Oki Doki Digital Inc. (“Oki Doki”, “us”, “we”, or “our”) operates Doki, an online course creation platform, through its websites at https://weareokidoki.com, https://doki.io, and any and all of the subdomains of https://doki.io (collectively, the “Services”).
Personal Data means data about an individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession). Personal Data is also referred to as “personal information”.
Usage Data is data collected automatically either generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit). This data is typically anonymous.
Service Provider means any person (other than an employee of ours) who processes the data on behalf of us in running the Services. We may use the services of various Service Providers in order to process your data more effectively.
Cookies are small pieces of data stored on a User’s device.
Data Subject is any individual who is the subject of Personal Data.
The User is the individual using our Services. The User corresponds to the Data Subject, who is the subject of Personal Data.
Who do we collect Personal Data from?
Doki provides a way for individuals and businesses (our “Tenants”) to distribute content (“Courses”) to students and learners (“Students”).
- “Tenants” are individuals and/or businesses who have created an account via https://doki.io/sign_up or have a Tenant account created by us upon request.
- “Students” are individuals that access Courses and similar content distributed by Tenants via our Services. If you taking a Course on a Doki account on our Services, you are probably a Student.
In all cases, by accessing and using the Services you are considered a User.
We obtain information about Users in these primary ways:
- when you visit or use our websites,
- when you contact us directly about becoming a Doki Tenant, or to obtain other information such as a support request,
- when you become a Doki Tenant, and/or
- when you become a Student through one of our hosted Doki Tenant websites.
Tenants are responsible for any Personal Data obtained from their Students, published or shared through the Services, and confirm that they have the third party’s consent to provide the Personal Data to us. Please see below for further information about our relationship with Students and Tenants.
Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Services to you.
Types of Data We Collect
While using our Services, we may ask you to provide us with certain Personal Data that can be used to contact or identify you. Personal Data may include, but is not limited to:
- Basic information about you like your first and last name
- Contact information such as your email or phone number
- Other information you choose to provide
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you in accordance with applicable laws. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.
We may also use your Personal Data to send you notifications from the Services such as letting you know when content in a Course unlocks, or you want to change your password.
We may also collect information about how the Services are accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking Cookies Data
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you will not be able to use some portions of our Services.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Services.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
- Web Beacons. When we send emails to Users, we may use web beacons to track who opened the emails and clicked links to measure campaign performance and improve the Services.
Anonymization of Data
Usage Data and Tracking Cookies Data are typically anonymous technical information. We will not attempt to link or match such anonymous technical information with any Personal Data unless we have consent, we (or our Service Providers) have detected or reasonably suspect any unlawful use of our the Services or a security breach, or we have a legal duty or right to do so.
Wherever possible, we anonymize Usage Data and Tracking Cookies Data, such as in our utilization of IP Anonymization in Analytics.
Data collected by our Tenants
Our Relationship with Students
Tenants may import into the Services Personal Data they have collected from their Students or other individuals. We have no direct relationship with Tenant’s Students or any individuals other than our Tenants.
Tenants are responsible for making sure they have the necessary permissions for us to process Personal Data about Students or other individuals. This includes making use of third-party functionality in our Services.
Students should update their Personal Data in the Services where applicable or contact the Tenant directly to change, update, or delete the Student’s data. If a Student contacts us directly, we will refer you to that Tenant and support them in responding to your request if necessary.
We will never sell, rent, or lease our Tenants’ Students’ Personal Data.
Our Relationship with Tenants
For the purposes of the European General Data Protection Regulation (GDPR), we act as “processor” for Tenants and may process the Personal Data of Students on behalf of Tenants in this capacity. Tenants are independent “controllers” of Personal Data — we do not control and are not responsible for the privacy practices of our Tenants. We encourage Students to find out more and ask questions about the privacy practices of Tenants before sharing Personal Data with them.
Use of Data
We use the collected data for various purposes:
- To provide and maintain our Services.
- To notify you about changes to our Services.
- To allow you to participate in interactive features of our Services when you choose to do so.
