Privacy Policy – Edcast (Mind Smith)

Effective Date: 28/10/2025

Last Updated: 28/10/2025

Mind Smith ("Mind Smith," "we," "us") provides and operates Edcast (or any future renamed version, the "Platform"), a virtual school management and video-conferencing solution with free and paid plans. This Policy explains how we collect, use, disclose, store, and protect personal data when learners, guardians, teachers, administrators, and guests use the Platform.

If you are a school or organization (an "Institution") using Edcast for your community, you are responsible for providing appropriate notices to your users and selecting settings consistent with this Policy and applicable law.

1. About Us & Scope
   • Controller: Mind Smith is the controller for personal data processed through Edcast, except where an Institution has configured Edcast so that Mind Smith acts as a processor on its behalf for certain education records.
   • Audience: Covers visitors, registered users (free and paid), instructors, administrators, and students/learners.
   • Regions & laws: We comply with international standards including GDPR/UK GDPR, COPPA, FERPA (where applicable), and children’s privacy frameworks.
2. Data We Collect
   • Account & Identity: name, display name, email, password hash, role, profile photo, Institution, class/grade, optional contact numbers.
   • Single Sign-On: profile identifiers and tokens from Google, Facebook, etc.
   • Educational Records & Content: enrollments, attendance, quiz results, grades, uploads, timestamps, certifications.
   • Communications & Media: messages, comments, audio/video streams and recordings, screen-shares, whiteboards, captions/transcripts.
   • Device & Usage: IP, device IDs, browser/OS, language, crash logs, diagnostics, feature usage, referral data.
   • Payments: subscription tier, invoices, transaction IDs, last 4 digits and card brand (no full card numbers).
   • Marketing Preferences: email/subscription choices, optional survey responses.
   • From Institutions/Integrations: class rosters, SIS/LMS sync, guardian contacts, shared files.
3. Cookies & Similar Technologies
   • Used to run the Platform, remember settings, and improve performance.
   • Types: Strictly Necessary, Functional, Analytics/Performance, Advertising/Attribution.
   • First- and third-party cookies for SSO, payments, analytics, video.
   • Duration: Session cookies expire at logout; persistent cookies remain 1–24 months unless deleted.
   • Choices: manage preferences in cookie banner, block/delete cookies in browser, opt out of analytics/marketing.
4. Why We Process Data (Legal Bases)
   • Contract: account management, classes, attendance, support.
   • Legitimate Interests: security, fraud prevention, analytics.
   • Consent: marketing emails, certain cookies, recordings.
   • Legal Obligations: taxation, accounting, lawful requests.
   • Vital/Public Interest: safeguarding or safety incidents.
5. How We Use Data
   • Operate accounts, classes, meetings, and classrooms.
   • Manage rosters, attendance, assessments, grading, and reports.
   • Provide recordings and transcripts where enabled.
   • Send transactional notices and improve app reliability.
   • Process payments, prevent fraud, manage subscriptions.
   • Provide support and conduct aggregated, de-identified analytics.
6. Sharing & Disclosure
   • We do not sell personal data.
   • Shared with service providers for hosting, storage, analytics, SSO, payment.
   • Institutions and educators may view learner information as required.
   • Legal/compliance disclosures and business transfers with notice where required.
   • Aggregated or de-identified analytics may be shared.
7. International Data Transfers

   Data may be processed in other countries. Safeguards such as Standard Contractual Clauses are applied where required.

8. Data Retention
   • Account data: life of account + up to 12 months.
   • Educational records: enrollment duration + up to 24 months.
   • Recordings/transcripts: default 12 months.
   • Payment records: 7 years.
   • Support logs: up to 18 months.
   • Deleted or de-identified after retention period.
9. Security

   We use encryption, RBAC, MFA, least privilege, network segmentation, secure development, and staff training. Breach notifications are provided as required.

10. Your Choices & Rights
    • Access, rectify, erase, restrict, object, port data, withdraw consent.
    • Students/guardians should contact Institutions first if they control data.
    • Complaints may be filed with supervisory authorities.
    • Email preferences: opt out of non-essential emails.
    • Cookie controls: see Cookies section.
11. Children & Students; Updates; Contact
    • No targeted ads in student spaces.
    • Recordings may require notice/consent.
    • Parents/guardians can request access/deletion through Institutions.
    • Policy updates will be communicated for material changes.
    • Contact: [Insert email], [Insert address].
12. Global Compliance & Regional Supplements
    • Designed to meet international standards.
    • EU/UK: GDPR rights apply.
    • US: FERPA and COPPA may apply.
    • Other regions: safeguards consistent with leading frameworks.
    • Local laws take priority if conflicts arise.