DOC-ID: PRIVACY-v2.0TIMECODE: 00:13:40

PRIVACY POLICY

Last Updates: 5th July, 2026• OFFICIAL CHAPTER POLICIES

1. Introduction

Welcome to ACM NIT Surat (accessible at acmnitsurat.vercel.app), the official website of the Association for Computing Machinery Student Chapter at the National Institute of Technology, Surat (SVNIT). We operate as an educational, non-profit student community platform designed to manage technical events, coding contests, workshops, hackathons, chapter announcements, certificate distributions, and chapter registrations.

We are committed to maintaining the trust of our users and verifying transparency in our data processing. Because our platform implements Google Authentication and provides tools for organizers to sync registration forms into their personal spreadsheets, this Privacy Policy explains exactly how we collect, store, share, use, and protect your information.

By accessing our website, registering for our events, or utilizing our administrative sync tools, you consent to the collection and use of your information in accordance with this Privacy Policy.

2. Data We Collect

To provide event registration, manage leaderboard scores, verify participant credentials, and offer Google Sheet syncing capabilities, we collect various details depending on how you interact with our platform.

A. Information Provided by Participants

When you register for an event, create an account, or submit a form, we may collect:

  • Identification & Contact Data: Full Name, Email Address, and Phone Number.
  • Academic Information: Institutional affiliation (College), Department/Branch, Year of Study, and Roll Number.
  • Demographic Information: Gender (only when explicitly required for event logistics, team balances, or hostel allocations during national hackathons).
  • Event-Specific Submissions: Form responses, coding experience levels, project ideas, team names, Github profiles, and LeetCode/Codeforces handles.
  • Timestamps: The exact date and time of registration.

B. Information Provided by Admins & Event Organizers

To enable the Google Spreadsheet integration, authorized administrators and event organizers must authenticate their Google accounts. In this process, we store:

  • Google Account Email: To identify which account is connected to sync event data.
  • Spreadsheet Metadata: The ID and sheet title of the designated spreadsheet.
  • OAuth Tokens: Secured Refresh Tokens and Access Tokens provided by the Google OAuth flow.

C. Automatically Collected Device & Technical Data

To prevent malicious submissions, protect our backend against Denial of Service (DoS) attacks, and maintain security logs, our servers log:

  • Technical Identifiers: IP Address, browser type, operating system, and referral URLs.
  • Security Details: Firebase Authentication tokens and security logs.

3. Google OAuth & Spreadsheet Sync

Critical Verification Notice for Google Reviewers

Our application requests Google OAuth authorization strictly to enable an event organizer to link their personal Google account and automatically sync attendee registration data directly into a Google Spreadsheet owned by that organizer. This process operates under strict data minimization guidelines. We never access unrelated files, read emails, or share your account credentials with anyone.

Requested Scopes & Functionality

We request the minimum possible scopes necessary for the syncing service. Specifically, we request permission to:

  • Create new spreadsheets in your Google Drive (or list existing files to let you select a target spreadsheet).
  • Read and write values (append registration records) to the selected spreadsheet.
  • Maintain a persistent connection using offline tokens to allow real-time background synchronization when a student submits a registration form.

Prohibited Activities & Data Restrictions

To satisfy the Google API Services User Data Policy, ACM NIT Surat guarantees the following policies:

No Unauthorized Access

We DO NOT read your Gmail, inspect folders in Google Drive, view Google Photos, access Calendars, read Contacts, or query any files unrelated to spreadsheets chosen for event synchronization.

No Data Transfer or Sale

We DO NOT transfer or sell Google user data to third-party databases, marketing agencies, or data brokers. Google API responses are solely used to update target spreadsheets.

No Advertising Use

We NEVER use information retrieved via Google APIs to target ads, run marketing profiles, generate leads, or monetize credentials.

No AI Model Training

We DO NOT utilize any Google account emails, spreadsheet metadata, or token data to train machine learning algorithms, artificial intelligence models, or text models.

Token Storage Security

Access and refresh tokens generated via OAuth are encrypted at rest and stored securely using our backend Firestore Database. These tokens are retrieved only by authorized server routines to append new event registration data into your sheet when a user registers on our front-end.

