# SSCi Connect Privacy Policy

**Last Updated: December 2024**

## 1. Introduction

SSCi Connect ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

## 2. Information We Collect

### 2.1 Personal Information
- **Email Address**: Required for account creation and notifications
- **Name**: Required for account identification
- **User Role**: Student, Officer, or Administrator role
- **Department**: Required for department representatives
- **Student ID**: If applicable for your account type

### 2.2 User-Generated Content
- **Personal Notes**: Notes you create within the app
- **Visit Logs**: Records of visits to the SSC office (QR-based tracking)
- **Reports**: Reports submitted by you

### 2.3 Automatically Collected Information
- **Device Information**: Device type, operating system
- **Usage Data**: App usage patterns and interactions
- **Firebase Analytics**: Anonymous usage statistics (if enabled)

## 3. How We Use Your Information

We use the collected information for the following purposes:

- **To provide and maintain our services**
- **To send notifications** about announcements and events via email
- **To manage your account** and permissions based on your role
- **To track office visits** for administrative record-keeping
- **To process and review** reports submitted by users
- **To improve our services** and user experience

## 4. Data Storage

### 4.1 Local Storage
- Most of your data is stored locally on your device using SQLite database
- This includes your account information, notes, and visit logs
- Data remains on your device until you delete your account

### 4.2 Cloud Storage
- **Firebase Firestore**: Email addresses may be stored in Firebase for notification purposes
- **EmailJS**: Email addresses are used to send notifications via EmailJS service

## 5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

- **Password Hashing**: Passwords are hashed using SHA-256 before storage
- **Local Encryption**: SQLite database is stored in app's private directory
- **Secure Connections**: All network communications use HTTPS
- **Access Controls**: Role-based access control restricts data visibility

## 6. Data Sharing and Disclosure

### 6.1 We Do Not Sell Your Data
We do not sell, trade, or rent your personal information to third parties.

### 6.2 Service Providers
- **EmailJS**: Used to send email notifications (email addresses shared for this purpose)
- **Firebase**: Used for cloud storage and analytics (subject to Firebase Privacy Policy)

### 6.3 Administrative Access
- Administrators and authorized officers can view:
  - Submitted reports (for review purposes)
  - Visit logs (for record-keeping)
  - User account information (for management purposes)

### 6.4 Legal Requirements
We may disclose your information if required by law or in response to valid legal requests.

## 7. Your Rights

You have the following rights regarding your personal information:

### 7.1 Access
You can view your account information within the app's Settings section.

### 7.2 Correction
You can update your account information through the app interface (subject to role-based restrictions).

### 7.3 Deletion
You can delete your account at any time from the Settings screen. Account deletion will:
- Permanently delete your account information
- Permanently delete all your notes
- Permanently delete your visit logs
- Permanently delete your submitted reports
- Remove your email from notification lists

**Note**: Account deletion is permanent and cannot be undone.

### 7.4 Data Portability
Contact the SSC administration to request a copy of your data.

## 8. Data Retention

- **Active Accounts**: Data is retained while your account is active
- **Deleted Accounts**: All data is permanently deleted immediately upon account deletion
- **Backup Data**: No backups are maintained of deleted account data

## 9. Children's Privacy

This app is intended for use by ISU Ilagan Campus students and staff. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have that information deleted.

## 10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Last Updated" date
- Posting the new Privacy Policy in the app
- Sending email notifications for significant changes (if applicable)

## 11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

**SSC Administration**
ISU Ilagan Campus
Student Supreme Council

For privacy-related inquiries, you can also access the Privacy Policy from within the app's Settings screen.

---

**Note**: This privacy policy applies to the SSCi Connect mobile application. For institutional privacy policies, please refer to ISU Ilagan Campus official documentation.

