Collection of Personally Identifiable Information
We collect personally identifiable information, like names, postal addresses, email addresses, images and videos of your likeness etc., when voluntarily submitted by our visitors. This information may be provided in the form of videos, comments, photos or forms that contain personal information. The information you provide is used to fulfill your specific request and for the uses outlined below. Once collected, this information is sent to our servers located in the United States.
Use of Personally Identifiable Information
We use the information we collect to provide the service or transaction you requested, and importantly, to maintain and improve the services we provide, including for example by providing you with a better user experience when accessing our services. We only use or process your information in a way that is compatible with and relevant for the purpose for which it was collected or authorized for use.
We may share your personally identifiable information with authorized third-parties, agents, or our affiliated businesses or contractors in order to provide a requested service or transaction. For example, if we need to ship something to you, we must share your name and address with a shipping company. We also use information collected from cookies and other anonymous identifiers to improve your user experience and the quality of our services.
We may collect and share personally identifiable information when we have a good faith belief that access, use, or disclosure of such information is reasonably necessary to satisfy any applicable law, rule, regulation, or enforceable governmental or administrative request, enforce our applicable Terms of Service, including investigation of potential violations, detect, prevent, or address fraud, security or technical issues, or protect against harm to the rights, property or safety of Satarii, our users or the public.
Our use of information other than for the purpose of completing a requested transaction or service is on an opt-in basis. This means that you will not receive communications from us regarding, for example, specials, new products or new services, unless you have given us affirmative permission to receive such communications.
Collection of Non-Personally Identifiable Information
For each visitor to our websites, we collect non-personally-identifiable information including IP address, profile information, aggregate user data, preferences, technical session information, browser type. This data is used to manage the website, track website usage, provide context for referring traffic sources, and improve overall website performance. This non-personally-identifiable information may be shared with third-parties to provide more relevant services and advertisements to members. User IP addresses are recorded for security and monitoring purposes. If you arrived at our website via a link from another webpage, we may receive aggregate or otherwise anonymous statistical information about your visit to our site. We monitor customer traffic patterns and site usage to help us develop the design and layout of the site, and to improve the content of our website to better match the interests of our website users.
Information Collected from Residents of the European Union
Satarii’s services are hosted and operated entirely within the United States of America, and any information you submit to us is presumed to be hosted on servers located within the USA, and you consent to this transfer of your personal information to United States jurisdiction by accessing or using our services. Please note that United States laws may vary from your national laws, and may not offer the same privacy protections as your national laws.
Satarii shall refer unresolved privacy complaints received under the Safe Harbor Agreement to the independent dispute resolution program BBB EU Safe Harbor Program as administered by the Council of Better Business Bureaus. If your complaint is not resolved to your satisfaction through our internal dispute resolution efforts, then please visit consult with the BBB EU Safe Harbor program for more information or to file a complaint.
Our Commitment To Children’s Privacy
The Children’s Online Privacy Protection Act (COPPA) was created to protect children under the age of thirteen from unsuspecting practices related to collecting, using, or disclosing any information about them. Our services are neither intended nor directed for use by children under the age of thirteen. Satarii does not knowingly accept, collect, maintain or use any information from any child under the age of thirteen, and if a child whom Satarii knows or suspects to be under the age of thirteen sends personal information to us online, we will only use that information to respond directly to that child, notify the parents, or seek parental consent.
Distribution of Information
We may also share your personally identifiable information with third parties if we have a good faith belief that access to or use of this information, or the preservation or disclosure of this information is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce our Terms of Service, including for investigation of possible violations; detect, prevent, or otherwise remedy fraud, security threats or breaches, or other technical issues; and to prevent harm to the personal or property rights of Satarii, or other third parties, as permitted by applicable laws.
Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. Specifically we take the extensive steps outlined below to ensure security.
Satarii Security Overview
Swivl Cloud runs on Amazon EC2 Compute Cloud for the core application. Swivl Cloud uses Amazon S3 for storing your video. Amazon states that they have highly secure data centers which utilize state-of-the art electronic surveillance and multi-factor access control systems, that its data centers are staffed 24×7 by trained security guards, and access is authorized strictly on a least privileged basis. You can learn about Amazon’s security at the AWS Security Center. AWS has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS undergoes annual SOC 1 audits and have been successfully evaluated at the Moderate level for Federal government systems as well as DIACAP Level 2 for DoD systems. Access to Swivl Cloud data portal management is limited to several key employees and is protected by a two-factor authentication mechanism for access, requiring authorized team members to first log in using their email address and password, then enter a six-digit access code that refreshes every 30 seconds from a linked mobile device. All private data exchanged with Swivl Cloud is always transmitted over SSL. For API connectivity between Swivl Capture app and Swivl Cloud, we use OAuth authentication occurring over SSL protocol.
User Video Access
Other Cloud users can’t see your projects unless you deliberately share public links to projects or share projects via email or group. If a video is shared with a specific user via email, if someone else gets this email, they will be unable to access the video unless they have login credentials of that user. Public projects are only viewable by people who have a link to the project(s). Videos that are deleted by the user are retained for 30 days for recovery purposes due to accidental deletion (per user request) and then removed permanently from the Swivl Cloud storage servers. Swivl Cloud user listings are not available or visible to individual users and thus all student data is hidden
Only Swivl Cloud Institutional Account administrators have additional visibility to their member data, but it is specifically configured by each administrator and has to be explicitly accepted by each Institutional Account member.
A very select number of employees (senior engineering leadership) have the ability to access video data only when legally required or requested by customer for technical support.
Privacy Contact Information
If you have any questions, concerns, or comments you may contact us at firstname.lastname@example.org.
We reserve the right to make changes to this policy. Any changes to this policy will be posted.