Last updated April 11, 2025. CampusX (“we”, “us”, or “our”) is committed to protecting your privacy. This policy explains how we collect, use, share, and safeguard your information when you use our platform.

1. Information We Collect

• Account & Authentication: We verify you via your USC email through Firebase Authentication. We store a secure HTTP-only cookie (idToken) to keep you signed in.
• Listing Data: When you post, we collect title, description, price, category, images, and any housing details (bedrooms, bathrooms, furnished) you provide.
• Messages: If you contact a seller, we store your message text and timestamp (one per user+listing). We never share your email publicly.
• Events Data: We periodically scrape USC’s public calendar and store highlights in /public/usc_events.json. We only display metadata (title, date/time, location, category, cost, and a link back to USC’s site).
• Usage Logs: Server logs record IP address, browser type, pages viewed, and timestamps for security and performance tuning.

2. How We Use Your Information

• To authenticate you and manage your session.
• To enable creation, display, and management of your listings.
• To deliver messages between buyers and sellers.
• To send you a welcome email (via Resend) and critical account notices.
• To display USC event highlights and update them daily.
• To troubleshoot issues and improve CampusX’s performance and security.

3. Cookies & Local Storage

• We set a secure, HTTP-only cookie (idToken) for Firebase sessions, which expires after 24 hours.
• No marketing or tracking cookies are used—only essential cookies for authentication and session management.

4. Image Upload & Hosting

• When you upload listing photos, they’re stored via Vercel’s Blob service.
• Old blobs (images) are automatically cleaned up after 3 days by our scheduled script.
• We never share your images outside of CampusX.

5. Email Communications

• On sign-up, we send a one-time welcome email from do-not-reply@campusxapp.com using the Resend API.
• We do not send unsolicited marketing emails. You may receive critical account notifications (password reset, security alerts).

6. Data Retention & Deletion

• Listings and messages you delete are removed immediately from public view. Your data may persist in backups or logs for up to 30 days for recovery and auditing, then permanently purged.
• Event JSON (usc_events.json) is overwritten every 24 hours.

7. When We May Share Your Data

We will only disclose your information if:

• Required by law (court order, subpoena, legal process).
• To protect the rights, property, or safety of CampusX or our users.
• With your explicit consent, or to provide requested features.

8. Third-Party Services

• Firebase Authentication—verifies USC emails and manages sign-in.
• Prisma + PostgreSQL—stores listings, users, and messages.
• Resend—sends welcome and transactional emails.
• Playwright—runs our daily scraper for USC event highlights.

9. Children’s Privacy

We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has created an account, please contact us at support@campusxapp.com and we will delete their data.

10. Contact Us

For questions or to request data deletion, reach out to: