IT Administrator FAQ

Last updated: 1 April 2025

Privacy Compliance

Which data privacy regulations does Mindjoy comply with?
Mindjoy complies with:

• POPIA (South Africa)
• GDPR (EU)
• UK GDPR (UK)
• CCPA (California)
• FERPA and COPPA (USA)

What personal data does Mindjoy collect, and why?

• First Name & Last Name:

  • Educators: For collaboration, usage analytics, and account administration.
  • Students: For classroom administration and usage reporting.

• Email: Unique identifier and account recovery.

• Phone Number:

  • Educators only: Account recovery and customer support.
  • Students: Not collected.

How does Mindjoy obtain user consent and handle data access/deletion requests?
See Privacy Policy Section 11 for details.

Does Mindjoy use cookies or tracking technologies?
Yes, please refer to the cookies declaration.

Data Protection & Security

Is user data encrypted?
Yes. Data is encrypted at rest. In transit, data uses SSL encryption. Passwords are hashed and salted, and sensitive tokens are encrypted with private-key encryption.

What are your access control and authentication measures?

• Role-based Access Control (Admin, Educator, Student).
• Mindjoy employees must use Multi-Factor Authentication (MFA).

What is your data retention policy?
We store data only as long as required for educational purposes. Upon account termination, we delete or anonymize data within one month unless prevented by compliance/legal obligations, in which case we'll clearly communicate the situation.

What's Mindjoy’s procedure for incident response and data breaches?
In case of a data breach, Mindjoy commits to notifying affected users within 48 hours and will inform the relevant supervisory authorities as required by local laws. Preventative measures include encryption, access controls, and strict consent management.

Do you share or sell our data to third parties? Mindjoy doesn't sell user data. We only share data with secure subprocessors necessary to deliver our service.

Hosting & Infrastructure

Where is Mindjoy’s data stored?
Data resides on Amazon Web Services (AWS) in Frankfurt, Germany via Render.com. This includes databases, user profiles, passwords, messages, and uploaded files.

How do you manage backups and disaster recovery?

• Primary backups in Frankfurt (eu-central-1), availability zones: eu-central-1a, eu-central-1b, eu-central-1c.
• Additional redundancy backups stored in North Virginia, USA (us-east-1), availability zones: us-east-1a, us-east-1b, us-east-1c, etc.
• Databases offer point-in-time recovery.

What compliance certifications do your hosting environments have?
Our hosting provider, Render, is SOC 2 and ISO 27001 compliant.

International Data Transfers

Do you perform international data transfers?
Yes. As a global organization, data may be stored and processed outside your jurisdiction, notably between the EU and US. Transfers rely on standard contractual clauses and comply with GDPR and UK adequacy regulations. Amazon AWS infrastructure supports these transfers securely.