MonsoonSIM Privacy and Security Policy

Last updated: April 2nd, 2024

1. Introduction

MonsoonSIM is an experiential business simulation and gamification platform designed for

education and corporate training. We are committed to maintaining the privacy, confidentiality,

and security of all users’ data—students, educators, and institutional partners alike.

This Privacy and Security Policy outlines how MonsoonSIM handles personal data, including

what we collect, how we use it, and how we protect it.

2. Data Collection Practices

We prioritize minimal data collection to protect user privacy. MonsoonSIM does not collect any

sensitive personal information such as:

● Government-issued identification numbers (e.g., SSN, Passport)

● Residential addresses

● Bank or credit card information

● Personal health or biometric data

Information we collect may include:

● Username or email (for account login)

● Institution name and role (e.g., student, teacher, facilitator)

● In-game activity logs for learning analytics and assessment

● IP address and general location (for security and localization)

3. Use of Data

The data collected is used solely for educational and operational purposes, including:

● Account and access management

● Learning progress tracking and reporting

● Game analytics and performance evaluation

● Technical support and troubleshooting

● System improvement and research (in anonymized and aggregated forms only)

We do not sell, rent, or share any personal data with third parties for marketing or commercial

gain.

4. Data Retention and Deletion

User data is retained only for as long as necessary to fulfill the purposes for which it was

collected.

● Learner activity logs and game data may be retained for up to 24 months after course or

event completion.

● Institutions may request data deletion at any time by contacting our support team.

● Upon request, all associated data can be permanently removed from our systems.

5. Data Security

MonsoonSIM implements robust administrative, technical, and physical security measures to

protect all data:

● All communication is encrypted via HTTPS (SSL/TLS).

● User authentication is managed securely with session control and rate limiting.

● Data is stored on secure servers hosted on AWS with firewall protection and access

control.

● Regular security reviews, vulnerability scanning, and backup procedures are in place.

6. FERPA and Compliance

MonsoonSIM is designed with privacy-by-design principles in mind and aligns with key global

data privacy regulations such as GDPR (EU), PIPEDA (Canada), and Australia’s Privacy Act.

While MonsoonSIM does not process sensitive personal data, we are happy to support your

institution’s compliance requirements upon request.

7. Subprocessors and Hosting

MonsoonSIM is hosted on Amazon Web Services (AWS) in secure data centers. AWS is SOC

2, ISO 27001, and GDPR compliant. No third-party subprocessors are used for analytics or

marketing.

8. User Rights and Transparency

● Users may request a copy of their data.

● Institutions may audit or review stored data upon request.

● Educators or administrators may control and configure what information is visible to

learners.

9. Contact and Support

For questions, data access, or deletion requests, please contact:

MonsoonSIM Pty Ltd

Email: support@monsoonsim.com

Website: https://www.monsoonsim.com