Poodll takes customer concerns about their data seriously. This page is about the European GDPR (General Data Protection Regulation) but relates to Poodll's handling of data generally.
Moodle introduced new privacy tools in Moodle 3.5 and the same tools are available in Moodle 3.3 and 3.4 as plugins. Poodll plugins all support the Privacy API. Moodle privacy tools allow you to:
- Display required privacy statements to new users
- Request consent and log/report on consent received
- Document what user data a plugin is storing
- Manage and execute requests to delete or to export user data
Read more here: https://docs.moodle.org/en/GDPR
With the help of the Privacy tools in Moodle, it is possible to fulfill your reporting and other GDPR related responsibilities.
Classic Poodll recordings are initially sent to our Amazon S3 storage, they are removed after 24 hours and moved to Moodle. Ultimately the recordings are Moodle files and are managed by Moodle. The plugin/area they were uploaded to( e.g a forum, or a quiz) is responsible for them. The files reside inside the Moodle data directory.
Cloud Poodll recordings are stored on Amazon S3 storage until they "expire." Each plugin and activity instance of the plugin feature an expiry period. Files will be kept for the duration of the expiry period, after which they will be deleted automatically.
Some common questions we have received:
What information about users of the Poodll service do you store on your servers?
We do not store any personal information about students/teachers/users at all. There may be personal data contained within recordings. We do not know the content of the recordings.
Does our data leave Europe/USA/Canada/etc ?
We have Amazon AWS regions in North Virginia (USA), Tokyo (Japan), Dublin (Ireland) and Sydney (Australia). Cloud Poodll plugins also have regions in Ottawa (Canada), Frankfurt(Germany), London(Great Britain), Sao Paulo (Brazil) Singapore and Mumbai(India). It is possible to keep all your data within one of those regions by selecting that region. If this is important to you please check this document.
Can we request access to a recording? Can we delete data from your servers?
Poodll has been designed to keep recordings as anonymous as possible. There is no way for us to identify the owner of an uploaded file that is in our AWS storage. So it is not possible to match a user to their file(s), nor to authenticate a user as the true owner of a recording. Requests for data export or deletion should be made via Moodle and the new Privacy tools. Classic Poodll files are stored on your own Moodle site and can be exported or deleted from there. Cloud Poodll can be exported or deleted upon request, at which time Poodll will issue instructions on how to specify the files in question.
Our document explaining what happens to your data and our policies is available here.
Our Poodll Software as a Service Terms of Service are here:
For those users in Europe our GDPR Data Processor Addendum to the Terms of Service is here. Contact us to request a version we both sign.