Sign In
Sign Up

Privacy Policy

MegaMinds Privacy Policy


Last Updated: October 22nd, 2024

Any collection, processing and use (hereinafter “use”) of data is solely for the purpose of providing our services. Our services have been designed to use as little personal information as possible. For that matter, “personal data” is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called “affected person”). The following statements on data protection describe what data MegaMinds collects and shares, and why. 

  1. Data Protection

 

MegaMinds is a 3D platform where users meet inside a website-based virtual room and can meet, learn and collaborate.

The data used in MegaMinds can be classified as the following:

  • Access Management (accounts and authentication)
  • Real-time experiences (avatars and room state)
  • Communication (WebRTC)
  • Content (Files and data uploaded into a room)

 

All database data and backups are encrypted at rest. We retain access logs, errors and requests to our servers with IP addresses.

 

All the rooms on MegaMinds are hosted in a shared environment on megaminds.world. (We are also able to host our systems in an isolated infrastructure if required.)

 

Visitors to a room (such as students) are considered guests and leave no permanent record in our databases, with the exception of:

  • Submissions: When submitting a response to a multiple choice or free-text question within a lesson, the nickname the user selected is stored together with their reply.
  • Student Projects: When using Student Projects, the user writes a name to be associated with their room. 
  • Log Data: Teachers can access usage logs of what happens within a Lesson and Student Project, for example if a student created or deleted an object. Chat logs are not stored.
  • Live Data: During the session, their nickname and avatar state (position, mute state, etc.) and uploaded files will be synced with all other connected users in a room.
  • Within a Student Project, teachers and students can communicate with a feedback system.

 

Users (both room owners and guests/visitors/students if permitted) may upload files and create text and other data within a room.

 

The files and content placed within a room are considered persistent and are stored on our servers. All data is encrypted in transit via TLS over HTTPS as the virtual rooms are hosted as websites in a web browser.

  1. User Authentication

Accounts are used to sign a user in to manage their rooms from our dashboard, and to enter their rooms with elevated privileges such as management, moderation and editing functionality.

 

Our sign-on system supports traditional accounts as well as integrations such as Facebook, Google, and Microsoft. 

 

All our authentication systems are managed securely by Auth0, and only dashboard users require accounts.

  1. Secure Communication

To allow Voice and Webcam / Screen Sharing, the following data is shared between users using encrypted WebRTC after the user has granted permission:

 

– Microphone audio

– Webcam Data

– Screen Share data

  1. Teacher Access

We have created multiple options for controlling room access, such as a checkbox for disabling and enabling access to a room, enabling and disabling text chat, voice, and other permissions.

 

If the link or Room PIN Code (url) is leaked, teachers have the option to reset it.

 

Teachers also have in-room management, such as the ability to mute, remove or hide users within a room.

  1. Security Practices

MegaMinds constantly monitors for vulnerabilities and regularly pushes updates and patches to both features and security quickly with our internal development and operations practices.

 

We employ multiple strategies for data and disaster recovery such as regular backups, internal audits, processes and playbooks. Our development team follows well-architected best practices from the services and solutions we use in our workload.

 

  1. Data Retention 

MegaMinds represents and warrants that it will not sell, share, distribute or otherwise grant access to any confidential and personally identifiable information of any kind to any third party.

 

MegaMinds acknowledges that (a) the student data that results from regular usage in our rooms may include personally identifiable information (“PII data”) from education records that are subject to FERPA (“FERPA Records”); and (b) to the extent that student data includes FERPA Records MegaMinds will be considered a “School Official” (as that term is used in FERPA and its implementing regulations) and will comply with FERPA as required.

 

Upon receipt of a duly authorized written request, MegaMinds shall purge all PII data from its database pertaining to a user’s account within ten (10) business days. 

 

In the event that an Agreement is i) terminated prior to the expiration of the Initial Term or any extension thereof, or ii) not renewed upon expiration of the initial Term or any Renewal Term thereof, MegaMinds shall purge all PII data pertaining to the client’s account within sixty (60) days of termination. 

 

  1. Information We Collect and Share 

We need certain information to operate MegaMinds. For example, we need information about your account in order to save your avatar. Here’s the information we may receive from you:


Account Information 

Only teachers need an account to use MegaMinds. Students do not require an account.

 

Room Name and URL

Rooms and room names are publicly accessible to anyone with the URL. MegaMinds stores the name and the URL for the link you share so you and others with the link to the Room can use it again.


Avatar Data

Your selected avatar and name will be shared with other participants in your room. If you’re logged in to your account, we will store your avatar. If you’re not logged into your account, we will not store your avatar.

 

Voice Data

If your microphone is on, MegaMinds sends the audio to other users in the room. MegaMinds does not store the audio; we only receive it temporarily to transmit it to others in the room.

 

Chat 

If you send messages in MegaMinds, MegaMinds shares it with the other users in the room. MegaMinds does not store chats; we only receive it temporarily to transmit it to others in the room.


Uploaded Content (Room Data)

Files, videos, and other content you upload to a room are stored on our servers and remain visible to room participants until removed.

 

Guest Data (Room Data)

Unauthenticated users are able to produce data through the following:

  • Student Projects
    • Uploading data to an individual or group room
    • Using the Student Project Feedback System, used to facilitate communication between a student and teacher for continuous improvement of a project.
    • Logs and usage data
  • Lesson data
    • Answers to Multiple Choice Questions and Freetext Questions
    • Log and usage data


Other Information We Receive

We use technical, interaction, error, and website analytics data to help us improve the MegaMinds experiences:


Technical Data

We receive data about the type of device you use to interact with MegaMinds, as well as its operating system, language, the name and version of browser, and other data needed to load and operate a room.