- To provide customer support.
- To gather analysis or valuable information so that we can improve our Services.
- To monitor the usage of our Services.
- To detect, prevent, and address technical issues.
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
- To comply with applicable legal and regulatory requirements or to protect our legal rights and property.
We will never sell, rent, or lease any of our User’s Personal Data.
Retention of Data
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.
Transfer of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. When your information is processed outside of your jurisdiction, it may be subject to the laws of and be accessible by legal authorities in such other jurisdictions.
Oki Doki Digital, Inc. is located in Canada and all of our hosting services are located in the United States. With that in mind, if you are located outside the United States or Canada and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and/or Canada and process it there.
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation.
- To protect and defend the rights or property of Oki Doki Digital, Inc.
- To prevent or investigate possible wrongdoing in connection with the Services.
- To protect the personal safety of users of the Services or the public.
- To protect against legal liability.
Security of Data
We’ve taken reasonable step to protect your data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
To ensure a high level of security and privacy, secure SSL connections are always used and HTTPS is enforced to encrypt data in transit.
Credit card number never hit our servers and are not stored in full in our databases. Credit card numbers are securely submitted to Stripe to achieve PCI compliance. More information can be found on Stripe’s security page.
The Services are hosted at Heroku by Salesforce, Inc., who hosts their service on Amazon data centers located in the United States. We also use monitoring tools, so that the service should always have up-to-date infrastructure and patches. More information can be found on Heroku’s security page.
- All data and backups are stored encrypted at rest and access restricted.
- All passwords and third party API tokens are stored in an encrypted state.
- Databases that contain any Personal Data can be restored and/or recovered from encrypted snapshots.
- Regular security monitoring is performed to test for security issues. Security software patches are applied as they become available.
- In case a breach should happen, an attacker cannot easily use your account or access your Stripe account.
Report an Incident
Please report any security incidents to firstname.lastname@example.org.
The protection of Personal Data is very important to us, and we are prepared to take appropriate and timely steps in the event of any incidents in accordance with applicable privacy laws.
Your Rights Relating to Your Personal Data
If you are asked to provide or have provided us with consent to process your Personal Data, you can deny or withdraw your consent at any time upon reasonable notice, subject to any legal or contractual requirements. However, if consent is denied or withdrawn, we may not be able to provide you with portions of the Services.
In certain circumstances, you have the right:
- To access and receive a copy of the Personal Data we hold about you and related information (for example, why we process your Personal Data).
- To rectify any Personal Data held about you that is inaccurate or incomplete.
- To request the deletion of Personal Data held about you.
- To limit or stop the processing of your Personal Data.
- To data portability – that is, to request to obtain a copy of your Personal Data in a commonly used electronic format so that you can manage and move it to another entity.
We aim to take reasonable steps to allow you to exercise these rights with respect to your Personal Data in accordance with applicable laws.
Whenever made possible, you can access and update your Personal Data directly within the Services.
If you would like to exercise the above rights, please contact one of the two parties listed below based on whether you are a Tenant or an Student:
- If you are a Tenant, please contact us at email@example.com.
- If you are a Student, please contact the Tenant of which you are a Student.
Please note that you may be asked to verify your identity we respond to such requests.
Processing of Data
We may employ third-party companies and individuals to facilitate our Services (“Service Providers”, or “Sub-Processors”), to provide the Services on our behalf, to perform related services or to assist us in analyzing how our Services are used.
These Sub-processors have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
You can view a complete and updated list of our trusted Service Providers including their location and the Personal Data we share with them by reviewing the Service Providers section within our GDPR compliance documentation.
Links to Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
“Do Not Track” Signals
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Our Services do not address anyone under the age of 18 (“Minors”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Minor has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Minors without verification of parental consent, we take steps to remove that information from our servers.
- By email: firstname.lastname@example.org
We encourage you to contact us if you have any questions or concerns with our Personal Data practices. However, you also have the right to complain to regulatory authorities in your jurisdiction. Please contact us if you need information about the appropriate authority.