Privacy Policy

Effective Date: January 1, 2026

Table of Contents

1. Introduction

Welcome to the SorSU Scheduling System Privacy Policy. We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our privacy practices, please contact us using the information provided at the end of this policy.

This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data. Please read this policy carefully.

2. Information We Collect

We collect the following types of information from you:

A. Information You Provide During Registration

Information Type Purpose Required
First Name & Last Name Account identification and communication Yes
Email Address Account communication, notifications, password recovery Yes
Role/Position Determine system access level and permissions Yes
Password Account security and authentication Yes
Department/Program Organizational structure and scheduling Optional

B. Information Collected Automatically

  • Login History: Date, time, and location of account access
  • IP Address: Your internet protocol address for security purposes
  • Browser Information: Type of browser, operating system, and device information
  • Server Logs: Pages visited, action performed, error messages encountered
  • Session Data: Duration of your session and interactions with the system

C. Information from Third-Party Services

If you use Google OAuth for authentication, we collect:

  • Your Google account email address
  • Your Google profile name
  • Your Google profile picture (if provided)

Note: We do not store your Google password. We only use the information you authorize.

3. How Your Information is Used

We use the information we collect for the following purposes:

Primary Uses

  • Authentication: To create and manage your account securely
  • Communication: To send you system notifications, account updates, and policy changes
  • Approval Process: To evaluate your application for system access
  • Schedule Management: To generate and manage academic schedules
  • System Administration: To maintain, troubleshoot, and improve the system
  • Security Monitoring: To prevent fraud, abuse, and unauthorized access
  • Legal Compliance: To comply with institutional policies and legal requirements

Marketing and Analytics

We do NOT:

  • Sell your personal information to third parties
  • Use your information for marketing purposes without your consent
  • Share your information for commercial purposes
  • Use your data for behavioral profiling or targeted advertising

4. Data Protection Measures

We implement industry-standard security measures to protect your personal information:

Technical Security

  • Encryption: All data in transit is encrypted using SSL/TLS protocol
  • Hashed Passwords: Passwords are hashed using industry-standard algorithms
  • Database Security: Database access is restricted and monitored
  • Firewalls: Multiple layers of firewall protection
  • Regular Audits: Security audits are conducted regularly

Administrative Controls

  • Access to personal information is restricted to authorized personnel only
  • Staff members sign confidentiality agreements
  • Access logs are maintained and reviewed regularly
  • Incident response procedures are in place
Important Disclaimer: While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your password.

5. Data Sharing Policy

We DO NOT share your personal information with third parties except as follows:

Necessary Service Providers

Information may be shared with service providers who assist in system operations, such as:

  • Email service providers (for sending notifications)
  • Cloud hosting providers (for system infrastructure)
  • Security monitoring services

All service providers are contractually obligated to maintain confidentiality and use your information only for the purposes specified.

Legal Requirements

We may disclose your information if required by law or legal process, including:

  • Court orders or subpoenas
  • Government regulatory agencies
  • Law enforcement requests

Internal Administrative Use

Your information may be shared internally with:

  • Administrative staff for account management
  • System administrators for technical support
  • Institutional department heads for scheduling purposes

Within the Institution

Your name, email, and role may be visible to other authorized users of the system for scheduling and administrative purposes.

6. Cookies & Tracking

What Are Cookies?

Cookies are small data files stored on your device that enable the system to recognize you and remember your preferences.

Our Cookie Policy

We use the following types of cookies:

  • Essential Cookies: Required for system functionality and security
  • Session Cookies: Maintain your login session
  • Preference Cookies: Remember your interface preferences
  • Analytics Cookies: Help us understand how the system is used (optional)

Your Cookie Control

You can control cookies through your browser settings. However, disabling essential cookies may prevent the system from functioning properly.

Tracking & Analytics

We may use analytics tools to understand system usage patterns. This data is anonymized and does not personally identify you. You can opt out of analytics tracking in your account settings.

7. Your Rights

You have the following rights regarding your personal information:

Right to Access

You have the right to request access to the personal information we hold about you. Contact us at the address provided below.

Right to Correction

You can update your account information at any time through your account settings or by contacting us directly.

Right to Deletion

You can request deletion of your account and associated data. However, we may retain certain information for legal or operational purposes.

Right to Withdraw Consent

If you have consented to certain data processing, you can withdraw your consent at any time by updating your account settings or contacting us.

Right to Data Portability

You can request your data in a commonly used, machine-readable format for transfer to another service.

Right to Object

You can object to certain types of data processing. Please contact us for more information.

How to Exercise Your Rights: To exercise any of these rights, please submit a request to privacy@sorsu.edu with "Data Subject Request" in the subject line. Include details about your request.

8. Data Retention

We retain your personal information for the following periods:

Active Accounts

  • Account Information: Retained while your account is active
  • Login History: Retained for 90 days for security purposes
  • Activities and Logs: Retained for 1 year for audit purposes

After Account Deletion

  • Personal Identifiers: Deleted within 30 days
  • Transaction History: Retained for 7 years for institutional records
  • System Logs: May be retained for security audit trails
  • Legal Holds: Data retained if required by law or litigation

9. Third-Party Links

The SorSU Scheduling System may contain links to external websites and services. This Privacy Policy applies only to the system itself, not to external websites.

Important: We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party services before providing your information.

10. Contact Information

For questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

SorSU Privacy Office

Email: sorsuscheduling@gmail.com

Response Time

We will respond to your request within 10 business days. For complex requests, we may extend this period to 30 days and will notify you accordingly.

Back to Registration
Last Updated: January 1, 2026