Privacy Policy — onTrack

Introduction

onTrack is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our application. By using onTrack, you agree to the practices described in this policy.

Information We Collect

We collect the following types of information to provide our services:

Account information: Your name, email address, and password when you create an account.
Academic data: Course information, grades, GPA calculations, and assessment details that you input or upload.
Uploaded documents: Transcripts and syllabuses that you upload for processing.

Transcript Uploads

When you upload a transcript, we process it solely to extract course codes, grades, and credit information for your academic tracking. We want to be transparent about this process:

        We do not log or store any sensitive information from your transcript uploads beyond the extracted course data (course codes, grades, and credits). The raw transcript file is processed in memory and is not permanently stored on our servers.
      

Data Encryption & Security

We take the security of your data seriously and employ multiple layers of protection:

Password security: All user passwords are hashed using BCrypt, a one-way cryptographic hashing algorithm. We never store your password in plain text. Even in the event of a data breach, your actual password cannot be recovered from the stored hash.
Grade encryption: All grading information (grades, GPA data, and assessment scores) is encrypted at rest using AES-256-GCM encryption. This means your academic performance data is stored in an unreadable, encrypted format in our database.
Transport security: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.

In the Event of a Data Breach

We have designed our data storage with a security-first approach. In the unlikely event of a data breach:

        No private or sensitive information would be exposed in a readable format. Passwords are irreversibly hashed with BCrypt, and all grading data is encrypted with AES-256-GCM. An attacker gaining access to our database would only see encrypted, unreadable data.
      

How We Use Your Information

We use the information we collect exclusively to:

Provide and maintain the onTrack application and its features.
Calculate and display your GPA and academic analytics.
Generate your academic calendar from uploaded syllabuses.
Authenticate your account and maintain your session.

We do not sell, trade, or share your personal information with third parties for marketing or advertising purposes.

Third-Party Services

We use the following third-party services in the operation of onTrack:

Google Gemini API: Used to process and extract information from uploaded syllabuses. Only the content of the uploaded PDF is sent to the API for processing.
Google Calendar API: Used optionally to sync your academic calendar events, only when you explicitly enable this feature.

Data Retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.

Open Source

onTrack is fully open source. You can review our entire codebase, including how we handle your data, on our GitHub repository:

https://github.com/your-username/ontrack

Contact

If you have any questions or concerns about this Privacy Policy or how your data is handled, you can reach us at elmanufa@mcmaster.ca or via LinkedIn.