How Bodyswaps collects, processes and stores data and its relation to privacy, security and legal requirements.
The intended audience are companies deploying Bodyswaps that wish to ensure their users data is processed lawfully and securely.
Table of contents:
3. Privacy
Executive Summary
Bodyswaps is a 3D immersive training application that runs on PC and standalone VR headsets, mobile devices and as a Windows application.
The Bodyswaps client application works as a player and a single application can host multiple training content. Content is built from discrete learning templates designed and produced by Bodyswaps.
The application communicates with several cloud services in order to provide aspects of its functionality.
Bodyswaps is GDPR compliant and data is processed and stored within specific regions that are set on a per customer basis.
How we use data
Data is generated by the learners activity in the app and is collected by our servers. This data is used to:
- provide personalized feedback to the learner in the app, or dynamically adjust the simulation.
- provide functionality to pause/resume sessions across multiple devices
- track learners progress for organisational records
- measure the success of our training modules
- internally to improve our product
Privacy
Bodyswaps is a safe psychological space to learn and practice communication skills. It is not an assessment tool.
Unless explicit consent is given by the user within the app, for approved research purposes only, no personal data is shared with any third party or with the contracting organisation. This is to protect learners of our modules from being assessed, without their knowledge, outside of clearly marked assessment activities.
If and when assessment activities are added in the future, they will be clearly delineated and identified as such.
Outside of our legal responsibilities as a company, it is equally important to us that our users privacy is respected and that trust is not broken.
Learner data that is shared is limited to module completion and survey answers. This what you would reasonably expect to enable educators to facilitate classes.
What data we process
This section details the type of data we collect and process and why.
Customer Records
We store information internally relating to our customers (the organisation), for the purposes of billing (invoicing), contractual, communication and for development purposes.
| Data | Notes |
|---|---|
| Account holder business name, and key contact details. | Required for billing |
| Payment History | Required for billing |
Account & Licensing Data
Our app is protected via a licensing management system that ensures that our application is being used by our customers within the terms specified in our commercial agreements. The app sends device serial numbers and model information to our license server for validation. We can also remotely personalise the app experience for each customer (for example changing logos, updating privacy settings). We also log when content is launched inside the app for where billing is charged on a per session model.
| Data | Notes |
|---|---|
| Device unique identifier | We store a unique hash of your device serial ID and network address. This uniquely identifies your device without requiring either data. |
| Configuration Data | Various settings that allow us to remotely configure the app on a per account basis |
| App Usage | Each time a module is run in the Bodyswaps app we update our records for billing purposes. |
Learner Records
As learners progress through the module we store the following data.
| Data | Notes |
|---|---|
| Device model and OS versions | Used for licensing & quality assurance purposes |
| Module progress | When the user passes a checkpoint their progress is saved and backed up online so it can be resumed at a later point either on the device or on another |
| Avatar Selection | The learners avatar selection is stored so that they can recall it later. |
| Survey answers | We ask the user to rate their confidence across a number of learning objectives both pre and post training. This data is aggregated to provide metrics regarding training effectives in the organisation dashboard. |
| Transcripts | Anonymised transcripts are used for quality control purposes |
| Answers | Responses with timings to multiple choice questions, observation activities are captured for product quality control purposes only. |
| Feedback metrics | Metrics related to providing personalised feedback in our analytics panels are captured for product quality control purposes only. |
| Dwell times | Dwell times and use of skip forward are captured for product quality control purposes only. |
Speech Understanding
The app uses speech recognition technology to allow learners to talk to avatars. The app detects the speed the user is talking at, how much they use filler words and performs keyword/semantic analysis to infer intent which is fed back to the learner in the form of personalised tips. As part of this process the voice data from the microphone is anonymously encoded and sent to a third-party cloud service for processing. The user is always informed when the microphone is recording. The audio recording is anonymous and not stored by us beyond its use in the app.
Large Language Models
We also use LLM's to provide advance personalised feedback based on user transcriptions in a limited number of learning modules. We currently use OpenAI's GPT4 service, but reserve the right to change provider for qualitive, cost or logistical reasons. Any data sent to AI models is first anonymised by us. These features can be disabled on an per account basis (please contact our customer service team) and also require individual user approval before use. However disabling LLM's will reduce functionality or completely remove features of impacted modules.
Data movement & processors
Bodyswaps like most modern SaaS platforms uses third party sub processors to host our code and databases. This enables us to scale efficiently and offer best in class redundancy and security. The majority of technology stack is built on top of Google Services with additional services operated by Microsoft, Mongo and Open AI. We reserve the right to change our service providers in future and will notify customers of any changes.
| Processor | Details |
|---|---|
| Microsoft Azure | We use Microsoft Azure Speech to text processing service to translate user voices to transcripts. This is anonymous and powers our NLP and voice control features. |
| Google Cloud | We use Google Cloud to host our main business logic that manages the interactions between the app and our back-end services that allows our clients to manage their Bodyswaps deployment. This includes the collection of learner personal data in our secure Firestore database |
| Open AI |
We use Large Language Models to analysis user transcripts for natural language processing and product features. These are used in limited cases and are clearly signposted, where possible we offer an opt-out route. |
| Mongo |
We store AI inferences and prompts in our Mongo DB Atlas cluster for quality and control purposes. |
| Sendgrid |
User emails are sent to Sendgrid for transactional email purposes |
| Hubspot | Basic user data (e.g. name, email, shared conversations) is stored in Hubspot. |
| Slack |
User data (support tickets, licencing updates) are discussed in chat in Slack. |
| Vitally |
User & Account data (e.g. name, email, shared conversations, product usage data, license details) is stored in Vitally. |
Geographic locations
Currently data is hosted in Google's data centers in the EU and data remains in the EEA region.
Later this year we will provide options to host data in further geographic regions.
Data flow architecture
The following diagram shows how data is moved between our various micro-services.
Data Processing Period & Retention
We process the data of active users during the period of the contract in order to provide our services to you.
Following expiry or termination of the contract, we retain your data for 90 days, after which it is anonymised or permanently deleted.
GDPR compliance
This is how we comply with GDPR law:
- We conduct Data Protection Impact Assessment (DPIA) to identify potential risks and vulnerabilities associated with the processing of personal data.
- We implement appropriate technical and organizational measures to ensure confidentiality, integrity and availability of personal data such as encryption, access controls and backups. We conduct regular penetration tests, data is securely encrypted in transit and at rest (AES256)
- We obtain explicit consent from individuals before processing their personal data and provide them with clear and transparent information about how their data will be used through our End User Agreement and Privacy Policy.
- We give individuals the right to access, correct, or delete their personal data, as well as the right to object to its processing or to withdraw their consent at any time. Requests can be sent in email to support@bodyswaps.co and will be processed in a timely fashion
- We ensure that all data transfers to third parties, whether within or outside the EU, are conducted in compliance with GDPR requirements and that appropriate safeguards are in place.
- We provide regular data protection training to employees and contractors who have access to personal data to ensure they understand their obligations and responsibilities under GDPR.
- We have a clear data breach response plan that outlines how we detect, investigate, and report any data breaches to the relevant authorities (ICO) and affected individuals.
- We conduct regular audits and reviews of your data protection policies and procedures to ensure they remain up-to-date and effective.
We are ISO 27001 certified.