Examination Publications Students Research Contact Us
Phone: 977-11-415100, 977-11-415200, 977-9801210035, 977-11-415005
Home > Mobile App Privacy Policy

Mobile App Privacy Policy

Privacy Policy for KU Connect (Kathmandu University Mobile App)

Effective Date: June 03, 2025

App Name: KU Connect

Developer: Kathmandu University (KU), Dhulikhel, Kavrepalanchok, Nepal

Last Updated: June 3, 2025

1. Introduction

Welcome to the Kathmandu University mobile application (the “Services”). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard data when you access our Services. By using the Services, you acknowledge and agree to the practices described below.

KU Connect is the official mobile application developed and managed by Kathmandu University to facilitate academic and administrative interaction between the University and its students. This Privacy Policy outlines the types of data the app collects, how that data is used, stored and protected, and your rights regarding your personal information.

2. Information We Collect

KU Connect primarily utilizes student information already collected during the University’s admission and registration process and the academic data generated during the course of study. When you first gain admission to the University and register on our official university portal, you may create a new account to access the student portal and/or mobile app. During that registration process, we collect and store the student information including:

  • Email Address: To serve as your unique login identifiers
  • Password: Your chosen password, which we store only in hashed/encrypted form—never in plain text.
  • Student Registration Number: Assigned at the time of admission, used to verify your identity and link to your academic record.
  • Program and Level of Study: In which student was enrolled.

In addition, students may provide or update the following through their app profile: Contact Number, Profile Picture, Mailing Address, professional profile (alumni profile).

To improve user experience and ensure system integrity, the app may collect: Device details (model, OS version), App version, IP address, Usage logs (e.g., login activity, accessed features).

We do not collect any other personal data beyond what is asked during the admission or registration at the University. Once your account is verified by the university, you may log in to view your academic data (e.g. courses, grades, tuition fee statements). That student-specific data is fetched on demand from our secure back-end systems but is not stored long-term on our application servers.

3. How We Use Your Information

The information collected is used strictly for educational and administrative functions:

  • Verifying user identity and granting secure access to University services
  • Displaying personalized academic content (e.g., notices, schedules, results)
  • Sending timely notifications and updates from departments or faculties
  • Monitoring app usage for performance improvements
  • Data Sharing and Disclosure

KU does not sell or share your personal data with third-party companies. Access to your data is limited to authorized University personnel and used only for institutional purposes.

4. Account Creation & Verification Process

Registration: You initiate a “Create Account” flow by providing:

  • A valid email address.
  • A password of your choosing.
  • Your official student ID number (assigned at admission).
  • Personal and Academic details

Verification:

  • Our system cross‐references your student ID (and name, if provided) against the university’s central database.
  • Once verified, your account is activated. You receive a confirmation message via email or on-screen notification.
  • Until verification is complete, no further access to student‐specific data is granted.

Secure Storage:

  • Passwords are securely hashed (e.g., using bcrypt or a similarly strong algorithm) and never stored in plain text.
  • Email addresses, student IDs, and any names you choose to provide are stored in our encrypted database with restricted access.
  • Access to this database is limited to authorized IT staff and system administrators under strict confidentiality agreements.

5. What Happens When You Log In?

  • Secure Connection: Every communication between your device/browser and our servers is encrypted (HTTPS/TLS).
  • Session Management: Upon successful login, a session cookie (containing only a random session identifier) may be set to maintain your authenticated status.
  • Session cookies are strictly “session-only,” meaning they expire as soon as you close your browser or explicitly log out.
  • No other cookies—tracking, analytics, or advertising—are used by our Services.
  • Data Retrieval: The Services request your student‐specific data (schedules, grades, etc.) directly from secure back‐end systems. Once delivered to your device or browser, that information is not retained on our application servers beyond the duration of your session.

6. Information We Do Not Collect

  • No Personal Demographics: We do not collect date of birth, home address, phone number, social security number, or any other personally identifying details beyond email, password (hashed), student ID, and optional name.
  • No Behavioral Tracking: We do not employ Google Analytics, Firebase Analytics, or any third‐party analytics tools. We do not track clicks, page views, or usage patterns beyond maintaining a temporary session.
  • No Location Data: We do not collect your geolocation or IP address for any purpose.
  • No Third-Party Sharing: Because we only collect minimal data and never sell or share it with third parties, your information remains under strict university control.

7. Cookies & Local Storage

Session Cookies Only:

Necessary to keep you logged in during a single browsing session.

Contain no personal or identifying information—only a random session token.

Expire upon browser close or manual logout.

No Persistent Cookies: We do not set any persistent or tracking cookies.

Local Storage: We do not store personal data in your browser’s local storage. At most, we may briefly cache the last viewed page for performance, and that cache is cleared on logout or session expiration.

8. Security Measures

Encryption in Transit & At Rest: All data transmissions between your device and our servers use HTTPS/TLS. Database records (email, student ID, hashed password) are encrypted or hashed at rest.

Access Controls: Only authorized IT staff and system administrators may access the registration database. All staff undergo regular security training and are bound by confidentiality agreements.

Minimal Data Footprint: Because we store only email, hashed password, student ID, and (optionally) name, there is minimal risk of exposure. In the unlikely event of a breach, no financial, medical, or other sensitive student data is stored on these servers.

9. Data Retention

Active Student Accounts: We retain your registration data (email, hashed password, student ID, name) for as long as your university account remains active.

Automatic Purging: Archive data is purged or anonymized after the retention period required by regulatory guidelines or internal policy (whichever is longer).

10. Third-Party Links & Embedded Content

No Third-Party Widgets or Advertising: We do not embed social media feeds, ad banners, or third‐party widgets that collect data.

External Links: If you click on a link to a non-university site (for example, a research paper hosted elsewhere), that site’s own privacy policy will govern any data collection. Our Privacy Policy ends once you leave our domain.

11. Children’s Privacy

Our Services are intended for university students (typically 17 years or older). We do not knowingly collect information from anyone under the age of 13. If you believe we have inadvertently collected data on a minor, please contact us immediately at isms@ku.edu.np

12. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time. When we make material changes, we will:

Post the updated policy on this page with a new “Last Updated” date.

Display a notification on the login screen or homepage (“Privacy Policy updated—please review”).Your continued use of the Services after a material revision means you consent to the updated policy.

13. Your Rights & Choices

Access & Correction: You can view or correct your registration data (email, password, name) via the university’s central portal.

Password Reset: If you forget your password, follow the “Forgot Password” flow on the login page. Your new password replaces the old one in our database (always stored in hashed form).

Account Deactivation: If you no longer wish to use the Services, you may request account deactivation by contacting our IT Help Desk. Upon verification, we will disable your login access. Your record will then be archived in accordance with the Data Retention section above.

14. Contact Us

If you have questions or concerns regarding this Privacy Policy or data usage within KU Connect, please contact:

Information System Management Section (ISMS)

Information and Library Division

Kathmandu University

Email: isms@ku.edu.np

We will respond to all reasonable inquiries within 30 days.

15. Effective Date

This policy is effective as of June 3, 2025. By using the KU Connect mobile app, you acknowledge and agree to the terms outlined above.