Privacy Policy

Last updated: 29 May 2026

1. Data controller

Sergio Comerón Sánchez-Paniagua
Spain
Contact: [email protected]

2. What is this portal?

The mod_jitsi Account (portal.sergiocomeron.com) is a service associated with the mod_jitsi Moodle plugin. It currently provides:

Anonymous usage statistics collected from plugin installations that have opted in
User account management for portal access

In future, the portal will also manage plugin licences.

mod_jitsi Plugin — data processed within your Moodle

This section applies to Moodle administrators and end users of the mod_jitsi plugin. The data described here is processed inside your own Moodle instance. The Moodle site administrator is the data controller for this processing.

3. Data the plugin sends to external services

Service	Data sent	When
Jitsi Meet server	Username, profile avatar URL, email address	Each time a user joins a Jitsi session. Used to identify participants inside the conference.
Google Vertex AI (Gemini)	Recording file (via Google Cloud Storage URI)	Only when an administrator explicitly triggers AI features (summary, transcription, quiz) on a recording. Requires AI features enabled and a GCP service account configured by the administrator.
mod_jitsi portal (portal.sergiocomeron.com)	Anonymous site hash, plugin version, Moodle branch, server type, activity count, enabled features	Periodic telemetry ping, only if the site administrator has opted in. No individual user data is included. See section 5 for full details.

4. Data the plugin stores in the Moodle database

Table	Data stored	Purpose
`jitsi_presence`	User ID, display name	Real-time presence of participants in a session, shown to other participants. Cleared when the session ends.
`jitsi_usage_daily`	User ID, session count, minutes, connection timestamps	Per-user daily usage statistics within each Jitsi activity.
`jitsi_recording_segments`	User ID, watched video segments, play counts	Track which parts of a recording each user has watched.
`jitsi_source_record`	User ID of the recording creator, AI-generated summary, transcription, quiz ID	Store recording metadata and AI-generated content linked to the user who initiated the recording.
`jitsi_push_subscriptions`	User ID, Web Push endpoint, encryption keys	Send browser push notifications for private session calls. Stored only if the user explicitly enables notifications.
`jitsi_tutoring_schedule`	User ID, day of week, start time, end time	Store tutoring availability for private session scheduling.

Users can export and delete all their plugin data via Moodle's built-in privacy tools (Profile → Privacy and Policies → Data requests).

mod_jitsi Account Portal — portal.sergiocomeron.com

This section applies to users of the mod_jitsi Account portal. Sergio Comerón Sánchez-Paniagua is the data controller for this processing.

5. Data collected by the portal and why

Data	Purpose	Legal basis
Email address	Send invitation link; identify your portal account	Consent (you provide it voluntarily)
Username and password hash	Portal authentication	Contract performance (portal account)
Anonymous site hash (SHA-256 of your Moodle URL)	Identify your installation in usage statistics without storing the actual URL	Consent (opt-in in plugin settings)
Licence key (unique token assigned to your installation)	Link usage statistics pings to your portal account; survives site URL migrations	Consent (opt-in in plugin settings)
Plugin version, Moodle version, server type, activity count, enabled features	Understand how the plugin is used to prioritise development	Consent (opt-in in plugin settings)
Aggregated weekly usage counts (sessions, minutes, unique active users, active activities, total recordings, peak simultaneous participants)	Understand usage patterns to prioritise development; all are site-level aggregates — no individual user data	Consent (opt-in in plugin settings)
Site timezone	Usage statistics context	Consent (opt-in in plugin settings)
Site name (Moodle site full name)	Identify your installation; personalise support	Consent (provided at registration)
Site URL (your Moodle address)	Identify your installation; personalise support	Consent (provided at registration)

We do not collect individual user data, course content, session content, or any other personal information beyond what is listed above.

6. Usage statistics — what is and is not sent

When you enable the "Share anonymous usage data" option in the mod_jitsi plugin settings, a weekly ping is sent to portal.sergiocomeron.com containing:

An anonymous hash of your site URL (irreversible — the original URL cannot be recovered)
Your unique licence key (to associate the ping with your portal account)
Plugin version, Moodle branch, Jitsi server type
Number of Jitsi activities on the site
Which optional features are enabled (AI summaries, recording, private sessions, push notifications)
Site timezone
Aggregated weekly counts: number of sessions, total minutes of use, number of unique active users, number of active activities (site-level totals — no individual user data)
Total number of recordings stored
Peak simultaneous participant count (historical maximum)

No individual user data, course content, or session content is sent. All usage counts are site-level aggregates that do not identify any individual. You can disable telemetry at any time from the plugin settings.

7. How long we keep your data

Data	Retention
Portal account (email, username)	Until you request deletion, or automatically 30 days after account deactivation
Usage statistics pings	1 year, then deleted automatically
Expired invitation records	Deleted within 7 days of expiry (invitations expire after 48 hours)

8. Data sharing

We do not sell, rent, or share your personal data with third parties. Data is stored on a server located in Spain (European Union). Daily backups are encrypted on our own server with AES-256 (using a key we hold) before being uploaded to Google Cloud Storage (region: europe-west3, Frankfurt, Germany); the storage provider only ever holds the encrypted files and cannot read their contents. Google is subject to a Data Processing Agreement under GDPR. Data is not transferred outside the European Economic Area (EEA).

9. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR) you have the right to:

Access — request a copy of the data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — request that we limit how we use your data
Portability — receive your data in a structured, machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish data protection authority: Agencia Española de Protección de Datos (AEPD).

10. Cookies and tracking

This portal uses a single session cookie strictly necessary for authentication. No analytics, advertising, or third-party tracking cookies are used.

11. Security

Passwords are stored as bcrypt hashes. All communication with the portal is encrypted via HTTPS (TLS). Access to the server is restricted. Daily backups are encrypted client-side with AES-256 (PBKDF2) before leaving the server, so backup copies stored off-site are unreadable to the storage provider.

12. Changes to this policy

We may update this policy as the portal evolves. The date at the top of this page will reflect the most recent revision. Significant changes will be communicated to registered users by email.

13. Contact

[email protected]