Who are you?

Student or child

Teacher, parent or guardian

Your teacher (or tutor) must create your account.

Ask them to make you one, along with some challenges, and then start playing!

Log in to all our products

Privacy Policy – Nanomonx inc.

Note: An other privacy policy may apply to you if your membership is subject to a contract, agreement with a government or educational institution. Account creation will include specific documentation for your case.

VERSION 2.0 – EFFECTIVE AS OF NOVEMBER, 2023

At Nanomonx, we believe in the privacy of our users and the protection of their data. We commit ourselves to protect the confidentiality of the data we collect from Students and Managers using our Services. We assure users of our Services that we only collect user data that is essential for educational purposes and the proper functioning of our Services. We will at no time sell or share Personally Identifiable Information (PII) with third parties. Student data will never be used for marketing purposes. 

This document provides details about our Privacy Policy for data collected by the Services. This Privacy Policy is an integral part of the legal agreement binding the users and Nanomonx. It describes how Nanomonx collects, protects, uses, stores, shares and anonymizes information and data generated during your use of the Services.

GLOSSARY

SERVICES

The Services consist of :

  1. The Website: The website, as defined in this policy, consists of three components:
    1. For Troubadour users, students, and administrators: https://troubadour.nanomonx.com/
    2. For Boreal Tales administrators: https://constellation.nanomonx.com/
    3. For class management, subscription purchases, and other administrative tasks carried out by administrators: https://nanomonx.com
    4. For the family version : https://family.nanomonx.com
    5. Please note that only these four domains and subdomains are covered by this policy. If Nanomonx uses other subdomains for different reasons or products, those subdomains will have their own privacy policy.
  2. For Boreal Tales only, the Boreal Tales application is installed on a device. This application is used by students and administrators to create and correct content.


USERS

The Services are used by two types of users :

  1. Parents, teachers, tutors or school administrators that can connect to any of the previously mentioned interfaces. In this document, we will use the term Manager for any adult managing subscription packages, a class or a group.
  2. Students or children that connect only to the Boreal Tales Application and/or the Troubadour Website. In this document, we will use the term Student for any member of the classroom that is not a Manager.


THE CLASSROOM

 Collectively, the Students of a class and the Manager who manages it.


CLASSROOM GENERATED CONTENT (CGC)

The Services consist of a game that (1) allows Students to write text later corrected by the classroom Manager, and which can be shared with other Students in the Classroom, and/or with any other person, if so allowed by the Manager, and (2) allows Managers to create challenges they can share with their Students or with other Managers. Nanomonx thus records these texts (CGCs) to ensure their availability for these purposes. The sharing of this CGC inside or outside of the Classroom is therefore also subject to the school administration’s privacy policy, and Nanomonx cannot be held liable if confidential or sensitive information is shared in this context. Nevertheless, Nanomonx takes all necessary precautions to ensure that this GCC is not shared with people not authorized by the Manager, as described in this Privacy Policy.

TERMS AND CONDITIONS

Nanomonx intends to be compliant with the requirements of Canadian and US privacy laws, such as the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Children’s Online Privacy Protection Act (“COPPA”). 

Since regulations such as COPPA authorize the teacher to act on behalf of the parent to provide consent to the collection of children’s personal information, Nanomonx requires that either the teacher or the parent accepts the terms of this Privacy Policy before collecting any information on his or her Students and keeping them for a period longer than 24 hours. If the teacher consents, he or she is responsible for communicating the contents of this Privacy Policy to the parents of the students and must be assured of their consent. 

If you do not agree to the terms and conditions of this Privacy Policy, you should not submit information to or register an account with us, or use the Services.

CONSENT

As mentioned above, consent to the collection of private information can be given either by the teacher or the parent. If the Student Account is created by a parent or teacher, accepting our User Terms will count as Consent..


We also have a system where students are able to join a Classroom through a Quick Access Code. A Student Account created this way will need to be validated within 72 hours by the Classroom’s Manager (parent or teacher) or it will be anonymized automatically since consent will not have been provided. 


