PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy describes how Room8 ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use the Room8 mobile application and related services (the "Service").

We are committed to protecting your privacy and ensuring transparency about our data practices. By using Room8, you consent to the collection and use of information in accordance with this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Name and basic profile details
  • University email address and university affiliation
  • Phone number
  • Gender and age
  • Profile photos

Profile Preferences:

  • Personality traits (studious, non-smoking, cleanliness level, noise level)
  • Hobbies and interests
  • Preferred lease period
  • Preferred neighborhood/locality
  • Roommate preferences

Communications:

  • Messages sent through the app
  • Images and videos shared (max 20MB)
  • Report submissions and feedback

2.2 Information We Collect Automatically

Usage Data:

  • App interactions and feature usage
  • Swipe history (likes/dislikes for matching algorithm)
  • Match history and connection breaks
  • Time spent on different app sections
  • Device information (model, OS version, app version)

Technical Data:

  • IP address
  • Device identifiers
  • Log files and crash reports (via Crashlytics)
  • Analytics data (via Firebase/Google Analytics)

Location Data:

  • Approximate location for neighborhood matching (if permission granted)
  • We do not track precise location continuously

2.3 Information from Third Parties

University Verification:

  • Verification of student status through university email systems
  • University domain verification

3. HOW WE USE YOUR INFORMATION

3.1 Primary Services

  • Account Management: Create and maintain your account
  • Student Verification: Confirm university student status
  • Roommate Matching: Suggest compatible roommates based on preferences
  • Communication: Enable messaging between matched users
  • Safety: Investigate reports and maintain platform security

3.2 Service Improvement

  • Algorithm Enhancement: Learn from swipe patterns to improve matches
  • App Analytics: Understand feature usage and improve user experience
  • Performance Monitoring: Track app performance and fix bugs

3.3 Safety and Legal Compliance

  • User Safety: Investigate reports and inappropriate behavior
  • Legal Compliance: Comply with applicable laws and regulations
  • Terms Enforcement: Ensure compliance with our Terms of Service

4. HOW WE SHARE YOUR INFORMATION

4.1 With Other Users

  • Profile Information: Displayed to potential matches within your university
  • Messages: Shared only between mutually matched users
  • We never share: Your email, phone number, or other contact details without your explicit consent

4.2 With Service Providers

We may share information with trusted third parties who help us operate the Service:

  • Cloud Storage: AWS, Google Cloud, or similar for data storage
  • Email Services: SendGrid or similar for verification emails
  • Analytics: Firebase/Google Analytics for app performance
  • Crash Reporting: Crashlytics for error monitoring
  • Push Notifications: For match and message alerts

4.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Protect rights, property, or safety of users
  • Investigate potential violations of our Terms
  • Respond to claims of illegal activity

4.4 Business Transfers

In case of merger, acquisition, or sale of assets, user information may be transferred to the new entity with the same privacy protections.

5. DATA SECURITY

5.1 Security Measures

  • Encryption: Data encrypted in transit and at rest
  • Authentication: Secure JWT-based authentication
  • Access Controls: Limited employee access on need-to-know basis
  • Regular Audits: Security assessments and updates

5.2 Data Retention

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Most data deleted within 30 days of account deletion
  • Legal Requirements: Some data retained as required by law
  • Safety Records: Reports may be retained for safety purposes

6. YOUR PRIVACY RIGHTS

6.1 Access and Control

  • Profile Management: Update your profile information anytime
  • Data Access: Request a copy of your personal data
  • Data Correction: Update incorrect information
  • Account Deletion: Delete your account and associated data

6.2 Communication Preferences

  • Notifications: Control push notifications in app settings
  • Marketing: Opt-out of promotional communications
  • Matching: Pause or resume matching anytime

6.3 Regional Rights

Depending on your location, you may have additional rights under laws like GDPR, CCPA, or similar regulations:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge complaints with supervisory authorities

7. INTERNATIONAL DATA TRANSFERS

Your information may be processed in countries other than your residence. We ensure adequate protection through:

  • Standard Contractual Clauses: For transfers outside your region
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Your Consent: Where required by applicable law

8. CHILDREN'S PRIVACY

Room8 is not intended for users under 18 years old. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information immediately.

9. COOKIES AND TRACKING

9.1 Mobile App

Our mobile app does not use traditional cookies but may use:

  • Local Storage: For app preferences and temporary data
  • Analytics SDKs: Firebase Analytics for usage insights
  • Crash Reporting: Crashlytics for error tracking

9.2 Admin Panel

Our web-based admin panel may use cookies for:

  • Authentication: Maintaining admin login sessions
  • Functionality: Remembering admin preferences
  • Analytics: Understanding admin panel usage

10. THIRD-PARTY SERVICES

10.1 Integrated Services

  • Firebase/Google Analytics: App analytics and crash reporting
  • Email Services: University verification emails
  • Push Notification Services: Match and message alerts

10.2 Third-Party Privacy Policies

Please review the privacy policies of third-party services:

  • Google/Firebase Privacy Policy
  • Your mobile platform privacy policies (iOS/Android)

11. DATA BREACH NOTIFICATION

In the event of a data breach affecting your personal information:

  • We will assess the risk and take immediate action
  • Users will be notified within 72 hours if required by law
  • We will provide clear information about the breach and our response
  • Authorities will be notified as required by applicable law

12. PRIVACY POLICY UPDATES

12.1 Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

  • In-App Notifications: Push notifications for significant changes
  • Email Notifications: To your registered university email
  • App Store Updates: Update notes mentioning privacy changes

12.2 Continued Use

Your continued use of Room8 after policy updates constitutes acceptance of the new terms.

13. CONTACT US

13.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:

13.2 Data Requests

To exercise your privacy rights or request data access/deletion:

  • Email: hey.room8@gmail.com
  • Include: Your registered email and specific request
  • Verification: We may verify your identity before processing requests

14. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Union, our legal basis for processing includes:

  • Contract Performance: To provide the Room8 service
  • Legitimate Interests: For safety, fraud prevention, and service improvement
  • Consent: Where explicitly provided for specific purposes
  • Legal Obligation: For compliance with applicable laws

15. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

16. ACKNOWLEDGMENT

By using Room8, you acknowledge that you have read and understood this Privacy Policy and consent to our data practices as described.