Privacy Policy of studas

Last updated: December 8, 2025

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the service and tells you about your privacy rights and how the law protects you.

0. Legal basis

We only process the minimum necessary data for the application needs. We do not process data on your behalf. Data is only processed when you use our application for the relevant functionality.

1. Who is responsible

For the purposes of the GDPR, the data controller for your personal data is:

• Entity: Studas development group (University of Agder)
• Contact email: admin@studas.org

2. Information We Collect

We believe in data minimization. We only collect the information necessary to provide the functionality of our service. We do not use your data for marketing, advertising, or third-party tracking.

Personal Data

While using our service, we may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. If you choose to create an account, we collect the following:

• Email address: Used for unique identification, account recovery, and essential notifications.
• Name: Used to display your identity to other users within the system (e.g., in Lab Queues or grading views).
• Password: Used to secure your account.
• Phone number (optional): Currently not in use.

Usage Data

We do not collect analytical usage data or track your behavior across other websites.

3. How We Store Your Data

Your security is important to us. Here is how we handle the sensitive data you provide:

• Passwords: We never store your actual password. We store a cryptographic hash of your password using industry-standard hashing algorithms provided by the ASP.NET Core Identity framework. This means even our administrators cannot see your password.
• Email, Name and Phone: These are stored in our database to maintain your account and user profile.

4. Cookies

We use "Cookies" strictly for the essential functioning of the website. We do not use cookies for tracking, analytics, or advertising. The cookies we use are:

• .AspNetCore.Identity.Application: This is an essential security cookie used to maintain your logged-in session as you navigate between pages.
• .AspNetCore.Antiforgery: This cookie is strictly necessary to prevent Cross-Site Request Forgery (CSRF) attacks, ensuring that actions you take on the site are actually initiated by you.
• Identity.External: If you choose to log in via a third-party provider (like Canvas or Google), this cookie temporarily stores your identity information during the login handshake.
• anonUserId: A random identifier used for verifying user actions without logging in to studas.

Because these cookies are strictly necessary for the website to function securely, they cannot be disabled within the application. However, you can configure your browser to block them, though this will prevent you from logging in.

5. Your Rights

We retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. Under the GDPR, you have the following rights:

• Right to Access & Rectification: You can view and update your personal data at any time by visiting your "Manage Account" settings page.
• Right to Erasure (Deletion): You may delete your account at any time through the "Manage Account" settings page.
• Right to Portability: You may request a copy of the data we hold about you by contacting us.

Consequences of Deletion: Upon deletion, your account record (Name, Email, Password Hash) is permanently removed. Some artifacts (such as tickets you previously resolved or grading history) may remain as anonymous records to maintain academic integrity and historical course data.

6. Third-Party Services

We do not sell, trade, or transfer your personally identifiable information to outside parties. However, if you choose to use our Learning Management System (LMS) integration features (e.g., Canvas), we will exchange necessary authentication tokens with that specific provider to facilitate your login and data synchronization.

7. Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

For significant changes (e.g., changes to how we use your data or your rights), we will provide a more prominent notice, such as sending you an email or displaying a notification banner the next time you log in.