Privacy Policy

1. Introduction

FreshZone is a real-time campus vape aerosol detection system. We collect a limited set of account, device, and sensor information so the platform can authenticate users, display live conditions, and notify staff when alert conditions occur.

2. Information We Collect

Personal information

• Full name for account identity and audit records.
• Email address for account verification, support, and alert delivery.
• Phone number for two-factor authentication and urgent notifications.
• Employee ID and position for campus role verification.
• Password stored only as an encrypted hash.

Automatically collected information

• Browser, operating system, device type, and session activity.
• IP address and login attempt data used for security monitoring and rate limiting.
• Cookie choices, theme preference, and related UI settings when enabled.

Sensor and event information

• PM1.0 readings and event timestamps from campus sensors.
• Zone status, offline or online heartbeat information, and detection history.

3. How We Use Information

• To create and secure user accounts.
• To send alerts, push notifications, and email-based verification messages.
• To monitor platform reliability, prevent abuse, and investigate incidents.
• To improve page performance, mobile usability, and system quality when analytics are enabled.
• To meet institutional, operational, or legal obligations tied to campus safety records.

4. Data Retention

FreshZone keeps data only for the period needed to run the service, support investigations, and meet legal or institutional requirements.

5. Sharing and Disclosure

FreshZone does not sell personal information. Data may be shared only when necessary:

• With service providers supporting hosting, email delivery, or platform security.
• When required by law, lawful request, or campus compliance obligations.
• To protect users, the institution, or the platform from fraud, abuse, or security threats.
• With your explicit consent when a specific use requires it.

6. Security Measures

• HTTPS and TLS encryption for traffic between browser and server.
• Hashed passwords, CSRF protection, and session-aware authentication.
• Role-based access controls for administrators and staff users.
• Prepared statements, security logging, and operational monitoring.

7. Your Rights

Depending on applicable law, users may request access, correction, deletion, restriction, portability, or objection regarding their stored personal data.

Requests should be sent to the Data Protection Officer listed below.

8. Cookies and Device Storage

FreshZone uses the following categories:

• Essential cookies for login, security, and core functionality.
• Preference cookies to remember theme and user interface choices.
• Analytics cookies to improve performance and usability when the user explicitly allows them.

The consent banner appears first. Cookie preferences are opened only when the user chooses the essentials-only route or later requests settings. Disabling essential cookies may prevent secure use of the platform.

9. International Transfers

Where data is processed outside the user's home country, FreshZone applies appropriate safeguards and contractual controls to protect that information.

10. Students Privacy

FreshZone is intended for authorized campus personnel and is not designed to knowingly collect data from children under 16.

11. Policy Changes

We may update this policy to reflect operational, legal, or technical changes. Significant updates will be communicated in-app or through account notifications where appropriate.

12. Governing Law

This policy is governed by the laws of the Philippines, including the Data Privacy Act of 2012, and may also be interpreted in line with other applicable privacy regulations where required.