XID Privacy Statement
The following discloses our information gathering and dissemination practices for this web site and web application at xid.harvard.edu.
Information gathering
Our web server software generates log files of the IP addresses of computers that access this web site and of what files they access.
These web server logs are retained on a temporary basis.
We may use cookies to maintain a user's identity between web sessions.
Use of information
We do not provide any personally identifiable information we gather or develop about our visitors to any third parties for any purpose.
We use your IP address and files you access to help diagnose problems with our server and to administer our Web site by identifying (1) which parts of our site are most heavily used, and (2) which portion of our audience comes from within the Harvard network. We also use this information to tailor site content to user needs, and to generate aggregate statistical reports. At no time do we disclose site usage by individual visitors.
The XID application collects data from individuals who are requesting an XID account. This information is accessible through the XID application to XID users who have the role of XID Application Administrator, and by XID managers. XID managers can see the detail of the XID accounts that they have created. Additionally, any XID manager can look up any other XID and view that the account exists. No one can view any XID account's password.The XID application page allows anyone with knowledge of an XID login ID to view that XID account's challenge question.
The information that is collected when an individual signs up for an account including the data that an XID Manager may attach to an account (such as a group ID or an expiration data) are available via the University Information System's directory data services. The systems that register to request access to this data must have a valid business reason such as requiring the data to automate local application authorization.
The only systems eligible for access to the data about XID ID holders are Harvard University systems that use XID as a method of authentication via Harvard's web authentication system and require access to XID account data to determine if the XID account is still valid. This may include third- party vendors who have been retained by the University to implement systems for official University business.
This site has security measures in place aimed at protecting from the loss, misuse and alteration of the information under our control.
Contacting this web site
If you have any questions about this privacy statement, the practices of this site, or your dealings with this site, you can contact: directory_services@harvard.edu.
This web site may contain links to other web sites. We are not responsible for the privacy practices or the content of such web sites.
Changes to this policy
Changes to this policy will be made in place, and will be highlighted prominently on the privacy statement page.Changes could be made without notice.
Effective Date
The effective date of this policy was May 1, 2008.
University Information Services, Directory Services Product Team