1 Who We Are
The ACMIS Document Verification application ("the App", "we", "us", or "our") is developed and maintained by the HEMIS Consortium, a consortium of higher education institutions in Uganda that operates the Academic Information Management System (ACMIS) platform.
The App is used exclusively by authorised staff members of member universities and institutions connected to the HEMIS Consortium to verify student academic documents and graduation invitation cards at institutional entry points and events.
2 Scope of This Policy
This Privacy Policy explains what information is collected when you use the App, how that information is used and protected, and the choices you have with respect to your personal data. It covers:
- Information collected from the device on which the App is installed (staff device).
- Information retrieved from your institution's ACMIS server during a verification session (student data).
- Credentials provided by you (the authorised staff member) to authenticate into the App.
By installing and using the App you agree to the practices described in this policy. If you do not agree, please uninstall the App and contact your institution's IT administrator.
↑ Back to top3 Permissions We Request
The App requests the following Android permissions. Each permission is strictly necessary for core functionality; we do not request permissions beyond what is required.
| Permission | Classification | Why it is needed |
|---|---|---|
| INTERNET | Normal | Required to communicate with your institution's ACMIS server to authenticate staff, load the list of institutions, and retrieve student document data during verification. All network traffic is encrypted using HTTPS. |
| CAMERA | Dangerous (runtime) | Required to activate the device's rear camera for scanning QR codes printed on student academic documents (registration cards, exam permits, certificates, transcripts, virtual IDs, and graduation invitation cards). The camera is activated only when you explicitly tap "Scan QR code" and is released immediately after a successful scan or when you leave the scanner screen. No images or video are recorded, stored, or transmitted. |
4 Information We Collect
4.1 Staff Authentication Data
When you log in, you provide your institutional email address and password. Your password is never stored on the device. Before transmission it is encrypted using AES-256-CBC with PKCS7 padding and an EVP-BytesToKey-derived key, then sent over an encrypted HTTPS connection to your institution's authentication server. The plaintext password is discarded immediately after encryption.
Upon successful login, the server issues an authentication token. This token is stored locally on the device using Android's Shared Preferences storage in order to keep you logged in across app sessions. It contains no personal information beyond a reference to your staff account.
4.2 Device Identification
To prevent unauthorised access the App registers each installation as a unique device with the ACMIS platform. It collects the following device-level data on first launch:
- A randomly generated UUID — created locally on the device and used as a stable device identifier.
- Device model and manufacturer — read via the
device_info_pluslibrary to label the registered device. - Android version — collected for compatibility and security logging purposes on the server.
This information is sent once to the ACMIS device-registration endpoint and is subsequently used only for device-level authentication (the App exchanges device credentials for a device token used in subsequent API calls).
4.3 Student / Document Data Retrieved During Verification
When a verification is performed (via QR scan or manual entry), the App queries your institution's ACMIS server and temporarily displays the result on screen. This may include:
- Student name, student number, and registration number.
- Programme and department details.
- Enrolment and academic year information.
- Exam permit validity data.
- Graduation invitation card details (card type, serial number, guest names, ceremony date, scan count).
- A student portrait photo URL (fetched from the institution's photo server for display only).
This data is not stored persistently on the device. It is held in memory only for the duration of the verification session and is cleared when you navigate away from the results screen or close the App.
4.4 App Preferences
The App stores the following minimal preferences locally using Android Shared Preferences:
- Whether the onboarding walkthrough has been completed (boolean flag).
- The selected institution identifier (to pre-select your university on next launch).
- The device token and staff session token (see §4.1 and §4.2 above).
4.5 Data We Do NOT Collect
- Location or GPS data.
- Contacts, call logs, or SMS messages.
- Microphone or audio input.
- Files or media from storage.
- Browsing history or app usage analytics.
- Advertising identifiers (GAID/IDFA).
- Biometric data.
- Financial or payment information.
5 How We Use Your Information
All information collected is used solely for the following lawful purposes:
- Staff authentication — verifying that the person using the App is an authorised staff member of a connected institution.
- Device security — ensuring that only registered and approved devices can access the verification API.
- Document verification — retrieving and displaying student document data so that an authorised staff member can confirm document authenticity at the point of need.
- App session management — maintaining your login state so you do not need to re-authenticate on every launch.
