Privacy Policy
What Data is Being Collected
Glotsalot collects personal data as voluntarily entered into our database by individual users. This data
includes but may not be limited to: names, email addresses, phone numbers, IP addresses, gender, age,
city of residence, languages spoken or studied, as well as background information such as country of
origin and mother language. The site also collects imagery (profile photo) of users as well as video
footage submitted by teachers as advertisement for their profiles. In addition, our analytics provider and
any third party payment processors utilized may collect information from the site. For Credit purchase and
payment processes, the company also collects the user name within a third party payment service such
as PayPal.
How Data is Being Collected
Data is primarily collected through the online forms provided on various pages of the site. Users
voluntarily submit this information as a necessary part of creating a User Profile, or applying to teach.
Photo data is uploaded by users and is not mandatory. Video data is collected only for teachers through a
self-uploading mechanism found on the site as part of the teacher onboarding process. In addition to form
responses, the company may employ cookies or other standard industry trackers for data collection
purposes placed on a users browser.
What we May Do With the Data
User data may be used by the company to study global user usage and trends for business intelligence
and marketing purposes.
All data collected from users is for the sole purpose of the business functions of the company. The
company does not share customer data with affiliates or service providers. It is stored within the same
infrastructure as the database itself, as described in “How We Protect the Data.”
How Users Can Control Their Data
At the base level, users can control their data by choosing what information they provide initially, and at
any time during their user experience with the site. This is accomplished by updating the user’s profile
with whatever information the user feels it wants to share. A good example of this is the choice of an
avatar, or pseudonym as their user name. Users also control who receives their controlled contact
information through the friending and messaging processes.
Users wishing to contact Glotsalot Administration regarding control of their data may do so at any time by
making a request through the Help Desk icon found at the bottom of every screen. Users wishing to
opt-out, or unsubscribe from mailing lists can do one of three ways: Via the Help Desk, by going to the
Settings function of the site, or by notifying company through a link provided at the bottom of all Glotsalot
messaging. In the site’s settings section, users are provided with “opt-out” functionality where they can
select which message types they want to receive. Users wishing to close accounts, provide feedback or
report a problem can do so via the help desk icon found at the bottom of every screen.
How We Protect The Data
Glotsalot data protection falls into two categories. The activities and infrastructure within the site and
company itself, and the data protection measures and infrastructure within the site and database data
remote storage environments.
Data Protection Within the Site and Company Itself:
Information Segregation: Specific information about a user such as legal name, email address, phone
number are not published, or visible to any other users or third parties. Legal name, email address, and
phone number of a user is never provided to other site users or entities. The only exception of this rule
would be in the event that the company was compelled by law enforcement with the appropriate court
issued warrant or other demonstrated legal grounds. A (fictitious if desired) user name is all that is
provided to other users, along with system contact information for messaging purpose, languages
self-reported as spoken, name they would like to be known by, and a self description of the user. The
more sensitive personal information listed is only accessed by Glotsalot Administrative staff, and only
utilized for the specific purpose of identifying and contacting the individual. Each of the personal data
points mentioned are only stored in the secure formats mentioned within the scope of this document. Files
with this sensitive information are not created or stored outside the database. Data is encrypted in
accordance with, and exceeding the standard of the Microsoft Azure published standards
Physical Data Protection (server and database storage and access):
Glotsalot data while at rest or in active use is stored within the Microsoft Azure Data Infrastructure.
Data segregation: Azure uses logical isolation to segregate Glotsalot’s data from the data of others.
Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing
customers from accessing one another’s data. At-rest data protection: Glotsalot ensures that data stored
in Azure is encrypted in accordance with their standard. Azure Key Vault helps the company maintain
control of keys that are used by our applications and services to encrypt data. Azure Disk Encryption
enables Glotsalot to encrypt VMs. Azure Storage Service Encryption makes it possible to encrypt all data
that's placed into the company’s storage account.
In-transit data protection:
Glotsalot protects data in transit to or from outside components and data in
transit internally, such as between two virtual networks, using the industry-standard Transport Layer
Security (TLS) 1.2 or later protocol with 2,048-bit RSA/SHA256 encryption keys, as recommended by
CESG/NCSC, to encrypt communications between: The company and the cloud and Internally between
Azure systems and datacenters.
Encryption:
Encryption of data in storage and in transit is employed as a best practice for ensuring
confidentiality and integrity of data. Azure cloud services use SSL to protect communications from the
internet and between our Azure-hosted VMs.
Data redundancy:
Microsoft helps ensure that data is protected if there is a cyberattack or physical
damage to a datacenter. Glotsalot is a global platform, necessitating the employment of out of country/out
of region storage for security or disaster recovery purposes. Data can be replicated within a selected
geographic area for redundancy but cannot be transmitted outside it. Glotsalot has multiple options for
replicating data, including the number of copies and the number and location of replication datacenters.
For redundancy, Glotsalot employes Geo-redundant storage (GRS): Geo-redundant storage. GRS
maintains six copies of our data. With GRS, data is replicated three times within the primary region. Data
is also replicated three times in a secondary region hundreds of miles away from the primary region,
providing the highest level of durability. In the event of a failure at the primary region, GRS helps ensure
that your data is durable in two separate regions
Data destruction:
Upon customer request, Glotsalot
will execute a complete deletion of customer data. The company follows strict standards for overwriting
storage resources before their reuse, as well as the physical destruction of decommissioned hardware.
Microsoft executes a complete deletion of data on customer request and on contract termination.