What Data is Being Collected
Glotsalot collects personal data as voluntarily entered into our database by individual users. This data includes but may not be limited to: names, email addresses, phone numbers, IP addresses, gender, age, city of residence, languages spoken or studied, as well as background information such as country of origin and mother language. The site also collects imagery (profile photo) of users as well as video footage submitted by teachers as advertisement for their profiles. In addition, our analytics provider and any third party payment processors utilized may collect information from the site. For Credit purchase and payment processes, the company also collects the user name within a third party payment service such as PayPal. 

How Data is Being Collected
Data is primarily collected through the online forms provided on various pages of the site. Users voluntarily submit this information as a necessary part of creating a User Profile, or applying to teach. Photo data is uploaded by users and is not mandatory. Video data is collected only for teachers through a self-uploading mechanism found on the site as part of the teacher onboarding process. In addition to form responses, the company may employ cookies or other standard industry trackers for data collection purposes placed on a users browser. 

What we May Do With the Data
User data may be used by the company to study global user usage and trends for business intelligence and marketing purposes. All data collected from users is for the sole purpose of the business functions of the company. The company does not share customer data with affiliates or service providers. It is stored within the same infrastructure as the database itself, as described in “How We Protect the Data.” 

How Users Can Control Their Data
At the base level, users can control their data by choosing what information they provide initially, and at any time during their user experience with the site. This is accomplished by updating the user’s profile with whatever information the user feels it wants to share. A good example of this is the choice of an avatar, or pseudonym as their user name. Users also control who receives their controlled contact information through the friending and messaging processes. Users wishing to contact Glotsalot Administration regarding control of their data may do so at any time by making a request through the Help Desk icon found at the bottom of every screen. Users wishing to opt-out, or unsubscribe from mailing lists can do one of three ways: Via the Help Desk, by going to the Settings function of the site, or by notifying company through a link provided at the bottom of all Glotsalot messaging. In the site’s settings section, users are provided with “opt-out” functionality where they can select which message types they want to receive. Users wishing to close accounts, provide feedback or report a problem can do so via the help desk icon found at the bottom of every screen. 

How We Protect The Data
Glotsalot data protection falls into two categories. The activities and infrastructure within the site and company itself, and the data protection measures and infrastructure within the site and database data remote storage environments. 

Data Protection Within the Site and Company Itself:
Information Segregation: Specific information about a user such as legal name, email address, phone number are not published, or visible to any other users or third parties. Legal name, email address, and phone number of a user is never provided to other site users or entities. The only exception of this rule would be in the event that the company was compelled by law enforcement with the appropriate court issued warrant or other demonstrated legal grounds. A (fictitious if desired) user name is all that is provided to other users, along with system contact information for messaging purpose, languages self-reported as spoken, name they would like to be known by, and a self description of the user. The more sensitive personal information listed is only accessed by Glotsalot Administrative staff, and only utilized for the specific purpose of identifying and contacting the individual. Each of the personal data points mentioned are only stored in the secure formats mentioned within the scope of this document. Files with this sensitive information are not created or stored outside the database. Data is encrypted in accordance with, and exceeding the standard of the Microsoft Azure published standards 

Physical Data Protection (server and database storage and access):
Glotsalot data while at rest or in active use is stored within the Microsoft Azure Data Infrastructure. Data segregation: Azure uses logical isolation to segregate Glotsalot’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data. At-rest data protection: Glotsalot ensures that data stored in Azure is encrypted in accordance with their standard. Azure Key Vault helps the company maintain control of keys that are used by our applications and services to encrypt data. Azure Disk Encryption enables Glotsalot to encrypt VMs. Azure Storage Service Encryption makes it possible to encrypt all data that's placed into the company’s storage account. 

In-transit data protection:
Glotsalot protects data in transit to or from outside components and data in transit internally, such as between two virtual networks, using the industry-standard Transport Layer Security (TLS) 1.2 or later protocol with 2,048-bit RSA/SHA256 encryption keys, as recommended by CESG/NCSC, to encrypt communications between: The company and the cloud and Internally between Azure systems and datacenters. 

Encryption:
Encryption of data in storage and in transit is employed as a best practice for ensuring confidentiality and integrity of data. Azure cloud services use SSL to protect communications from the internet and between our Azure-hosted VMs. 

Data redundancy:
Microsoft helps ensure that data is protected if there is a cyberattack or physical damage to a datacenter. Glotsalot is a global platform, necessitating the employment of out of country/out of region storage for security or disaster recovery purposes. Data can be replicated within a selected geographic area for redundancy but cannot be transmitted outside it. Glotsalot has multiple options for replicating data, including the number of copies and the number and location of replication datacenters. For redundancy, Glotsalot employes Geo-redundant storage (GRS): Geo-redundant storage. GRS maintains six copies of our data. With GRS, data is replicated three times within the primary region. Data is also replicated three times in a secondary region hundreds of miles away from the primary region, providing the highest level of durability. In the event of a failure at the primary region, GRS helps ensure that your data is durable in two separate regions 

Data destruction:
Upon customer request, Glotsalot will execute a complete deletion of customer data. The company follows strict standards for overwriting storage resources before their reuse, as well as the physical destruction of decommissioned hardware. Microsoft executes a complete deletion of data on customer request and on contract termination.