to manage educational partnerships, fulfill contractual obligations, provide institutional services, maintain accurate records.

Legal basis: contract performance and legitimate educational interest.

Retention: three (3) years after the end of the business relationship. After account termination, we retain data for sixty (60) days to allow for restoration, then permanently delete unless otherwise specified in our agreement with the institution.

3.5 Legal and Compliance Records

What we collect: financial transaction records, contract documentation, legal correspondence, compliance records.

Why: to comply with tax laws, maintain required business records, handle legal proceedings, fulfill regulatory obligations.

Legal basis: legal obligation (GDPR Art. 6(1)(c)) and legitimate interest.

Retention: typically seven (7) years for financial records and legal documentation, in line with applicable law.

3.6 Data Minimization and Protection

We are committed to collecting only the information necessary to provide our services. We regularly review our data-collection practices to ensure we are not collecting more information than needed. All collected information is protected according to the security measures in Section 4.

3.7 What We Do Not Collect

• We do not collect special-category personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data, genetic data) unless you voluntarily include it in free-text inputs.
• We do not collect Social Security numbers or full credit-card details. Payment processing is handled entirely by Stripe.
• We do not purchase data about you from data brokers.
• We do not run advertising trackers, advertising cookies, or third-party advertising pixels.

4. How We Protect Your Information

We use a layered approach to protect your information.

4.1 Security Measures

Technical Safeguards

• Data is hosted on Cloudflare (workers, D1 database, R2 storage), one of the world's most trusted edge providers.
• All data is encrypted in transit (TLS 1.2+, HSTS-enforced) and at rest (AES-256 or equivalent).
• Cloudflare Web Application Firewall (OWASP rulesets) and rate limiting protect against unauthorized access and abuse.
• Backup and disaster-recovery procedures protect against data loss.

Physical Security

• Data centers operated by Cloudflare (and any subprocessors) are access-controlled facilities with continuous monitoring and environmental controls.
• We follow strict procedures for disposing of equipment that has held data.

Administrative Controls

• Regular security reviews to identify and remediate vulnerabilities.
• Written security policies governing all data-protection efforts.
• Documented incident response and business continuity plans.

4.2 Personnel Access and Background Checks

• Personnel who access Student PII undergo background checks where required by contract or law.
• Role-based access controls limit each person to the minimum data necessary for their role.
• Access is reviewed periodically and removed promptly upon role change or departure.
• Data-access events are logged.

4.3 Personnel Training

• Privacy and security training upon onboarding.
• At least annual refresher training on data protection.
• Specific training on educational privacy laws (FERPA, COPPA, NY Ed Law 2-d) for personnel handling Student PII.
• Updates on new threats and protections.

4.4 Audits and Compliance

• MNI has been audited by independent third-party auditors for COPPA, FERPA, and GDPR compliance. For details, contact support@multiplenatures.com.
• Periodic internal security reviews.
• Audits covering access controls, data-handling practices, training compliance, and incident-response procedures.
• Continuous monitoring for security events.

4.5 Incident Response

If a security incident occurs, we will:

• Launch immediate investigation and containment.
• Notify affected individuals and educational agencies as required by GDPR Art. 33–34, US state breach-notification laws, and NY Education Law § 2-d.
• Cooperate with authorities where required.
• Review and update procedures to prevent recurrence.

4.6 Ongoing Security Improvement

• Regular vulnerability and dependency scanning.
• Updates to security tooling and procedures.
• Implementation of new security technologies as warranted.

4.7 Your Role in Security

• Use strong, unique passwords.
• Enable two-factor authentication where available.
• Keep your account information confidential.
• Report any suspicious activity.

5. Information Sharing

5.1 Our Information Sharing Principles

• We share only what is necessary for the specific purpose.
• We require security commitments from any recipient.
• We maintain oversight of how shared information is used.
• We respect and honor your privacy choices.

5.2 Essential Service Providers

To deliver our services, we engage carefully selected providers:

• Cloudflare — web hosting, CDN, edge compute, D1 database, R2 storage.
• Stripe — payment processing.
• Amazon Web Services (Simple Email Service) — transactional and (opt-in) newsletter email.
• Google — school-authorized sign-on and optional Google Classroom roster import.
• Anthropic, PBC — large-language-model API for AI-powered tools (see Section 9).

Each provider is engaged under a written data-processing agreement with appropriate security and confidentiality obligations.

5.3 Educational Service Partners

We work with education-focused organizations to deliver services to schools:

• Public and private educational consultants.
• Assessment processing services.
• Training-platform providers.
• Educational-technology partners.

We share only the information needed for specific educational purposes, protected by educational-privacy compliance requirements, data-protection agreements, and confidentiality obligations.

5.4 Professional Service Providers

We work with qualified professionals (certified practitioners, professional counselors, career advisors, training specialists) who:

• Receive only the information needed for their specific role.
• Are bound by confidentiality agreements.
• Must follow our data-protection standards.
• Undergo periodic compliance review.

5.5 Legal and Professional Services

When necessary, we share information with lawyers, auditors, accountants, and other professional advisors, only when legally required, to protect our legal rights, or to maintain compliance, under strict confidentiality.

5.6 Legal Requirements

We may share information when required by law (courts, law enforcement, regulators, government agencies). We share only what is legally required and notify you when permitted.

5.7 Information Sharing Safeguards

• Secure transfer methods (TLS, SCCs where applicable).
• Documented sharing setups.
• Recipient compliance monitoring.
• Access and use limitations.
• Deletion requirements when no longer needed.

5.8 Your Control Over Information Sharing

• You can opt out of certain types of sharing.
• You can request information about who has received your data.
• You can withdraw previous sharing permissions.
• You can object to certain sharing practices.

Email support@multiplenatures.com to exercise these rights.

5.9 What We Do Not Share

• We never sell your personal information.
• We never share student data for marketing purposes.
• We never allow third parties to use your information for their own marketing.
• We never share more information than necessary.

6. Your Privacy Rights

6.1 Core Privacy Rights

Access Your Information

• Request confirmation of whether we process your information.
• Obtain a copy of your information in a portable format.
• Learn how we use and share your information.

How: email support@multiplenatures.com with "Data Access Request" in the subject. We respond within thirty (30) days.

Correct Your Information

Fix inaccurate or incomplete data, update outdated information, or add missing details. Log into your account for basic changes; contact us for substantial corrections.

Delete Your Information

You can request deletion when we no longer need the information for its original purpose, you withdraw consent, you object to processing without overriding legitimate interest, or the processing was unlawful. We may retain certain information for legal or administrative purposes (e.g., tax records).

Limit Processing

Restrict processing while data accuracy is contested, when processing is unlawful but you do not want deletion, when we no longer need the data but you need it for legal claims, or when you have objected to processing.

Data Portability

Receive your information in a structured, commonly used, portable format. Request direct transfer to another provider where technically feasible.

6.2 Additional Rights

Object to Processing

Object to processing based on our legitimate interests, direct marketing, or scientific/historical research and statistics.

Automated Decision-Making

Our diagnostic outputs are advisory only and do not produce legal effects or similarly significant effects within the meaning of GDPR Art. 22. You retain the right to learn when decisions are made by automated systems, to request human intervention, and to challenge automated decisions affecting you.

Withdraw Consent

Stop processing based on previous consent. Opt out of marketing communications. Change your privacy preferences. Withdrawal does not affect processing performed before withdrawal.

6.3 Jurisdiction-Specific Rights

GDPR (EEA, UK, Switzerland)

Access, rectification, erasure, restriction, portability, object, withdraw consent, and lodge a complaint with your supervisory authority.

CCPA / CPRA (California)

Right to know, delete, correct, opt out of sale or sharing for cross-context behavioral advertising (we do not sell or share for such advertising), limit use of sensitive personal information, and non-discrimination.

DPDP Act (India)

Access, correction and erasure, grievance redressal, and the right to nominate a person to exercise rights in case of death or incapacity.

6.4 How to Exercise Your Rights

• Email support@multiplenatures.com with "Privacy Rights Request" in the subject.
• Specify which right(s) you are exercising.
• Provide enough detail to identify your information.

We will respond within thirty (30) days, verify your identity, not charge fees for standard requests, and explain any limitations or denials.

6.5 Lodging Complaints

Contact us first to resolve the issue. If unsatisfied, contact your data-protection authority. You may also seek legal remedies through the courts. For students, parents may direct complaints through the educational agency, which retains rights of records-custodianship under FERPA and § 2-d.

7. Technology Usage

7.1 Essential Cookies

We use cookies — small text files stored on your device — to help our services work.

• Cookie name: session cookie (e.g., connect.sid or equivalent).
• Purpose: identifies your browsing session to keep you logged in, remember preferences, and maintain security.
• Duration: up to fifteen (15) days for session cookies; persistent functional cookies, where used, are documented at the point of use.

Essential cookies are strictly necessary for our service to operate.

7.2 Browser and Technical Information

When you use our services, we automatically collect: referring URL, IP address, browser type and version, operating system, date and time of access, and basic device information. We use this to ensure compatibility, maintain security, improve performance, and troubleshoot.

7.3 Managing Your Technology Preferences

You can delete existing cookies through your browser, set your browser to reject new cookies, or request notification when cookies are being set. For users in the EEA, we obtain consent before placing non-essential cookies.

7.4 Third-Party Technology

We minimize third-party technology. Where used, providers must follow strict privacy standards, process data only as needed, maintain appropriate security, and honor user privacy choices.

7.5 Future Technology Updates

As technology evolves we may update tools and methods. For significant changes we update this policy, notify you where required, and explain what is changing.

7.6 Your Technology Privacy Rights

• Know what technical data we collect.
• Understand how we use it.
• Control technical data collection where possible.
• Object to certain technical processing.
• Request technical data deletion.

