Trust Center
At eduBITES, the security and privacy of your data are our top priorities. We understand that trust is built on transparency, which is why we’ve created this Trust Center to provide you with clear, straightforward information about how we protect your data.
Whether you’re a client, partner, or simply curious about our practices, you’ll find detailed answers to common questions about data security, privacy, compliance, and the technical measures we use to keep your information safe.
FAQ
Data Collection, Storage, and Processing
Types of Data Collected:
i) Personal Data:
eduBITES collects personal user data, including your name, email, job title, and user activity. This data is crucial for providing you with a personalized and effective experience on the platform.
ii) Company Content:
Company data includes any content you create, upload, or generate on our platform, as well as results from knowledge sprints. This data is essential for enabling your organization to capture and utilize knowledge effectively.
How eduBITES Deals with Data:
All personal and company data is securely stored in AWS data centers located in Frankfurt, Germany. This location was specifically chosen to ensure compliance with European data privacy standards like GDPR.
To protect your data, we use advanced encryption methods such as AES-256, which makes it unreadable to unauthorized users. During data transfers, we implement additional security measures through HTTPS/TLS 1.2, safeguarding your data while it’s in transit.
eduBITES also adheres to AWS security best practices, including the use of AWS Key Management Service (KMS) for encryption key management and AWS Identity and Access Management (IAM) for controlling access to AWS resources.
For business administration tasks like CRM and project management, we collect personal data through Google Cloud (EU) and Monday.
Subprocessors:
In some cases, subprocessors may be involved in processing and storing your company content. We continuously monitor these subprocessors to maintain the highest levels of security and data protection. For further information, refer to our list of subprocessors
Example of Subprocessor:
We use Elai for creating synthetic media and custom avatars. All content produced through Elai is stored on their servers in AWS data centers in Frankfurt, ensuring compliance with GDPR and ISO 27001.
We have a clear process for deleting personal data. If your contract with us ends, we manually delete your data within 60 days, ensuring it’s completely removed from our systems.
Security Measures, Incident Response, and Communication
We use multiple layers of security to protect your data. This includes encryption methods like AES-256, which ensures your data remains unreadable to anyone without the proper access. Strong network protections, such as firewalls and intrusion detection systems, are also in place. Our team is regularly trained on data security, and we constantly monitor our systems and conduct security audits to catch any potential vulnerabilities early.
- Restricted User Access: eduBITES ensures that only signed-in users can access its services. You must log in to your account before interacting with any platform features, ensuring that only authorized users can view or manipulate data.
- Single Sign-On (SSO): We have implemented SSO functionality, allowing users to log in using a single set of credentials across multiple services. This simplifies the login process and enhances security by reducing the number of passwords you need to manage.
- Secure Data Handling: All data stored and transmitted by eduBITES is encrypted, ensuring that even if data is intercepted, it cannot be easily read or tampered with.
- Controlled Access: eduBITES uses role-based access control, meaning users have different levels of access depending on their role. This limits the amount of data or functions that any given user can access, reducing the risk of unauthorized access.
- Authentication and Authorization: Restricted User Access: Only signed-in users can interact with the platform, ensuring that unauthorized individuals cannot access your data.
- Single Sign-On (SSO): SSO is implemented to streamline secure access across multiple services with a single login, minimizing the risk of unauthorized access.
- Data Encryption:Encrypted Data Storage and Transmission: All data on eduBITES is encrypted, both at rest and during transmission. This means that even if data is intercepted or accessed by unauthorized users, it remains unreadable and secure.
- User Roles and Permissions: Role-Based Access Control: eduBITES assigns different levels of access based on user roles, ensuring that only those with the appropriate permissions can view or modify sensitive data.
- Proactive Monitoring and Alerts: Real-Time Monitoring: eduBITES continuously monitors its systems for any signs of suspicious activity or unauthorized access attempts.
- Data Breach Response Plan:
- Incident Response Team: eduBITES has a dedicated team ready to respond to any security incidents swiftly. This team is responsible for containing any breaches, mitigating damage, and restoring the security of the platform.
- User Notification: In the unlikely event of a data breach, eduBITES is committed to notifying affected users promptly, providing clear information on the breach and steps taken to protect your data.
Data Access and Identity Control
Access to your data at eduBITES is carefully managed and monitored to ensure that only authorized individuals and systems can interact with it.
- Authorized Users:
- Signed-In Users: Only users who have successfully signed into the platform can access their data and any services they are authorized to use. This ensures that your data is only accessible to you or those within your organization who have the appropriate credentials.
- Role-Based Access: Users are granted specific access rights based on their role within the platform. For example, an admin may have broader access to manage user accounts and data, while regular users have more limited access tailored to their needs.
- Platform Administrators:
- Limited Admin Access: eduBITES platform administrators have restricted access to certain data necessary for maintenance, support, and user account management. This access is tightly controlled and regularly monitored to prevent misuse, ensuring that administrators only interact with data as required by their roles.
- Third-Party Integrations:
- Authorized Service Providers: If eduBITES integrates with third-party services, only authorized integrations essential for the platform’s operation may access specific data. These third parties are bound by strict confidentiality agreements and robust data protection measures, ensuring that your data remains secure.
- Automated Systems and Services:
- System Processes: Automated systems within eduBITES may access data to perform essential functions such as backups, monitoring, and security operations. These processes are designed to operate without human intervention, maintaining privacy and security while ensuring the platform runs smoothly.
