01.Introduction & Scope
This Privacy Policy describes how [Company Name] (“we,” “us,” “our”) collects, uses, shares, and protects your information when you use the campus reviews platform (“Platform”), including the website, API, and any associated services.
This Policy applies to all users: anonymous visitors browsing without an account, registered users, and paid subscribers.
By using the Platform, you consent to the practices described in this Policy. This Policy is incorporated into our Terms of Service.
02.Information We Collect
2.1 Information You Provide Directly
| Data | When collected | Stored as |
|---|---|---|
| .edu email address | Account registration | Plaintext, unique, indexed — never displayed to other users |
| Password | Registration / password change | bcrypt hash only — plaintext is never stored or logged |
| User type | Registration | student, alumni, or faculty — stored internally, never displayed |
| Reviews & ratings | Review submission | 7 rating dimensions (1–10), optional text, semester tag |
| Group posts & replies | Group participation | Visible to group members only |
| Chat messages | Group live chat | Append-only within group history |
| Direct messages | DM conversations | Visible to conversation participants only — not to admins |
| File uploads | Group resource sharing | Stored on local filesystem (dev) or cloud storage (production); metadata in database |
| ToS acceptance | Signup checkbox | Timestamped on user record |
2.2 Information We Generate
- Anonymous username — system-generated at account creation in “adjective-noun-noun” format (e.g., swift-falcon-thunder). This is your only public-facing identity. It cannot be set manually and is permanent.
- University association — derived from your .edu email domain via our university database. Stored as an array of all matching universities. Used to scope your access to groups and restrict review submissions.
- Aggregate ratings — computed averages across all published reviews for professors and courses. These are derived metrics, not stored personal data.
2.3 Information Collected Automatically
| Data | How collected | Purpose |
|---|---|---|
| IP address | Server logs | Security, brute-force prevention, rate limiting |
| Browser & device info | HTTP User-Agent header | Debugging, compatibility |
| Pages visited & features used | Server-side request logs | Platform improvement, analytics |
| Action timestamps | Server-side | Audit trail (logins, submissions) |
| Cookies | Browser cookies | Authentication state, session management |
Cookies we use
- Essential cookies — authentication tokens and security. Required for the Platform to function. Cannot be disabled.
- Analytics cookies — aggregate, de-identified usage data. No personally identifiable information is included. [Provider TBD before launch.]
- Advertising cookies — used on public review pages by third-party advertising partners. Not used within Class Groups. Subscribers do not see ads within Groups.
Essential authentication cookies are always used when you log in. Any non-essential cookies are described here and can be controlled through your browser settings if and when they are enabled on the Platform.
2.4 Information from Third Parties
| Source | Data received | Purpose |
|---|---|---|
| Stripe | Subscription status, billing period, payment events | Subscription management — we never receive or store your full card number or CVV |
| Hipo University Domains List | University names, domains, country, state | Resolving your university from your email domain at signup — self-hosted, no external API calls |
| Rate My Professors (future) | Professor name, university, department | Pre-populating professor profiles — no user data or review content is imported |
03.How We Use Your Information
Account management & authentication
- Your .edu email is used to verify your identity, send verification and password reset links, and deliver account-related notifications (review status, subscription reminders, semester-end prompts).
- Your password hash is used to authenticate logins. The plaintext password is discarded immediately after hashing.
- Your university association scopes your access to relevant groups and restricts review submissions to your associated universities.
Platform functionality
- Reviews and ratings are displayed on professor and course pages and contribute to aggregate scores.
- Group posts, replies, and chat messages are displayed within the group to members only.
- Direct messages are delivered to the conversation participant only.
- File uploads are made available for download by group members.
- Content reports are routed to the admin moderation queue.
Content moderation
- Review text is processed by an automated content screening system to identify potentially violating content (threats, hate speech, sexual content, doxxing, spam, or content with zero academic substance).
- The screening system’s output is used solely to route your review — to immediate publication or to the human moderation queue. The automated system never makes a final decision; a human administrator reviews all flagged content.
- We do not disclose whether automated screening was involved. The “pending review” status is presented as our standard publication process for all reviews.
Analytics & improvement
- Aggregated, de-identified usage data is used to improve the Platform. No individual user identity is included.
Commercial purposes
- Anonymized, aggregated data (e.g., average professor ratings, review volume trends) may be shared with or licensed to third-party partners for research, analytics, and commercial purposes.
- Individual user identities — email, username, or any personally identifiable information — are never included in commercial data sharing.
04.How We Share Your Information
4.1 Third-Party Service Providers
| Provider | Information shared | Purpose |
|---|---|---|
| Stripe | User ID (internal), university ID, subscription plan | Payment processing and subscription lifecycle |
| AI content moderation provider | Review text only — no user ID, email, or username | Automated content screening before publication |
| Email delivery service (e.g., Resend) | .edu email address, notification content | Transactional emails: verification, password reset, notifications |
| Cloud storage (S3/R2, production only) | Uploaded files | File storage for group resources |
| Analytics provider (TBD) | De-identified usage data — no PII | Platform usage analytics |
| Advertising partners (public pages only) | Cookie-based tracking — no PII | Serving ads on public review pages only |
All third-party service providers are bound by data processing agreements that limit their use of your data to the services they provide to us.
4.2 Visible to Other Users
| Data | Who can see it |
|---|---|
| Anonymous username | All users, including anonymous visitors |
| Published reviews & ratings | All users, including anonymous visitors |
| Group posts & replies | Group members only |
| Chat messages | Group members only |
| Direct messages | Conversation participants only |
| File uploads | Group members only |
Never visible to other users
.edu email address · Password · User type (student/alumni/faculty) · University association · IP address · Moderation history · Subscription status · Account creation date
4.3 Visible to Administrators
| Data | Admin access |
|---|---|
| Username, email, university, user type, account age, review count, ban status, early access status | Full access via admin user search |
| All reviews including soft-deleted | Full access via account detail view |
| All groups joined, flags, warnings, bans | Full access via account detail view |
| Group posts, chat messages, resources | Full access via group moderation tools |
| Direct messages | No access — admins cannot read DM content by design |
4.4 Legal & Safety Disclosures
We may disclose your information (including .edu email and IP address) when:
- Required by law, regulation, legal process, or governmental request (e.g., valid subpoena or court order)
- We believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or address security vulnerabilities
- In connection with a business transfer (merger, acquisition, or sale of assets) — the acquiring entity will be bound by this Privacy Policy with respect to your existing data
4.5 What We Do NOT Do
- We do not sell your .edu email address to any third party, for any purpose, ever.
- We do not share your .edu email with universities, professors, or educational institutions.
- We do not provide individual user data to universities or professors upon request. We are an independent third-party platform, not an institutional service.
- We do not use your personal information for political advertising or profiling.
- Administrators do not have access to direct message content.
05.Data Retention
| Data type | Retention | What happens |
|---|---|---|
| Active account data | While account is active | Stored in production database |
| Account after deletion request | Signed out immediately; deleted after 30-day grace period | You can log back in within 30 days to cancel the deletion |
| Reviews after account deletion | Indefinite (anonymized) | Reviews remain visible and render under "[deleted]" |
| Group posts after account deletion | Indefinite (anonymized) | Username → "[deleted]", user ID disassociated; content preserved for group members |
| Chat messages after account deletion | Indefinite (anonymized) | Username → "[deleted]"; content preserved in group history |
| Direct messages after account deletion | Retained | Messages remain visible to the other participant |
| Email verification tokens | 30 minutes; then purged | Single-use; invalidated on resend |
| Password reset tokens | 1 hour; single-use | Token hash stored (SHA-256); raw token never stored |
| Moderation records | Indefinite | Retained for audit trail and enforcement history |
| Server logs (IP addresses) | 90 days [recommended] | Automatically purged after retention period |
| Analytics data | Indefinite (aggregated, de-identified) | No individual user identity retained |
06.Data Security
We implement commercially reasonable technical and organizational security measures, including:
- Passwords are stored using bcrypt hashing. Plaintext passwords are never stored, logged, or accessible to anyone including administrators.
