Hi everyone! I hope you are all well in this crazy time.
We’re all aware of the importance of privacy and security on the Internet, and it’s a priority for all of us at Musicology to ensure a safe experience for anyone who uses our platform. Also, because we’re a teaching platform where our kids come to learn, that means we have to take extra special precautions.
This blog is all about security and privacy.
It can all get a bit technical, so first I’ll explain the general guiding principles and then we’ll talk specifically about what we’re doing to protect our kids.
1. We use trusted, third-party providers. The services we use for secure processes like sign-in and payment, Twilio and AWS for example, use the same, secure infrastructure that is trusted by Fortune 500 companies and is protected by a team of dedicated security engineers. Database access is accomplished through encrypted connections and sanitized on the server using professional, industry standards.
2. We don’t store any unnecessary personal identifiable information (PII). The limited amount of personal information we do collect (the info needed to provide music lessons) is secured using the highest standards in the industry, and is stored separately from the video stream and ‘room’ data. Furthermore, administrative access to ‘rooms’ is limited to the teacher. This means the information passed back and forth in the lessons is encrypted, and no one can know who had a lesson, when, or for how long, without the teacher first granting access.
3. Payment information. Payment processing is accomplished entirely through a trusted, third party PCI-compliant provider which means the Musicology platform stores zero financial information. This is the same, trusted system that the big name retail giants like Amazon use.
Here’s what we’re doing, specifically, to protect kids.
Musicology gives parents control over their child’s personal information.
Parents must “opt-in” and grant permission to any sharing of their child’s data for lesson purposes.
We provide the parent the digital equivalent of a “valet key” which gives them the ability to obtain or delete all of their child’s personal information on request. Access to this feature is established when parents sign up, in conjunction with providing consent and access through trusted authentication providers (Apple or Google, for example). All this is accomplished through a secure web portal utilizing industry standard encryption.
Every student’s ‘room’ is assigned a security code. With a minimal but sufficient set of characters for codes (5-6 characters) we provide a secure lesson space and also avoid accidental access to another student’s data.
Musicology gives teachers control over the child’s lesson experience. Teachers will give rooms nicknames to ensure that we avoid associating PII with the child’s room and to establish an extra layer of security.
Because we don’t store any personal information inside the student’s lesson ‘room’, we can allow the students easy and secure access to their lessons, anytime. This means that with a simple security code, students can safely access files and worksheets in a previous lesson, for example.
Thanks for reading and like always, please subscribe to our newsletter or shoot me an email, I’ll be sure to get back to you.
PS: Here’s a few links if you’d like to learn more about privacy and security:
(Technical info for this blog was supplied by Jonathan Hacker. Editing by Nate Clark. Thank you both!)