- Legal and Compliance Requirements:
- Lawful Access: In certain situations, eduBITES may be required to provide access to data in response to valid legal requests, such as court orders or subpoenas. These situations are handled with strict adherence to legal requirements and privacy policies to ensure your data is protected to the fullest extent possible.
Yes, we have separate environments for development, testing, and live operations. This separation ensures that any testing we do won’t affect your data or the live system, keeping everything secure.
Compliance and Legal Considerations
We take data protection seriously and follow strict regulations like GDPR. This means we only collect the data we need, keep it accurate, and protect it with strong security measures. We also conduct regular audits to make sure we’re following these rules. Although we’re not yet ISO 27001 certified, we align our practices with its standards and are committed to transparency by making audit results available on request.
Intellectual Property and Confidentiality
eduBITES has implemented several measures to ensure that information subject to confidentiality agreements or similar restrictions is not passed on without authorization:
- Access Controls: We restrict access to sensitive information to authorized personnel only, using role-based access control (RBAC) to limit what users can view and edit based on their roles.
- Encryption: Sensitive data is encrypted both at rest and in transit, preventing unauthorized access or interception.
- Audit Trails: We maintain detailed logs of access to sensitive information, including who accesses it, what actions they perform, and when these actions occur. This aids in monitoring and detecting any unauthorized access or data breaches.
- Confidentiality Training: Employees and users receive training on the importance of confidentiality and the specific procedures they must follow to protect sensitive information.
- Non-Disclosure Agreements (NDAs): All parties with access to confidential information are required to sign NDAs or similar agreements, legally binding them to maintain confidentiality.
- Data Loss Prevention (DLP): We utilize DLP tools that detect and prevent the unauthorized transmission of sensitive information outside the company.
- Policy Enforcement: Clear policies and procedures regarding the handling of confidential information are developed and enforced, including defining the consequences of policy violations.
- Regular Reviews and Updates: Access rights, policies, and security measures are regularly reviewed and updated to adapt to new threats and ensure ongoing compliance with confidentiality requirements.
These comprehensive measures create a secure environment that minimizes the risk of unauthorized disclosure of confidential information
Technical and Operational Details
Our Gen AI application is built to be secure, scalable, and easy to integrate with other services. Here’s how it works:
- Application Layer: We’ve designed a user-friendly interface that adapts to your needs while ensuring strong security and compliance.
- Data Platform & API Management: We process and organize your data efficiently, making it easy to integrate with other services and extract useful insights.
- Orchestration Layer: Our AI interacts with users smoothly, managing workflows and integrating different AI models and third-party services.
- Model Layer: We use advanced models to generate accurate and relevant content, making your learning experience more effective.
- Infrastructure Layer: Our system scales automatically to handle high demand while keeping costs low and performance high.
Third-Party Integration: We securely integrate with trusted third-party services, each playing a specific role:
- OpenAI: For text generation, without using your data for training.
- Eleven Labs: For voice generation, with strong data privacy.
- Deepgram: For transcription, with secure data handling.
- Sonix: For media transcriptions, with immediate deletion after processing.
- Midjourney: For visual content, maintaining confidentiality.
- Elai: For video processing, enhancing our capabilities without compromising security.
We recommend starting with our Explore package, a trial version that showcases what eduBITES can do. During this trial, your IT team can review our legal documents, such as our data policy and privacy policy. If they have any questions, our Data Security Officer is available to help. Because eduBITES is cloud-based, it reduces the workload for your IT team by eliminating the need for server maintenance. We also comply with strict data security standards like GDPR and ISO 27001, ensuring that your data is protected. Additionally, we conduct regular security audits and monitor our systems continuously to keep everything secure.
User Rights and Data Requests
Technical and Operational Details
Your rights under GDPR are important to us. This section explains how you can exercise your rights, including accessing your data, requesting corrections, or asking for your data to be deleted. We provide a simple process to help you with these requests.
Exercise Your Rights
- Access Your Data: You can access your data in your profile section of the eduBITES platform. Or submit a request to view the personal data we hold about you.
- Correct Your Data: Change data directly in profile section of the eduBITES platform. Request corrections to any inaccuracies in your personal information.
- Delete Your Data: Delete your account or ask us to delete your personal data if it’s no longer needed.
For more information or to make a request, please contact our Data Protection Officer (DPO) at security@eduBITES.com.
Data Polcies and Legal
Exercise Your Rights
To provide further transparency, we encourage you to review our key policies and documents:
- Data Policy: Learn about how we manage and protect your data across all our services. View
- Privacy Policy: Understand the specifics of what personal data we collect, how it’s used, and your rights. View
- Terms of Service: Familiarize yourself with the terms and conditions governing the use of our services. View
- Subprocessors List: See the list of trusted third-party subprocessors we work with to deliver our services, all of whom meet our stringent data protection standards. View
Contact Us
If you have questions that aren’t covered in our FAQs, we’re here to help. Our support team, including our Data Protection Officer, is available to answer any specific concerns you might have about data security, privacy, or compliance.
Email Our Support Team: support@eduBITES.com
Contact Our Data Protection Officer (DPO): security@eduBITES.com
eduBITES is dedicated to make learning happen through the intelligent repurposing of knowledge, engaging content, progressive technology and meaningful didactics.