Privacy Policy

1. Who We Are

University Bubble ("we," "us," or "our") is a mobile application built for Auburn University students, with guest access available for housing and dining features. Our app is available on iOS and Android. We operate under the bundle identifier com.rettuniversitybubble.universitybubble.

For privacy questions, contact us at: support@universitybubble.com

2. Who This Policy Applies To

This Privacy Policy applies to all users of the University Bubble mobile application and this website, including:

• Registered users — individuals with a valid @auburn.edu email who have created an account. Registered users must confirm they are at least 17 years of age during sign-up.
• Guest users — individuals who use the app without creating an account. Guests may browse housing and dining information. No personal account data is collected for guest sessions.

3. Information We Collect

3.1 Account Information

• Email address — Your @auburn.edu email, used for authentication and account identification.
• Display name — The name you choose to show other users.
• Profile photo — Optional. Uploaded images you choose to set as your profile picture.

3.2 Content You Create

• Group messages — Messages you post in Bubbles (group chats).
• Direct messages — Private messages between you and other users.
• Calendar events — Academic events (exams, homework, projects, quizzes) you create in your Dashboard.
• Group memberships — The groups you join or create.

3.3 Technical Information

• Device push notification token — Used solely to deliver notifications from the app to your device. Processed by Expo's push notification service.
• IP address — Collected automatically by our infrastructure provider (Supabase) for security and abuse prevention.
• App usage data — Basic usage patterns collected by Supabase for database performance. We do not use third-party analytics SDKs.
• Device information — Operating system type (iOS or Android) for compatibility and support purposes.

3.4 Guest Mode

When you use University Bubble as a guest (without creating an account), no personal profile data is created or stored. However, our infrastructure provider (Supabase) automatically logs your IP address for security and abuse prevention purposes, as is standard for any internet service. Guest IP logs are retained per Supabase's standard retention policy and are not linked to any personal identity. No other guest data is collected, stored, or shared by University Bubble.

3.5 Information We Do Not Collect

• We do not collect your precise GPS location.
• We do not access your contacts.
• We do not use third-party advertising SDKs.
• We do not track you across other apps or websites.
• We do not collect biometric data.

4. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the University Bubble app and its features.
• Authenticate your identity and verify your Auburn University affiliation.
• Display your profile, messages, and content to other users within the app.
• Deliver push notifications for new messages, group activity, and app updates.
• Detect and prevent fraud, abuse, and violations of our Terms of Service.
• Respond to your support requests and communications.
• Maintain the security and stability of the service.

We do not use your information to serve advertisements, nor do we sell or rent your personal data to any third party.

5. Legal Basis for Processing (GDPR / CCPA)

If you are located in the European Economic Area, United Kingdom, or California, we process your personal data under the following legal bases:

• Contract performance — Processing necessary to provide the service you signed up for.
• Legitimate interests — Security, fraud prevention, and service improvement, where these do not override your rights.
• Consent — For push notifications, which you can withdraw at any time in your device settings.

6. How We Share Your Information

6.1 Within the App

Messages you send in group Bubbles are visible to all members of that group. Direct messages are visible only to the sender and recipient. Your display name and profile photo are visible to all other University Bubble users.

6.2 Service Providers

We use the following trusted service providers who process data on our behalf:

• Supabase, Inc. — Our database, authentication, real-time messaging, and file storage provider. Data is stored on Supabase-managed servers. See Supabase's privacy policy at supabase.com/privacy.
• Expo (Expo Technology, Inc.) — Push notification delivery. Your device token is transmitted to Expo's push notification service solely to deliver notifications. See Expo's privacy policy at expo.dev/privacy.

These providers are contractually obligated to process your data only as directed by us and to maintain appropriate security measures.

6.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of University Bubble, its users, or the public.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify users before their data is transferred to and becomes subject to a different privacy policy.

6.5 No Sale of Data

We do not sell, trade, or rent your personal information to third parties for any purpose, including marketing.

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account:

• Your profile information and calendar events are deleted immediately.
• Your messages in group Bubbles are anonymized (replaced with "Deleted User") within 30 days.
• Your direct messages are deleted within 30 days.
• Profile photos are removed from our storage within 30 days.
• Push notification tokens are immediately revoked.

We may retain anonymized, aggregated data that cannot be linked to you for service improvement purposes.

8. Data Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS/TLS encrypted connections.
• Authentication tokens are stored using iOS Keychain / Android Keystore via expo-secure-store.
• Database access is protected by Row Level Security (RLS) policies — your data is accessible only to you and users you've explicitly shared it with.
• We use parameterized database queries to prevent SQL injection.
• Our Supabase service key is never exposed client-side.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights & Choices

9.1 Access & Portability

You can access your account information at any time through the app's Profile screen. To request a copy of all personal data we hold about you, email support@universitybubble.com.

9.2 Correction

You can update your display name and profile photo at any time through the app's Profile screen.

9.3 Deletion

You can delete your account from within the app (Profile → Settings → Delete Account) or by emailing support@universitybubble.com. Account deletion permanently removes your personal data as described in Section 7.

9.4 Push Notifications

You can disable push notifications at any time through your device's system settings (iOS: Settings → University Bubble → Notifications; Android: Settings → Apps → University Bubble → Notifications).

9.5 California Residents (CCPA)

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at support@universitybubble.com.

10. Children's Privacy

University Bubble is intended for users aged 17 and older. We do not knowingly collect personal information from children under 13. Users are required to confirm they are at least 17 years old during account registration. Guest users who access housing and dining features without an account are also expected to be 17 or older. If we become aware that a child under 13 has provided personal information, we will promptly delete it. If you believe a child has provided us with personal information, contact us at support@universitybubble.com.

11. Third-Party Links

The app may display links to third-party websites or services (such as Auburn University's official website or restaurant websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. International Data Transfers

University Bubble is operated from the United States. Our service provider Supabase stores data on servers that may be located in the United States. If you are accessing the app from outside the United States, your information will be transferred to and processed in the United States. By using our app, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify users via an in-app notice or push notification.

Your continued use of University Bubble after changes become effective constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: support@universitybubble.com
• App: University Bubble → Support

We aim to respond to all privacy inquiries within 5 business days.