- Operational logging — the ACMIS server records each verification event (who scanned, which document, at what time) for audit and security purposes. This logging takes place server-side and is governed by your institution's own data-protection policies.
6 Data Storage & Security
6.1 On-device Storage
Minimal persistent data (device token, staff session token, onboarding flag, selected institution) is stored in Android Shared Preferences, which is sandboxed to the App and is not accessible by other apps on the device (unless the device is rooted).
6.2 In-transit Security
All API communication between the App and the ACMIS servers takes place over HTTPS (TLS 1.2 or higher). Staff passwords are additionally encrypted with AES-256-CBC before transmission, providing an additional layer of protection even if a network interception were attempted.
The graduation-card verification endpoint is further protected by a request header containing an AES-encrypted API key that is validated server-side before any student data is returned.
6.3 Server-side Storage
Student records, staff accounts, and audit logs reside on servers operated by the individual member institutions (or their designated hosting providers) and are subject to each institution's own security and data-governance policies. The HEMIS Consortium does not operate a centralised copy of student data.
6.4 No Third-party Analytics or Crash Reporting SDKs
The App does not integrate any third-party analytics, advertising, or crash-reporting SDKs (e.g. Firebase, Crashlytics, Sentry, or similar). Diagnostic information about app failures is not automatically transmitted to any external service.
↑ Back to top7 Data Sharing & Third Parties
We do not share your personal data with third parties except in the following limited circumstances:
- Your institution's ACMIS server — device identifiers and staff credentials are sent to the institution's server solely to authenticate you and return verification results. This server is operated by or on behalf of your employing institution.
-
HEMIS Consortium central services — the institutions list is
fetched from a HEMIS-operated endpoint
(
dashboard.acmis.ac.ug). This request carries only a device token; no personal staff or student data is transmitted. - Legal obligations — we may disclose information if required to do so by applicable law, court order, or governmental authority.
There are no advertising networks, data brokers, social media platforms, or other commercial third parties with whom we share data.
↑ Back to top8 Data Retention
On-device Data
Data stored locally (session tokens, device token, onboarding flag, selected institution) is retained until:
- You log out of the App (clears the staff session token), or
- You uninstall the App (all Shared Preferences data is deleted by Android), or
- The App's data is cleared via Android Settings → Apps → ACMIS Document Verification → Clear Data.
Server-side Data
Audit logs of verification events (staff account, scanned serial number / student number, timestamp) are retained by each institution's ACMIS deployment for as long as the institution's data-retention policy requires. Please contact your institution's data controller for details.
↑ Back to top9 Children's Privacy
The App is designed exclusively for use by adult staff members of higher education institutions. It is not directed at, and we do not knowingly collect personal information from, children under the age of 18.
If you believe that a child under 18 has provided personal information through the App, please contact us immediately at the address in §12 so that we can take appropriate action.
↑ Back to top10 Your Rights
Subject to applicable data-protection law (including, where relevant, the Uganda Data Protection and Privacy Act 2019), you may have the following rights with respect to your personal data:
- Right of access — to request a copy of personal data we hold about you.
- Right to rectification — to request correction of inaccurate personal data.
- Right to erasure — to request deletion of personal data we hold, where there is no legitimate reason for continued processing.
- Right to restriction — to request that we restrict the processing of your personal data in certain circumstances.
- Right to object — to object to the processing of your personal data where we rely on legitimate interests as the legal basis.
- Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time.
Because student data retrieved during verifications is not stored on-device beyond the active session and is held server-side by your institution, requests relating to student data should be directed to the relevant institution's data-protection officer.
To exercise any of the above rights in relation to data processed by the HEMIS Consortium, please use the contact details in §12.
↑ Back to top11 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes we will:
- Update the Effective Date at the top of this document.
- Increment the version number.
- Publish the revised policy at the same URL where this document is hosted.
Where required by law or where the changes are material, we may also provide in-app notice or notify institution administrators directly.
Your continued use of the App after changes are posted constitutes your acceptance of the updated policy. If you do not accept the revised policy, please stop using the App and contact your institution's IT administrator.
↑ Back to top12 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data-handling practices, please contact the HEMIS Consortium data controller:
HEMIS Consortium
Website: hemis.ac.ug
Email: support@acmis.ac.ug
For student data matters, please additionally contact your institution's own Data Protection Officer or Registrar's office.