Jamworks Privacy Policy

Effective date: 12 May 2025

Jamworks Platform Limitted. (“Jamworks”, “we”, “our”, or “us”) is committed to protecting the privacy and security of everyone who interacts with our products and services. This Privacy Policy explains, in plain language, how we collect, use, disclose, and safeguard personal data when you visit our websites, use our applications, or otherwise interact with us. It also describes your choices and rights.

Jamworks supports learners around the world, including K‑12 pupils, university students, and professional trainees. Because we sometimes operate as a school service provider or a data processor acting on behalf of an educational institution (the “Institution” or “Controller”), this Policy includes distinct commitments covering Student Data.

1  Who we are and how to contact us

Jamworks Platform Limited. is a company registered in England (No. 12578785) with its principal office at Hop Fields, Tongham Road, Runfold, Surrey, GU10 1PH, United Kingdom.

Email: legal@jamworks.com
Data Protection Officer: Same as above.
You may also write to us at the postal address above, marked “FAO Data Protection Officer”.

2  Scope of this Policy

This Policy applies to the following (“Services”):

• jamworks.com and any sub‑domains;
• the Jamworks web, desktop, and mobile applications;
• the Jamworks recording widget, plugins, and browser extensions;
• official Jamworks webinars, support channels, and events.

It does not apply to third‑party websites or services that we do not control, even if they are linked from our Services. Please review the privacy notices of any third‑party services you use.

3  Key definitions

Term	Meaning
Visitor	Anyone browsing our public websites without logging in
User	Anyone who creates or is assigned a Jamworks account, including Institution administrators, educators, and students
Student Data	Personal data that is directly related to a current or former pupil/ student and maintained by—or on behalf of—an educational Institution. Examples: name, Student ID, coursework recordings, disability accommodations.
Controller	The natural or legal person that determines the purposes and means of processing personal data (often the Institution)
Processor	A party that processes personal data on behalf of the Controller (Jamworks, when engaged by an Institution)

4  Personal data we collect

Category	Examples	Source	Purpose
Account data	Name, email address, role (student, lecturer, admin), institution, licence status	Provided by you or your Institution	Create and manage accounts; provide the Service
Content data	Recordings, transcripts, highlights, captions, quiz‑answers, notes	Generated or uploaded by Users	Core product functions such as note‑taking, transcription, accessibility support
Usage data	IP address, device type, operating system, browser, feature interaction, crash logs	Collected automatically	Service delivery, troubleshooting, analytics, abuse prevention
Support data	Contact history, feedback, survey responses	Provided by you	Customer support and service improvement
Cookies & similar tech	Session tokens, preference cookies, analytics identifiers	Browser	Remember preferences, secure log‑in, analyse product usage (see Section 10)

We do not request or intentionally collect special categories of data (e.g. health information, biometric identifiers) unless explicitly required for an accommodation request and authorised by the Controller.

5  Why we process personal data (legal bases)

Purpose	Legal basis (GDPR)	Notes
Provide and maintain the Services	Contract – Article 6 (1)(b)	Required to fulfil Terms of Service or an Institution contract
Improve, test, and secure the Services	Legitimate interests – Article 6 (1)(f)	Balanced against user privacy; opt‑out avenues provided where feasible
Send product or security notices	Legitimate interests / Legal obligation – Articles 6 (1)(f) & (1)(c)	Transactional, non‑marketing
Optional marketing to adult, non‑student contacts	Consent – Article 6 (1)(a)	Opt‑in only; not sent to student accounts
Comply with laws, court orders, or enforce agreements	Legal obligation – Article 6 (1)(c)	E.g. tax, accounting, fraud prevention

Student Data will never be used for targeted advertising or sold to third parties.

