CampusBookCampusBook← Back to Home

Legal

Privacy Policy

Effective Date: March 10, 2026 · Last Updated: March 10, 2026

Welcome to CampusBook ("CampusBook", "we", "us", or "our"). This Privacy Policy explains how we collect, use, share, and safeguard information about you when you use the CampusBook mobile application ("App") and our website at campusbook.app ("Website") (together, the "Services"). By accessing or using the Services you agree to this policy. If you do not agree, please discontinue use.

Contents

  1. 1. Who We Are
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. University Email Verification
  5. 5. Third-Party Services
  6. 6. Data Sharing
  7. 7. Content Moderation
  8. 8. Data Retention
  9. 9. Security
  10. 10. Age Requirements
  11. 11. Your Rights
  12. 12. International Data Transfers
  13. 13. Changes to This Policy
  14. 14. Contact Us

1. Who We Are

CampusBook is an independent social platform built exclusively for university students. We currently operate under the trading name CampusBook and are in the process of formal company registration. For all privacy-related matters, you can reach us at hello@campusbook.app.

2. Information We Collect

a. Information You Provide Directly

  • Registration data: username, display name, and university email address (used only to verify university affiliation — see Section 4). Your password is stored as a one-way bcrypt hash; we never have access to your plaintext password.
  • Profile information: profile photo, bio, field of study, year of study, and interests you choose to share.
  • User-generated content: posts, comments, reactions, and images you upload to your feed or communities.
  • Messages: direct messages and group chat content. These are private and not accessed by our team except where required for moderation following a report.
  • Support communications: any emails or messages you send to our support team.

b. Information Collected Automatically

  • Device information: device model, operating system version, app version, and unique device identifiers.
  • Usage data: features you interact with, screens visited, time spent in the app, and actions taken (e.g., posts created, messages sent).
  • Log data: IP address, request timestamps, and error/crash reports collected via Firebase Crashlytics.
  • Push notification token: a Firebase Cloud Messaging (FCM) device token used solely to deliver push notifications to your device.

c. Information from Third Parties

We do not purchase personal data from third-party data brokers, and we do not currently offer social sign-in (e.g., Google or Facebook login). All data we hold is provided by you or collected through your direct use of the Services.

3. How We Use Your Information

PurposeLegal Basis (GDPR)
Creating and managing your accountPerformance of a contract
Providing core app features (feed, chat, campus maps, communities)Performance of a contract
Delivering push notifications via Firebase FCMPerformance of a contract / Legitimate interest
Running automated ML content moderation for safetyLegitimate interest (platform safety)
Analysing app usage to improve the Services (Firebase Analytics)Legitimate interest
Generating crash reports to diagnose bugs (Firebase Crashlytics)Legitimate interest
Responding to your support requestsLegitimate interest
Enforcing our Terms of Service and Community GuidelinesLegitimate interest
Complying with applicable laws and legal obligationsLegal obligation

4. University Email Verification

We collect your university email address solely to verify your student status. It is not used for marketing and is not shared with third parties for any purpose.

At registration, you provide a valid university or institutional email address. We use this to confirm that you are currently enrolled at a recognised higher education institution. Once verification is complete, your university email is retained in our system only in hashed form for account security and identity-recovery purposes. We do not store or process your university email in plaintext beyond the verification step.

5. Third-Party Services

We work with the following third-party service providers. Each processes data according to their own privacy policies, which we encourage you to review.

ServiceProviderPurpose
Firebase Cloud MessagingGoogle LLCPush notifications
Firebase AnalyticsGoogle LLCApp usage analytics
Firebase CrashlyticsGoogle LLCCrash reporting and debugging
Google Maps / Directions APIGoogle LLCCampus navigation and maps
Razorpay (planned)Razorpay Software Pvt Ltd (India)Payment processing for subscriptions — not yet active

Google LLC processes data under its Privacy Policy. Razorpay processes data under its Privacy Policy.

6. Data Sharing

We do not sell, rent, or trade your personal data to any third party for their own commercial purposes — ever.

We may share your information only in the following limited circumstances:

  • Service providers: The third-party services listed in Section 5, strictly for operating and improving the Services under appropriate data processing agreements.
  • Legal requirements: Where required by applicable law, court order, or government authority — including to protect the rights, safety, or property of CampusBook, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via the app before your data is subject to a different privacy policy.
  • With your consent: In any other circumstance, only with your explicit consent.

7. Content Moderation

To maintain a safe campus environment, CampusBook uses an automated machine-learning system (built with Python and FastAPI) to scan text and images in real time for NSFW, abusive, or prohibited content. This processing is automated and occurs at the point of upload or post.

Content flagged by the automated system is queued for human moderator review within 24 hours of a report. Access by human moderators to private messages only occurs when a message has been explicitly reported by a recipient. We process this content under our legitimate interest in maintaining platform safety.

8. Data Retention

  • Active account data: Retained for as long as your account remains active and the Services are in operation.
  • Account deletion: When you delete your account, your profile, posts, and associated content are permanently deleted within 30 days of the deletion request.
  • Log and security data: IP addresses and security logs are retained for up to 90 days after collection for fraud prevention and security monitoring.
  • Encrypted backups: Encrypted system backups may retain copies of your data for up to 60 days following a deletion request, after which they are permanently purged.
  • Anonymised data: Aggregate, anonymised usage statistics that cannot be linked back to you may be retained indefinitely for research and service improvement.

9. Security

We implement a range of technical and organisational measures to protect your data, including:

  • JSON Web Token (JWT) authentication for all API requests.
  • bcryptjs one-way password hashing — plaintext passwords are never stored.
  • TLS encryption for all data in transit between your device and our servers.
  • Smart rate limiting applied to sensitive endpoints to prevent brute-force attacks.
  • Automated content scanning to prevent malicious uploads.

No system is completely secure. We encourage you to use a strong, unique password and to keep your device secure. If you believe your account has been compromised, contact us immediately at hello@campusbook.app.

10. Age Requirements

CampusBook is intended for users who are 17 years of age or older. We do not knowingly collect personal information from individuals under 17. If we become aware that a user under 17 has created an account without parental consent where required, we will immediately suspend the account and delete all associated data. If you believe a minor has registered, please notify us at hello@campusbook.app.

11. Your Rights

Depending on your country or region, you may have the following rights regarding your personal data. To exercise any of these rights, email hello@campusbook.app. We will respond within 30 days.

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete information.

Deletion

Request that we delete your personal data (right to be forgotten). You can also delete your account directly in the app.

Restriction

Ask us to restrict processing of your data in certain circumstances.

Objection

Object to processing based on legitimate interests.

Portability

Receive your data in a structured, machine-readable format.

EEA / UK users (GDPR): You also have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data lawfully.

12. International Data Transfers

Your personal data may be processed in countries outside your own, including India and the United States (Google Firebase infrastructure may be hosted on servers globally). Where we transfer data internationally — particularly from the European Economic Area or the United Kingdom — we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your data receives an adequate level of protection.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via an in-app notification and update the "Last Updated" date at the top of this page. Your continued use of the Services after any changes become effective constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

CampusBook

Email: hello.campusbook@gmail.com