4. How We Use Data

We use the information we collect to maintain operations, verify academic credibility, and organize educational activities. Data is used for:

  • Event Registration & Eligibility: Verifying you are a student, managing team allocations, tracking attendee sizes, and sending reminders.
  • Leaderboard System: Linking your handles (GitHub, LeetCode, Codeforces, CodeChef) to calculate leaderboard rankings and score calculations.
  • Communication: Emailing registration updates, certificates, details of upcoming workshops, and event-related updates.
  • Operations & Administration: Generating entry passes, attendance tracking sheets, and organizer dashboard summaries.
  • Google Sheets Sync: Processing background webhook integrations to sync registrations instantly to organizer-owned spreadsheets.

5. Data Sharing & Disclosure

ACM NIT Surat respects your privacy. We hold ourselves to strict constraints regarding who can access your information:

  • Internal Organizers: Data is shared only with authorized event coordinators, faculty advisors, and members of ACM NIT Surat who manage event logistics.
  • Google Spreadsheet Owners: If you register for an event where the organizer has connected their Google Sheet, your event-specific response data will be synchronized to that sheet.
  • No Commercial Sharing: We do not sell, rent, trade, or distribute your information to advertising networks, commercial businesses, or brokers.
  • Legal Disclosures: We may share data if explicitly required to comply with SVNIT institution policies, applicable Indian regulations, or court-mandated disclosures.

6. Security Measures

We implement industrial-grade security measures to safeguard user records, administrative credentials, and database integrity:

  • HTTPS: All communications between the client browsers and our server endpoints are encrypted using secure Transport Layer Security (TLS/HTTPS).
  • Firebase Authentication: User accounts, passwords, and identity authentications are outsourced directly to Firebase, utilizing secure industry-standard OAuth profiles.
  • Secure Firestore Security Rules: Database reads and writes are restricted using granular Firestore policies, ensuring that users can only view or modify their own files.
  • Least-Privilege Backend Access: Admin dashboards require special custom claims. Event coordinators only see registration lists for events they are assigned to manage.
  • Encryption of API Tokens: External sync credentials (like Google Sheet refresh tokens) are encrypted prior to database storage.

7. Data Retention & Deletion

We store participant registrations and academic indices to support long-term statistics, check participation histories for returning students, track cumulative leaderboard ratings, and support credential verification (for certificates).

Requesting Deletion: You have full control over your information. If you wish to delete your account, purge your event registration records, or remove your handles from the leaderboard, you can contact us at:

Upon verification of your request, we will permanently remove your records from active Firebase and Firestore instances within 14 business days, except where institutional reporting, security backups, or legal obligations require us to preserve logs.

Admin OAuth Disconnections:Admins can revoke access tokens immediately through their profile dashboard or via Google Account settings under "Security > Third-party apps with account access".

8. Cookies & Local Storage

Our platform uses cookies and local storage tokens to recognize authenticated users and maintain state. We do not use tracking pixels or advertising cookies.

  • Authentication Cookies: Placed by Firebase Auth to keep you logged in between visits.
  • Session & State Cookies: Used to track transition animations, page states, and layout parameters.
  • Essential System Settings: Used to store dark mode states, layout preferences, and UI cookies.

You can configure your browser to reject cookies. However, disabling authentication cookies will prevent you from logging in, accessing your profile, registering for events, or sync-linking Google sheets.

9. Your User Rights

We believe you should have control over your data. Depending on your location and academic status, you possess the following rights:

  • Right of Access: You can view the information we collect by logging in and checking your profile dashboard at any time.
  • Right of Correction: You can modify your name, phone number, and profiles via the profile page. For roll numbers or branch updates, contact our dev team.
  • Right of Deletion (Erasure): Request permanent deletion of all data associated with your email.
  • Right of Withdrawal of Consent: Revoke authorization for Google Sheets connections, Firebase profiles, or notifications.

10. Changes to Policy

ACM NIT Surat reserves the right to amend this policy at any time. When modifications occur, we will update the "Last Updated" date at the top of this document. We encourage users to check this page periodically for updates.

If we make substantial revisions that alter the scope of Google OAuth data collections or changes in data usage, we will notify affected admins and organizers via email.

11. Contact Information

For questions regarding this policy, requests for data access or erasure, or inquiries about our Google integrations, please contact our administrative and engineering teams:

ACM SVNIT Chapter

National Institute of Technology, Surat
Ichchhanath, Surat-Dumas Road,
Surat, Gujarat - 395007, India

Official Email: acm@svnit.ac.in

Development Team

ACM Developer Group & Tech Support
National Institute of Technology, Surat
SVNIT Campus, Surat

Developer Emails:dev.aayushdroid@gmail.comshsheth2006@gmail.com