In this document we describe how we deal with your information, both technical and personal, in simple human terms, rather than resorting to hard-to-read and confusing legal language.
However, if you read the EULA, you may have noticed a section where you allow us to collect some data. And here’s why. There are a few exceptions to our general “no data collection” rule. And for those exceptions, we require your legal consent explicitly provided in the EULA. That said, the EULA must use legal language to explicitly define even short term and narrow use cases for collecting and using customer related data. None of which is collected, as in kept for long term use.
For short term use, we aim to be very transparent about the exceptions to our rule. Here’s the list of cases when some of your information may actually be collected and sent to us, and/or to a 3rd-party:
* This website. Every page of it may contain a special user analytics script, usually provided by Google. This script collects some site usage stats, such as how much time you spend on each page, how many links you click, etc. This is the same set of scripts virtually every website out there uses. The collected data is then forwarded to Google and processed. We can then see the processed stats, but what happens with that collected raw data, how it’s processed, and whether or not Google shares it with anybody, we don’t know.
* Please remember, when you’re inside our LTI app, it’s not just our code you’re interacting with. You’re also using order of magnitude more of somebody else’s code – the LMS, the operating system, the hardware chips of your device, your cellular and Internet providers, etc. Whether or not those companies collect any of your data is absolutely out of our control.
* Every time you connect to a remote server to download or upload a data file, your information is being transferred through regular Internet channels. Whether or not your cellular or Internet provider, government or private agencies are mining that traffic for sensitive data, we have no idea.
* Every time you send an email to our support mailbox or receive a reply from us, those messages go through multiple relay servers before they arrive at the destination. Emails are practically sent in an open form, for the entire world to see. Please be mindful of what kind of sensitive information you send out there without protection.
We’ll now get into more relevant cases where we actually do have some control over what’s happening to your data:
* Word/phrase lookup. If you select text in the content displayed within the LTI app, your operating system’s or 3rd party Lookup menu will be presented to you. Some items on that menu, such as Define, Google, and Wikipedia, will send the selected text to respective companies – Apple, Google, and Wikipedia. The text will be sent via regular Internet channels. What those companies do to that text and whether or not they share it with anybody is out of our control.
* Customer Support. Every time you write an email to us, it is stored in a 3rd-party platform that facilitates customer support workflow, assigns case numbers, priorities, etc. Every bit of information you email to us, including all your messages, our responses, your email address, your name, is stored there. And it’s not our system, it’s an outside third party, we have no control over that party’s servers and data security practices.
* Crash Reports. Sadly, technology isn’t perfect. We hate to be the bearers of unpleasant truths, but there may be bugs in the LTI app, and the LTI app sometimes crashes. At the precise moment of the crash, the LTI app tries to collect and save some data relevant to the crash. That data will be sent to us, and stored on our and/or 3rd-party servers. And yes, it will be sent via open email channels (see above). The data collected may include some technical information, such as the device info, OS version, the state of some of the LTI app’s variables pertinent to the crash, etc. But also, some personal or semi-personal information, such as a name of the file that caused the trouble.
* Service Logs. Probably, the most privacy-challenging case is if we end up asking you to send us Service Logs. It may happen if you experience some trouble with a remote server connection and request our support. We may ask you to go to the LMS settings, and explicitly turn on a specific logging mode. This is probably the toughest privacy challenge, because these logs may truly contain A LOT of information. Rest assured, no such log is being created unless you explicitly turn it on inside the LMS by your own hand. Even after you do, those log files are simply recorded and placed inside a folder on your LMS. Only when you explicitly take those files and manually email them to us, only then we get that information. This is probably a good time to remind you what happens to all emails you ever send to us: They are being stored on a 3rd-party’s customer support platform servers, stored for who knows how long, out of our control (see the warning further above). Here’s what may be in those log files: everything relevant to your system – device model, processor type, OS version, the remote connections you’re making while logging – all the parameters, the names and URLs of the servers, all the sent/received network traffic, including the names (and sometimes the contents) of files you’re sending or receiving, your login details (login name/email, and we can’t guarantee that there won’t be passwords), various access tokens from remote servers, additional information about the state of variables of the LTI app during the connection, etc. That’s a lot of information, and some of it may really be sensitive. We advise you to only transfer files you don’t care about during logged sessions, and also, change your remote connections’ password to something temporary, then revert it back after done logging. If any of that sounds like a problem to you, please turn the logging off immediately, and delete all produced log files from your LMS. We’d like to explicitly assure you that should some sensitive information actually arrive to us, we would never do anything to abuse it. However, this information travels through the Internet, and will be stored on 3rd-party customer support platform servers. Though some assurance have been made by the 3rd parties, we ultimately have little or no control over what’s happening on their systems.
It can feel a bit scary when you read it here all at once, but in all honesty there is no need for concern. We just wanted to make sure you had this information upfront.
This is a living document, we may make occasional updates to it.