This document describes the role of PocketCampus Sàrl in the storage and processing of personal data of PocketCampus app users and in general the steps taken by PocketCampus Sàrl to protect the privacy of its users and customer institutions.

GDPR & New Swiss Data Protection Law - Commitment of PocketCampus Sàrl

PocketCampus Sàrl is fully compliant with the principles of the General Data Protection Regulation (GDPR), as well as the New Swiss Data Protection Law, and ensures that it implements all measures necessary for its full implementation.

Data Protection Officer (DPO)

PocketCampus Sàrl does not have a designated DPO, but can be contacted for any questions regarding security and personal data processing at privacy@pocketcampus.org.

Employees of PocketCampus Sàrl

PocketCampus employees are bound by their employment contract to a strict confidentiality agreement regarding the data to which they have access to due to their position. In addition, access to personal data of the customer institutions of PocketCampus Sàrl and users of PocketCampus apps is strictly controlled in accordance with the principle of least privilege.

Storage of Confidential Data

For the storage of confidential data, PocketCampus Sàrl uses the 1Password Enterprise solution (with storage in Europe), allowing end-to-end data encryption.

Confidential data means data that is internal to PocketCampus Sàrl, or that is provided by the customer institutions of PocketCampus Sàrl to enable the development or maintenance of their app. This includes, but is not limited to:

  • Administrator access credentials to the PocketCampus cloud infrastructure

  • Access credentials to the infrastructure of the customer institutions of PocketCampus Sàrl

  • Database access credentials

  • Access codes to the APIs of the customer institutions of PocketCampus Sàrl

  • Test accounts provided by the customer institutions of PocketCampus Sàrl

  • App Store and Play Store access credentials for app deployment

  • Access credentials to third-party solutions used internally by PocketCampus Sàrl (marketing, management tools, etc.)

  • HTTPS certificates and signatures

    Personal data of PocketCampus app users is excluded from this definition. The storage and processing of such data is covered in the rest of this document.

For each of these elements, fine-grained access rights, based on the principle of least privilege, are granted to PocketCampus Sàrl employees. Each employee has a personal account that can be revoked and is secured by: a unique personal key, a personal password and a second OTP factor.

Right of Access, Request for Rectification, and Right to Be Forgotten

PocketCampus Sàrl is prepared to respond to requests for access and rectification of personal data, as well as the right to be forgotten.

In case of a request coming directly from a user of the PocketCampus app, PocketCampus Sàrl will verify the identity of the requestor with the customer institution of the app.

Rectification and deletion requests apply to data in "production". Old data may be temporarily stored in access logs, action logs and backups (see sub-sections "Access logs", "Action logs" and "Backups").

Infrastructure & Server Software

PocketCampus apps are designed to interact via the network with the PocketCampus server software exclusively. This server software is installed either in the PocketCampus cloud or directly in the infrastructure of the customer institutions of PocketCampus Sàrl. This information is available upon request.

Remote access to the infrastructure hosting the PocketCampus server software is only granted to PocketCampus Sàrl employees who absolutely need it for administration and deployment purposes, in accordance with the principle of least privilege.

Communication security

Communication between the PocketCampus apps and the PocketCampus server software is secured by using HTTPS (TLS 1.2 or higher) on the infrastructure hosting the server software.

Communications between the PocketCampus server software and the institutions' source information systems are secured by the use of HTTPS and various means such as IP filtering and API keys. When supported by the institutions' source systems, user identity verification is performed by the institutions' source systems (e.g. by verifying the user’s session in a JWT), in addition to the verification already performed by the PocketCampus server software.

Data storage

In general, the technical architecture of PocketCampus apps and infrastructure is designed to store a minimal amount of personal data. Only data that is absolutely necessary for the proper functioning of the PocketCampus apps is stored, and in general, this collection is made clearly visible to the users when they use the app.

Features of the apps

In general, the infrastructure hosting the PocketCampus server software does not store personal data coming from the source information systems of the customer institutions of PocketCampus Sàrl. The data is retrieved in real time and is proxied by the PocketCampus server software, but is not stored. Personal data may however be stored for those app features where the PocketCampus solution is used as a complete information system ("vertical" solution). The exhaustive list of stored data depends on the customer institutions of PocketCampus Sàrl and can be obtained upon request.

