Privacy Policy
This Privacy Policy explains how The Great Book Review ("we", "us", "our") collects, uses, stores, and shares personal data when you use our website at https://thegreatbookreview.ca (the "Service"). It is written to satisfy general privacy requirements and the information requirements for Google API / OAuth verification.
Contact
If you have questions or requests regarding this policy or your data, contact us at privacy@thegreatbookreview.ca.
Application identification
- Application name: The Great Book Review
- Website / home page: https://thegreatbookreview.ca
- Authorized domains: thegreatbookreview.ca
- Privacy policy URL: https://thegreatbookreview.ca/privacy.html
What data we collect
We collect only the information necessary to operate the Service and to provide classroom functionality to teachers and students. Types of data we may collect include:
- Account information: When users sign in with Google Sign-In (OpenID Connect), we receive the authenticated user's
nameandemail(and a unique identifier). We do not request additional Google scopes (for example: Drive, Contacts, or Gmail) unless we explicitly notify you beforehand and obtain consent. - Teacher-provided data: Teachers may enter student names, initials, grades, comments, and assessments. Teachers are encouraged to use only initials for students' last names if they prefer more privacy.
- Usage data: Non-identifying logs such as timestamps, pages visited, and basic analytics to help us improve the Service.
- Device and technical data: IP address, browser user agent, and other technical details used for security and operation. IPs are logged for a limited time and may be masked for analytics.
How we store and protect data
We take security seriously and use industry-standard practices to protect stored data:
- Authenticated email addresses and any other identifiers are hashed (salted) and stored; when additional encryption-at-rest is used, data is encrypted using modern algorithms (for example AES-256). Passwords (if applicable) are hashed and salted using secure algorithms (for example bcrypt or Argon2) — we never store plaintext passwords.
- Database access is limited to authorized system components and administrators.
- Communication between users and our servers is encrypted via HTTPS/TLS.
- We perform regular security reviews and apply software updates as needed.
How we use the data
We use collected data for the following purposes:
- Authenticate and identify users so teachers can manage classes and students can access their reviews.
- Provide classroom features (student lists, reviews, progress tracking).
- Communicate with users about account issues or updates (using the email on record).
- Maintain, analyze, and improve the Service (bug fixes, usage analytics).
Google API / OAuth details
We use Google Sign-In (OpenID Connect) to authenticate users. The only Google scopes we request by default are:
openid— to authenticate the useremail— to obtain the user's email address (used as a unique identifier)profile— to obtain the user's display name (optional)
Why we request these scopes: to sign users in securely and to map Google accounts to accounts on our system. We do not access or store any other Google data without clear, additional consent from the user.
Third parties and service providers
We may share data with third-party service providers who perform services on our behalf (for example, hosting providers, analytics, email delivery). These providers are contractually required to keep data confidential and only use it for the services they provide to us.
We do not sell personal data to advertisers or other third parties.
Student data & teacher guidance
We recognize the importance of students' privacy. Teachers may choose to identify students by initials instead of full last names. Sensitive student data such as email addresses are stored as hashed/encrypted values so they are not visible in plain text in the database or admin interfaces.
Retention and deletion
We retain personal data only as long as necessary to provide the Service, comply with legal obligations, or resolve disputes. Users (or teachers, for student data they provided) may request deletion of data by contacting privacy@thegreatbookreview.ca. We will respond to legitimate requests to access, correct, or delete personal data in a timely fashion and provide information about any data we retain for legal or operational reasons.
Data portability and access
Users may request an export of their own data (for example, their reviews and account profile). Teachers may request an export of class data they provided. To make a request, email privacy@thegreatbookreview.ca and include enough detail to identify the account or class.
Cookies and tracking
We use cookies and similar technologies to provide and improve the Service, including session cookies and minimal analytics. Our analytics configuration attempts to minimize collection of personal data. You can control cookies through your browser settings; disabling cookies may reduce functionality.
Legal requests and safety
We may disclose personal data if required to comply with the law, enforce our policies, or protect the rights and safety of our users.
Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will post the updated policy at https://thegreatbookreview.ca/privacy.html and update the "Effective date" at the top. Significant changes will be communicated to registered users when appropriate.
Additional information for Google verification reviewers
The Great Book Review requests only basic sign-in scopes (openid, email, profile) to authenticate users and to associate Google accounts with site accounts. We do not access, read, or modify user Google Drive files, Gmail messages, Contacts, or other Google services. Any data received from Google is stored in hashed or encrypted form and used only to identify the user and send necessary site communications. For demonstration or testing purposes, the application’s home page and privacy policy are hosted at thegreatbookreview.ca. For questions, please contact privacy@thegreatbookreview.ca.