🔒

Privacy Policy

How we collect, use, and protect your information.

Effective Date: February 18, 2026

1. Introduction

Welcome to BioSuite Virtual, operated by Prism Immersive ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our learning management system and VR training platform. Please read this policy carefully. By using BioSuite Virtual, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Personal Information

When you register for or use our platform, we may collect:

  • Name and email address
  • Educational institution affiliation
  • Physical address (for credentialing purposes)
  • Account credentials (passwords are stored using industry-standard hashing)
  • A user-set PIN for VR headset authentication

Usage Data

We automatically collect certain information when you use our platform:

  • Training module progress and completion data
  • Knowledge check scores and attempt history
  • Credentialing attempt results
  • Session duration and time-on-task metrics
  • VR headset pairing and session identifiers
  • IP address and browser/device information

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the BioSuite Virtual platform
  • Authenticate your identity and manage your account
  • Track and display your training progress to you and your instructor
  • Administer knowledge checks and credentialing exams
  • Issue, store, and manage professional credentials
  • Send transactional emails (verification, password reset, credential notifications)
  • Generate aggregated, de-identified analytics for institutional reporting
  • Enforce seat licensing and organizational policies

4. Data Sharing & Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

  • With your institution: Instructors and administrators within your organization can view your progress data, knowledge check scores, and credential status as part of the educational relationship.
  • Credentialing authorities: Upon successful completion of a credentialing exam, we notify the designated credentialing authority with your name, email, and pass status.
  • Service providers: We use third-party services (e.g., Resend.io for email delivery) that process data on our behalf under strict confidentiality agreements.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. VR Data & Headset Information

When using VR headsets with our platform:

  • Pairing codes are short-lived and single-use for security.
  • API tokens issued to headsets are cryptographically random and stored in hashed form.
  • Headset device identifiers are logged for session tracking purposes only.
  • We do not collect biometric data, spatial tracking data, or other sensor data from VR headsets.

6. Cookies & Session Data

BioSuite Virtual uses session cookies to maintain your authenticated state. These cookies are configured with security best practices:

  • HttpOnly: Cookies cannot be accessed by client-side scripts.
  • SameSite=Strict: Cookies are not sent with cross-site requests.
  • Secure: In production, cookies are transmitted only over HTTPS.

We do not use third-party tracking cookies or advertising cookies.

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • Argon2id password hashing
  • CSRF protection on all form submissions
  • Prepared SQL statements to prevent injection attacks
  • Output escaping to prevent cross-site scripting (XSS)
  • HTTPS enforcement in production
  • API rate limiting to prevent abuse

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Training progress and credential records may be retained according to your organization's data retention policies. When data is no longer needed, it is securely deleted or anonymized.

9. Children's Privacy

BioSuite Virtual is designed for use by higher education students and professionals. We do not knowingly collect personal information from children under 13 years of age. If you believe a child under 13 has provided us with personal information, please contact us immediately.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal data
  • Object to or restrict certain processing activities
  • Request a portable copy of your data

To exercise any of these rights, please contact us at the email address below.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email or through the platform. Your continued use of BioSuite Virtual after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Company: Prism Immersive

Website: prismimmersive.com