Data use, privacy and security

How Bodyswaps collects, processes and stores data and its relation to privacy, security and legal requirements.

The intended audience are companies deploying Bodyswaps that wish to ensure their users data is processed lawfully and securely.  

Executive Summary

Bodyswaps is a 3D immersive training application that runs on PC and standalone VR headsets, mobile devices and as a Windows application.
The Bodyswaps client application works as a player and a single application can host multiple training content. Content is built from discrete learning templates designed and produced by Bodyswaps.
The application communicates with several cloud services in order to provide aspects of its functionality.
Bodyswaps is GDPR compliant and data is processed and stored within specific regions that are set on a per customer basis.

Terminology

Term Description
Customer The organisation purchasing the licenses of Bodyswaps
Learner The end-user who is benefiting from the training.
Client App The application software that is installed on the device - e.g. headset or mobile phone
Content/Module A training module that runs in the client app. An single app can host multiple modules.
Learner Data Any data that is ascribed to the learner
Session A single playthrough of a training module
Activation The remote unlocking of the client app so that it can be used in accordance to the customer license agreement.
Cloud A network of internet devices that provide a service.
Deployment The process of distributing and installing the software onto devices and in the hands of learners.
Coach An individual responsible for monitoring the use of the app by their learners. Typically an HR employee or education provider.
 
 

What data we process

This section details the type of data we collect and process and why.

Customer Records

We store information internally relating to our customers (the organisation), for the purposes of billing (invoicing), contractual, communication and for development purposes.
Data Notes
Account holder business name, and key contact details. Required for billing
Payment History Required for billing
Number of installs, sessions used Required for billing
Account holder business logo [Optional] for customisation
Design related documents Used for production of bespoke content (optional) - includes reference training material p

Account & Licensing Data

‌Our app is protected via a licensing management system that ensures that our application is being used by our customers within the terms specified in our commercial agreements. The app sends device serial numbers and model information to our license server for validation. We can also remotely personalise the app experience for each customer (for example changing logos, updating privacy settings). We also log when content is launched inside the app for where billing is charged on a per session model.
Data Optional Notes
Device unique identifier N We store a unique hash of your device serial ID and network address. This uniquely identifies your device without requiring either data. 
Configuration Data N Various settings that allow us to remotely configure the app on a per account basis
App Usage N Each time a module is run in the Bodyswaps app we update our records for billing purposes.

Anonymous App Analytics

‌We track specific events in the app such as which modules have been launched, app launches, crashes and the results of in-app surveys etc.. This data is anonymous in that it is not tied to an individual learner but can be linked to our customers account. This information is used to provide our clients with a useful dashboard where they can see aggregate end-user usage statistics of the platform and also to help us better improve the application in future and identify any technical issues.
Data Optional Notes
Device model and OS versions Y Used for licensing & quality assurance purposes
Screen views Y Each screen view events so we can monitor progress through the app.
Learning Module Launches Y Which content has been launched
Avatar Selection Y Which avatars have been selected.
Aggregated score results Y Internal QA [anonymous]
Learner satisfaction survey Y Users are invited to rate the effectiveness of the app for internal QA [anonymous].
Transcripts Y Anonymised transcripts used quality control purposes
     

Speech Analysis

‌The app uses speech recognition technology to allow learners to talk to avatars. The app detects the speed the user is talking at, how much they use filler words and performs keyword/semantic analysis to infer intent which is fed back to the learner in the form of personalised tips. As part of this process the voice data from the microphone is anonymously encoded and sent to a third-party cloud service (IBM) for processing. The user is always informed when the microphone is recording. This data is anonymous and not stored by us beyond its use in the app. Additionally, this feature can be disabled at a client level - but will impact the effectiveness of the training.

Learner Data

‌We currently provide an option for users to supply their email address so they can be sent an automated email containing their results. This can be disabled on a per account basis. Note: future versions of Bodyswaps will track learner progress and results via our own database or using a customers learning record store to provide learners with post session feedback emails, notifications, track progress through the learning program and provide authorized administrators, e.g. coaches, access to the learners data.

