Privacy Policy

Last updated: September 25, 2025

This Privacy Policy describes how Circlio ("we," "us," or "our") collects, uses, and protects your information when you use our campus social platform service.

1. Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, username, password, profile photo
  • Profile Information: Bio, location, company, job title, social media links, interests
  • Content: Posts, comments, messages, photos, videos, and other content you create or share
  • Communication: Messages, emails, and other communications with us or other users
  • Event Information: Event attendance, RSVPs, and calendar data

Information We Collect Automatically

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, performance metrics
  • Location Data: General location based on IP address (not precise geolocation)

Information from Third Parties

  • Social Authentication: Profile information from Google, LinkedIn, or other OAuth providers
  • Analytics Providers: Usage statistics and performance data
  • Public Sources: Publicly available information that you have made available

2. How We Use Your Information

We use your information for the following purposes:

  • Provide and Maintain Services: Account creation, authentication, platform functionality
  • Communicate: Send notifications, updates, support responses, and important announcements
  • Improve Services: Analyze usage patterns, fix bugs, develop new features
  • Safety and Security: Detect fraud, prevent abuse, enforce terms of service
  • Personalization: Customize content, recommendations, and user experience
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes
  • Business Operations: Analytics, research, and internal business purposes

3. Information Sharing and Disclosure

We may share your information in the following circumstances:

With Your Consent

We share information when you explicitly consent or direct us to do so.

Public Content

Content you post publicly (posts, comments, profile information) may be visible to other users and the public.

Service Providers

We share information with third-party vendors who help us provide our services:

  • Cloud hosting and storage providers (Vercel, Supabase)
  • Authentication services (Google OAuth)
  • Analytics providers
  • Customer support tools
  • Email service providers

Legal Requirements

We may disclose information if required by law or in response to:

  • Subpoenas, court orders, or legal process
  • Government or regulatory requests
  • Protection of rights, property, or safety
  • Investigation of potential violations

Business Transfers

In connection with mergers, acquisitions, or asset sales, user information may be transferred as part of the business assets.

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data in transit and at rest is encrypted using industry-standard protocols
  • Access Controls: Strict access controls and authentication requirements
  • Regular Audits: Security assessments and vulnerability testing
  • Employee Training: Security awareness and data protection training
  • Incident Response: Procedures for detecting and responding to security incidents

Disclaimer: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

Our service integrates with third-party services that have their own privacy policies:

  • Google Services: OAuth authentication, analytics
  • Supabase: Database and authentication services
  • Vercel: Hosting and deployment services
  • Analytics Providers: Usage tracking and performance monitoring

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

Account Management

  • Access: View and download your personal information
  • Update: Modify or correct your profile information
  • Delete: Request deletion of your account and data
  • Export: Download your data in a portable format

Privacy Controls

  • Profile Visibility: Control who can see your profile information
  • Communication Preferences: Manage email notifications and messages
  • Content Sharing: Control visibility of your posts and content
  • Data Processing: Object to certain types of data processing

To exercise your rights, please contact us using the information provided below. We may need to verify your identity before processing requests.

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Until you delete your account or request deletion
  • Content: Until you delete the content or your account
  • Messages: Until deleted by you or automatically after a reasonable period
  • Log Data: Typically 90 days unless longer retention is required
  • Legal Holds: As required by law or litigation holds

Some information may remain in backups or be retained for legitimate business purposes as permitted by law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer your information internationally, we implement appropriate safeguards, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Certification schemes

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child under 13 without parental consent, we will delete such information promptly.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Authentication, security, and basic functionality
  • Analytics Cookies: Usage statistics and performance monitoring
  • Preference Cookies: Remember your settings and preferences
  • Functional Cookies: Enhanced features and personalization

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Post the updated policy on this page
  • Update the "Last updated" date
  • Notify you of significant changes via email or platform notification
  • Obtain your consent for material changes where required by law

Your continued use of our service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@circlio.com

Address: [To be updated with actual business address]

Phone: [To be updated with actual contact number]

We will respond to your inquiry within a reasonable time frame as required by applicable law.