Privacy Statement

Last updated: February 2026

This privacy statement describes the types of information that Event Grid collects, stores, and processes when you use this application. Event Grid is a self-hosted course management system operated by your organization. All data described below is stored on your organization's own servers and is not transmitted to any third-party services unless explicitly configured by your administrator (e.g., SMTP email or SAML single sign-on).

1. Account Information

When an account is created, the following information is collected and stored:

Email address — used as your login identifier and for system notifications
First name and last name
Password — stored in hashed form only; your plaintext password is never stored
Title/Position (e.g., Professor, Director) — optional
Facility/Department — optional
Site/Location (e.g., Main Campus) — optional
Role assignment (Admin, Course Manager, Instructor, or Student)

2. Authentication and Security Data

Last login date and time
Account lockout status — recorded after multiple failed login attempts
Two-factor authentication keys and recovery codes — if 2FA is enabled on your account
Session cookies — a secure, HTTP-only cookie is stored in your browser to maintain your login session
Authentication tokens — temporary tokens for password resets and email confirmations

3. Email Notification Preferences

You may configure which email notifications you receive:

Enrollment confirmations and updates
Course update notifications
Instructor messages
System notifications

4. Course Enrollment Data

When you enroll in a course, the following is recorded:

Enrollment date and enrollment status (Active, Dropped, Completed)
Dietary information — if the course includes meals or refreshments, you may be asked to provide dietary preferences and allergy information (vegetarian, vegan, gluten-free, dairy-free, nut allergy, shellfish allergy, halal, kosher, or other restrictions). This information is used solely for catering purposes.

5. Attendance Records

Instructors may record your attendance for each course session, including:

Date and attendance status (Present, Absent, Late, Excused)
Optional notes added by the instructor
Identity of the staff member who recorded the entry

6. Engagement Tracking

Instructors may record observations about student participation, including:

Engagement level and interest level ratings
Date of observation and optional notes

7. Quizzes and Assessments

If you complete quizzes or assessments, the following data is stored:

Your answers to each question
Scores and pass/fail results
Number of attempts and time spent
Start and completion timestamps

8. Feedback and Survey Responses

When you submit feedback or complete surveys:

Your ratings and written responses are stored
If the survey allows anonymous responses, your identity is not linked to the submission
If the survey is not anonymous, your user ID is associated with the response

9. Waitlist Data

If you join a course waitlist, the following is tracked:

Date joined, queue position, and promotion status
Whether you accepted or declined a promotion offer
Reason for removal from the waitlist (if applicable)

10. File Uploads

Course materials uploaded by instructors are stored on the server. Each upload records the file name, file size, content type, upload date, and the identity of the uploader. Accepted file types are limited to documents (.pdf, .docx, .pptx, .xlsx, .txt, .zip) with a maximum size of 10 MB.

11. Audit Logs

For security and accountability, the system records an audit trail of significant actions. Each audit log entry includes:

The action performed (e.g., course created, enrollment dropped, user updated)
The user who performed the action (name and email)
A timestamp of when the action occurred
Your IP address at the time of the action
Previous and new values for any data that was changed

12. Application Logs

The application generates diagnostic log files for troubleshooting purposes. These logs may contain request information, error details, and general operational data. Log files are automatically deleted after 30 days.

13. Automated Emails

If email is configured by your administrator, the system may send automated emails for enrollment confirmations, waitlist notifications, course reminders, and other system events. The email content, recipient, and send date are recorded internally. Emails are sent through your organization's configured SMTP server.

14. Data Import and Export

Administrators and course managers may import user or course data via CSV files and export data in CSV, Excel, PDF, or Word formats. Exported files may contain personal information such as names, emails, enrollment status, and assessment results.

15. Data Storage and Security

All data is stored locally on your organization's server in a database and on the file system.
Passwords are cryptographically hashed and never stored in plaintext.
Authentication cookies are marked as Secure and HTTP-only.
Rate limiting is applied to login endpoints to prevent brute-force attacks.
Data protection keys are stored in a dedicated directory on the server.
No data is transmitted to external services unless your administrator has configured SMTP email delivery or SAML single sign-on integration.

16. Data Retention

Account data is retained as long as your account exists.
Audit logs are retained indefinitely by default.
Application diagnostic logs are retained for 30 days.
Your administrator may delete accounts and associated data upon request.

17. Your Rights

Depending on your jurisdiction, you may have the right to:

Request access to the personal data held about you
Request correction of inaccurate data
Request deletion of your account and associated data
Opt out of non-essential email notifications via your account settings

Contact your system administrator to exercise any of these rights.

18. Contact

If you have questions about this privacy statement or how your data is handled, please contact your organization's system administrator.