Privacy Notice

(This page also constitutes the Notice of Collection under FIPPA s. 39(2).)

Authority and purpose

Brock University collects your personal information to operate the student interface, display exam grades and feedback, provide the AI chat, facilitate exam booking, authenticate access, and secure the website. Collection is authorized by The Brock University Act, 1964 (s. 3) and Ontario's Freedom of Information and Protection of Privacy Act (FIPPA, s. 38(2)).

Scope

This notice applies to the course's online student interface, which runs on a professor-administered server and is not a university-managed system.

What we collect

  • Identity and course data: Name, student ID, university email, course, section.
  • Assessments: Exam responses, grades.
  • AI chat: Messages you send and the AI's replies.
  • Security logs: IP address, user agent, date/time, and error details if applicable.
  • Authentication: Plain text passwords are never stored. The system verifies passwords using a hash at sign-in.

How we use the information

  • Operate the student interface.
  • Show exam grades and feedback.
  • Provide the AI chat.
  • Facilitate exam booking.
  • Authenticate access.
  • Secure the website.

The professor may review chat logs to resolve issues, address academic integrity, and prevent abuse.

Processors and disclosures

  • Internal access: Only the course professor has access to the system.
  • Web hosting: This website is hosted on a DigitalOcean server located in Canada.
  • AI chat: The AI chat is operated using OpenRouter, which routes prompts to select model providers. Training on chats is disabled. Providers may log prompts and replies for operational or abuse-prevention purposes under their policies. The system only sends the student's first name, course, and section to the AI; no other information is included, except for any information the student chooses to share. Processing may occur outside Canada and may be subject to foreign laws. If the AI chat is not used, no information is sent to any external server.
  • Otherwise, disclosures occur only as required or permitted by law.

Storage and security

All data is stored on a server in Canada, administered by the professor. The data is encrypted and all connections use TLS. Access to the server and database is restricted to the professor only. Security logs are maintained. Authentication uses hashes; plain text passwords are never stored.

Retention and deletion

  • Grades, exam responses, and any personal information used to make or support a grading decision: Retained at least 12 months after the end of the course as required by FIPPA, then securely deleted unless needed for appeals, academic integrity, legal holds, or audits.
  • AI chat logs: Retained at least 12 months, then deleted unless needed for the purposes above.
  • Security logs: Deleted periodically based on administrative needs.

Cookies

Session cookies are used only for authentication. They expire on logout or after inactivity. No analytics cookies are used.

Your rights

You may access and seek correction of your personal information through Brock University's Privacy Office.

Contact for questions about this collection

Prof. Barak Shoshany
Department of Physics
Brock University
1812 Sir Isaac Brock Way
St. Catharines, ON
L2S 3A1 Canada
+1 905-688-5550 x5785
bshoshany@brocku.ca

© 2026 Barak Shoshany