Privacy Policy
Last updated: 2026-07-06
This page describes how Highstone Global University Library ("we", "us") collects, uses, and safeguards personal information when you use the library catalogue and lending service (the "Service").
Information we collect
- Account information: email address and display name you provide at sign-up.
- Profile information you choose to add, such as a short bio.
- Borrowing activity: which items you have borrowed, borrowed dates, and return dates.
- Holds and reservations you place, including position in the waiting queue.
- Multi-factor authentication (MFA) enrolment: when you enable authenticator-app MFA, we store the factor identifier and a shared secret used to verify one-time codes; we do not store the codes themselves.
- Technical data required to operate the Service, such as authentication tokens and basic request logs.
Legal bases
Where the GDPR or a similar framework applies, we process your personal data on the basis of the contract to provide the Service (account, loans, holds), our legitimate interest in operating a secure service (authentication, MFA, abuse prevention), and legal obligations that may apply to library records.
Security
Access is protected by password authentication with optional authenticator-app MFA and server-side authorisation checks. Passwords are compared against known-compromised password lists at sign-up and password change.
Sub-processors
The Service is hosted on Lovable Cloud (backed by Supabase) for authentication, database, and application hosting. Optional book metadata lookups query the OpenLibrary API when a librarian imports a book by ISBN; only the ISBN is sent.
Cookies and local storage
We use cookies and browser local storage only to maintain your sign-in session and remember your language preference. See the cookies page for details.
How we use your information
- To authenticate you and provide access to your account.
- To manage loans, returns, and availability of items.
- To keep the Service secure and to prevent abuse.
- To comply with applicable legal obligations.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, and to object to certain processing. To exercise these rights, contact us using the details below.
Data retention
We retain account and loan records for as long as your account is active, and afterwards only as long as needed to meet legitimate administrative or legal requirements.
Governing law & U.S. state privacy rights
Highstone Global University ("HGU") is registered in the State of Texas, United States. This policy is governed by the laws of the State of Texas and applicable U.S. federal law. Texas residents may have rights under the Texas Data Privacy and Security Act (TDPSA), including the right to access, correct, delete, and obtain a portable copy of personal data we hold about them, and to opt out of targeted advertising, the sale of personal data, and certain profiling — none of which HGU currently performs. To exercise these rights, contact the Library administration using the details below.
Contact
Questions about this policy can be sent to the Highstone Global University Library administration.
This template policy should be reviewed by qualified legal counsel before publication.