Privacy in the Moodle app: Difference between revisions

From MoodleDocs
m (Added link to Spanish page)
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 29: Line 29:


Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.
Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.
== Policies and Age Verification ==
The Moodle app supports the Moodle built-in [[Policies|policies]] functionality. If configured by the site administrators, before being able to access a Moodle site:
* Users will be shown all applicable policies, including mandatory and optional policies.
* If the site has an [[Privacy|age verification]] policy, the app will ensure users confirm their compliance before they can proceed.
This ensures that all users are fully informed and consent to the terms set by the Moodle site.


== Embedded Content from External Services ==
== Embedded Content from External Services ==
Line 39: Line 47:
* For other content providers, please check their documentation.
* For other content providers, please check their documentation.


== Android Accessibility Features ==
== Accessibility Features ==


On Android devices, some features like accessibility services or password auto-fill may involve data processing by Google services (for text processing and reading and storage).
On Android and iOS devices, some features like accessibility services or password auto-fill may involve data processing by Google and/or Apple services (for text processing and reading and storage).


These functionalities are part of Android's operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios.
These functionalities are part of their operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios or by certain organisations using the standard Moodle app.


Users can manage or disable these features directly through their Android device settings.
Users can manage or disable these features directly through their device settings.


== Use of Firebase Framework ==
== Use of Firebase Framework ==
Line 63: Line 71:
When content is embedded from external sites, such as videos or widgets, those providers may set cookies. Those cookies will not persist between app sessions, as they are not stored in the app itself, they run in an isolated environment.
When content is embedded from external sites, such as videos or widgets, those providers may set cookies. Those cookies will not persist between app sessions, as they are not stored in the app itself, they run in an isolated environment.


== Responsibility ==
Moodle provides tools and features to implement privacy practices effectively but at the same time offers flexibility to integrate and embed content from various external providers and total freedom to the end-user to opt-in to use whatever additional features they want to enable in their devices (such as password manager, accessibility features, auto-completion, etc..)
Responsibility of the organisation:
* The organisation hosting the Moodle site must ensure they provide clear and comprehensive privacy policies to their users.
* Users must accept these policies before gaining access to the site via the Moodle site or the mobile app.
* It is the hosting organisation's duty to evaluate external content providers and ensure compliance with their local regulations.


[[es:Privacidad en la Moodle app]]
[[es:Privacidad en la Moodle app]]

Latest revision as of 07:36, 4 December 2024

The Moodle Mobile App is designed with user privacy in mind, ensuring data security and control for all users. Below is a summary of how the app handles user data and privacy-related concerns:

Communication Between the App and Moodle Site

The Moodle app communicates directly with the Moodle site selected by the user.

No data is sent to third parties during interactions between the user and the mobile app. All communication initiated by the app happens securely between the app and the Moodle site.

There are some scenarios that might involve third-party servers processing data when certain functionality is enabled in the Moodle site such as Push Notifications as described below.

Push Notifications

When enabled on the Moodle site, Push notifications may involve third-party servers like Moodle Airnotifier, Google (for Android) or Apple (for iOS). For example, a forum post message may travel through these servers for delivery.

To enhance privacy, we recommend enabling end-to-end encryption for Push Notifications via Moodle site settings. This ensures data is encrypted before leaving the site and decrypted only upon reaching the user’s device.

Users can disable push notifications at anytime:

  • In their device settings.
  • While the app is launched for first time.
  • Through the Moodle app settings.
  • Directly within the Moodle site settings.

Please check Moodle Data Processing Agreement available at https://moodle.com/privacy-notice/ for additional information.

App Permissions

The Moodle Mobile App uses only the minimum permissions required for its functionality.

Users are prompted to allow specific permissions only when necessary. For example: If a user wants to update their profile picture, the app will request permission to access the photo gallery at that time. Users have full control over granting or denying these permissions.

Policies and Age Verification

The Moodle app supports the Moodle built-in policies functionality. If configured by the site administrators, before being able to access a Moodle site:

  • Users will be shown all applicable policies, including mandatory and optional policies.
  • If the site has an age verification policy, the app will ensure users confirm their compliance before they can proceed.

This ensures that all users are fully informed and consent to the terms set by the Moodle site.

Embedded Content from External Services

Teachers and content creators may embed external content, such as videos or widgets. Such embedded content may allow third parties to set cookies or track users.

Recommendations for privacy-friendly embedding:

  • Use YouTube’s no-cookie feature when embedding videos.
  • For Vimeo, enable the “privacy dnt” parameter to reduce tracking.
  • For other content providers, please check their documentation.

Accessibility Features

On Android and iOS devices, some features like accessibility services or password auto-fill may involve data processing by Google and/or Apple services (for text processing and reading and storage).

These functionalities are part of their operating system and are not controlled by the Moodle app. We do not prevent its usage by default as they might be necessary in different types of scenarios or by certain organisations using the standard Moodle app.

Users can manage or disable these features directly through their device settings.

Use of Firebase Framework

The Moodle app uses Google’s Firebase framework to enable Push Notifications.

After launching the app the Firebase framework generates a unique identifier (a random string of letters and numbers) to recognise the app for sending notifications. This identifier:

  • Is used solely for basic functionality.
  • Does not contain any private or personal data.

As mentioned earlier, users can opt out of Push Notifications entirely if they prefer. It will prevent the Firebase framework from generating additional ids or processing any type of information from the user or the site.

Cookies

The Moodle app does not require cookies to function.

When content is embedded from external sites, such as videos or widgets, those providers may set cookies. Those cookies will not persist between app sessions, as they are not stored in the app itself, they run in an isolated environment.

Responsibility

Moodle provides tools and features to implement privacy practices effectively but at the same time offers flexibility to integrate and embed content from various external providers and total freedom to the end-user to opt-in to use whatever additional features they want to enable in their devices (such as password manager, accessibility features, auto-completion, etc..)

Responsibility of the organisation:

  • The organisation hosting the Moodle site must ensure they provide clear and comprehensive privacy policies to their users.
  • Users must accept these policies before gaining access to the site via the Moodle site or the mobile app.
  • It is the hosting organisation's duty to evaluate external content providers and ensure compliance with their local regulations.