Effective Date:
Last Updated:
1. Introduction
The University of Ghana ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the UG QR Attendance System.
2. Information We Collect
2.1 Personal Information
- Students: Student ID, full name, UG email address, password (hashed), biometric data (fingerprint/FaceID credential), device information
- Lecturers: Lecturer ID, full name, email address, department, password (hashed)
- Administrators: Name, email address, password (hashed), department (for co-admins)
2.2 Usage Data
- Attendance records (sessions attended, check-in times, verification methods)
- GPS location data (only during check-in, not continuously tracked)
- Device information (browser type, operating system, device fingerprint)
- IP addresses (anonymized for audit purposes)
- Session activity logs
2.3 Biometric Data
We use WebAuthn (Web Authentication API) to register biometric credentials. Your actual fingerprint or face data never leaves your device. We only store a cryptographic credential ID that is meaningless without your device.
3. How We Use Your Information
- To authenticate your identity and grant access to the System
- To record and track attendance for academic purposes
- To generate attendance reports for lecturers and administrators
- To prevent fraud and ensure check-in integrity (GPS, biometric, device verification)
- To communicate important announcements and notifications
- To improve and maintain the System
- To comply with legal and regulatory requirements
4. Legal Basis for Processing
We process your information based on:
- Your consent (when you register and agree to these terms)
- Legitimate interests of the University (academic record-keeping)
- Compliance with legal obligations
5. Data Sharing and Disclosure
We do not sell your personal information. We may share your information:
- Within the University: With lecturers, department heads, and administrators for attendance tracking purposes
- Service Providers: Firebase (Google) hosts our data – they are bound by data protection agreements
- Legal Requirements: If required by law or to protect the rights and safety of the University
6. Data Security
We implement reasonable security measures to protect your information:
- Passwords are hashed using PBKDF2 with 100,000 iterations
- All data transmitted over TLS/HTTPS
- Biometric data never leaves your device
- Firestore security rules restrict access to authorized users only
- Audit logs track all system activities
7. Data Retention
We retain your information for as long as your account is active and for a reasonable period thereafter for academic record-keeping purposes. You may request deletion of your data by contacting the system administrator.
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Request deletion of your information
- Object to certain processing activities
- Withdraw consent at any time
To exercise these rights, contact support@ug.edu.gh.
9. Children's Privacy
The System is not intended for children under 13. We do not knowingly collect information from children under 13.
10. International Data Transfers
Your information may be transferred to and processed on servers located outside Ghana (Firebase is hosted on Google Cloud servers). By using the System, you consent to such transfers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the System. Your continued use after changes constitutes acceptance.
12. Contact Us
If you have questions about this Privacy Policy, contact:
University of Ghana
Data Protection Officer
Legon, Accra, Ghana
Email: dpo@ug.edu.gh
Phone: +233 (0) 30 123 4567
Last Updated: