Skip to main content

Privacy Policy

How Event Grid by Gridkawa collects, uses, stores, and protects your personal information.

Contents

Last Updated: April 1, 2026

1. Overview

This Privacy Policy describes how Gridkawa ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the Event Grid platform ("the Service"). Event Grid is a cloud-hosted course and event management platform.

2. Information We Collect

When you create an account or use Event Grid, we collect and store the following categories of information:

Account Information

  • Email address — used as your login identifier and for system notifications.
  • First name and last name.
  • Password — stored in cryptographically hashed form only; your plaintext password is never stored.
  • Title/Position (e.g., Professor, Director) — optional.
  • Facility/Department — optional.
  • Site/Location (e.g., Main Campus) — optional.
  • Role assignment (Admin, Course Manager, Instructor, or Student).

Email Notification Preferences

  • Enrollment confirmations and updates.
  • Course update notifications.
  • Instructor messages.
  • System notifications.

3. How We Use Your Data

We use the information collected to:

  • Provide, operate, and maintain the Event Grid platform.
  • Authenticate your identity and manage your account.
  • Process course enrollments, waitlists, and payments.
  • Send transactional emails (enrollment confirmations, course reminders, waitlist notifications).
  • Generate reports and analytics for administrators and instructors.
  • Maintain audit logs for security and compliance purposes.
  • Improve the Service based on aggregated usage patterns.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Authentication & Security Data

To secure your account, we collect and store:

  • Last login date and time.
  • Account lockout status — recorded after multiple failed login attempts.
  • Two-factor authentication keys and recovery codes — if 2FA is enabled on your account.
  • Session cookies — a secure, HTTP-only cookie stored in your browser to maintain your login session.
  • Authentication tokens — temporary tokens for password resets, email confirmations, magic link login, and one-time codes.
  • SAML SSO assertions — if your organization uses single sign-on, authentication data is exchanged with your identity provider.

5. Course & Enrollment Data

Enrollment Records

  • Enrollment date and status (Active, Dropped, Completed).
  • Dietary information — if the course includes meals, you may provide dietary preferences and allergy information (vegetarian, vegan, gluten-free, dairy-free, nut allergy, shellfish allergy, halal, kosher, or other restrictions). This is used solely for catering purposes.

Attendance Records

  • Date and attendance status (Present, Absent, Late, Excused).
  • Optional notes added by the instructor.
  • Identity of the staff member who recorded the entry.

Engagement Tracking

  • Engagement level and interest level ratings recorded by instructors.
  • Date of observation and optional notes.

Waitlist Data

  • Date joined, queue position, and promotion status.
  • Whether you accepted or declined a promotion offer.
  • Reason for removal from the waitlist (if applicable).

6. Assessments & Feedback

Quizzes & Assessments

  • Your answers to each question.
  • Scores and pass/fail results.
  • Number of attempts and time spent.
  • Start and completion timestamps.

Feedback & Surveys

  • Your ratings and written responses.
  • If the survey allows anonymous responses, your identity is not linked to the submission.
  • If the survey is not anonymous, your user ID is associated with the response.

7. File Uploads

Course materials uploaded by instructors are stored on the server. Each upload records the file name, file size, content type, upload date, and the identity of the uploader. Accepted file types are limited to documents (.pdf, .docx, .pptx, .xlsx, .txt, .zip) with a maximum size of 10 MB.

8. Audit & Application Logs

Audit Logs

For security and accountability, Event Grid records an audit trail of significant actions. Each audit log entry includes:

  • The action performed (e.g., course created, enrollment dropped, user updated).
  • The user who performed the action (name and email).
  • A timestamp of when the action occurred.
  • Your IP address at the time of the action.
  • Previous and new values for any data that was changed.

Application Logs

The application generates diagnostic log files for troubleshooting purposes. These logs may contain request information, error details, and general operational data. Application log files are automatically deleted after 30 days.

9. Automated Communications

If email is configured, the system may send automated emails for enrollment confirmations, waitlist notifications, course reminders, and other system events. The email content, recipient, and send date are recorded internally. Emails are sent through AWS Simple Email Service (SES).

10. Data Import & Export

Administrators and course managers may import user or course data via CSV files and export data in CSV, Excel, PDF, or Word formats. Exported files may contain personal information such as names, emails, enrollment status, and assessment results. Your organization is responsible for securing exported data.

11. Data Storage & Security

We implement the following measures to protect your data:

  • Encryption in transit: All connections use HTTPS/TLS encryption.
  • Password security: Passwords are cryptographically hashed and never stored in plaintext.
  • Secure cookies: Authentication cookies are marked as Secure and HTTP-only.
  • Rate limiting: Login endpoints are rate-limited to prevent brute-force attacks.
  • Data protection keys: Stored in a dedicated, isolated directory on the server.
  • Access control: Role-based access control (RBAC) restricts data access based on user roles.
  • Anti-forgery tokens: All forms are protected against cross-site request forgery (CSRF) attacks.

Cloud hosting: Our infrastructure is hosted on AWS in Canada (ca-central-1). All data is encrypted at rest and in transit.

12. Data Retention

  • Account data: Retained as long as your account exists.
  • Audit logs: Configurable retention period (default 365 days).
  • Application logs: Automatically deleted after 30 days.
  • Course reminder logs: Default 90-day retention.
  • Inactive waitlist entries: Default 180-day retention.
  • Dropped enrollments, quiz attempts, feedback: Kept indefinitely by default; configurable by administrators.
  • Inactive accounts: Optional auto-deletion (disabled by default; admin accounts can be excluded).

Administrators can configure retention periods and run automated or manual data cleanup from the platform settings. Upon account deletion, all associated personal data is permanently removed.

13. Third-Party Services

Event Grid may interact with the following third-party services depending on your configuration:

  • SMTP / AWS SES: For sending transactional emails (enrollment confirmations, reminders, notifications).
  • SAML Identity Providers: If SSO is configured (e.g., Azure AD, Okta, Google Workspace), authentication data is exchanged with your identity provider.
  • Square: If payment processing is enabled, payment data is handled by Square's payment infrastructure. Gridkawa does not store credit card numbers.

No personal data is shared with third-party advertising, analytics, or marketing services.

14. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data held about you.
  • Rectification: Request correction of inaccurate data via your account settings or by contacting an administrator.
  • Erasure: Request deletion of your account and all associated data.
  • Data portability: Export your data in CSV, Excel, PDF, or Word formats.
  • Restriction: Request that processing of your data be limited in certain circumstances.
  • Opt-out: Manage your email notification preferences from your account settings.

Contact support@gridkawa.com to exercise these rights.

15. Children's Privacy

Event Grid is not directed at children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify registered users via email or in-app notification.
  • Provide at least 30 days' notice before significant changes take effect.

17. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact us: