Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your .edu email address, a display name of your choosing, and a password (or authentication token if you use a third-party sign-in provider). Your .edu email is used solely for verification and account recovery — it is never displayed to other users.

1.2 University Affiliation

We verify and store your university affiliation to assign you to the correct campus community and display a verification badge (e.g., "Verified — UCLA"). We may also store your graduation year or enrollment status if you choose to provide it.

1.3 User Content

We collect and store posts, comments, votes, poll responses, direct messages, and any other content you submit through the Service. This includes metadata such as timestamps, the Space in which content was posted, and vote counts.

1.4 Usage Information

We automatically collect information about how you interact with the Service, including pages viewed, features used, search queries, Spaces visited, time spent on the Service, and referring URLs.

1.5 Device and Technical Information

We collect device type, operating system, browser type, IP address, unique device identifiers, and crash reports. This information helps us maintain security, diagnose issues, and optimize the Service for different devices.

1.6 Push Notification Tokens

If you enable push notifications, we collect device tokens issued by Apple Push Notification Service (APNs) or Firebase Cloud Messaging (FCM) to deliver notifications about replies, votes, and other activity relevant to you.

2. How We Use Information

We use the information we collect for the following purposes:

• Provide and operate the Service — including verifying your university affiliation, displaying content in campus communities and Spaces, and delivering notifications.
• Personalize your experience — such as ranking content in your feed, recommending Spaces, and surfacing trending discussions at your university.
• Maintain safety and security — detecting and preventing fraud, spam, abuse, and violations of our Terms of Service and Community Guidelines.
• Improve the Service — analyzing usage patterns to develop new features, fix bugs, and optimize performance.
• Communicate with you — sending account-related emails (verification, password reset, policy updates) and, with your consent, optional product updates.
• Comply with legal obligations — responding to lawful requests from law enforcement or regulatory authorities.

3. How We Share Information

We do not sell your personal information. We share information only in the following limited circumstances:

• With other users — Your display name, university badge, and User Content are visible to other users in the relevant campus community or Space. Your .edu email and real identity are never shared.
• Service providers — We share information with third-party vendors who perform services on our behalf (e.g., hosting, analytics, email delivery, customer support). These providers are contractually obligated to use your data only to perform services for us and to protect its confidentiality.
• Legal requirements — We may disclose information if required by law, subpoena, court order, or government request, or if we believe in good faith that disclosure is necessary to protect the safety of any person, prevent fraud, or address security issues.
• Business transfers — In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• Aggregated or de-identified data — We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, or business purposes.

4. Data Retention

We retain your account information and User Content for as long as your account is active or as needed to provide the Service. If you delete your account:

• Your profile, display name, and personal data will be removed within 30 days.
• Posts and comments you authored will be disassociated from your identity and attributed to a "Deleted User" label. The content itself may remain visible to preserve conversation context, unless you specifically request content deletion.
• Direct messages will be deleted from your side; recipients may still retain their copies.
• Backup copies may persist in our systems for up to 90 days after deletion for disaster-recovery purposes, after which they are permanently purged.

We may retain certain information for longer periods where required by law or for legitimate business purposes such as fraud prevention and legal compliance.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete personal data.
• Deletion — Request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).
• Data Portability — Request an export of your data in a structured, commonly used, machine-readable format.
• Opt-out of marketing — Unsubscribe from promotional emails at any time using the link in the email or through your account settings.

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information (we do not sell your data), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at privacy@unipulses.com.

To exercise any of these rights, email us at privacy@unipulses.com. We will respond within 30 days (or sooner if required by applicable law). We may ask you to verify your identity before processing your request.

6. Security

We implement industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, secure authentication mechanisms, regular security audits, and access controls that limit employee access to personal data on a need-to-know basis.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you become aware of a security vulnerability, please report it to privacy@unipulses.com.

7. Children's Privacy

UniPulses is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal information, please contact us at privacy@unipulses.com.

8. International Users

UniPulses is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to the transfer of your information to the United States and its processing there.

For users in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, we rely on your consent, contractual necessity, and our legitimate interests as legal bases for processing your personal data. You may have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

9. Cookies and Tracking Technologies

We use cookies and similar technologies (such as local storage and pixel tags) to:

• Essential cookies — Authenticate your session, remember your preferences, and maintain security.
• Analytics cookies — Understand how users interact with the Service so we can improve it. We use privacy-focused analytics tools and do not share analytics data with advertisers.
• Functional cookies — Remember your display settings, such as dark mode preference and feed sort order.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We do not use third-party advertising cookies or participate in cross-site ad tracking.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you through the Service or via email. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@unipulses.com.