COLLECTED DATA

Managers:

In order to provide the Services, Nanomonx collects personal information from Managers for the purposes of :

  • Logging in a user to the Services
  • Sales and billing
  • Services functionality
  • Managers submitting challenges to Students
  • Students submitting creations to Managers
  • Completing challenges as would a Student
  • Ensure service availability and reliability

The following information, relative to the Manager, can be collected :

  • Email address
  • Billing and shipping address
  • Browser and device used
  • Name of the school, school level
  • Payment information
  • Services data
  • Content created by the Manager (challenges, Student work corrections, comments to Students, etc.)
  • Service Usage Data (connections, subscription packages purchased or transferred, etc.) 
  • Data related to errors and exceptions

Students :

In order to provide the Services, Nanomonx collects information about Students for the purposes of :

  • Logging in a user in the application
  • Services functionality
  • Students submitting creations to Managers or correcting their work

The following information, relative to the Student, can be collected or inferred:

  • Username, can be an email address.
  • Display name, selected, entered and/or approved by the Manager
  • School level, Manager’s name
  • Services data (avatar, usage time, number of words written, etc.)
  • Content created by the Student (worlds and text created by the Student)
  • Data related to errors and exceptions


Note that the only personally identifiable information (PII) we might collect for a Student are :

  1. Display name : This can be anything and Nanomonx does not require real names to be used. Since it is often useful for Managers to use real names, they are often used in this case.
  2. Username : Again, the username does not have to be personally identifiable. Using a Student’s email as a username is very efficient and this information is sometimes collected.


Apart from the above, we never directly ask the Student for any personally identifiable data.

 

In order to provide the Services, Nanomonx does not collect the following information:

  • Physiological and biometric data
  • Geolocation data
  • Contacts or friends list of the user
  • Any data about other applications’ usage on the device
  • Internet navigation history

THIRD PARTIES

In order to provide the Services, Nanomonx works with third parties. The collected Student data is only shared with third parties that have privacy policies that are consistent with our own Policy. Nanomonx shares data with the following third parties:


For non-student data

For Managers, we use a more diverse set of tools to maintain the business relationship:

  1. Customer support and relationship tools
  2. Newsletter subscriptions
  3. Business analysis
  4. Billing and Invoicing
  5. Online payment of subscriptions

While they are not restricted to a single vendor and geographical location, those tools and suppliers have proper privacy policies and terms of service that we can provide. 

Unity (for The Boreal Tales Application only)

The Boreal Tales Application is developed using a software called Unity. Technical, anonymized data (data that cannot be linked to a precise user) is collected by Unity and consulted by Nanomonx. Information collected this way is solely used to find bugs, identify technical problems and improve the overall quality of the Boreal Tales Application. Note that CGC is never shared with Unity.

Unity can collect or infer the following information:

  • Device IP address
  • Model platform type and operating system
  • Device manufacturer
  • Unique device identifiers
  • Graphics card type
  • Technical details about the device’s components

Link to the Privacy Policy of Unity (Note that Nanomonx does not use Unity’s Ad Services module, and that the sections of Unity’s privacy policy pertaining to this module are therefore not applicable) :

Privacy Policy - Unity

Link to the Privacy Policy of Unity specifically addressing COPPA :

Unity - Manual: COPPA Compliance


Bugsnag (for Boreal Tales and Troubadour Services)

Bugsnag is a platform generating automated error reports. These errors (bugs) can occur during data manipulation by the Boreal Tales Application or when interacting with Nanomonx Product Websites. Error reports are provided to Nanomonx only and are deleted after 60 days. These reports are solely used by Nanomonx to identify the causes of the errors in order to fix them and provide a better experience with the Services.

The data that can be captured by Bugsnag consists of :

  • The username (email address of the Teacher or username of the Student)
  • The list of actions performed by the Teacher in the Nanomonx Product Websites prior to the error (stacktrace)
  • The request made on our servers
  • The data included in this request (this may contain CGC)
  • The Teacher’s browser if the error occurred in the Nanomonx Products Websites
  • The Teacher’s or Student’s browser if the error occurred in the Troubadour Services
  • Language defined by the Teacher for the use of the Services
  • The Teacher’s operating system if the error occurred in the Nanomonx Products Website
  • The Teacher’s or the Student’s operating system if the error occurred in the Troubadour Services

Bugsnag neither uses nor consults the data collected, and only transfers it to us in the error reports.

Link to Bugsnag’s privacy policy:

Bugsnag docs › Legal & terms › Privacy Policy



GOOGLE

If you choose to connect using your Google account, either a personal account, or one provided by your Employer/Education Institution by Google Workspace, Nanomonx will use that account to access sensitive data. Below is an exhaustive list of data we collect and how we use it :

  1. Teacher’s email addresses and names:
    1. Create accounts and sign-in.
    2. It can be used to occasionally communicate with teachers. Those communications are not for marketing purposes but for proper functioning of the platform.

Teachers can also decide to use our Google Classroom integration. This integration allows Google Classroom users to import their classrooms and configurations into Nanomonx, and allow for simple authentication and authorization.

  1. If a teacher chooses to import students from a Google Classroom course, we will also access the names, email addresses and profile pictures of the students.
    1. Student's emails are used purely as a unique username. We will never communicate with them through that address.
    2. Their names and profile pictures are only used to allow teachers and students to identify members of their classes.


