Back to home
Data Governance

Privacy Policy

DGPMS is designed to safeguard graduation records while delivering a secure, role-based workflow for students, staff, and administrators.

Last updated: July 7, 2026

This policy applies to all users of the Digital Graduation Photo Management System (DGPMS) and reflects how MSU-TCTO handles personal and graduation-photo data within the platform.

Function-to-data privacy map

Each DGPMS function collects and processes only the data required to complete that function securely and audibly.

Authentication and Account Access

  • Collects account identity fields (name, student number, email, role) needed to sign in and route users to the correct portal.
  • Uses session and security logs to protect accounts from unauthorized access attempts.

ID Verification Workflow

  • For personal-email registrants, stores submitted school ID images and verification decisions made by authorized staff.
  • Retains reviewer identity and timestamps to maintain a verifiable approval history.

Photo Upload, Assignment, and Review

  • Processes batch upload metadata, student-photo matching data, review outcomes, and release statuses.
  • Tracks who changed a photo state (pending, under review, approved, rejected, available for download).

QR Verification and Download Control

  • Uses verification codes and lookup logs to confirm photo authenticity during staff-assisted checks.
  • Records download and release events to protect official graduation portrait distribution.

Notifications, Support, and Audit

  • Stores notification history so students can track assignment, approval, rejection, and release events.
  • Stores support ticket conversations and administrative audit logs for operational accountability.

1. Data Sharing Boundary

  • DGPMS data is shared only with authorized MSU-TCTO offices involved in graduation operations.
  • We do not sell personal information, photo assets, or activity logs to third parties.
  • Disclosures outside institutional workflow are performed only when legally required.

2. Data Retention Standard

  • Records are retained based on graduation operations, verification needs, security requirements, and institutional policy.
  • Different data classes (profile, ID verification, review logs, support records) may follow different retention windows.
  • Expired records are archived or removed under approved governance controls.

3. Your Privacy Rights

  • You may request correction of inaccurate profile and account details through support.
  • You may ask for a clarification of how your data is used in a specific DGPMS function.
  • Requests are handled under applicable school policy and legal obligations.

Contact and data requests

For profile correction requests, privacy clarifications, or concerns about how your data is used in DGPMS workflows, contact Information and Communications Technology Office (ICTO) through the official support portal after sign in.