Privacy Policy

From StarLogo Nova Wiki

The StarLogo Nova team (“StarLogo Nova,” “we,” or “us”) value the privacy of all of our users (“you”). We strive to collect as little personal information as possible and to protect any information we do collect through our website (https://www.slnova.org/). This document describes the information we collect, and how we store, use, and protect it. It also discloses your rights and choices about your personal information and how you can contact us if there are any questions or concerns.

What information does StarLogo Nova collect and store?

For the purpose of this Privacy Policy, personal information means any information pertaining to an identifiable individual. This personal information may be collected directly, like your email for password retrieval, or automatically, like an IP address.

In order to create an account, you must either create a username and password or complete a single sign-on. We store the username but only a 1-way hash of the password, which can be used to determine a password match but does not give us access to the password itself. We ask that you create a unique username (not the same as other websites) to maintain anonymity. You may also optionally provide an email address. This is used only for password reset requests. Additionally, StarLogo Nova collects and stores certain technical information (your IP addresses) in order to provide its service to you. This technical information is stored in our servers/logs but are not connected to specific individuals or accounts. Furthermore, StarLogo Nova uses “cookies” (small files that store information on your computer) to store information about your session and to assist with copy/paste and other operations of the editor. We do not use “tracking cookies” that track your browsing history across websites.

For single sign-on (SSO), we use a third-party service named AuthO, which is run by a parent company, Okta, an independent partner for identity management. We implement SSO with OpenID GUIDs, which only allows us to identify users on our software, and does not create connections to any other sites or information. When logging in via SSO, we and AuthO will not be collecting any additional personal information that may identify you.

You can use StarLogo Nova to create projects, galleries, 3D models, sounds, and other items, which are then collected and stored for your use. We strongly recommend that you do not enter any personal information (with the exception of an optional email address used only for password recovery) anywhere on the StarLogo Nova site.

How is this information stored and protected?

All of the user’s information, including projects, galleries, and any description text, are stored in a password-secured, limited-access database. Assets that you create, such as recorded sounds and uploaded shapes, are stored anonymously in a publicly-accessible Amazon S3 “bucket”, but with secret URLs (access paths) that are computationally difficult to guess. The secret URLs are stored in the secured database. Technical information about your connection is stored in connection and error logs on the StarLogo Nova servers, which are protected by high-grade SSH keys.

We take appropriate technical and managerial steps to keep your information secure. However, no security measures are perfect, and we cannot guarantee that your information may not be compromised by a breach of any of our systems. For this reason, we again encourage you not to enter personal information into the StarLogo Nova website; hackers cannot steal information that we do not have. If we are made aware of a breach of our systems or an unauthorized access to your data, we will post a notice on the StarLogo Nova website.

Additionally, we may automatically or manually remove information we deem to be “identifiable information” from user-generated content. However, we do not guarantee that all such information will be removed.

How is this information used?

The information we collect is used for five purposes:

  1. To provide a service to you
  2. To improve StarLogo Nova
  3. To conduct research and share with the research community about how people use or learn with StarLogo Nova
  4. To defend our legal rights
  5. To comply with legal requirements
  6. To protect our users' safety

We use all of the information we collect for purposes 1, 4, 5, and 6. We use only de-identified/anonymized information for purpose 2. Additionally, we use de-identified/anonymized information from publicly-shared content for purpose 3. The email address we optionally collect is used only for resetting your password.

Who has access to this information?

Only StarLogo Nova team members with SSH keys have internal access to the StarLogo Nova servers and database. The servers and database are hosted on Amazon Web Services (AWS), who store and transmit our information, and protect it from unauthorized access using data security best practices. AWS is not authorized to use or disclose this information except as required to meet our service needs. For more information about Amazon’s protection of our data, see https://aws.amazon.com/compliance/data-privacy-faq/.

Users of StarLogo Nova, when logged in, have access to their own user information and any content they have created. They may also share their content, thereby making it publicly accessible. Only public content can be shared between users.

Anyone online has access to content that users have shared publicly. To avoid issues with bullying and inappropriate private communication, no limited-access sharing is allowed; each piece of user-generated content is either private (accessible to the user only) or public (accessible to everyone online). For accountability and attribution purposes, the username of the author of shared content is typically listed on the web page containing that content. We do not share personal data with any other organizations, except as we deem it necessary to: comply with the law, to defend ourselves from legal action, or to protect the safety of our users. If we are made aware of content that we deem to be threatening, dangerous, or indicative of danger, we may share information about the content and its associated account with relevant law enforcement agencies and/or school officials.

Moderation/Abuse

We do not moderate or filter user-generated content, except for assets (3D shapes and sounds) that users request to be made searchable for other users to find. User-generated content remains the property and responsibility of the author. However, we will remove, at our sole discretion, any content brought to our attention that is obscene, hateful, bullying, illegal, copyrighted, or in any way detrimental to the positive experience of our users. We may block or delete the accounts of users who create such content.

User Rights and Choices

Updating Account Information

You can change your username, password, and email address in the “User Info” page of the StarLogo Nova website. It is implemented as a dropdown menu under “Edit Account Information” where you can edit the above information.

Data Protection Rights

Depending on your location, especially in the European Union, UK, Switzerland, or certain US states, there are rights that you may have under applicable data protections laws.

  • Right to Access - You can request a copy of your personal data.
  • Right to Rectification - You may ask us to correct inaccurate or incomplete information.
  • Right to Erasure - You can request the deletion of your personal data, subject to certain conditions.
  • Right to Restrict Processing - You may request that we limit how we use your data.
  • Right to Data Portability - You can request a copy of your data in a structured, commonly used format.
  • Right to Object - You may object to the processing of your data in certain circumstances, such as for direct marketing.
  • Right to Withdraw Consent - If we rely on your consent to process data, you have the right to withdraw it at any time.

If you wish to exercise these rights, please contact slnova-account@mit.edu for assistance. We will respond to your request to the applicable laws and regulations in a timely manner. Also, we are currently building automated processes that will allow users to directly exercise these rights.

Other State Law Privacy Rights

California Resident Rights

If you are a California resident, you have the right to request that we do not share your personal information with third parties for direct marketing purposes under the California Civil Code Sections 1798.83- 1798.84. To be clear, we do not share personal information for marketing purposes.

Nevada Resident Rights

If you are a Nevada resident, you have the right to request that we do not sell your certain types of your personal information to third parties who plan to license or sell that data. To be clear, we do not sell any personal information.

Data Retention

We will delete your personal information if requested. In case of deleting an account, any personally identifiable information, such as email, will be erased from our records. The user has the option to delete all of their data, or to reassign public galleries and public projects to an anonymous account. We once again encourage that you do not share any personal information through our website beyond your email for password retrieval purposes.

Children Privacy

StarLogo Nova is made and operated by the Scheller Teaching Education Program (STEP) at the Massachusetts Institute of Technology (MIT), which is a non-profit organization. As such, the Children’s Online Privacy Protection Act (COPPA) is not applicable to the StarLogo Nova website. However, our user’s privacy is still of utmost importance to us. StarLogo Nova does not ask for any identifiable information beyond the optional email address. We ask once again that personal and identifiable information not be shared on our platform.

StarLogo Nova also does not ask for information relating to a child’s education record as defined by the Family Educational Rights and Privacy Act (FERPA). StarLogo Nova does not disclose any of our users’ personal information unless required by law or to protect the safety of our users.

How Can I Protect Privacy on StarLogo Nova?

We will reemphasize to not share any personal information, such as name, physical address, email address, or phone number, in projects, assets, and any other form that may be shown publicly. StarLogo Nova will only ask for an optional email address in case of password recovery.

Contact Us / Changes to this Policy

If you have questions about this policy, you can contact slnova-account@mit.edu. From time to time we may change this policy. If we do, we will post the changed version on the StarLogo Nova website.

Retrieved from "http://wiki.slnova.org/w/index.php?title=Privacy_Policy&oldid=6291"