Both integrations are completely optional.


Nanomonx will never sell data collected through any means, including Google.

Our use of the Google APIs fully adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Privacy Policy


WHERE DO WE KEEP THE DATA

All student data is stored through a central provider known as Amazon Web Services in secure environments across Canada. These devices are only accessible by our own technical staff. This also applies to backups. When you use our services, you always use a secure connection between your browser and our private environment on Amazon Web Service.

COOKIES

Cookies are small data files that can be saved on your device when you use web pages or other online services. They are frequently used to improve web sites’ functionality. Other types of technologies can also save small amounts of data on your devices, we will integrate them to the concept of Cookies for the purpose of this document.

In order to provide the Services, Nanomonx only uses the following type of Cookies :

  • Performance and functionality : These cookies are not essential but they help us personalize and optimize the user experience. For example, they can save a user’s preferences so they do not have to enter them more than once. They may also remember a user’s username and password so they do not have to enter them each time they access a web page.

Our Services do not use cookies for advertising purposes.

WHAT DOES NANOMONX DO WITH THE COLLECTED DATA?

Nanomonx’s business model is based on the sale of subscription packages to Teachers or educational institutions (schools, school boards or districts, etc.). This is the only way that Nanomonx generates revenue with the Services. Nanomonx will never generate revenue by selling or using its users’ data outside the scope of subscription packages sales.The information gathered is used for the following purposes :

  • Allowing Managers to manage the Services and play with them
  • Allowing Students to play 
  • Billing Managers or school administrations
  • Communicating Services updates or important information about the Services
  • Discovering bugs and fixing them

Nanomonx does not share any personal information outside the Classroom except for the above cases, without the written consent of the Manager.

If authorized by the Manager, the Students can see the finished creations of other Students in their Classroom. The Managers can limit or prevent this access if they wish to.

Anonymized data, where individual users are not identifiable, is collected and is used for the purposes of :

  • Statistics
  • Research and development
  • Customer support

ADVERTISEMENTS AND MARKETING

The Services do not show Students any advertisements, whether for other Nanomonx products or other companies’ products.

DATA DELETION

Personal information can be deleted by written request from the Manager or parent or by the Students themselves if they are 14 years old or older.

Student information

Otherwise, student’s personal information will be deleted in the following scenarios : 

Scenario 1 :

The Student does not have a Manager linked to their account with a valid email or a personal confirmed email and the student has not signed in for 23 months.

Result : The student account is automatically anonymized.

Scenario 2 :

The Student has a Manager linked to their account with a valid email address or a personal confirmed email but has not signed in for 23 months.

Result : An email is sent to the email addresses linked to the account, mentioning the upcoming deletion of the account. The email contains a link to prevent the deletion, thus resetting the 23-month period. If the link is not clicked, the student account is automatically anonymized.

Scenario 3 :

The student creates an account via the fast access link (usually used in class) and no consent is given by the teacher or a tutor within 72 hours.

Result : The student account is automatically anonymized.


Managerinformation

When the teacher, parent, tutor, school staff or any other adult has not signed in for 22 months and has no valid subscription, we will send an email to warn of the upcoming account anonymization.

If the link to prevent the anonymization is not clicked, we will send a second email later.

If the link in the second email is not clicked, the account will be anonymized a month later for a total of 24 months of inactivity.

Both warning emails also contain a link to anonymize the account right away.

SECURITY POLICY

Nanomonx uses industry standards of protection to prevent users’ data from being accessed, used, modified or destroyed by third parties. The methods used include, but may not be limited to:

  • Containment of database(s) inside a Virtual Private Cloud (VPC), access to which is extremely restricted
  • Encryption of database data in transit and at rest
  • Use of SSL / HTTPS for all data transmission over the Internet
  • Multi-factor authentication on administrator-level access to third-party tools 
  • Code reviews track security vulnerabilities
  • Firewalls, private keys, anti-virus protection, and encrypted local hard drives

Note that data security cannot be 100% guaranteed due to constant advances in hacking methods and technologies. Nanomonx cannot be held responsible in the event of lost or altered user data. If any data breach occurs, concerned Manager users will be notified by email as soon as possible, and measures will be taken at the earliest opportunity to mitigate the risks associated with this data breach.

CLASSROOM GENERATED CONTENT

In their use of the Services, Teachers and Students generate a lot of content (CGC). It is the Teacher’s responsibility to make sure that CGC is appropriate for their Students. Nanomonx will neither monitor nor control this GCC nor be held responsible. The Services allow the Teacher to read and control this CGC before it is shared within, or outside of, the Classroom.

