Privacy Policy

Introduction

Carnegie Mellon University ("CMU," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Event Registration System (the "Service") for internal college events.

This Service is designed exclusively for Carnegie Mellon University faculty, staff, students, and authorized guests to register for internal university events and activities.

Information We Collect

Personal Information

We may collect the following personal information:

• Name and email address (from CMU authentication system or Google OAuth)
• CMU affiliation status (student, faculty, staff)
• Event registration details and preferences
• Payment information (processed securely through Cashnet)
• Dietary restrictions or accessibility needs for events
• RSVP responses and attendance records

Technical Information

• IP address and browser information
• Device type and operating system
• Session data and authentication tokens
• Usage patterns and system interactions

How We Use Your Information

We use your information for the following purposes:

• Event Registration: Processing event registrations, ticket purchases, and RSVPs
• Communication: Sending event confirmations, updates, and important announcements
• Event Management: Managing attendance, check-ins, and event logistics
• Payment Processing: Facilitating secure payment transactions through Cashnet
• System Administration: Maintaining system security and improving user experience
• Compliance: Meeting university record-keeping and administrative requirements

Information Sharing and Disclosure

Within Carnegie Mellon University

We may share your information with other CMU departments and units as necessary for:

• Event planning and coordination
• University administrative purposes
• Security and safety requirements
• Academic record integration (for student events)

Third-Party Service Providers

We work with the following trusted partners:

• Cashnet (Transact Payments): Secure payment processing for paid events
• Google OAuth: Alternative authentication for authorized users
• CMU IT Services: Authentication and university system integration

Legal Requirements

We may disclose your information if required by law, legal process, or to protect the rights, property, or safety of Carnegie Mellon University, our users, or others.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encrypted data transmission (SSL/TLS)
• Secure authentication systems (Shibboleth/CMU Login, Google OAuth)
• Regular security assessments and updates
• Access controls and user permission management
• Secure payment processing through PCI-compliant systems

Data Retention

We retain your information for different periods based on the type of data and university requirements:

• Account Information: Retained while you are affiliated with CMU plus 7 years
• Event Registration Records: Retained for 7 years for administrative purposes
• Payment Records: Retained according to university financial record policies
• System Logs: Retained for 1 year for security and troubleshooting purposes

Your Rights and Choices

You have the following rights regarding your personal information:

• Access: View your account information and registration history
• Update: Modify your profile information and preferences
• Delete: Request account deletion (subject to university retention policies)
• Opt-out: Unsubscribe from non-essential event communications
• Data Portability: Request a copy of your registration data

To exercise these rights, please contact us using the information provided below or use the account settings within the system.

Cookies and Tracking

Our system uses essential cookies and session management to provide the service:

• Essential Cookies: Required for authentication and system functionality
• Session Management: Maintains your login state and preferences
• Security Tokens: Protects against cross-site request forgery

We do not use advertising cookies or third-party tracking for marketing purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify users of any material changes by posting the updated policy on this page and updating the "Effective Date" at the top. Continued use of the Service after changes constitute acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact: