AsTeRICS Grid Privacy Policy
In this declaration we inform you about the most important aspects of data processing in AsTeRICS Grid.
The AsTeRICS Foundation is responsible for data processing:
Braunhirschengasse 47/9, 1150 Vienna, Austria
office@asterics-foundation.org
Processing of data
AsTeRICS Grid is a web application for augmentative and alternative communication (AAC). The application can be
individually adapted to the needs of users. It is possible to add custom images or texts to the user grids. Moreover
there is a feature of self-learning dictionaries which assist for text entry and are saving the most frequently used
words
and phrases. All these kinds of data is subsequently called "personal data" or "personalized data". Data processing
differs, depending on
how AsTeRICS Grid is used.
Offline users
In the case of an offline user, all personalized data is only stored locally on the user's device and is not
transferred to the internet. Data is stored in an internal database of the browser (IndexedDB) which is
accessible
only the for the current user of the device.
Online user
For an online user, all personalized data is stored in a database of the
AsTeRICS Foundation and therefore can be accessed and
be synchronized on multiple devices of the user. However, all personal data is encrypted end-to-end. This
means that only the user himself can see it unencrypted, when logging in with his/her username. The AsTeRICS
Foundation has no possibility to access or process personal data, which is saved within the encrypted user
configuration.
The key for encrypting the data is the self-chosen user password. For encryption the
algorithm AES
and the software library sjcl is used.
The following data can be found in the AsTeRICS Foundation database without having the decryption keys:
-
Username: the freely selectable username is stored unencrypted. It is only
used to identify the user account. The username is the only data record that possibly can be linked to a
person. However, it's also possible to choose a completely anonymous username.
-
Number of grids: although all content is encrypted, it's possible to see the number
of grids a user has created.
Access analysis
For AsTeRICS Grid we use an access analysis tool from
Matomo.
All data collected in this way is stored on our own servers, will not be passed to third parties and cannot be
linked to individual persons. The following data is saved:
- Anonymized IP addresses of the users (the last 2 bytes are deleted, e.g. 81.217.xxx.xxx)
- Count and duration of access
- Operating system, browser version and screen resolution used for access
Use of YouTube
As soon as a video is started in the built-in YouTube player, cookies are created by YouTube.
If you want to use the built-in YouTube player, you have to agree to the
YouTube Terms of Use and the
Google privacy policy.
All YouTube search queries are sent to the YouTube Data API
in order to receive and show appropriate search results.
Legal basis
The legal basis for the usage of the username (the only potentially personal data processed by AsTeRICS Grid) is
consent, since when registering for an "online user" the user has to consent the processing of the data.
Data transfer
If you're activating the optional function for automatically correct grammar via the API from ARASAAC in the settings,
all sentences constructed via the app will be sent to ARASAAC's API. This will happen at the time of speaking out the
sentence and the reason for transmitting the data is to provide the function for correcting grammar. For further
details see
ARASAAC's privacy policy.
If you're using computer voices with the suffix "online" (see "Settings" -> "User settings" -> "Voice") or if you're
using the "automatic" voice and there are only voices with suffix "online" available, all pronounced texts are sent
to the respective online services for the purpose of generating the speech output. These online services are varying
depending on the voice and can be:
- Responsive Voice: voices with names like "Deutsch Female, online" or "US English Male, online"
- Google: voices with names like "Google Deutsch, online" or "Google UK English, Female, online". These voices are only available within the browser "Google Chrome".
- Microsoft: voices with names like "Microsoft Amala Online (Natural) - German, online" or "Microsoft Eric Online (Natural) - English, online". These voices are only available within the browser "Microsoft Edge".
When using voices with suffix "offline", no data is sent to external services.
Apart from this no data is transferred to third parties.
Storage period
All user data of online users will be deleted after 365 days without use (no login by the user).
If an online user should be deleted beforehand, this can be done by sending a request to
office@asterics-foundation.org.
Revocation und information on rights