KSAWorks
KSAWorks
Knowledge • Skills • Abilities

Privacy and Security

MVP privacy and security statement for review prior to launch.

This page explains how the KSAWorks MVP handles identity, basic telemetry, and local configuration. It is written for MVP review and will be refined before production release.

Information we collect

  • Google account identifiers when you sign in: your email address and basic profile information provided by Google/Firebase.
  • Authentication metadata managed by Firebase Authentication (for example, session state and security tokens).
  • Limited client-side configuration stored in your browser (for example, link destinations configured on the Settings page).

Information we do not collect in this MVP

  • No learner transcripts, course history, or credential records are collected by the portal itself.
  • No payment information is collected.
  • No sensitive personal data is intentionally collected by the portal.

How information is used

  • Access control for secured pages (dashboard and settings) using an administrator allow-list.
  • Continuity of experience so sign-in status is consistent across the portal pages.
  • MVP validation of navigation flows and suite framing.

Browser storage

The portal stores a small amount of configuration in your browser using localStorage to remember link destinations for Composer, Playlist, and Performer. You can clear this at any time by clearing your browser site data.

Analytics

Firebase may be configured to provide basic analytics events depending on project settings. In this MVP, analytics is not used to profile users or sell data. If analytics is enabled, it is intended for aggregate product improvement.

Sharing and disclosure

This MVP does not sell personal information. Information may be processed by Google/Firebase as the identity provider and hosting platform. AcademyOne, Inc. may access authentication logs and configuration necessary to operate and secure the Service.

Security practices

  • Authentication is handled by Firebase Authentication using Google sign-in.
  • Restricted routes are enforced by client-side checks for the MVP and are intended to be reinforced server-side as the system matures.
  • Least data principle is applied: the portal is designed to avoid storing learner records and to keep the portal lightweight.

Your choices

  • You can sign out at any time from the portal header.
  • You can clear site storage in your browser to remove locally stored link settings.
  • If you believe your account should be added to or removed from the MVP allow-list, contact the MVP administrator.

Changes to this statement

This statement may evolve as the MVP becomes a production service and as additional capabilities are introduced.

Contact

Questions about privacy and security for this MVP should be directed to AcademyOne, Inc. through your established project communication channels.