This is the VoiceThread inCommon Participant Operational Practices, as required for participation in the inCommon Federation. If you have any questions about these policies, please contact our Support team or your VoiceThread account manager.
Service Provider Identification
This POP covers the service provider registered as: https://he.voicethread.com/shibboleth-sp
Any future VoiceThread SPs may be covered under different POPs.
VoiceThread requires a unique identifier (such as eppn or targeted-id) and an email address. All other attributes are optional, though some additional attributes may be required for an optimal user experience and/or to enable an implementation that meets specific client needs.
Common Optional Attributes
In all configurations, VoiceThread will use available first (givenName or similar) and last (sn or similar) name data to provide a more personalized user experience. In organizations that have a variety of user roles, VoiceThread uses eduPersonPrimaryAffiliation, eduPersonAffiliation or similar to determine status (student, faculty, staff, etc) and grant the correct type of account.
Usage of Attributes
We do not use attributes beyond basic access control and grouping decisions. We do not share attribute data with any partner or with other organizations at all.
Personally Identifiable Information
We store personally identifiable information (first name, last name, etc) as necessary for normal operation of VoiceThread, plus meeting any needs (automatic account type, etc) of the customer. We may also store additional attributes for reporting purposes, but only at the customer's written request. This information is stored in a database with strong access control. Only a limited subset of VoiceThread staff have direct data access. All data is sanitized before insertion into the database, so even Little Bobby Tables can use VoiceThread.
Access to superuser type accounts is limited to a subset of the VoiceThread staff, and requires additional levels of authentication beyond the normal VoiceThread sign-in process. These individuals fully understand and appreciate the privacy expectations of our users, and any additional staff receiving such access receives a thorough orientation.
Responsible Information Disclosure
If personally identifiable information is compromised, we will notify the primary VoiceThread organization contact via email once we have confirmed that there was any compromise.