Introduction
This Privacy Policy explains how the HGCC Digital Education System uses, protects, and retains Google user data accessed via OAuth 2.0 and the YouTube Data API.
Google Data We Access
We only access data that you explicitly authorize: basic profile (name, email, avatar) and read-only YouTube channel/video metadata and statistics.
How We Use Google User Data
Scope-by-scope purpose
-
openid,userinfo.email,userinfo.profile— Used to authenticate users, display their name and avatar in the dashboard, and associate an account with school roles (lecturer/student). -
youtube.readonly— Used to read channel and video titles, IDs, thumbnails, and statistics (views, likes, comments, subscribers) to support learning analytics and classroom activities. No write operations are performed.
| Data Category | How We Use It | Legal Basis / Policy |
|---|---|---|
| Email, profile (name, avatar) | Authenticate users, show account info in UI, map to school roles. | OAuth 2.0 consent; Google API Services User Data Policy (Limited Use). |
| YouTube channel/video metadata & stats (read-only) | Learning analytics dashboards; classroom activities; teacher content planning. | OAuth 2.0 consent; no advertising; no data sale or transfer. |
We do not use Google user data for advertising, profiling, or model training. We do not sell Google user data. We adhere to Google’s Limited Use requirements and only use data to provide user-facing features.
Data Sharing & Disclosure
We do not share Google user data with third parties, except: (1) Google APIs to perform the actions you authorize; (2) our hosting provider for secure operation (under confidentiality and data-processing terms); or (3) when required by law.
Data Protection & Security
Access tokens are stored on the server only, never exposed to the client. All communications use HTTPS/TLS 1.2+. We restrict access by role and log administrative access for auditing.
Data Retention & Deletion
We retain Google user data only as long as your account remains connected. When you sign out, disconnect the service, or revoke access in your Google Account (Security → Third-party access), our system stops accessing your data and deletes stored tokens. You may request deletion of any remaining server-side records via lvphuong.d64@moet.edu.vn; requests are processed within 30 days.
Compliance
We comply with the Google API Services User Data Policy, including the Limited Use requirements. We do not use or transfer Google user data for purposes unrelated to user-facing features.
Contact
Email: lvphuong.d64@moet.edu.vn
Last updated: October 25, 2025