Standard

‌We have an option whereby at the end of each session the users may receive via email a personalised tips and reports. In order to process this we need the following data:
Data Optional Notes
Learner email address Y For sending automated email reports. Removed after email has been sent. Entered in the app by the learner.
Learner scores Y Used for creating a personalised tip sheet these are uploaded to our server for a period of 24 hours.

Enhanced (Performance Feedback App)

Some clients may wish to make use of the Coach App functionality. This is a learning management system in which coaches can invite and monitor learners activity. As part of this functionality the coach can replay sections of the learners Bodyswaps experience and send back review notes via our automated emails. This is an optional feature being rolled out to selected customers.
Data Optional Notes
Learner name & email address N* Entered by the coach and maintained for sending email notifications to the learner.
Learner voice audio & body movements N* Used for replay of the intervention for review by the coach. The learner must consent to each upload in the app.
Coach review scores & notes N* The coach will record their scores and notes. These are maintained in our stores.
*This feature as a block is optional.
This data is maintained for the length of the contract with the customer.

Data privacy

We recognise the need for different customers to control and manage the privacy of their users. Therefore we provide a flexible per client configuration of data policies depending on each organisation's needs.
Privacy settings can be controlled at:
  • Customer account level - set for all learners
  • [Optionally] At a learner level - via in app the settings menu.
Privacy options can be locked at an account level if preferred.
 
image (1).png
Note that disabling the use of data, also has impact on the functionality of the application, see below:
Data Option Description Impact
App Analytics Sending metrics relating to user progress, scores whilst using the app Cannot provide analysis to clients about user engagement, track learner progress or use coach functionality.
Voice Analysis Stop external processing of voice data. Cannot use voice to control the app or speak to avatars. Users cannot get automated feedback relating to semantic/tone/speed of voice in the app.
Learner Data Stop the collection of user emails in the app. Users will not be able to receive follow up tips via email after the application.
Shared Device Regards the caching of user state between training sessions on the device If switched on the EULA will need to be agreed each session. No email or session data will be cached on the device
User Opt-out Allow individual users to control their own data privacy If on this means the user could opt out of being tracked, if off then assumption is the learner has already agreed to employee terms of use.
When the device is first activated these preferences will be downloaded to the app. They can also be changed at any point.
Currently we do not offer a self-service interface for managing these options and so please contact your Bodyswaps account manager for more information.
 

Data movement

Bodyswaps like most modern SaaS platforms uses third party providers to host our code and databases. This enables us to scale efficiently and offer best in class redundancy and security. The majority of technology stack is built on top of Google Services with additional services operated by IBM. We reserve the right to change our service providers.

List of data processors

Processor Details
IBM Watson Speech to text processing for voice control and semantic analysis.
Google Cloud Collection and processing of learner data.

Geographic locations

We offer the ability to host our data servers in the following locations:
Region Locations
United Kingdom London
European Union Belgium & Netherlands
‌This ensures that personal data is not held or processed by third parties in countries that do not have the same regulatory standards as the host country.
 

Data flow architecture

‌The following diagram shows how data is moved between our various micro-services.

Data security

We take the security of your data very seriously and are working towards achieving the highest standards. Our aim is to achieve ISO20071 certification by the end of 2021.
 

In Transit‌

Transmission of data is always sent via a secure internet connection using HTTPS between client and servers.

At Rest

All data is stored encrypted on the disk.
 

Access to data

Only the designated data controller (CTO) has access to the databases.
 

GDPR compliance

We adhere to GDPR law and never share or sell any data with third parties. Data is processed lawfully, fairly and in a transparent manner in relation to individuals.
Bodyswaps informs the user on application first-time start-up that we collect data and how we will use it. They are offered an opportunity to opt-out in which case we no longer send data other than necessary for the licensing manager and speech-to-text functionality.
Bodyswaps data is used only for the purpose of improving our product. The data contains results, transcripts, device information and events at various trigger points in the app. This allows us to refine the application for balancing purposes, identify bugs and usability problems. Whilst data can currently be tracked back to a device/customer account we don’t store any personal user information.
All data is transmitted via HTTPS and stored in secured data repositories with Google services, which provides best-in-class security and redundancy.
 

Data Removal Requests

We generally only maintain data for as long as it is required. This is often for the length of the contract between Bodyswaps and the customer. Specific requests for data removal can be done by contacting your account manager.