What data does Content Controller collect, and how is it handled?
The data model for SCORM and other supported learning standards includes personally identifiable information (PII) that is provided to the content by the LMS. This PII consists of a unique learner ID (often an email address, but sometimes a number or other opaque identifier) and the learner's name.
Content Controller receives this information from LMSs and stores it so that it can be provided to the content in accordance with the relevant specifications, and also (for certain use cases) be shown in reports. As long as the LMS communicates with Content Controller via HTTPS (which is the default), the information is never transmitted in the clear, but is not hashed or encrypted in Content Controller's databases.
Because it is not always desirable that PII be visible in Content Controller's reports, there is a configuration setting that can be used to enable hashing of PII after it is read from the database and before it is sent to the UI or exported in CSV reports. When this setting is enabled, users with access to the UI will not have access to PII. Administrators with access to the database will have access to PII.