Privacy Policy

Introduction

Flinteract is a social networking app designed specifically for college and university students. This Privacy Policy explains how we collect, use, and protect your personal information when you use our iOS app and services.

iOS App Permissions & Data Collection

Camera Permission

• Purpose: Take photos for posts and profile pictures
• Usage: Only when you actively choose to take photos
• Storage: Photos stored securely on our servers until you delete them

Photo Library Permission

• Purpose: Select images from your device for sharing
• Usage: Only when you choose to upload from your photo library
• Storage: Selected photos are uploaded securely to our servers

Location Services Permission

• Purpose: Show campus-relevant content and local events
• Usage: Coarse location only (city/state level)
• Storage: Location data is not stored on our servers, used only for location-based content display

Face ID/Touch ID Permission

• Purpose: Secure biometric authentication
• Usage: For app login and security verification
• Storage: Biometric data stored locally on your device only, never transmitted to our servers

Contacts Permission (Optional)

• Purpose: Find friends who are also using Flinteract
• Usage: Optional feature, never shared with third parties
• Storage: Contact information is processed locally and not stored on our servers

Push Notifications

• Purpose: Important updates and community activity notifications
• Usage: You can control notification preferences in app settings
• Storage: Device tokens stored securely for notification delivery

University Email Verification

• Purpose: Required for student verification and account security
• Usage: Verify your university status and enable campus-specific features
• Storage: Email address stored securely until account deletion

Data We Collect

Information You Provide

• Account Information: Name, email address, university affiliation, date of birth
• Profile Information: Bio, interests, profile picture
• Content: Posts, comments, messages, marketplace listings, housing posts, event information
• Communications: Messages between users, support communications

Information Automatically Collected

• Usage Data: How you interact with the app, features used, content engagement
• Device Information: iOS version, device type, unique device identifiers
• Log Data: Access times, IP addresses (not stored long-term), crash reports

Information We Don't Collect

How We Use Your Information

Primary Uses

• Account Management: Create and maintain your account
• University Verification: Verify your student status through email domain
• Content Delivery: Show you relevant campus and community content
• Communication: Enable messaging and community features
• Safety: Content moderation and community safety measures

We Don't Use Your Information For

Data Processing Systems

University Detection

• Purpose: Identify university names from email domains using OpenAI to match with college database
• Data Used: Email domain only (e.g., @university.edu)
• Processing: OpenAI assists in matching email domains to university names from our database
• Storage: University name stored in profile, email domain used only for verification
• Third-Party: OpenAI processes email domains to identify colleges (no personal data shared)

Rate Limiting

• Purpose: Prevent spam and abuse
• Implementation: Manual monitoring and limits on posting frequency
• Privacy: No personal data sent to external services for rate limiting

Third-Party Services

Supabase (Database & Authentication)

• Data Shared: User account data, content, messages
• Purpose: Backend services, real-time messaging features
• Privacy: SOC 2 Type II certified, GDPR compliant
• Location: US with GDPR protections

Apple Services

• Apple Maps: Location services for campus mapping (data not stored)
• iOS Analytics: Anonymous performance data (user opt-in only)
• Push Notifications: Device tokens for message delivery

OpenAI (College Detection)

• Data Shared: Email domain only (e.g., @university.edu)
• Purpose: Identify college/university names from email domains
• Processing: AI-powered matching of email domains to college database
• Privacy: No personal information shared, only institutional email domains
• Retention: Email domains not stored by OpenAI, processed on-demand only

Resend.com (Email Services)

• Data Shared: Email addresses for verification emails only
• Purpose: Account verification, password reset emails
• Retention: Email logs deleted after 30 days

Student Data Protection (FERPA Compliance)

Educational Privacy Rights

• FERPA Compliance: We comply with the Family Educational Rights and Privacy Act
• No Academic Records: We don't collect grades, transcripts, or academic performance data
• Limited Directory Information: University affiliation through email domain verification only
• Student Consent: Explicit consent required for any educational data use

Enhanced Protections for Minors

• Users Under 18: Additional privacy protections and parental rights
• Parental Notification: Parents notified of safety concerns involving minors
• Content Filtering: Stricter content moderation for users under 18
• COPPA Compliance: Additional protections under Children's Online Privacy Protection Act

International Privacy Rights

GDPR (European Union)

• Right to Access: View all personal data we have about you
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Complete data deletion (right to be forgotten)
• Right to Portability: Export your data in portable format
• Data Protection Officer: contact@flintime.com

CCPA (California)

• Right to Know: What personal information we collect and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of data sales (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

Your Privacy Controls

Account Settings

• Profile Privacy: Control who can see your profile and posts
• Location Sharing: Enable/disable location-based features
• Notification Preferences: Customize all notification types
• Blocking: Block and report users instantly

Data Management

• Data Export: Download all your personal data anytime
• Content Deletion: Delete individual posts, comments, and messages
• Account Deletion: Complete account and data deletion in app settings

iOS Privacy Features

• App Privacy Report: View data access in iOS Settings
• Focus Modes: Notifications respect Do Not Disturb settings
• App Tracking Transparency: No cross-app tracking without consent

Security Measures

Data Protection

• Encryption: End-to-end encryption for sensitive communications
• TLS 1.2+: All network communications encrypted
• Certificate Pinning: Prevents man-in-the-middle attacks
• Secure Storage: Keychain and secure database storage

Authentication

• Biometric Authentication: Face ID/Touch ID for secure access
• Two-Factor Authentication: University email verification
• Session Security: 24-hour session timeout
• Account Lockout: Protection against brute force attacks

Data Retention & Deletion

Automatic Deletion

• Analytics Data: Anonymized after 30 days, deleted after 1 year
• Email Logs: Deleted after 30 days
• Session Data: Deleted after 24 hours
• Crash Reports: Deleted after 30 days

User-Initiated Deletion

• Account Deletion: Complete data removal within 30 days
• Content Deletion: Individual posts/comments deleted immediately
• Right to be Forgotten: Complete data erasure upon request

Legal Retention

• Safety Reports: Retained only as required for legal compliance
• Transaction Records: Marketplace transactions retained for legal requirements

Contact Information