8. Children's Privacy Policy

8.1 Our Commitment to Children's Privacy

We take special care when handling information about children under 13, as required by COPPA, and under 16 where applicable under GDPR-K. Our consumer services are not directed at children under those thresholds. Our educational deployments are governed by Section 2.

8.2 Information We Collect About Children

We strictly limit collection of children's personal information to what is necessary for educational purposes:

We collect only:

• Basic identification (first name, last name).
• School-provided identifiers.
• Assessment responses from the MNTEST instrument.
• Student's educational qualification (completed or aspired to).
• Student's evaluation of overall academic performance.

We never collect from children:

• Home addresses.
• Phone numbers.
• Social-media accounts.
• Photos or videos.
• Precise location data.
• Biometric or health data.
• Any information beyond what is needed for the specific assessment service stated in this policy.

8.3 School's Role in Privacy Protection

When we work with schools, schools may provide consent on behalf of parents in the educational context. We require schools to obtain appropriate parental consent, notify parents of our services, share our privacy policies, maintain proper authorization records, and inform us of any special requirements. School consent is valid only when collection is strictly for educational purposes, information is used solely to provide contracted services, the school maintains direct control, and collection complies with FERPA, COPPA, and (where applicable) NY Ed Law § 2-d.

8.4 How We Use Children's Information

We use children's information only for educational purposes: providing assessment services, generating Multiple Natures profile and career reports, fulfilling school requirements, and improving our educational and assessment services.

We never use children's information for marketing or advertising, profiling, commercial purposes, sale to third parties, AI model training, or any non-educational purpose.

8.5 Parental Rights and Control

Parents and legal guardians may:

• Review their child's information.
• Request deletion.
• Refuse further collection.
• Update or correct information.
• Control how information is used.

To exercise these rights, email support@multiplenatures.com with "Children's Privacy Request" in the subject, specify the right exercised, and provide verification of your relationship to the child. Where a school is involved, the request will be coordinated with the educational agency as records-custodian.

8.6 Special Data Protection Measures

• Stricter access controls than adult data.
• Additional encryption measures.
• Regular compliance reviews.
• Special handling procedures.
• Mandatory privacy training for staff with access.
• Regular deletion of outdated information.

8.7 Data Retention and Deletion

• We keep data only as long as necessary for educational purposes.
• We delete inactive accounts after sixty (60) days, or per the school's instructions.
• We honor deletion requests promptly.
• We maintain detailed deletion records.
• We require equivalent practices from our partners.

9. AI-Powered Tools and Your Data

Some of our products use artificial intelligence (large language models). Some do not. This section tells you exactly which is which, what AI processes, where it processes, and the absolute limits we place on AI use.

9.1 Which Products Use AI

9.2 Which Products DO NOT Use AI

If a product's AI status changes, we will update this section and the "Last Updated" date above. AI is never silently introduced into a previously non-AI product.

9.3 What AI-Powered Tools Process

When you use an AI-powered tool listed in 9.1, the text and other inputs you provide are sent to our AI provider solely to generate your output. Inputs and outputs are stored in your account so you can return to them; you can delete them at any time (Section 6).

9.4 Third-Party AI Provider

Our AI-powered tools use Anthropic's Claude (Anthropic, PBC, San Francisco, USA).

• What is sent to Anthropic: the text you enter (situation descriptions, career history, professional context). We do not transmit your name, email, or other account identifiers to Anthropic unless you include them in your free-text responses.
• Anthropic's commitment: under Anthropic's Commercial Terms of Service, customer inputs and outputs are not used to train Anthropic's models.
• Data location: Anthropic processes data in the United States. For users in the EEA, UK, or Switzerland, this constitutes an international transfer (see Section 5 and applicable SCCs).
• Anthropic's privacy terms: https://www.anthropic.com/privacy

9.5 AI Training Prohibition

9.6 Human Oversight; No Solely-Automated Decisions

AI-generated outputs are advisory. They are not used to make any decision producing legal effects or similarly significant effects about you (GDPR Art. 22). Practitioners and users retain full interpretive control over how outputs are used. No employment, credit, insurance, educational placement, or other consequential decision is made automatically by our systems.

10. Contact and Support

10.1 How to Contact Us

Multiple Natures International, LLC

• Email: support@multiplenatures.com
• Phone: (201) 917-0086
• Address: 1512 Palisade Ave., #12N, Fort Lee, New Jersey 07024, USA

10.2 Privacy and Data Requests

For privacy matters — rights requests, educational privacy questions, student data inquiries, general privacy concerns — email support@multiplenatures.com with "Privacy Request" in your subject line.

Our commitments:

• Initial response within two (2) business days.
• Full response within thirty (30) days, or within the period required by applicable law.
• Clear communication throughout.
• Documentation of all requests.
• Thorough investigation of concerns.

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data-protection supervisory authority. For students and parents under FERPA or NY Ed Law § 2-d, complaints may also be directed through the educational agency or, in New York, to the NYSED Chief Privacy Officer.