Privacy policy

Introduction

CYPHER LEARNING INC., 4 Embarcadero Center, Suite 1400, San Francisco, CA, 94111, is committed to protecting and respecting your privacy.

These Privacy Terms together with our Terms and conditions (and any other documents referred to in it, and any other contractual terms that may be in place between us and you) sets out the basis on which any personal data that we receive from you, gather from you, or process for you, will be used by us. It applies to any data gathered due to your use of the following websites: www.cypherlearning.com, www.neolms.com, www.neolms.eu, www.matrixlms.com, www.matrixlms.eu, www.indielms.com, blog.neolms, and blog.matrixlms.com.

For the purposes of the EU General Data Protection Regulation ("GDPR"), in the cases where we gather data through our websites and marketing campaigns, we are the "data controller". In the case of the data that clients use in any of our learning platforms, we are the "data processor". For more details on how CYPHER LEARNING is GDPR compliant please visit this page.

Information we may collect from you

Through our websites

You may give us information about you by filling in forms on our websites or by corresponding with us by email, phone or otherwise (we only correspond by phone in the case of support and other product services). This includes information you provide when you register and subscribe to use our learning platforms, contact forms you may submit on any of our websites, and communications with our support and product team.

The information you give us may include your name, email address, country, state, city, phone number, institution type, institution name, institution website, institution size, username, password, portal URL, portal name.

Through our marketing campaigns

You may give us information about you when filling in forms in our content marketing campaigns (for example in the case where we offer a brochure or white paper in the exchange of your data), registrations to webinars and other events, subscribing to our blogs, or participating in marketing activities at trade-shows and conferences.

The information you give us may include your name, email address, country, state, city, phone number, institution type, institution name, institution website, and institution size.

How do we use your data

Data collected through our websites or registration/subscription to our learning platforms

The data provided by users when registering to use our learning platforms is used in the following ways:

  • To send informative emails for the users on the 14-day Free Trial
  • To send the monthly newsletter to all Free Trial users and paying clients
  • To send product updates to all users
  • Data provided by users on the Free Trial can also be used for marketing campaigns that might be suited for them such as invitations to webinars and events, content marketing campaigns, campaigns to convince users to upgrade to a paid plan, marketing research campaigns related to our platforms and industry, etc.
  • Data provided by paying clients can also be used for marketing campaigns that might be suited for them such as invitations to webinars and events, content marketing campaigns, marketing research campaigns related to our platforms, campaigns to gather product feedback, etc.
  • Phone numbers collected through our automated phone system on our websites are stored in Nextiva and we do not store this data on our company servers. When contacting us through our phone system users agree to give their phone number and we only use phone numbers to respond to inquiries that come through our websites. Paying customers sometimes may require phone support and we provide that service, but we only use the phone numbers provided by clients with their consent.
  • Data provided when subscribing to our blogs is used to send blog updates and future marketing campaigns, similar to the ones mentioned above.

Data collected through marketing campaigns

The data collected through marketing campaigns is used in the following ways:

  • In future marketing campaigns that might be suited for them such as invitations to webinars and events, content marketing campaigns, campaigns related to our platforms and blogs, research campaigns related to our platforms, blogs, and industry.

Data hosted by clients on our platforms

Our clients are fully responsible for the data hosted on our platform and how they use it. In this case they are the "data collector" and we are the "data processor". We only collect the data that clients use when registering for our platforms, which is usually the administrator account of the platform. Clients decide the type of user data they upload and use in our platform and if they want to use our platforms to collect more user data, by allowing users to self-register for their portals.

How long do we store data

Client data such as registration details, company details, data stored by the client in our learning platforms, is stored as long as the client is registered to use our learning platforms. In the case of www.matrixlms.com, www.matrixlms.eu, and www.indielms.com after the 14-day Free Trial if the user does not upgrade to a paid plan, their registration is terminated and we delete their data.

Personal data gathered through marketing campaigns and website forms (such as contact forms on our websites) is stored until the user decides that they don't want to receive updates from us anymore. We use email marketing to communicate with these contacts and there is a "Unsubscribe" option available in each email. If a person does not interact with our marketing campaigns for a period longer than one year, we will delete the contact information from our database.

Blog subscribers receive blog updates until they decide to stop their subscription. The "Unsubscribe" option is available in each blog update we send out.

We do not store phone numbers.

Where do we store data

Clients' data located in the USA is stored on our secure company servers on AWS. Clients' data located in Europe, from the learning platforms www.matrixlms.eu and www.neolms.eu is stored on the Amazon servers in Frankfurt.

Personal data such as blog subscriptions and data that we use for marketing campaigns is hosted in our email system Active Campaign and on our company database for marketing use on Dropbox.

Security measures implemented in our learning platforms

Our learning platforms include the following security mechanisms to protect its members and their resources: passwords, walled communities, authenticated resource access, secure profiles, secure messaging, communications monitoring, secure e-commerce, secure storage, secure servers. All communications are over HTTPS, all personal passwords are encrypted with individual SALT values, we use a rate limiter to prevent script kiddies or malicious attackers from overwhelming the system, our Amazon servers are hosted in their own VPC (virtual private cloud), and all remote ssh logins are protected using public/private keys. We conduct regular security audits and run daily security tools on our site to automatically detect and report security issues. You can easily prevent selected users from logging in, revoke their access rights, or delete them entirely if necessary. You can configure your site security policies to specify which operations can be performed by specific account types.

We provide Policy documents for our clients to use on their portals. This feature gives clients the framework to create documents that describe their privacy policy and require users to accept their privacy policy.

How do we use data shared through Google SSO and Google Drive

We use the information provided by users such as their email address for authentication through G Suite single sign-on and for accessing the files in Google Drive of the user if they use this integration in our platform. We don't alter in any way the user data in Google Drive and we only store the data in our system if the user wants this. We do not use Google user data in any other way.

FERPA compliance

CYPHER LEARNING INC. is FERPA compliant. More details about FERPA.

EU-US Privacy Shield compliance

CYPHER LEARNING complies with the EU-US Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. CYPHER LEARNING has certified that it adheres to the EU-US Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the EU-US Privacy Shield program, and to view CYPHER LEARNING's certification.

We cooperate and comply with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) to investigate unresolved complaints.