MegaMinds Privacy Policy

Last Updated: April 24th, 2025

Any collection, processing and use (hereinafter “use”) of data is solely for the purpose of providing our services. Our services have been designed to use as little personal information as possible. For that matter, “personal data” is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called “affected person”). The following statements on data protection describe what data MegaMinds collects and shares, and why. 

1. Data Protection

MegaMinds is a 3D platform where users meet inside a website-based virtual room and can meet, learn and collaborate.

The data used in MegaMinds can be classified as the following:

• Access Management (accounts and authentication)
• Real-time experiences (avatars and room state)
• Communication (WebRTC)
• Content (files and data uploaded into a room)

All database data and backups are encrypted at rest. We retain access logs, errors and requests to our servers with IP addresses. The files and content placed within a room are considered persistent and are stored on our servers. All data is encrypted in transit via TLS over HTTPS as the virtual rooms are hosted as websites in a web browser.

All the 3D spaces on MegaMinds are hosted in a shared environment. (We are also able to host our systems in an isolated infrastructure if required.)

2. User Roles

MegaMinds has three types of user roles:

• Registered Teacher 
• Registered Student
• Guest

Students can optionally sign up for accounts to allow teachers to easily assign activities and provide grouping and rostering functionality.

We collect the following information on Student Accounts:

Teachers require accounts to find, assign and create activities.

We collect the following information on Teacher Accounts:

Guests can join 3D environments without an account. Usually this is students, parents, or other teachers without accounts.

Guests leave behind the following information:

Children’s Use of MegaMinds

MegaMinds is designed to support safe and secure learning environments for students. Children access MegaMinds within virtual rooms and are only able to engage in activities approved by their teachers, such as answering questions, creating projects, and participating in lessons. The platform collects minimal data necessary to facilitate these educational experiences, such as a chosen nickname and in-room activity data. 

Compliance with FERPA

MegaMinds complies with the Family Educational Rights and Privacy Act (FERPA) to ensure that any personally identifiable information (PII) collected from students’ educational records is protected and used solely for educational purposes. As a “School Official” under FERPA, MegaMinds accesses and manages PII only to facilitate educational services, and we do not disclose PII to third parties unless permitted by law or authorized by the educational institution.

Compliance with COPPA

MegaMinds complies with the Children’s Online Privacy Protection Act (COPPA) for users under 13 years old. We prioritize the privacy and protection of students, including measures that limit the collection of personal information from children and ensure it is solely used for educational purposes, in line with COPPA regulations.

3. User Authentication

Accounts are used to sign a Teacher or Student in to manage their assignments from our dashboard, and to enter their rooms with elevated privileges such as management, moderation and editing functionality.

Our sign-on system supports traditional accounts,Open ID Connect, SAML, AD/Azure ID, as well as integrations such as Facebook, Google, and Microsoft. 

All our authentication systems are managed securely by Auth0.

4. Secure Communication

To allow Voice and Webcam / Screen Sharing, the following data is shared between users using encrypted WebRTC after the user has granted permission:

– Microphone audio

– Webcam Data

– Screen Share data

5. Feature Access and Management

We have created multiple options for controlling room access, such as a checkbox for disabling and enabling access to a room, enabling and disabling text chat, voice, webcam, and other permissions.

If the link or Room PIN Code (url) is leaked, teachers have the option to reset it.

Teachers also have in-room management, such as the ability to mute, remove or hide users within a room.

Schools and Districts have the ability to override the following permissions:

• Deny all voice communication
• Deny all video communication (Webcam / Screensharing)
• Deny all chat messaging

For example: A district denies all voice communication. All 3D spaces belonging to any teacher in that district will have voice communication disabled.

6. Security Practices

MegaMinds constantly monitors for vulnerabilities and regularly pushes updates and patches to both features and security quickly with our internal development and operations practices.

We employ multiple strategies for data and disaster recovery such as regular backups, internal audits, processes and playbooks. Our development team follows well-architected best practices from the services and solutions we use in our workload.

7. Data Retention 

MegaMinds does not sell any Personally Identifiable Information (PII). We do not share confidential or personally identifiable information with any third parties, except those specifically listed below as authorized data processors. All PII is used solely to support and operate the MegaMinds platform and is never sold, shared without purpose, or misused in any way.

MegaMinds does not use student data for third-party marketing or personalized advertising. All student information is used exclusively to support educational activities within the MegaMinds platform.

MegaMinds acknowledges that (a) the student data that results from regular usage in our rooms may include personally identifiable information (“PII data”) from education records that are subject to FERPA (“FERPA Records”); and (b) to the extent that student data includes FERPA Records MegaMinds will be considered a “School Official” (as that term is used in FERPA and its implementing regulations) and will comply with FERPA as required.

Upon receipt of a duly authorized written request, MegaMinds shall purge all PII data from its database pertaining to a user’s account within ten (10) business days. 

In the event that an Agreement is i) terminated prior to the expiration of the Initial Term or any extension thereof, or ii) not renewed upon expiration of the initial Term or any Renewal Term thereof, MegaMinds shall purge all PII data pertaining to the client’s account within sixty (60) days of termination. 

8. Information We Collect and Share 

We need certain information to operate MegaMinds. For example, we need information about your account in order to save your avatar. Here’s the information we may receive from you:

Account Information 

See above tables for stored account information.

Room Name and URL

Rooms and room names are publicly accessible to anyone with the URL. MegaMinds stores the name and the URL for the link you share so you and others with the link to the Room can use it again.

Avatar Data

Your selected avatar and name will be shared with other participants in your room. If you’re logged in to your account, we will store your avatar customization. If you’re not logged into your account, we will not store your avatar.

Voice Data

If your microphone is enabled, MegaMinds sends the audio to other users in the room. MegaMinds does not store the audio; we only receive it temporarily to transmit it to others in the room. In the case of interacting with an in-room Non-Player Character (NPC), we store a transcript so that teachers can see the interaction.

Video Data

If you allow webcam or screen sharing to a 3D room, it will be shared with other users also connected to the room. No video data from webcam and screen sharing is stored. Only used in transit.

Chat 

If you send messages in MegaMinds, MegaMinds shares it with the other users in the room. MegaMinds does not store chats; we only receive it temporarily to transmit it to others in the room.

Uploaded Content (Room Data)

Files, videos, and other content you upload to a room are stored on our servers and remain visible to room participants until removed.

Guest Data (Room Data)

Unauthenticated users are able to produce data through the following:

• Student Projects
  • Uploading data to an individual or group room
  • Using the Student Project Feedback System, used to facilitate communication between a student and teacher for continuous improvement of a project.
  • Logs and usage data
• Lesson data
  • Answers to Multiple Choice Questions and Freetext Questions
  • Log and usage data
    
    

Other Information We Receive

We use technical, interaction, error, and website analytics data to help us improve the MegaMinds experiences:

Technical Data

We receive data about the type of device you use to interact with MegaMinds, as well as its operating system, language, the name and version of browser, and other data needed to load and operate a room.

Interaction Data

We receive data about your interactions with MegaMinds, such as the number of rooms created, the number of users in a particular room, the start and end time of a your interaction with MegaMinds, the amount of time you interact with MegaMinds, the first time in a particular month or day that you begins to use MegaMinds.

Error Data

When MegaMinds crashes or fails, MegaMinds receives error messages which may include the room URL, response time for requests, the page you were on when you encountered the error, your operating system, browser information, and your IP address.

Website Analytics Data 

We use a variety of technologies to analyze and improve our platform. See 8. Third-Party Data Processors for a list.

9. Third-Party Data Processors

Google Analytics

We use Google Analytics (GA) to better understand how you interact with MegaMinds. For example, we collect de-identified information about the number of rooms you create or enter, your interactions with buttons and menus, your session length, your location (country, state/province, and city), language settings, your browser type and version, viewport size, and screen resolution. You can opt-out of GA data collection by installing the Google Analytics Opt-out Browser Add-on.

Mailchimp

We use Mailchimp to learn about and communicate with our audience (excluding students) and conduct standard marketing practices such as outreach and sales communication. See above tables for what data is used in Marketing.

Hubspot

We use Hubspot for basic CRM functionality (excluding students). See above tables for what data is used in Marketing.

Hotjar

To better understand user interactions on MegaMinds. Hotjar tracks user behavior by collecting data such as:

• Mouse movements and clicks.
• Scroll events.
• Page visit timestamps. Hotjar anonymizes this data to ensure user privacy. You can learn more about Hotjar’s privacy practices by visiting Hotjar’s Privacy Policy.

