Privacy Policy

Introduction

This privacy policy describes how the CS 351 Cloud Computing course website (cs351.cloud) collects, uses, and protects your information. The site is operated by the course instructor at Purdue University as an educational tool for the CS 351 course.

Information We Collect

Account information. Email address, name, student ID (SID), and Gradescope ID — imported from course enrollment data.

Authentication data. Magic link tokens (expire after 1 hour), session cookies, and optional password (stored as a bcrypt hash).

AWS credentials. AWS account ID and external ID, stored for IAM role assumption during automated grading. We do not store AWS secret keys.

Assignment submissions. Grading results (JSON), submission metadata, SSH/HTTP check logs, and AWS account snapshots captured during grading.

Billing data. Estimated AWS charges retrieved from Cost Explorer for student accounts.

Forum data. Ed Stem threads, comments, votes, and view counts — synced for course analytics.

GenAI interaction logs. Requests and responses to Purdue’s RCAC GenAI service, including token counts.

Server logs. IP address, User-Agent, referer, request path, and response status code.

Email records. Delivery status and message ID for system emails sent through the site.

Cookies

• sessionid — Django session; expires on browser close or logout.
• csrftoken — Cross-site request forgery protection.
• tz — Your browser timezone (e.g. “America/New_York”); persists 1 year; used for displaying times in your local timezone.

We do not use third-party analytics, tracking pixels, or advertising cookies.

Email Communications

The site sends only two types of email: magic link login emails and instructor invitation emails. All emails are sent from noreply@cs351.cloud via Amazon SES and are only triggered when a user requests a login link or an instructor sends an invitation. We do not send marketing, newsletters, or bulk communications. Delivery status is logged for operational monitoring.

How We Use Your Data

Your data is used for assignment grading and feedback, course administration, site performance monitoring, and AWS cost tracking. We do not use your data for advertising, profiling, or any purpose unrelated to the CS 351 course.

Who Has Access

The course instructor (site administrator) can view all data. Students can view only their own submissions, credentials, and dashboard. No data is sold or shared with third parties beyond the services listed below.

Third-Party Services

The following services are used solely for course operations:

• Amazon Web Services — Hosting, email delivery (SES), and student infrastructure grading.
• Gradescope — Grade synchronization.
• Ed Stem — Discussion forum data.
• Purdue RCAC GenAI — AI-assisted course features.

Data Retention

All data is retained indefinitely for course administration and academic record-keeping purposes.

Security

The site uses HTTPS encryption, CSRF protection, bcrypt password hashing, magic link tokens that expire after 1 hour, and IAM role assumption (rather than stored secret keys) for AWS access.

FERPA

This site may contain student educational records protected under the Family Educational Rights and Privacy Act (FERPA). The site operates under Purdue University’s policies for the handling of student records.

Changes to This Policy

This policy may be updated. The page always reflects the current version with the last-updated date shown above.

Contact

For questions about this policy or your data, contact the course TA at ccouetil@purdue.edu.