Privacy Policy

This Privacy Policy describes how the Academic Voting System (AVS) collects, uses, and protects your personal information when you use our election management platform. We are committed to protecting your privacy and ensuring the security of your data.

By using this system, you agree to the collection and use of information in accordance with this policy.

• Election Management: To facilitate voting, candidate applications, and election administration
• Verification: To verify your identity and eligibility to vote or run as a candidate
• Security: To detect and prevent fraud, unauthorized access, and other security threats
• Audit Trails: To maintain records of system activities for compliance and forensic purposes
• Communication: To send you notifications about elections, account status, and important updates
• Analytics: To improve system performance and user experience (aggregated, anonymized data only)

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication via Google OAuth
• IP address anonymization (hashing) before storage
• Access controls and role-based permissions
• Regular security audits and monitoring
• Data archiving (not deletion) for forensic purposes

• Active Accounts: Data is retained while your account is active
• Audit Trails: Retained for 2 years for security and compliance, then automatically deleted
• Election Records: Retained indefinitely for historical and legal purposes (anonymized where possible)
• Deleted Accounts: Personal information is anonymized or deleted within 30 days of deletion request

Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud investigation).

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all your personal data stored in the system
• Right to Rectification: Update or correct inaccurate personal information
• Right to Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Data Portability: Export your data in a machine-readable format
• Right to Object: Object to processing of your personal data for certain purposes

We collect IP addresses for security and audit purposes. To protect your privacy:

• IP addresses are hashed (anonymized) before storage using SHA-256
• Hashed IPs cannot be reversed to reveal your original IP address
• IP hashes are used only for security analysis and fraud detection
• IP data is retained for 2 years, then automatically deleted

This anonymization ensures we can maintain security while protecting your privacy.

We use the following third-party services:

• Google Authentication: For secure login. Google's privacy policy applies to authentication data.
• Firebase (Google Cloud): For data storage and hosting. Data is stored securely in Google Cloud infrastructure.

We do not sell or share your personal information with third parties for marketing purposes.

We use cookies and similar technologies to:

• Maintain your authentication session
• Remember your preferences
• Improve system performance

We do not use tracking cookies for advertising or analytics beyond system functionality.

This system is designed for use by students of the University of San Agustin (@usa.edu.ph domain). We comply with applicable privacy laws regarding the collection of information from students.

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top
• Sending email notifications for significant changes

You are advised to review this Privacy Policy periodically for any changes.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please:

• Visit the Data Privacy page in your dashboard
• Contact the system administrator
• Email: [Your contact email]