ACCESS TO PERSONAL DATA

If they forget their information and cannot login, Students cannot access their own private data. They can obtain this data (display name and username) only by asking their Teacher, who can access it through the Nanomonx Products Websites. Neither the Students or their Teacher have access to the Students’ passwords, except of course at the time of its creation or reinitialization. Even though the information collected on a Student is available to the Teacher, Nanomonx can also provide this data to the Students’ parents or the Students themselves if they are 14 years old or older, upon written request.

CHANGE IN OWNERSHIP

In the event where some or all of Nanomonx and its assets are purchased or merged with a third party, users’ personal information would be part of the transferred assets. This Privacy Policy would continue to apply and the new owner would only be allowed to manage users’ data in accordance with this Policy (unless the user agrees to a new privacy policy). Nanomonx will notify the Teacher users of such transactions in the 30 days following the transaction, either by updating its website or by email. If you do not accept the information transfer to the third party, you can request that the information be deleted and we will comply.

In the unlikely event that Nanomonx should cease its operations, all personal data will be deleted in the 12 months following the end of its operations.

DISCLOSURE OF INFORMATION TO COMPLY WITH LEGAL OBLIGATIONS

Nanomonx can disclose certain user personal information if it believes, in good faith, that this is mandatory to comply with certain legal obligations such as a subpoena or any other legal process. We could have the obligation to disclose personal information if it is needed in order to protect the rights, property and security of Nanomonx, its employees, its community or other, or to prevent the violation of our current contractual agreements. This includes, without restricting itself to, the sharing of information with other companies or organizations for fraud protection or to comply with governmental requirements.

CHANGES AND UPDATES TO THIS PRIVACY POLICY

This Privacy Policy takes effect on February 2023 and the current version is 2.0. Nanomonx may, on rare occasions and at its sole discretion and without prior notice, update, revise, modify or add to the content of this Privacy Policy. 

If Nanomonx changes this Policy in any way, a notice will be sent to the Managers subscribing to the Services with a link giving access to the new privacy policy. The new version of the policy will also be made available on Nanomonx’s website. 

During a Manager's first connection to one of the Nanomonx Website products following a material change to this privacy policy, Nanomonx will request the Manager to review and confirm acceptance of this new Privacy Policy by clicking on an “I agree” button before continuing to use the Services. 

As we do not collect any information that would enable us to directly communicate with the Students or their parents, and since regulations such as COPPA allow the Teacher to act on behalf of the parent to provide consent to the collection of children’s personal information, Nanomonx requires that the Teacher accepts the terms of this new Privacy Policy before collecting any information on his or her Students. It is the responsibility of the Teacher to communicate to the Students’ parents the contents of this new Privacy Policy, and to make sure they consent to them.

INCIDENT HANDLING

At Nanomonx, we take incident handling and disclosure very seriously. A Nanomonx Security Committee ensures that the data security program and the data breach action plan are updated at all times. Those documents can be provided upon request.

Here is a brief summary of our action plan in case of a data breach : 


  • Once the breach has been contained, the Communications Manager will be able to communicate with affected 3rd parties. 
  • If the affected parties are internal to Nanomonx, the Product Manager will handle communications with employees.
  • We must communicate the following information:
  • Which users were affected
  • What types of data was accessed
  • E.g. Passwords, usernames, other personally identifiable information (PII)
  • How long the data breach has been exposed
  • If child data was breached
  • If the breach has been dealt with
  • Ideally, this will be done simultaneously with all affected parties. If a serious breach occurs, we will also notify users through social media. 
  • There are also certain situations where we are legally required to report breaches to the government and to affected parties. 
  • Link to the Canada regulations
  • Link to the (in progress) Quebec regulations
  • There may be other regulations that apply based on the localities of the affected users. Part of this step is working out if other notifications need to be sent out. 
  • The Quebec and Canada regulations require notification only if there is an "real risk of significant harm (RROSH) to an individual." At the time of writing this document, this is a standard that we will not follow as we do not retain this sensitive information on our users.



CONSENT FOR DATA COLLECTION AND INFORMATION MANAGEMENT

By accepting the terms of the Teacher Terms of Use Agreement, users expressly accept that Nanomonx will collect and use personal information in accordance with this Privacy Policy. Teacher users also declare that they have been informed of Nanomonx’s objectives when it collects, manages and uses this information, and understand how the confidentiality of this information will be protected. Teacher users also state that they understand that they are entitled to withdraw their consent to this Privacy Policy.

CONTACT

For any information concerning this Privacy Policy, contact Nanomonx at info@nanomonx.com.