Privacy Policy

Credentia ("we," "us," or "our") is a college management platform built for SRM Institute of Science and Technology ("SRM University"). This Privacy Policy explains how we collect, use, store, protect, and share your personal information when you access or use the Credentia platform (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you register for Credentia, we collect information necessary to create and manage your account:

• Full name and email address
• Role (Student, Faculty, or Placement Manager)
• Registration number (for students) or Employee ID (for faculty)
• Hashed password (we never store plain-text passwords)

1.2 Student Profile Information

Students may provide additional information to complete their profile, which enables features like form auto-fill and placement services:

• Personal details — date of birth, gender, mobile number, and alternate contact numbers
• Parent/guardian information — names, phone numbers, and email addresses
• Academic records — 10th and 12th grade percentages, board, CGPA, arrears history
• Skills and experience — programming skills, internship details, certifications
• Career goals — career preference, dream company
• Social/professional links — GitHub, LinkedIn, LeetCode, portfolio URLs
• Address and profile photo
• Resume uploads

1.3 Academic and Achievement Data

• Achievements and certificates uploaded by students (including PDF documents)
• Form submissions and responses to faculty-created forms
• Class enrollment and attendance records
• Placement application data

1.4 Biometric Data

If you opt in to face-recognition-based live attendance, Credentia processes facial descriptor data (mathematical representation) derived from your camera feed. This data is used solely for attendance verification purposes.

1.5 Automatically Collected Data

• Session information — login timestamps, IP address, and browser user-agent
• Security events — login attempts, password changes, and suspicious activity logs
• Device and browser information for session management

2. How We Use Your Information

We use the information we collect for the following purposes:

• Account management — to create, authenticate, and maintain your account
• Academic services — to enable class enrollment, form submissions, achievement tracking, and attendance management
• Profile auto-fill — to pre-populate form fields with your saved profile data, reducing repetitive data entry
• Placement services — to share relevant profile and resume data with placement managers for job matching and ATS scoring
• Notifications — to send you in-app notifications about form deadlines, achievement reviews, and class updates
• Security — to detect and prevent unauthorized access, fraud, and abuse of the platform
• Communication — to send password reset emails, attendance reports, and system-critical emails

3. Data Storage and Security

3.1 Infrastructure

Credentia is hosted on a secured cloud server located in Bangalore, India, with SSL/TLS encryption for all data in transit. The database runs locally on the same server to minimize latency and external exposure.

3.2 Security Measures

• All passwords are hashed using Argon2id before storage
• Sensitive personal data fields are encrypted at rest using AES-256-GCM
• HTTPS (TLS 1.2+) is enforced for all connections
• Rate limiting is applied to all API endpoints to prevent abuse
• Session management includes single-session enforcement, automatic timeout, and device fingerprinting
• Security events (login attempts, password changes) are logged and monitored
• CSRF protection, Content Security Policy (CSP), and other HTTP security headers are enforced

3.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If your account is deleted by an administrator, all associated personal data, submissions, achievements, and enrollment records are permanently removed from our systems.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. Your data may be shared in the following limited circumstances:

• Within the institution — faculty members can view data submitted through forms and class enrollments. Placement managers can access placement-relevant profile data and resumes.
• Administrative access — platform administrators may access user data for account management, provisioning, and system maintenance purposes.
• Legal requirements — we may disclose information if required by law, regulation, or legal process, or to protect the rights, safety, or property of our users or the institution.

We do not use third-party analytics, advertising, or tracking services. No data is shared with external companies for marketing purposes.

5. AI and Automated Processing

Credentia uses AI-powered features to enhance the user experience:

• Certificate OCR — uploaded certificates are processed using optical character recognition to extract text for verification purposes. This processing occurs locally on our server.
• AI Achievement Review — achievement submissions may be reviewed by an AI system to assist faculty in the verification process. Final approval decisions rest with human reviewers.
• ATS Scoring — resumes may be scored against job descriptions using AI to assist placement managers. These scores are advisory and do not make automated decisions about placement.
• Face Recognition — if enabled for live attendance, facial descriptor data is processed in-browser and compared against your registered face data. Raw images are not stored on the server.

6. Cookies and Local Storage

Credentia uses essential cookies and browser local storage strictly for functionality:

• Authentication cookie — a secure, HTTP-only session cookie to maintain your login session
• Theme preference — stored in local storage to remember your selected UI theme
• CSRF token — used to protect against cross-site request forgery attacks

We do not use tracking cookies, third-party cookies, or advertising cookies.

7. Your Rights

As a user of Credentia, you have the right to:

• Access your data — view all personal information stored in your profile at any time
• Correct your data — update your profile information through the platform
• Request data export— contact your institution's administrator to request an export of your data
• Request deletion— contact your institution's administrator to request account and data deletion

Since Credentia is an institutional platform, account creation and deletion are managed by the institution's administrators. Please contact your department or IT administration for account-related requests.

8. Children's Privacy

Credentia is designed for use by college-level students and faculty. The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: