🔒 Official Document

Privacy Policy — Prescientia Student

Effective 8 June 2026 · Operated by SMK Negeri 1 Ciamis

1 Introduction

This Privacy Policy explains how the Prescientia Student mobile application (locally titled "Prescientia Siswa", hereinafter the "App"), operated by SMK Negeri 1 Ciamis, collects, uses, stores, and protects your data as a student. The App is a WiFi-based attendance (presence) system used within the school premises. By using the App, you agree to the practices described in this policy.

The App is built with Flutter (Dart) for Android. All data processing happens directly between your device and the school's own backend server over an encrypted (HTTPS) connection. The App contains no third-party advertising or analytics SDKs.

2 Data We Collect

The App collects the following data, solely for school attendance purposes:

  • Account & identity data: name, Student ID Number (NIS), email, phone number, address, profile photo, and class assignment. This data is registered by the school; the App reads it after you log in.
  • WiFi scan results: the hardware identifier of nearby WiFi access points (BSSID / MAC address) and the network name (SSID), obtained through an on-demand WiFi scan (the wifi_scan plugin). Only the BSSID is used to validate that you are physically present at school; the SSID is for display only. Validation is BSSID-only because an SSID (network name) can be trivially cloned, whereas an access point's MAC address cannot.
  • GPS coordinates (attendance moment only): when you submit attendance, the App reads your device's current latitude, longitude, and accuracy (via the geolocator plugin) one time and sends them to the backend as a secondary location signal. The App does not track your location continuously and does not record your location at any other time.
  • Device information & device binding: device model, manufacturer, operating-system version, and a stable device identifier. The App derives a device fingerprint by hashing these values with SHA-256 (via device_info_plus + crypto) and binds your account to a single device to prevent attendance fraud (e.g. asking a friend to check in for you).
  • Attendance & activity records: check-in and check-out times and attendance status@if(!$isSiswa), plus teaching/class-period records@endif.
The App does not collect your contacts, photo gallery, messages, call logs, browsing history, camera, or any sensitive data beyond what is listed above.

3 How the App Works (Technical Flow)

Understanding the flow makes it clear when and why each piece of data is used:

  1. Login. You sign in with credentials issued by the school. The backend returns a signed session token (JWT), which the App stores encrypted on the device (Android Keystore-backed EncryptedSharedPreferences via flutter_secure_storage).
  2. Loading school networks. The App fetches the list of registered school WiFi access points (their BSSIDs) from the backend over HTTPS.
  3. Attendance. When you check in or out, the App performs an on-demand WiFi scan and compares the detected BSSIDs against the registered list. Attendance is accepted only if a registered BSSID is detected. The Student App additionally reads your GPS coordinates once at this moment and includes them in the submission.
  4. Submission. The attendance record (and the device fingerprint) is sent to the backend over HTTPS, authenticated with your session token.
  5. Reminders. The App schedules local notifications (flutter_local_notifications + WorkManager) to remind you of attendance times . These run on-device and are re-registered after a reboot.

4 Android Permissions and Why They Are Needed

The Prescientia Student App declares the following Android permissions:

PermissionReason
INTERNETCommunicate with the school backend API over HTTPS (login, fetching the registered WiFi list, submitting attendance).
ACCESS_WIFI_STATERead the current WiFi adapter state and read scan results (via the wifi_scan plugin).
CHANGE_WIFI_STATETrigger an active WiFi scan to detect the school access points nearby.
NEARBY_WIFI_DEVICESOn Android 13+ (API 33), scan for nearby WiFi access points without exposing physical location.
ACCESS_FINE_LOCATIONRequired by Android as a precondition for WiFi scanning. In the Student app it is ALSO used to read GPS coordinates (latitude/longitude/accuracy) once, at the moment you submit attendance, as a secondary location check.
ACCESS_COARSE_LOCATIONFallback coarse location, also required by Android for WiFi scanning.
POST_NOTIFICATIONSDisplay local attendance reminder notifications (Android 13+ runtime notification permission).
SCHEDULE_EXACT_ALARM / USE_EXACT_ALARMSchedule attendance reminders to fire at precise times.
RECEIVE_BOOT_COMPLETEDRe-register scheduled reminders after the device restarts.
FOREGROUND_SERVICERun scheduled background work (WorkManager) reliably.
WAKE_LOCKKeep the CPU briefly awake to deliver a scheduled reminder.
VIBRATEVibrate the device for reminder notifications.
About location: Android treats WiFi scanning as location-sensitive, so an app cannot scan WiFi without location permission. That is the primary reason this App requests location. The Student App also captures GPS coordinates, but only once at the instant you submit attendance — never as continuous tracking.

5 How We Use Your Data

  • Authenticate (verify) your identity when you sign in.
  • Validate attendance based on the school's WiFi access points and, as a secondary check, GPS coordinates .
  • Bind your account to one device to prevent attendance fraud.
  • Send on-device reminder notifications.
  • Produce attendance summaries and reports for the school.

6 Data Storage and Security

  • The session token (JWT) is stored encrypted on your device using the Android Keystore-backed secure storage; it is never stored in plain text.
  • Identity and attendance data are stored on the school's official backend server.
  • All communication between the App and the server uses an encrypted HTTPS connection.
  • Logging out clears your session data from the device.

7 Third-Party Libraries

The App uses open-source Flutter plugins to access device capabilities locally: wifi_scan (WiFi scanning), geolocator (location services), device_info_plus (device metadata), flutter_secure_storage (encrypted storage), flutter_local_notifications and workmanager (reminders). These libraries run on your device and do not send your data to any party other than the school's backend. The App integrates no advertising networks and no third-party analytics or tracking SDKs.

8 Data Sharing

We do not sell and do not share your data with third parties for commercial or advertising purposes. Data is accessible only to authorized school staff (e.g. homeroom teachers, teachers, and administrators) for attendance administration.

9 Data Retention

Data is retained while you are an active student at the school. It is deleted or deactivated when your account is removed by the school or after you are no longer enrolled (e.g. graduation), in line with the school's administrative policy.

10 Your Rights

You have the right to access and request correction of your personal data. Because the data is managed by the school, requests to access, correct, or delete your data should be submitted through the school administration.

11 Minors

The App is intended for an educational environment and may be used by students under 18 years old under the school's supervision. Accounts are created by the school, and data use is strictly limited to educational attendance purposes.

12 Changes to This Policy

This Privacy Policy may be updated from time to time. Changes will be published on this page with an updated effective date at the top.

13 Contact

For questions about this Privacy Policy, please contact SMK Negeri 1 Ciamis by email at humas@smkn1ciamis.id.