Sentry.io

To automatically track and respond to technical errors, we use Sentry to track issues by collecting data such as:

• Web Browser error codes
• Web Browser reports

OpenAI

We use OpenAI to intelligently generate insights and highlights for teachers of what happened to students within a 3D space.

10. Subcontractors and Data Sharing

MegaMinds works with subcontractors and third-party service providers to operate its platform. These subcontractors are contractually obligated to handle data in ways approved by MegaMinds, and they are required to adhere to our privacy standards. Data may be shared with subcontractors for the purposes of:

• Platform operations and support.
• Data processing (e.g., analytics, content storage).
• Security and infrastructure maintenance.

Our subcontractors include:

• Amazon Web Services for cloud storage.
• Hotjar for analytics and user interaction tracking.
• Hubspot for some CRM functionality.
• Mailchimp for communication and some CRM functionality.
• Auth0 for authentication services.
• Sentry for analytics and issue tracking
• OpenAI for insight generation and activity creation inspiration 

MegaMinds ensures that all subcontractors meet legal and security requirements, and regular audits are conducted to ensure compliance.

11. Information Disclosure

Amazon Web Services

MegaMinds uses Amazon Web Services for cloud storage, where we securely store the data collected through the platform. AWS ensures data protection through its robust privacy measures. You can find more information by reviewing AWS’s Privacy Notice.

Search Providers

When users search for images, GIFs, or 3D models to share within a MegaMinds room, the search queries are sent to third-party providers to deliver relevant results. MegaMinds does not store these search queries or the results. We currently support the following search providers:

• Tenor: For GIF searches.
• Sketchfab: For 3D model searches.

Definition of Personal Information

At MegaMinds, “personal information” refers to any data that can directly identify you, such as your name, email address, or billing details, as well as information that can be reasonably linked or combined to identify you, like your account ID or IP address. We will always inform you about the specific personal information we collect.

Any information that does not directly or indirectly identify you is classified as “non-personal information.” If we store your personal information alongside non-personal data, we will treat the combined information as personal information. If all personal identifiers are removed from a dataset, the remaining information will be considered non-personal.

How We Collect Information

MegaMinds gathers information about you through several channels:

• Directly from you: For example, when you provide feedback or submit crash reports.
• Automatically through our services: This includes data collected when you use MegaMinds, such as your browser checking for updates or loading a room.
• Third-party sources: For example, when external services like your email provider assist with account setup.
• Inferred from data: Based on the information you’ve given us, we may derive additional details, such as using your IP address to customize language settings for your session.

12. Security and Data Protection

How We Use Your Information

When you provide us with your information, MegaMinds will only use it for the purposes you’ve permitted. Primarily, we use your information to deliver and improve our products and services to ensure the best possible experience for you.

When We Share Your Information

MegaMinds may share your information in specific cases:

• With your consent: We will only share your information when we have obtained your permission.
• For processing and services: If third parties are involved in processing your data or delivering services, they are contractually obligated to handle your information in accordance with MegaMinds’ privacy standards.
• Legal compliance: When legally required to do so, we may share your information in response to government requests or lawsuits. We will inform you of such disclosures unless prohibited by law. We only release personal information if we have a good faith belief that it is required by law.
• To prevent harm: We may share your information if we believe, in good faith, that it is necessary to protect the rights, property, or safety of you, other users, MegaMinds, or the public.
• Organizational changes: In the event of a change in our business structure, such as a merger, acquisition, or bankruptcy, your information may be transferred to a successor or affiliate.

How We Protect and Store Your Information

MegaMinds is committed to protecting your personal information through a combination of physical, technical, and administrative security measures. Despite these efforts, in the unlikely event of a security breach, we will notify you promptly so you can take the necessary steps to protect yourself.

We retain your personal information only for as long as it is needed to fulfill the purpose for which it was collected. Once your information is no longer required, we will take steps to securely delete or destroy it, unless we are legally obligated to retain it for a longer period.

13. Changes to This Privacy Policy

MegaMinds may update this Privacy Policy as needed to reflect changes in our practices or legal requirements. Any updates will be posted online, and if there are significant changes, we will notify you through our standard communication channels, such as blog posts or forums.

By continuing to use MegaMinds after the updated policy goes into effect, you agree to the new terms. For your convenience, we will always display the “Last Updated” date at the top of this page, so you can easily track changes.

14. Contact MegaMinds

If you have any questions or need to make corrections to your information, please reach out to us at:

Email: contact@gomegaminds.com
Attn: MegaMinds – Privacy