 

Interaction Data

We receive data about your interactions with MegaMinds, such as the number of rooms created, the number of users in a particular room, the start and end time of a your interaction with MegaMinds, the amount of time you interact with MegaMinds, the first time in a particular month or day that you begins to use MegaMinds.

 

Error Data

When MegaMinds crashes or fails, MegaMinds receives error messages which may include the room URL, response time for requests, the page you were on when you encountered the error, your operating system, browser information, and your IP address.

 

Website Analytics Data 

We use a variety of technologies to analyze and improve our platform. See 8. Third-Party Data Processors for a list.

 

  1. Third-Party Data Processors

 

Google Analytics

We use Google Analytics (GA) to better understand how you interact with MegaMinds. For example, we collect de-identified information about the number of rooms you create or enter, your interactions with buttons and menus, your session length, your location (country, state/province, and city), language settings, your browser type and version, viewport size, and screen resolution. You can opt-out of GA data collection by installing the Google Analytics Opt-out Browser Add-on.

Hotjar

To better understand user interactions on MegaMinds. Hotjar tracks user behavior by collecting data such as:

  • Mouse movements and clicks.
  • Scroll events.
  • Page visit timestamps. Hotjar anonymizes this data to ensure user privacy. You can learn more about Hotjar’s privacy practices by visiting Hotjar’s Privacy Policy.

Sentry.io

To automatically track and respond to technical errors, we use Sentry to track issues by collecting data such as:

  • Web Browser error codes
  • Web Browser reports
  1. Subcontractors and Data Sharing

MegaMinds works with subcontractors and third-party service providers to operate its platform. These subcontractors are contractually obligated to handle data in ways approved by MegaMinds, and they are required to adhere to our privacy standards. Data may be shared with subcontractors for the purposes of:

  • Platform operations and support.
  • Data processing (e.g., analytics, content storage).
  • Security and infrastructure maintenance.

Our subcontractors include:

  • Amazon Web Services for cloud storage.
  • Hotjar for analytics and user interaction tracking.
  • Auth0 for authentication services.
  • Sentry for analytics and issue tracking
  • OpenAI for generation of in-room design and lesson planning

MegaMinds ensures that all subcontractors meet legal and security requirements, and regular audits are conducted to ensure compliance.

  1. Information Disclosure

Amazon Web Services

MegaMinds uses Amazon Web Services for cloud storage, where we securely store the data collected through the platform. AWS ensures data protection through its robust privacy measures. You can find more information by reviewing AWS’s Privacy Notice.

Search Providers

When users search for images, GIFs, or 3D models to share within a MegaMinds room, the search queries are sent to third-party providers to deliver relevant results. MegaMinds does not store these search queries or the results. We currently support the following search providers:

Definition of Personal Information

At MegaMinds, “personal information” refers to any data that can directly identify you, such as your name, email address, or billing details, as well as information that can be reasonably linked or combined to identify you, like your account ID or IP address. We will always inform you about the specific personal information we collect.

Any information that does not directly or indirectly identify you is classified as “non-personal information.” If we store your personal information alongside non-personal data, we will treat the combined information as personal information. If all personal identifiers are removed from a dataset, the remaining information will be considered non-personal.

How We Collect Information

MegaMinds gathers information about you through several channels:

  • Directly from you: For example, when you provide feedback or submit crash reports.
  • Automatically through our services: This includes data collected when you use MegaMinds, such as your browser checking for updates or loading a room.
  • Third-party sources: For example, when external services like your email provider assist with account setup.
  • Inferred from data: Based on the information you’ve given us, we may derive additional details, such as using your IP address to customize language settings for your session.
  1. Security and Data Protection

How We Use Your Information

When you provide us with your information, MegaMinds will only use it for the purposes you’ve permitted. Primarily, we use your information to deliver and improve our products and services to ensure the best possible experience for you.

When We Share Your Information

MegaMinds may share your information in specific cases:

  • With your consent: We will only share your information when we have obtained your permission.
  • For processing and services: If third parties are involved in processing your data or delivering services, they are contractually obligated to handle your information in accordance with MegaMinds’ privacy standards.
  • Legal compliance: When legally required to do so, we may share your information in response to government requests or lawsuits. We will inform you of such disclosures unless prohibited by law. We only release personal information if we have a good faith belief that it is required by law.
  • To prevent harm: We may share your information if we believe, in good faith, that it is necessary to protect the rights, property, or safety of you, other users, MegaMinds, or the public.
  • Organizational changes: In the event of a change in our business structure, such as a merger, acquisition, or bankruptcy, your information may be transferred to a successor or affiliate.

How We Protect and Store Your Information

MegaMinds is committed to protecting your personal information through a combination of physical, technical, and administrative security measures. Despite these efforts, in the unlikely event of a security breach, we will notify you promptly so you can take the necessary steps to protect yourself.

We retain your personal information only for as long as it is needed to fulfill the purpose for which it was collected. Once your information is no longer required, we will take steps to securely delete or destroy it, unless we are legally obligated to retain it for a longer period.

  1. Changes to This Privacy Policy

MegaMinds may update this Privacy Policy as needed to reflect changes in our practices or legal requirements. Any updates will be posted online, and if there are significant changes, we will notify you through our standard communication channels, such as blog posts or forums.

By continuing to use MegaMinds after the updated policy goes into effect, you agree to the new terms. For your convenience, we will always display the “Last Updated” date at the top of this page, so you can easily track changes.

  1. Contact MegaMinds

If you have any questions or need to make corrections to your information, please reach out to us at:

Email: contact@gomegaminds.com
Attn: MegaMinds – Privacy

Linkedin Twitter Youtube Instagram Facebook Tiktok

About Us

Help Center

Accessibility

Terms of Service

Privacy Policy

FERPA

COPPA