Privacy Policy

At StudentJoin, we take your privacy seriously. This Privacy Policy describes how we collect, use, store, and share your personal information when you use the StudentJoin platform and services (the “Service”). By using StudentJoin, you consent to the practices described in this policy.

1. Information We Collect

We collect the following types of information:

1.1 Information You Provide

• Account Information: Your full name, university email address, password (stored securely using industry-standard hashing), and university affiliation.
• Profile Information: Your major, year of study, courses, academic interests, and any optional profile photo you upload.
• Study Group Activity: Groups you create or join, messages you send within groups, scheduling preferences, and study session participation.
• Payment Information: If you subscribe to the Pro plan, payment details are collected and processed directly by Stripe. We do not store your full credit card number on our servers.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, referring URLs, and error logs.

2. How We Use Your Data

We use the information we collect to:

• Provide, maintain, and improve the StudentJoin platform.
• Match you with relevant study groups based on your courses, interests, and university.
• Verify your university affiliation through your email domain.
• Process payments and manage your Pro subscription.
• Send you important service-related communications (e.g., verification emails, group notifications, billing updates).
• Generate aggregated, anonymized analytics to improve our matching algorithms and user experience.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and respond to lawful requests.

3. Data Sharing and Third Parties

We do not sell your personal information. We may share your data with the following third parties:

• Stripe: Our payment processor. When you subscribe to Pro, Stripe collects and processes your payment information in accordance with their Privacy Policy.
• Hosting and Infrastructure: We use cloud service providers to host our platform. These providers process data on our behalf under strict data processing agreements.
• Analytics Providers: We may use third-party analytics tools to understand usage patterns. Data shared is aggregated and anonymized where possible.
• Legal Authorities: We may disclose information if required by law, subpoena, court order, or other valid legal process.

4. Cookies and Tracking

StudentJoin uses cookies and similar technologies to:

• Essential Cookies: Maintain your login session and remember your preferences. These are necessary for the Service to function.
• Analytics Cookies: Help us understand how users interact with our platform so we can improve the experience.
• Performance Cookies: Monitor platform performance and load times.

You can manage cookie preferences through your browser settings. Please note that disabling essential cookies may impair the functionality of the Service.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you the Service. Specifically:

• Account Data: Retained for the duration of your account. Deleted within 30 days of account deletion request.
• Messages and Group Activity: Retained while you are a member of a group. You may delete your messages at any time.
• Payment Records: Retained for up to 7 years as required by tax and financial regulations.
• Log Data: Retained for up to 90 days for security and debugging purposes.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Export: Request a portable copy of your data in a commonly used, machine-readable format (JSON or CSV).
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Objection: Object to the processing of your data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us at privacy@studentjoin.com. We will respond to your request within 30 days.

7. Children's Privacy (COPPA)

StudentJoin is designed for university students and is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected data from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal data, please contact us at privacy@studentjoin.com.

8. GDPR Compliance

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR). Our legal bases for processing include:

• Contract Performance: Processing necessary to provide the Service you signed up for.
• Legitimate Interests: Processing for platform security, fraud prevention, and service improvement, where these interests are not overridden by your rights.
• Consent: Where you have given explicit consent for specific processing activities (e.g., optional analytics cookies).
• Legal Obligation: Processing required to comply with applicable laws.

If your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission. You have the right to lodge a complaint with your local Data Protection Authority.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

• Encryption of data in transit using TLS/SSL.
• Encryption of sensitive data at rest.
• Regular security audits and vulnerability assessments.
• Access controls limiting employee access to personal data.
• Secure password hashing using industry-standard algorithms.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Notify you by email or through a prominent notice on the Service.
• Update the “Last updated” date at the top of this page.
• Provide at least 14 days' notice before material changes take effect.

We encourage you to review this policy periodically for the latest information on our privacy practices.