6  How we use personal data

1. Service delivery – enable recording, transcription, live captioning, note‑generation, and quiz features.
2. Account administration – user authentication, licence provisioning, billing (Institutions only).
3. Product improvement – aggregate analytics, error diagnostics, UX research; Content Data is pseudonymised or anonymised where practicable.
4. Safety & compliance – detect abusive behaviour, maintain system integrity, meet legal obligations.
5. Communications – respond to support requests, send critical updates.
6. Marketing (limited) – we may send newsletters to users, educators or institutional decision‑makers with the ability to opt-out.

7  Data sharing and disclosure

We may share personal data only in the circumstances below:

• Authorised Service Providers. Cloud hosting, transcription engines, video processing, analytics, and customer‑support vendors who are contractually bound to: (i) process data solely under our instructions; (ii) implement adequate security measures; and (iii) delete data when the service ends.
• Institutional Administrators. If you access Jamworks via an Institution licence, authorised staff may view usage metrics and certain Content Data created by accounts within their tenancy.
• Legal & safety obligations. Where required by law, subpoena, or to protect the vital interests of a person.
• Business transfers. In connection with a merger, acquisition, or asset sale, provided the successor honours this Policy.

Jamworks does not sell, rent, or license personal data for advertising or other commercial gain.

8  International transfers

Jamworks stores primary data in the United States (for US customers) United Kingdom (for UK customers) and European Economic Area (“EEA”). When we transfer data outside these regions (e.g. to sub‑processors in the United States) we rely on an approved transfer mechanism such as Standard Contractual Clauses (SCCs) or an adequacy decision.

9  Data retention

We keep personal data only as long as necessary to fulfil the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Unless otherwise agreed with an Institution, the standard retention periods are:

• Account & Usage Data – retained for the life of the account + 12 months.
• Content Data – retained until the User deletes it or the Institution contract ends, whichever comes first.
• Support Tickets – 3 years after closure.

Aggregated or anonymised data may be kept indefinitely.

10  Cookies and similar technologies

Jamworks uses first‑party cookies and local storage to:

• Maintain secure sessions;
• Save user preferences (e.g. language, captions on/off);
• Gather anonymised analytics (with consent where required).

You can control cookies through our consent banner and your browser settings. Disabling cookies may affect Service functionality.

11  Security measures & incident response

Jamworks maintains a comprehensive security programme aligned with ISO 27001 and NIST SP 800‑171. Controls include, but are not limited to:

• Encryption in transit (TLS 1.2+) and at rest (AES‑256);
• Role‑based access controls and mandatory MFA for staff;
• Continuous vulnerability scanning and annual penetration tests;
• Least‑privilege sub‑processor configurations;
• Immutable, geo‑redundant backups.

Incident‑response plan. 

We operate a written plan covering preparation, detection, containment, eradication, and recovery. In the event of a confirmed breach of personal data, Jamworks will:

1. Notify the Controller without undue delay and within 72 hours of confirmation;
2. Provide details of the nature of the breach, affected data sets, likely consequences, and immediate mitigation steps;
3. Cooperate with the Controller on any required notifications to individuals or regulators;
4. Conduct a root‑cause analysis and implement remediation.

12  Your rights

Subject to local law, you may have the right to:

• Access the personal data we hold about you;
• Correct inaccurate or incomplete data;
• Delete data or restrict its processing;
• Object to processing based on legitimate interests;
• Port data to another service;
• Withdraw consent at any time (without affecting prior processing);
• Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

You (or the Institution) can exercise these rights by emailing legal@jamworks.com. We will respond within one month, or sooner where required.

13  Children’s privacy (COPPA & UK GDPR)

Jamworks does not knowingly collect personal data from children under 16 years of age without consent from a parent, guardian, or educational Institution acting as the Controller. If you believe we have inadvertently collected such data, please contact us immediately so we can delete it.

14  Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide at least 30 days’ advance notice via email or in‑app message. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

15  Contact & complaints

If you have questions, concerns, or wishes regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at legal@jamworks.com. You may also complain to the ICO (ico.org.uk) if you believe we have violated data‑protection laws.