Jamworks Privacy Policy

Effective date: 12 May 2025

Jamworks Platform Limitted. (“Jamworks”, “we”, “our”, or “us”) is committed to protecting the privacy and security of everyone who interacts with our products and services. This Privacy Policy explains, in plain language, how we collect, use, disclose, and safeguard personal data when you visit our websites, use our applications, or otherwise interact with us. It also describes your choices and rights.

Jamworks supports learners around the world, including K‑12 pupils, university students, and professional trainees. Because we sometimes operate as a school service provider or a data processor acting on behalf of an educational institution (the “Institution” or “Controller”), this Policy includes distinct commitments covering Student Data.

1  Who we are and how to contact us

Jamworks Platform Limited. is a company registered in England (No. 12578785) with its principal office at Hop Fields, Tongham Road, Runfold, Surrey, GU10 1PH, United Kingdom.

Email: legal@jamworks.com
Data Protection Officer: Same as above.
You may also write to us at the postal address above, marked “FAO Data Protection Officer”.

2  Scope of this Policy

This Policy applies to the following (“Services”):

  • jamworks.com and any sub‑domains;

  • the Jamworks web, desktop, and mobile applications;

  • the Jamworks recording widget, plugins, and browser extensions;

  • official Jamworks webinars, support channels, and events.

It does not apply to third‑party websites or services that we do not control, even if they are linked from our Services. Please review the privacy notices of any third‑party services you use.

3  Key definitions

4  Personal data we collect

5  Why we process personal data (legal bases)

6  How we use personal data

  1. Service delivery – enable recording, transcription, live captioning, note‑generation, and quiz features.

  2. Account administration – user authentication, licence provisioning, billing (Institutions only).

  3. Product improvement – aggregate analytics, error diagnostics, UX research; Content Data is pseudonymised or anonymised where practicable.

  4. Safety & compliance – detect abusive behaviour, maintain system integrity, meet legal obligations.

  5. Communications – respond to support requests, send critical updates.

  6. Marketing (limited) – we may send newsletters to users, educators or institutional decision‑makers with the ability to opt-out.

7  Data sharing and disclosure

We may share personal data only in the circumstances below:

  • Authorised Service Providers. Cloud hosting, transcription engines, video processing, analytics, and customer‑support vendors who are contractually bound to: (i) process data solely under our instructions; (ii) implement adequate security measures; and (iii) delete data when the service ends.

  • Institutional Administrators. If you access Jamworks via an Institution licence, authorised staff may view usage metrics and certain Content Data created by accounts within their tenancy.

  • Legal & safety obligations. Where required by law, subpoena, or to protect the vital interests of a person.

  • Business transfers. In connection with a merger, acquisition, or asset sale, provided the successor honours this Policy.

Jamworks does not sell, rent, or license personal data for advertising or other commercial gain.

8  International transfers

Jamworks stores primary data in the United States (for US customers) United Kingdom (for UK customers) and European Economic Area (“EEA”). When we transfer data outside these regions (e.g. to sub‑processors in the United States) we rely on an approved transfer mechanism such as Standard Contractual Clauses (SCCs) or an adequacy decision.

9  Data retention

We keep personal data only as long as necessary to fulfil the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Unless otherwise agreed with an Institution, the standard retention periods are:

  • Account & Usage Data – retained for the life of the account + 12 months.

  • Content Data – retained until the User deletes it or the Institution contract ends, whichever comes first.

  • Support Tickets – 3 years after closure.

Aggregated or anonymised data may be kept indefinitely.

10  Cookies and similar technologies

Jamworks uses first‑party cookies and local storage to:

  • Maintain secure sessions;

  • Save user preferences (e.g. language, captions on/off);

  • Gather anonymised analytics (with consent where required).

You can control cookies through our consent banner and your browser settings. Disabling cookies may affect Service functionality.

11  Security measures & incident response

Jamworks maintains a comprehensive security programme aligned with ISO 27001 and NIST SP 800‑171. Controls include, but are not limited to:

  • Encryption in transit (TLS 1.2+) and at rest (AES‑256);

  • Role‑based access controls and mandatory MFA for staff;

  • Continuous vulnerability scanning and annual penetration tests;

  • Least‑privilege sub‑processor configurations;

  • Immutable, geo‑redundant backups.

Incident‑response plan. 

We operate a written plan covering preparation, detection, containment, eradication, and recovery. In the event of a confirmed breach of personal data, Jamworks will:

  1. Notify the Controller without undue delay and within 72 hours of confirmation;

  2. Provide details of the nature of the breach, affected data sets, likely consequences, and immediate mitigation steps;

  3. Cooperate with the Controller on any required notifications to individuals or regulators;

  4. Conduct a root‑cause analysis and implement remediation.

12  Your rights

Subject to local law, you may have the right to:

  • Access the personal data we hold about you;

  • Correct inaccurate or incomplete data;

  • Delete data or restrict its processing;

  • Object to processing based on legitimate interests;

  • Port data to another service;

  • Withdraw consent at any time (without affecting prior processing);

  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

You (or the Institution) can exercise these rights by emailing legal@jamworks.com. We will respond within one month, or sooner where required.

13  Children’s privacy (COPPA & UK GDPR)

Jamworks does not knowingly collect personal data from children under 16 years of age without consent from a parent, guardian, or educational Institution acting as the Controller. If you believe we have inadvertently collected such data, please contact us immediately so we can delete it.

14  Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide at least 30 days’ advance notice via email or in‑app message. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

15  Contact & complaints

If you have questions, concerns, or wishes regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at legal@jamworks.com. You may also complain to the ICO (ico.org.uk) if you believe we have violated data‑protection laws.