Privacy Policy
Effective Date: April 4, 2026
Backdoor ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Backdoor application ("Platform").
1. Information We Collect
1.1 Information You Provide
| Data | Purpose |
|---|---|
| Email address (.edu) | Account creation, identity verification, communications |
| Full name, username | Profile identification, display to other users |
| Password (hashed) | Authentication |
| Profile photo | User identification, photo verification |
| Class year | Community context |
| Instagram handle | Identity verification (optional) |
| Payment identifiers (Venmo username, Zelle info) | Facilitate peer-to-peer payments between users |
| Ticket information (event name, date, images) | Listing creation, verification |
| Messages | Communication between users |
1.2 Information Collected Automatically
- Device information: Device type, operating system, app version.
- Usage data: Features used, timestamps, interaction patterns.
- Log data: IP address, access times, error logs.
2. How We Use Your Information
- Provide, maintain, and improve the Platform.
- Verify user identity through .edu email, Instagram, and photo verification.
- Facilitate communication and transactions between users.
- Detect and prevent fraud, abuse, and violations of our Terms of Service.
- Send transactional notifications (e.g., new messages, ticket transfers).
- Enforce our Terms of Service, including account suspension and bans.
- Comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We may share information in the following circumstances:
- With other users: Your profile name, username, avatar, verification status, and karma scores are visible to other users. Messages are visible to conversation participants.
- Service providers: We use third-party services to operate the Platform (see Section 4).
- Legal compliance: We may disclose information if required by law, subpoena, court order, or government request.
- Safety: We may disclose information to protect the safety of users or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage, real-time messaging | All user data stored in our database |
| Expo / EAS | App building, distribution, push notifications | Push notification tokens, device info |
| Apple App Store / Google Play | App distribution | Standard app store data |
These services have their own privacy policies. We encourage you to review them.
5. Data Retention
- Account data: Retained while your account is active. Upon deletion request, data is removed within 30 days.
- Messages: Retained while both participants' accounts exist.
- Transaction records: Retained for 3 years for dispute resolution and legal compliance.
- Logs and analytics: Retained for up to 12 months.
6. Your Rights
6.1 All Users
- Access: Request a copy of your personal data.
- Correction: Update inaccurate information through your profile settings.
- Deletion: Request deletion of your account and personal data.
- Portability: Request your data in a machine-readable format.
6.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You may request deletion of your personal information, subject to legal exceptions.
- Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at support@getbackdoor.app. We will verify your identity before processing any request.
7. Children's Privacy (COPPA)
Backdoor is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@getbackdoor.app.
Users must be at least 18 years old (or the age of majority in their jurisdiction) to use the Platform.
8. Security
We implement reasonable technical and organizational measures to protect your information, including:
- Encrypted data transmission (HTTPS/TLS).
- Hashed passwords (bcrypt via Supabase Auth).
- Row-level security policies on our database.
- Secure token-based authentication.
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
9. International Users
The Platform is operated from the United States. If you access the Platform from outside the U.S., your information may be transferred to and processed in the United States, where data protection laws may differ from your jurisdiction.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Platform or via email. The "Effective Date" at the top indicates the last revision.
11. Contact Us
For privacy inquiries, data requests, or concerns:
- Email: support@getbackdoor.app
- Instagram: @getbackdoor