We discuss in this page what data is collected, and how is then stored, exposed and transmitted between the chatbot user, the chatbot app and Moodle.
Data collected
The Moodle eLearning application collects information about the user to create a moodle user profile, which includes user’s name, messaging platform id (like whatsApp number or Facebook page scope id), and other optional information that could include age, gender, organizational role, employee id and other details about user’s place of work.
Data Privacy and Terms & Conditions
The chatbot includes on its startup flow a dialogue to collect acceptance of the Terms & Conditions, including data privacy, which the user must accept to be able to continue the conversation.
API calls
The application communicates with the Moodle API making calls to Moodle’s standard endpoints, as well as the custom endpoints that the Chatbot Plugin enables. The chatbot app uses a token generated in Moodle, and included as part of the chatbot installation.
Similarly, user’s inputs are posted by the communication service provider into the Chatbot plugin, which are followed by the chatbot prompts that are send via the security protocol dictated by the communication service provider.
Data in Transit
Data transmitted between the Moodle API and the Chatbot app, as well as data exchanged with the communication service provider is always transferred as encrypted, via https (port 443).
Data at rest
Chatbot app: no data is stored in the application.
Moodle Plugin: the plugin creates two custom tables in Moodle that are used to store the session log and an app log.
Session log: status of the conversation by user. Allows users to always come back to continue the chatbot conversation in the same paints after a session expires.
App log: log of all traffic, showing all user input as well as content sent to the user.