Privacy Commitment
UPSked is committed to simplifying the student enlistment process while prioritizing your data privacy. We understand the importance of keeping your personal information secure and are transparent about our data practices.
This document outlines the types of information we collect, the purposes for which it is used, and the measures we take to protect it.
Collected Information
Information You Provide
- Email Address: Providing an email address is optional and is used solely for subscription updates. We do not sell or distribute your email address. You may unsubscribe at any time.
- Program and Year Level: This optional data helps us tailor course recommendations to your needs.
- Feedback: Information submitted via feedback forms is used to identify bugs and improve service functionality.
Automatically Collected Information
- Anonymous Identifier: A randomized ID is stored in your browser to maintain session preferences and sync schedules across tabs, without linking to your real-world identity.
- Schedule Data: Course sections, drafts, and resolved conflicts are stored locally in your browser. This data is only transmitted to our servers if you voluntarily generate a shareable link.
- Usage Analytics: We collect aggregated data regarding feature usage and search patterns to optimize performance. Individual user activity is not tracked in a personally identifiable manner.
- Technical Data: System information such as browser type and device specifications is collected to facilitate debugging and compatibility optimization.
Data Usage
- Service Operation: To manage local storage, synchronize sessions, detect schedule conflicts, and retain user preferences.
- Platform Improvement: To analyze feature adoption and resolve technical issues efficiently.
- Communication: To disseminate important updates to subscribed users.
- Security & Abuse Prevention: To implement rate limits and protect system integrity.
Data Protection
Security Measures
- Database Security: Data is stored securely in Supabase (PostgreSQL) utilizing Row Level Security (RLS) policies to ensure restricted access.
- Encryption: Data is encrypted in transit via HTTPS and at rest by our hosting providers.
- Input Validation: Rigorous sanitization of user inputs is performed to prevent injection attacks.
- Access Controls: Rate limiting is enforced to prevent automated abuse.
- Anonymous Usage: The platform can be used without account creation, relying on anonymous identifiers to protect user identity.
Data Sharing Constraints
- We do not sell personal data to third parties.
- We do not share personal information except as strictly necessary for service operation (e.g., hosting).
- We do not utilize user data for external advertising purposes.
Data Storage & Retention
- Local Schedules: Stored within your browser's local storage. Clearing browser data will permanently remove this information. We do not retain copies unless shared.
- Analytics: Aggregated, anonymized data is retained for service improvement; individual session data is minimal.
- Subscriptions: Email addresses are retained until unsubscription.
Schedule Sharing
When generating a shareable link, schedule data is encoded within the URL. This link allows anyone with access to view the schedule. The URL contains public course identifiers and does not include personal information.
Shared schedules are temporary and decoded upon access; they are not permanently archived on our servers. To maintain privacy, refrain from sharing links if confidentiality is required.
Third-Party Services
UPSked utilizes the following trusted services:
- Supabase: Database and backend infrastructure. Privacy Policy
- Vercel: Hosting and deployment. Privacy Policy
- PostHog: Anonymized usage analytics. Privacy Policy
These providers adhere to GDPR compliance and standard security protocols.
Course Catalog Data
UPSked displays course and section information from UP Diliman's Course Registration System (CRS). Here's how we handle this data:
Public Data Collection
- Publicly Accessible: The course catalog (class codes, schedules, instructors, room assignments) is publicly accessible on CRS without login credentials. Anyone can view this information by visiting the CRS course offering pages.
- What We Collect: Course codes and titles, section numbers, schedules (days, times, rooms), instructor names as publicly listed, and credit units.
- What We Don't Collect: Student enrollment data, personal records, or any information requiring authentication.
How We Use This Data
- Schedule Planning: We present publicly available course data in a visual calendar format with conflict detection and drag-and-drop scheduling.
- Complementing CRS: UPSked does not replace CRS. It provides a better interface for planning. You still enroll through the official system.
- Regular Updates: Data is refreshed periodically (typically before enrollment periods) using respectful rate limiting to avoid server overload.
Ethical Practices
- No Access Control Circumvention: We only access publicly available pages. No login bypass or restricted data access.
- Respectful Collection: We implement rate limits and avoid peak periods to minimize server load.
- Attribution: Course data belongs to UP Diliman. UPSked is an independent tool, not affiliated with UP.
- No Commercial Use: Scraped data is used solely to power UPSked features. It is never sold or used for advertising.
We encourage users to verify all information on the official CRS before enrollment.
User Rights
Users retain the right to:
- Access: Request information regarding collected data.
- Deletion: Remove local data by clearing browser cache or unsubscribe from communications.
- Opt-out: Decline to provide optional information.
To exercise these rights, please contact privacy@upsked.com.
Modifications
We may update this policy to reflect operational or legal changes. Significant updates will be communicated appropriately. Continued use of the service implies acceptance of the revised policy.