Privacy Policy

We collect the minimum data to make Buzz work, never sell it, and let you delete your account in one tap. This page explains the details.

Identity you give us: display name, handle, pronouns (optional), bio (optional), avatar.

Campus affiliation: the college(s) you verify at via `.edu` OTP, institutional email, or student ID. We store when each affiliation was verified and by which method.

Sign-in identity: Apple user ID, Google sub, email, or phone — whichever provider(s) you chose.

Events you RSVP to and check in to, so we can show them in your calendar + feed.

Location when in-use, only to center the map on you. Never stored on our servers.

Device push tokens (APNs / FCM / Web Push) so we can deliver notifications you opt into.

Usage telemetry: anonymous counts of what features are tapped, for improving the app. No personally identifying data attached.

We do not upload your contact list.

We do not sell data to advertisers or data brokers.

We do not track you across other apps.

We do not read your private DMs — they're end-to-end-visible-server-side-only for moderation if reported.

Other users at your campus see: your display name, handle, badges you chose to show, RSVPs to public events, photos you upload to events you attended.

Your friends see: your streak, plus anything above.

Nobody except you sees: transfer history, mental-health check-ins, private notifications, draft events, your full RSVP log.

Download your data: Settings → "Download my data." Returns a JSON export within 7 days.

Delete your account: Settings → "Delete account." Your profile and linked rows are removed within 30 days. Audit-log entries are anonymized but retained for legal compliance.

Restrict use: opt out of any notification category in Settings; disable location in iOS Settings → Buzz.

Contact us with concerns at privacy@buzz.app.

Auth tokens are stored in the iOS Keychain with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly and never synced to iCloud. Offline data cache uses iOS file protection. Every server table is row-level-security-locked: you cannot read another user's data. See the SECURITY.md for details.

Buzz is not directed to children under 13. We do not knowingly collect data from users under 13. If you believe a child has provided us data, contact privacy@buzz.app and we'll delete it.

If we change this policy in any material way, we'll notify you in-app before the change takes effect.