Privacy Policy

Controller Information

Company: CampusLink Labs, LLC
Contact: darragh.b3272@gmail.com
State of Organization: Indiana

Overview

CampusLink is a peer-to-peer marketplace mobile application that facilitates student-to-student sales of physical goods and services. This Privacy Policy describes how we collect, use, and protect your personal information when you use our mobile application.

What We Collect

Personal Information

• Name and Email Address: Required for account creation and verification
• Profile Information: Bio, profile picture (optional)
• Authentication Data: Encrypted passwords and session tokens

Content You Create

• Listings: Product/service descriptions, photos, pricing, categories
• Messages: Direct messages with other users through our messaging system
• Ratings and Reviews: Feedback you provide about transactions
• Reports: Content moderation reports you submit

Device and Technical Information

• Device Information: Device type, operating system, app version
• Push Notification Tokens: For sending you notifications
• IP Address: For security and fraud prevention
• Usage Data: App interactions, feature usage, error logs

Payment Information

• Payment Methods: Credit/debit cards and Apple Pay (processed securely via Stripe)
• Stripe Connect Account Data: For sellers (handled by Stripe)
• Transaction Records: Order history, payment amounts, escrow information
• Bank Account Information: For payouts (stored securely by Stripe)

Photos and Media

• Listing Photos: Images you upload for your listings
• Profile Pictures: Optional profile photos
• Camera Access: For taking photos directly in the app

Sources of Data

• You: Information you provide directly when creating an account, listings, or messages
• Your Device: Technical information automatically collected from your device
• Stripe: Payment processing and verification data
• Supabase: Our database and authentication provider
• OneSignal: Push notification service (currently disabled)

How We Use Your Data

App Functionality

• Account Management: Creating and maintaining your user account
• Authentication: Verifying your identity and campus email
• Marketplace Operations: Facilitating listings, offers, and transactions
• Messaging: Enabling communication between buyers and sellers
• Payments: Processing transactions through Stripe Connect (including Apple Pay)

Safety and Security

• Fraud Prevention: Detecting and preventing fraudulent activity
• Content Moderation: Reviewing reported content and user behavior
• Dispute Resolution: Investigating and resolving transaction disputes
• Account Security: Protecting against unauthorized access

Legal Compliance

• Tax Requirements: Maintaining records as required by law
• Law Enforcement: Responding to valid legal requests
• Terms Enforcement: Ensuring compliance with our Terms of Service

Product Improvement

• Analytics: Understanding how users interact with our app
• Bug Fixes: Identifying and resolving technical issues
• Feature Development: Improving existing features and developing new ones

Data Sharing

We Share Data With:

• Service Providers: Supabase (database), Stripe (payments including Apple Pay), OneSignal (notifications)
• Other Users: Your public profile information and listings are visible to other users
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or sale of assets

We Do NOT:

• Sell your data to third parties
• Use your data for third-party advertising
• Share personal information beyond what's necessary for app functionality

Data Retention

Account Data

• Active Accounts: Retained while your account is active
• Deleted Accounts: Permanently deleted within 30 days of account deletion request

Transaction Data

• Order Records: Retained for 7 years for tax compliance
• Payment Information: Handled by Stripe according to their retention policies

Messages and Content

• Messages: Retained while your account is active
• Listings: Retained while active, archived when sold or deleted
• Photos: Retained while associated with active listings

Technical Data

• Logs and Analytics: Retained for 12-24 months
• Error Reports: Retained for 6 months for debugging purposes

Security Measures

Technical Safeguards

• Encryption: All data encrypted in transit and at rest
• Row-Level Security: Database access controls based on user identity
• Secure Authentication: Industry-standard authentication protocols
• Regular Security Updates: Keeping systems and dependencies current

Access Controls

• Least Privilege: Staff access limited to necessary functions only
• Audit Logging: Monitoring access to sensitive data
• Secure Development: Following security best practices in code development

Your Rights

Access and Control

• View Your Data: Access your personal information through the app
• Update Information: Modify your profile and account settings
• Delete Account: Request account deletion through the app settings
• Data Portability: Request a copy of your data

Communication Preferences

• Push Notifications: Control notification types in app settings
• Email Communications: Opt out of marketing emails
• Quiet Hours: Set times when you don't want to receive notifications

How to Exercise Your Rights

• In-App: Use the Settings screen to manage your preferences
• Email: Contact us at support@campuslink.app
• Account Deletion: Use the "Delete Account" option in Settings

Children's Privacy

CampusLink is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information immediately and disable the account unless we receive verified parental consent.

International Data Transfers

Our services are primarily designed for users in the United States. Data may be processed by our service providers (Supabase, Stripe) who may be located outside the United States. We ensure appropriate safeguards are in place for any international data transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• In-App Notification: Showing a notice when you open the app
• Email: Sending notice to your registered email address
• Updated Date: Changing the "Last Updated" date at the top of this policy

Your continued use of the app after changes become effective constitutes acceptance of the updated policy.

App Store Privacy "Nutrition Label"

Data Type	Collected	Linked to User	Used for Tracking	Purposes
Email Address	Yes	Yes	No	App Functionality
Name	Yes	Yes	No	App Functionality
Photos	Yes	Yes	No	App Functionality
Purchase History	Yes	Yes	No	App Functionality

Note: This app does not track users across other companies' apps or websites.