Legal

Privacy Policy

Your privacy is our priority.

Last updated: 25/01/2026

Data Controller

Core Principles

  • Privacy by Design: Our applications are designed to minimize the collection of personally identifiable data.
  • Anonymization: Whenever possible, data is processed anonymously or pseudonymously.
  • Full Transparency: As an open source project, we seek maximum transparency in our practices.
  • No Commercialization: We don't sell personal data to third parties. This is a non-profit project.

Website Data

This website is primarily informational. The data collected is:

  • Server logs: IP address, browser, access date/time (temporarily retained for security and aggregate statistics).
  • Technical cookies: Language preferences (es/gl/en). No consent required under GDPR.
  • Analytics (Matomo): Aggregate and anonymous usage statistics. Anonymized IP, no cross-site tracking. We don't share this data with third parties.

EDUmind Applications

Each application has its own privacy policy according to its functionality:

  • Educational Trivia (quiz.edumind.es): Stores responses anonymously linked to ephemeral codes. No student name or email is requested.
  • EDUmind Core (core.edumind.es): Anonymous assessment system. Students access with temporary codes without registration.
  • GeoBreath, SnapEdu, Pasos: Offline-first applications (PWA). Data is stored locally in the user's browser. We don't send data to servers.

Legal Basis

When we collect personal data, we do so under the following legal bases:

  • Consent (Art. 6.1.a GDPR): For newsletters or voluntary communications.
  • Contract execution (Art. 6.1.b GDPR): To provide the requested service.
  • Legitimate interest (Art. 6.1.f GDPR): For aggregate analytics and fraud/spam prevention.

Minors

Special measures:

  • Students DO NOT need to register with personal data.
  • Access is via anonymous codes generated by the teacher.
  • The data collected is strictly pedagogical and non-identifiable.
  • The teacher acts as data controller in the educational context.

Security

We apply technical and organizational measures:

  • HTTPS encryption on all communications.
  • Passwords: Hashed with bcrypt (never plain text).
  • Restricted access: Only the administrator has database access.
  • Backups: Encrypted and regular backups.
  • Open source: Any security breach can be publicly reported.

Data Retention

  • Server logs: 7 days.
  • Teacher data: Until they request account deletion.
  • Student data: Ephemeral or until end of school year.

Your Rights (ARCO)

You have the right to:

  • Access: Know what data we have about you.
  • Rectification: Correct inaccurate data.
  • Erasure: Delete your data.
  • Portability: Receive your data in a structured format.

To exercise these rights, contact: [email protected]

Updates

This policy may be updated. The last update date appears at the bottom.

✅ EDUmind

Software libre. Datos libres. Educación libre.