In the meantime, here is a rough outline of the principles we followed in designing the School Council site.
We have tried to strike a balance between protecing the privacy of users while making sure that we can identify anyone who has access to protected areas of the site. This is why we ask users to provide their real names and email addresses.
We do not share our email address list with anyone except the school. We provide a contact form that allows one parent to send an email to another, but your email address is not disclosed when someone uses this form. Only privileged users (site managers and administrators) have full access to your user details.
We provide a mechanism for users to manage their own subscription to our newsletter. Users must consent to receive fundraising or "commercial" emails as per CASL (Canada's Anti-Spam Legislation) regulations in order to subscribe to our newsletter.
Student and Class Info
We designed the site so that access to some content could be restricted to just parents and teachers. We intend that practically all photos of students and most news and events that involve students will be restricted in this way.
Content on the site is moderated: any user can create new content, but it is reviewed before being published live.
Encryption and SSL
Visitors can choose to access the site through an encrypted connection (using https://www.gardenschoolcouncil.com). All user input, including login forms, passwords, and content creation forms are automatically redirected to an encrypted connection.
Authentication with Linked Accounts
We use Janrain Social Login to provide a method for users to log into the site using 3rd party social media accounts, like Facebook or Yahoo. We do not store any details about your accounts on these 3rd party sites, aside from what is required for you to use them to authenticate.
6 September 2016
6 September 2016: Updated link to federal government's CASL page
14 September 2015: Updated encryption statement - all form submissions are now forced to use properly encrypted connection.
10 September 2015: First posted.