Privacy Policy

StageReader helps graduates RSVP for convocation and supports accurate name pronunciation during the ceremony. We take privacy seriously and design this service to collect the minimum information needed to do the job.

What we collect

• Institution code and User ID (to locate your record)
• PIN (used to sign in; stored securely as a one-way hash—never in plaintext)
• First and last name (provided by the institution)
• Faculty and program name (if provided by the institution)
• RSVP (attending / not attending), guest count (0–4), and guest names (if attending)
• Optional audio recording of you saying your name
• Optional phonetic spelling of your name

We also collect standard server logs (IP address, browser type, timestamps) for security monitoring and audit purposes.

How we use it

• To plan seating, attendance, and guest lists for the ceremony
• To support accurate name pronunciation and display during convocation
• To provide authorized administrators with exports (CSV + recordings) for ceremony operations
• To maintain audit logs for security and compliance purposes

Your information is used solely for convocation planning and ceremony execution. We do not sell, share, or use your data for advertising or any unrelated purpose.

Security

StageReader is built with security as a core design principle. The following measures are in place to protect your data:

• Encryption in transit: all connections use HTTPS (TLS) to protect data between your device and our servers.
• Encryption at rest: audio recordings are encrypted server-side using AES-256-GCM before storage. Encryption keys are stored outside the web-accessible directory.
• Credential protection: all PINs and passwords are stored as one-way, salted hashes using industry-standard algorithms. Plaintext credentials are never stored.
• Session hardening: sessions are configured with HTTP-only and secure cookie flags, strict mode enforcement, and cookie-only transport to prevent session hijacking.
• CSRF protection: all forms are protected with cryptographically random tokens to prevent cross-site request forgery.
• Rate limiting: login endpoints enforce attempt limits with automatic lockout to guard against brute-force attacks.
• Input validation: all user input is sanitized and validated. Database queries use parameterized prepared statements to prevent SQL injection. Output is escaped to prevent cross-site scripting (XSS).
• Role-based access control: administrator and presenter accounts are scoped by role and institution, ensuring users can only access data they are authorized to see.
• Single sign-on (SSO): institutions may configure SAML 2.0 single sign-on through their identity provider (e.g. Microsoft Entra ID), enabling centralized authentication and account management.
• Audit logging: security-relevant events—including logins, failed attempts, data exports, and administrative actions—are logged with timestamps, IP addresses, and actor details for accountability and incident response.

Data location

StageReader is hosted on Canadian servers and is intended to store and process all data within Canada. If your institution requires additional data residency confirmations, please contact us.

Retention

Data is retained only as long as needed for convocation planning and execution, after which it may be archived or deleted according to institutional requirements. Institutions may request deletion of their data at any time.

Third parties

StageReader does not share personal data with third parties. When SSO is configured, authentication is handled by your institution's identity provider—StageReader receives only the minimum attributes needed to identify and authorize your account.

Contact

For questions about your RSVP or access, please contact your institution's convocation office.
For questions about this privacy policy or StageReader's data practices, contact us at support@stagereader.ca.

Last updated: 2026-03-17  •  Back to StageReader