Effective date: June 20, 2016.
University of Michigan Advanced Research Computing (ARC) recognizes and respects the privacy interests of researchers who use ARC Connect. This notice describes ARC’s privacy practices with regard to the ARC Connect service and the data collected from users of the ARC Connect service.
This notice is referenced from the ARC Connect discovery service, the CILogon authorization page for the ARC Connect service, and from the InCommon metadata for the ARC Connect service.
ARC Connect does not support Do Not Track requests; any such request you make will have no effect and ARC Connect will continue to collect information as described in this policy.
What information is collected by ARC Connect and why?
- Your full name (whatever your home institution uses as your “display name”), your home institution username (eduPersonPrincipalName), and your home institution email address. These are sent to ARC Connect by your home institution when you log in to ARC Connect via Shibboleth. This information allows us to know who you are and which ARC clusters you may have a user account on, so that you can use the ARC Connect service and so that we can contact you via email if necessary to make inquiries or to notify you about problems which may affect you or your use of ARC Connect.
- An X.509 certificate from CILogon that permits ARC Connect to act on your behalf for a limited time (currently 8 hours) on resources which trust CILogon (such as the ARC clusters). In addition to allowing ARC Connect to run commands on the ARC clusters as you, the certificate contains your full name, the name of your home institution, your home institution username, and a unique CILogon identifier for your CILogon account.
- Any time your web browser makes a request for a URL that begins with https://connect.arc-ts.umich.edu/ information is collected to enable us to diagnose and fix technical problems with the ARC Connect service: time and date, IP addresses and port numbers, your home institution username, type of request, resource requested, status of the request, size of data transferred, web browser user agent string, and referring URL.
- Information about actions you take via the ARC Connect service as a whole, including what actions ARC Connect performs on your behalf (e.g., logging in, starting jobs, port forwarding requests, ending jobs, logging out), the date and time, and the outcome of those actions. This information is collected to enable us to diagnose and fix technical problems with the ARC Connect service.
- Identifying information about each of your ARC Connect sessions, including a unique session identifier, your username, information about any job running in the session, choices you made on the job submission form, the session authentication state, and the date and time you last accessed the session. This information is used to provide the ARC Connect service functionality.
The collected information is not shared, published, or sold to any third party, except as required by law. Sharing required by law includes, but is not limited to, valid law enforcement requests such as subpoenas, or Freedom of Information Act requests.
ARC Connect recognizes the importance of maintaining the security of personal information. We use reasonable security measures, including physical, administrative, and technical safeguards to protect your personal information.
- Access to collected information is restricted to staff who need access to it in order to directly support the ARC Connect service, including support staff, systems staff, and management. All staff are made aware of their obligations to adhere to relevant University of Michigan policies, including but not limited to the sections pertaining to privacy (SPG 601.11), information security (SPG 601.27) and data resource management (SPG 601.12).
Most collected information is kept for no more than 90 days. Exceptions include:
- CILogon certificates are deleted when you click the ARC Connect “logout” link, or after 1 day, whichever comes first.
- Session information is deleted after 30 days, 1 day after any associated job ends, or when you click the “ARC Connect” logout link, whichever comes first.
- Good security practices are used in the design and maintenance of the ARC Connect systems and infrastructure.
What cookies are used and for what purposes?
ARC Connect sets a number of cookies in your web browser. These cookies are used only by the ARC Connect service in order to provide that service; they are not shared with any third party or web site, and are not used to track you across any other web site or service. In order to preserve your privacy and security, all cookies are restricted to being sent/received across HTTPS connections only and are never sent unencrypted. All cookies are automatically deleted when you quit your web browser; neither long-lived cookies nor so-called “super cookies” are used.
If you choose not to accept the cookies set by ARC Connect, the service may not function properly. Most web browsers will allow you to view the cookies set by ARC Connect.
Access and update your information
ARC Connect does not currently maintain any per-user profile or database of user information; hence, there is nothing to update within ARC Connect itself. Most information is provided by your home institution or CILogon when you log in to ARC Connect. To update your information, log out of ARC Connect, clear all private browsing data/history (including your cookies and cache, see the detailed instructions), restart your web browser, and log back in to ARC Connect. Your home institution will then provide ARC Connect with current information about you.
Notice for updates and changes to this policy
ARC will update this policy from time to time, and the most current version will always be posted on the ARC website. We encourage you to review this statement regularly.