The low down on your privacy
Let's start with some basics that answer most of the questions we get asked.
- All information is stored in a database which is hosted by Amazon Web Services (AWS).
- Non-personal information (e.g. how many students in a class, how many logbook entries were submitted, etc.) are available in aggregate to The Center for Koru Mindfulness. This helps us understand how students are using the system so we can make improvements. This data is always retrieved and presented anonymously.
- All info continues to be available to the student through their registered account. Information can be permanently removed from the system through the users Account page or by request (firstname.lastname@example.org)
- Your Name, email, logbook entries, comments, and stats submitted during the time of your Koru class are available to your teacher through the Teacher Dashboard. A teacher can access this data as long as they are a Koru Teacher. However, please note you are only connected to your teacher during the span of your Koru class. Your teacher will not continue to receive your log entries.
- Passwords are salted and hashed.
- If you have opted in, your gratitudes will be shared anonymously on the Gratitude River with your class cohort. Once the class is over, these will be shared with the global Koru community.
- The app continues to connect you with your class cohort on the Class Progress screen. This data is always anonymous.
- We use stripe to handle all of our payments. Learn more about Stripe's security practices..
Information We Collect
We may collect the following information from users of the Web Sites: first name, last name, street address, city, state, zip code, phone number, e-mail address, electronic signature and credit card information (we store only the last four digits) (collectively, "Personally Identifiable Information" or "PII"). The Web Sites are not intended for use by children under the age of 13, and we do not knowingly collect PII from children under the age of 13. Use of the Web Sites requires that you register and/or create an account ("Account") or use the Web Sites as a guest.
We also collect aggregated information, demographic information and other information that does not reveal your specific identity ("Non-PII"). Non-PII may include information about the device you use to access the Web Sites, information from referring websites and your engagement with the Web Sites.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
When you use this site several actions (e.g. commenting) trigger the dispatch of emails. They contain information about you associated with your email address. Which data are part of these emails depends on the action performed. These emails are stored and accessible to the site management as log.
Use of Collected Information
User generated content posted through the Web Sites such as Service reviews and certain social networking preferences (e.g. pages you "Like" or "Follow") may be viewed by the general public. Accordingly, we cannot ensure the privacy of any PII included in such user generated content.
Protection of PII
We use reasonable security measures equal to or exceeding industry standard to protect PII from unauthorized access, destruction, use, modification and disclosure. Unfortunately, even with these measures, we cannot guarantee the security of PII. By using the Web Sites, you acknowledge and agree that we make no such guarantee, and that you use the Web Sites at your own risk.
Accessing, Correcting, and Deleting your PII
Registered Account holders can access and change their own PII using the "Change" function on the Web Sites. If you have an account on this site you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can delete your account using the "Delete" function on the Web Sites. This will erase any personal data we hold about you, including proof of payment. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
If you have questions regarding our use or collection of your PII, please contact us at email@example.com.