PocketCampus apps store locally (on the user's device), by functionality, a cache of the last downloaded data, for instant and offline viewing. Only the data of the currently logged-in user is stored and it is completely deleted when the user logs out. PocketCampus Sàrl has no access to this data.

Access logs

The PocketCampus server software maintains and locally stores a log of accesses made by PocketCampus apps. These are kept for 90 days (excluding backups; see "Backups" subsection) and contain the following data:

  • IP address of the request (deleted after 24 hours)

  • Type of query (examples: "retrieve grades", "retrieve schedule", "retrieve courses list") without additional related parameters

  • Total execution time of the request

  • In case of error (failed request)

    • Username

    • Full content of the request, including the user's session (short validity), to allow for replication and analysis of the problem. Primary authentication data (password, long-lasting token) is never stored.

Data returned to the app is never stored in the access logs.

Action logs

For some PocketCampus back-office features (administration area), an action log of data creation, modification and deletion is kept in order to be able to trace back to the author of a potential malicious action.

Action logs are stored in the infrastructure hosting the PocketCampus server software and are kept for 90 days (excluding backups, see subsection "Backups"). They contain the following data for each action:

  • Username

  • Type of action

  • Identifier of the added, modified or deleted data

The list of features for which an action log is maintained depends on the customer institutions of PocketCampus Sàrl and can be obtained upon request.

Backups

If the PocketCampus server software is hosted in the PocketCampus cloud, backups of all data are made on a daily basis. The backups are kept for 90 days. This implies that changed or deleted personal data in the access or action logs can be kept for up to 180 days in total.

Usage statistics

PocketCampus apps send anonymous usage statistics to the Google Analytics service.
The data sent contains the following information:

  • Action performed in the app (examples: click on the "My Schedule" button, "show a given news", "open a given course")

  • Name of the screen on which the action was performed (examples: "main menu", "moodle", "schedule")

  • Date and time of the action

  • City, region, country at the time of the action (derived from the IP address, which is not stored)

  • Unique identifier per device, randomly generated at first launch of the app

  • User’s “category” (e.g. student, employee, etc.), if available and desired by the customer institution

  • Color-blind mode activated (yes/no)

  • Selected campus (where applicable)

  • Name and version of the operating system

  • Browser name and version (in the case of the web app)

  • Make and model of the device

  • App version

  • Language of the device

  • Notifications permission status

  • Voice Over activation status (yes/no; iOS only)

  • Text size preference

  • Interface theme (light/dark)

App crash reports

In case of a crash, PocketCampus apps send an error report to the Google Firebase service. These reports contain the following data:

  • Date and time of the crash

  • The "Stack trace" (definition) that led to the crash of the app. It does not contain any personal data.

  • Name and version of the operating system

  • Make and model of the device

  • App version

  • Orientation of the device at the time of the crash

  • Memory and disk space available at the time of the crash

  • List of actions that led to the crash (see previous section "Usage Statistics")

Data Storage and Processing Locations

The storage and processing of personal data collected by PocketCampus apps is done in Switzerland or in the European Union. The storage and processing of usage statistics and crash reports (anonymous) is done in the European Union (for European clients of PocketCampus Sàrl.) or in the United States.

The exact locations depend on the customer institutions of PocketCampus Sàrl and can be obtained upon request.

Subcontractors

In general, PocketCampus Sàrl ensures that all subcontractors under its direct responsibility fully comply with the GDPR. This excludes subcontractors who are directly contracted by the customer institutions of PocketCampus Sàrl, and from whom PocketCampus Sàrl would collect personal data for the proper functioning of PocketCampus apps, according to the specifications defined by these institutions.

The subcontractors under direct responsibility of PocketCampus are

  • Cloud infrastructure: CloudSigma (privacy policy). Only stores and processes personal data if the customer institution of PocketCampus Sàrl has chosen the "cloud" option, and according to the features chosen by the institution.

  • App crash reports: Google Firebase (privacy policy).

  • Anonymized usage statistics: Google Analytics & Google Big Query (privacy policy).

  • Password manager used internally: 1Password (privacy policy)

  • Planning and Ticketing tool used internally: ClickUp (privacy policy)

Last update: December 4th, 2023