My name’s JP Benini and I’m the Chief Technology Officer for Elemental Path, creator of CogniToys. Together with Donald Coolidge, CEO of Elemental Path, we would like to talk about two topics that we both care about very deeply: security and privacy.
Since we started working on CogniToys, we’ve known that offering a personalized and unique experience would require that we collect sensitive information. Technology can be magical and should be used to make the world a better place for all of us, little humans included. However, we never lost sight of the fact that technology for all its possibilities is subject to risks. My team and I are taking every precaution to ensure compromising children’s privacy or safety is notone of those risks.
Security and privacy have been a priority for us from Day One. We commend V-Tech and Mattel/ToyTalk for addressing their recent security breaches and strengthening their commitment to security. We have also taken this time to double down and secure our platform as well.
In light of what’s happened within the “Internet of Toys” community, we are taking extra measures to lock down and partition the CogniToys system and all associated apps to help prevent and limit exposure to malicious attacks. We had already taken steps to encrypt or anonymize data through every step of our platform. Information conveyed to and from the toy is protected with tech industry-grade advanced encryption standards. We use unique encryption keys for each Dino and segment out each piece of the system. To consider a worst case scenario, if any part of the platform is compromised, this combination of segmentation and encryption will ensure only limited amounts of data would be leaked, and that we could quickly identify where the problem originated.
That being said, to further prevent something like this from happening, we are also putting measures in place to regularly cycle these keys that encrypt all information sent to and from the Dino. Additionally, we actively patch and conduct security checks to ensure the integrity of the platform. Early on we made a commitment that we would not share any data the toy generates with outside marketing or advertising entities. This still holds true. Anything created or ingested by the platform stays within the walls of the platform and is only used to make interactions with the Dino better.
As the Dino comes with access to two outside apps (Parent Panel/CogniToys App), we are also locking down data contained in the associated apps and limiting the amount of information collected. The data itself is only used to personalize the toy as we’ve described. Once again, it will never be given and/or sold to any third-parties for marketing purposes.
On the hardware front, the toy’s microphone is muted by default. Parents can rest easy knowing the Dino isn’t always listening, and will not listen unless your child presses the Belly Button with the purpose of talking to it. And as a final option, we offer a way to delete any information collected by the toy. The Parent Panel and CogniToys App will have a "reset" button which will allow parents to wipe any and all info the Dino has learned with your child.
Our team is committed to delivering a safe and secure experience so you can focus on making memories with your Dino buddy. As always, if you have more questions about our approach to security, drop us an email at firstname.lastname@example.org.