Privacy in the Moodle app

From MoodleDocs
Main pageManaging a Moodle siteMoodle appPrivacy in the Moodle app
Moodle app

The Moodle Mobile App is designed with user privacy in mind, ensuring data security and control for all users. Below is a summary of how the app handles user data and privacy-related concerns:

Communication Between the App and Moodle Site

The Moodle app communicates directly with the Moodle site selected by the user.

No data is sent to third parties during interactions between the user and the mobile app. All communication initiated by the app happens securely between the app and the Moodle site.

There are some scenarios that might involve third-party servers processing data when certain functionality is enabled in the Moodle site such as Push Notifications as described below.

Push Notifications

When enabled on the Moodle site, Push notifications may involve third-party servers like Moodle Airnotifier, Google (for Android) or Apple (for iOS). For example, a forum post message may travel through these servers for delivery.

To enhance privacy, we recommend enabling end-to-end encryption for Push Notifications via Moodle site settings. This ensures data is encrypted before leaving the site and decrypted only upon reaching the user’s device.

Users can disable push notifications at anytime:

  • In their device settings.
  • While the app is launched for first time.
  • Through the Moodle app settings.
  • Directly within the Moodle site settings.

Please check Moodle Data Processing Agreement available at https://moodle.com/privacy-notice/ for additional information.

App Permissions

The Moodle Mobile App uses only the minimum permissions required for its functionality.

Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.

Policies and Age Verification

The Moodle app supports the Moodle built-in policies functionality. If configured by the site administrators, before being able to access a Moodle site:

  • Users will be shown all applicable policies, including mandatory and optional policies.
  • If the site has an age verification policy, the app will ensure users confirm their compliance before they can proceed.

This ensures that all users are fully informed and consent to the terms set by the Moodle site.

Embedded Content from External Services

Teachers and content creators may embed external content, such as videos or widgets. Such embedded content may allow third parties to set cookies or track users.

Recommendations for privacy-friendly embedding:

  • Use YouTube’s no-cookie feature when embedding videos.
  • For Vimeo, enable the “privacy dnt” parameter to reduce tracking.
  • For other content providers, please check their documentation.

Accessibility Features

On Android and iOS devices, some features like accessibility services or password auto-fill may involve data processing by Google and/or Apple services (for text processing and reading and storage).

These functionalities are part of their operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios or by certain organisations using the standard Moodle app.

Users can manage or disable these features directly through their device settings.

Use of Firebase Framework

The Moodle app uses Google’s Firebase framework to enable Push Notifications.

After launching the app the Firebase framework generates a unique identifier (a random string of letters and numbers) to recognise the app for sending notifications. This identifier:

  • Is used solely for basic functionality.
  • Does not contain any private or personal data.

As mentioned earlier, users can opt out of Push Notifications entirely if they prefer. It will prevent the Firebase framework from generating additional ids or processing any type of information from the user or the site.

Cookies

The Moodle app does not require cookies to function.

When content is embedded from external sites, such as videos or widgets, those providers may set cookies. Those cookies will not persist between app sessions, as they are not stored in the app itself, they run in an isolated environment.

Responsibility

Moodle provides tools and features to implement privacy practices effectively but at the same time offers flexibility to integrate and embed content from various external providers and total freedom to the end-user to opt-in to use whatever additional features they want to enable in their devices (such as password manager, accessibility features, auto-completion, etc..)

Responsibility of the organisation:

  • The organisation hosting the Moodle site must ensure they provide clear and comprehensive privacy policies to their users.
  • Users must accept these policies before gaining access to the site via the Moodle site or the mobile app.
  • It is the hosting organisation's duty to evaluate external content providers and ensure compliance with their local regulations.
Retrieved from "https://docs.moodle.org/405/en/index.php?title=Privacy_in_the_Moodle_app&oldid=150332"
Powered by MediaWiki