- Password reset tokens are stored as SHA-256 hashes. The raw token exists only in the email link you receive — it is never stored on our servers.
- JWT sessions use short-lived access tokens and long-lived refresh tokens. On logout or ban, all tokens are immediately invalidated. On password reset, all sessions are invalidated via a password_changed_at timestamp.
- File uploads are validated by MIME type inspection server-side, not just file extension. Only PDF, DOCX, PPTX, TXT, PNG, and JPG are accepted.
- HTTPS is enforced in production for all data in transit.
- Rate limiting is applied to authentication endpoints to prevent brute-force attacks.
No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal information, we will notify affected users within 72 hours of discovery for regulatory purposes, and as promptly as practicable directly to you, in accordance with applicable state breach notification laws.
07.Your Rights & Choices
7.1 Access your information
Logged-in users can view their profile, reviews, group memberships, and account activity from the account settings pages. Your .edu email is never displayed publicly — even on your own profile.
7.2 Correct your information
You may update your password at any time from account settings. Professor profile corrections can be submitted via “Suggest an Edit” and are reviewed by an administrator. Usernames cannot be changed after signup.
7.3 Delete your information
You may request account deletion at any time from account settings. Deletion follows the process in Section 5 — immediate sign-out, 30-day grace period, then permanent deletion. Certain data is retained after deletion as described in Section 5 (anonymized reviews, posts, messages, and moderation records).
7.4 Email notification preferences
You can opt out of specific email notification types (review status, subscription reminders, group notifications) from the Notification Preferences page in account settings. Transactional emails (password reset, email verification) cannot be opted out of — they are required for account security.
7.5 Cookie preferences
You can manage non-essential cookies through your browser settings. Disabling essential cookies will prevent you from logging in or using authenticated features.
08.Children’s Privacy
The Platform is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. The .edu email requirement serves as a practical gatekeeper — users must possess an institutional email address, which is typically only available to individuals 18 years or older.
If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information and terminate the associated account. If you are a parent or guardian and believe your child has provided personal information to us, contact us at [email protected].
09.California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, and the categories of third parties with whom it was shared.
- Right to Delete — request deletion of your personal information, subject to certain exceptions (data retained for legal compliance or audit purposes).
- Right to Correct — request correction of inaccurate personal information we hold about you.
- Right to Opt Out of Sale — we do not sell personal information as defined under the CCPA. No opt-out is necessary, but we state this explicitly.
- Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, contact us at [email protected]. We will verify your identity before processing your request. California residents may also designate an authorized agent to submit requests on their behalf.
Automated Decision-Making (ADMT) — 2026 CCPA Requirement
The Platform uses an automated content moderation system (powered by a large language model) to screen user-submitted reviews before publication. This system processes the text of your review to identify content that may violate our Community Guidelines.
- No final decisions by automation. If the system flags a review, it is held for a human administrator who makes the ultimate determination. The automated system alone never results in a final rejection.
- What is processed: review text only. Your name, email, username, and all other account information are never passed to the AI model.
- Opt-out: Content moderation screening applies to all submitted reviews and cannot be opted out of — it is a condition of the review submission feature. You may opt out by choosing not to submit reviews.
- Scope: This automated system does not affect your eligibility for education enrollment, employment, housing, credit, or healthcare. It applies solely to content moderation.
10.Other State Privacy Laws
Residents of other US states with privacy laws — including Colorado, Connecticut, Virginia, Utah, Texas, Montana, Oregon, and others — may have additional rights regarding their personal information, including rights to access, correction, deletion, and opt-out of targeted advertising.
We do not sell personal information as defined under any applicable state privacy law. To exercise any state privacy rights, contact us at [email protected].
11.International Users
The Platform is hosted and operated in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. US data protection laws may differ from those of your jurisdiction.
We do not currently comply with GDPR or other non-US data protection frameworks. If the Platform expands to serve non-US institutions in the future, this Policy will be updated accordingly.
12.Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or by posting a notice on the Platform at least 30 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.
13.Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal information:
- Privacy inquiries & CCPA/state requests: [email protected]
- General support: [email protected]
All privacy-related requests should include your username (not your email — we will verify via other means) and a clear description of your request.