Privacy Policy

Effective Date: July 24, 2025
Last Updated: January 28, 2026

1. Introduction

Welcome to AbroadSocial ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our mobile application, or engage with our services (collectively, the "Service"). Your privacy is important to us, and we are committed to protecting your personal information and being transparent about our data practices.

This Privacy Policy applies to all users of our Service. By using our Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Register for an account: Name, email address, username, password, university affiliation, graduation year, study abroad city, interests, and profile information
  • Create your profile: Profile photos, bio, academic information, location preferences, social media links, and other optional profile details
  • Verify your student status: University email address, student ID (if applicable), enrollment documentation
  • Create events: Event details, location, date and time, descriptions, photos, attendance limitations
  • Communicate with us: Contact information and messages when you reach out for support or feedback

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain information about your device and usage patterns:

  • Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers
  • Usage Data: Pages visited, time spent on pages, click paths, features used, search queries, interaction patterns
  • Network Information: IP address, internet service provider, connection type, network performance data
  • Performance Data: Error logs, crash reports, performance metrics, response times

2.3 Location Information

  • Precise Location: GPS coordinates when you enable location services for event discovery, check-ins, and safety features
  • Approximate Location: City-level location derived from IP address for content personalization
  • Location Preferences: Study abroad cities, preferred event locations, travel plans you choose to share

2.4 Social and Communication Data

  • Social Connections: Friend lists, connection requests, blocked users, interaction history
  • Messages: Direct messages, event discussions, group communications (content is encrypted)
  • Content: Posts, comments, photos, event reviews, reported content

2.5 Payment and Subscription Information

  • Billing Information: Payment method details (processed securely by our payment processors)
  • Transaction History: Subscription payments and premium feature purchases
  • Financial Data: Currency preferences, billing address

2.6 Content Moderation and Safety Processing Data

To help maintain a safe community, we may collect and generate additional information when we review user-generated content for safety, trust, and policy compliance, including:

  • Moderation signals and outcomes: classifier results, risk scores, labels, and enforcement actions (for example removed, restricted, queued for review)
  • Context for review: relevant content excerpts, content type, report reason, timestamps, and account identifiers
  • Appeal and resolution records: appeal submissions, reviewer notes, and final decisions

3. How We Use Your Information

3.1 Service Provision and Improvement

  • Provide, operate, and maintain our Service and all its features
  • Personalize your experience with relevant content, events, and connections
  • Facilitate social connections between students and local communities
  • Enable event creation, discovery, and attendance management
  • Provide location-based services and recommendations

3.2 Communication and Support

  • Send important service announcements, updates, and security notifications
  • Respond to your inquiries, provide customer support, and resolve issues
  • Send promotional communications about new features (with your consent)
  • Facilitate communication between users through our messaging system

3.3 Safety and Security

  • Verify user identity and prevent fraudulent accounts
  • Monitor for and prevent spam, abuse, and harmful content
  • Investigate and respond to reported safety concerns
  • Provide safety features like blocking, reporting, and location sharing controls
  • Comply with legal obligations and respond to lawful requests

3.4 Analytics and Research

  • Analyze usage patterns to improve our Service and develop new features
  • Conduct research on study abroad trends and student needs (aggregated data only)
  • Generate insights to help educational institutions and businesses serve students better

3.5 Business Operations

  • Process payments and manage subscriptions
  • Manage business partnerships and integrations
  • Comply with tax, accounting, and regulatory requirements
  • Protect our rights and enforce our Terms of Service

3.6 Content Moderation and AI Processing

To maintain a safe community environment, we use automated content moderation systems including third-party AI services.

OpenAI API Moderation

We use OpenAI's Moderation endpoint to automatically review user-generated content (posts, comments, and messages) for potential policy violations including:

  • Harassment and hate speech
  • Violence and threats
  • Sexual content
  • Self-harm content
  • Spam and scams

How this works:

  • Text content you submit is sent to OpenAI's moderation endpoint for analysis
  • OpenAI returns classification results and/or scores used to help detect potential policy violations
  • Flagged content may be automatically filtered, restricted, or queued for human review
  • We retain moderation logs to improve safety, prevent repeat abuse, handle appeals, and comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal information based on the following legal bases:

  • Contractual Necessity: Processing necessary to provide our Service under our Terms of Service
  • Legitimate Interests: Improving our Service, preventing fraud, ensuring security
  • Consent: Marketing communications, optional features, precise location data
  • Legal Compliance: Responding to legal requests, tax obligations, safety requirements

5. Information Sharing and Disclosure

5.1 Information We Do Not Sell

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your personal data is not a product we sell.

5.2 Service Providers and Partners

We share information with trusted third-party service providers who help us operate our Service:

  • Cloud Infrastructure: Supabase for database and authentication services
  • Payment Processing: Stripe for secure payment processing
  • Mapping Services: Mapbox for location and mapping features
  • Communication Tools: Email and SMS service providers for notifications
  • Analytics: Service providers for usage analytics and performance monitoring
  • Safety and Moderation: Third-party providers (including OpenAI) to support automated content moderation and platform safety

5.3 User-Directed Sharing

  • Information you choose to share publicly in your profile
  • Profile Pictures: Your profile picture is visible to all registered users of the platform
  • Event information when you create or attend public events
  • Messages and content you share with other users
  • Location information when you enable location sharing features

5.4 Legal and Safety Requirements

  • When required by law, court order, or government request
  • To protect the safety of our users or the public
  • To investigate fraud, security breaches, or violations of our Terms
  • To protect our legal rights and property

5.5 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Security and Protection

6.1 Security Measures

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict employee access controls and authentication requirements
  • Infrastructure Security: Secure cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring for security threats and unusual activity
  • Regular Updates: Frequent security updates and vulnerability assessments

6.2 Your Security Responsibilities

  • Use strong, unique passwords and enable two-factor authentication
  • Keep your account information current and secure
  • Report suspicious activity or security concerns immediately
  • Log out of shared devices and secure your mobile device

6.3 Data Breach Procedures

In the unlikely event of a data security incident, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of discovery.

7. Your Privacy Rights and Choices

7.1 Account Management

  • Access: View and download your personal information through your account settings
  • Update: Modify your profile, preferences, and account information at any time
  • Delete: Delete your account and request removal of your personal data
  • Export: Download a copy of your data in a portable format

7.2 Privacy Controls

  • Profile Visibility: Control who can see your profile and personal information
  • Location Sharing: Enable or disable location features and real-time location sharing
  • Communication Preferences: Choose what notifications you receive and how
  • Event Privacy: Set events as public or private and control attendee visibility

7.3 Regional Privacy Rights

GDPR Rights (EU Users)

  • Right to access your personal data and receive a copy
  • Right to rectify inaccurate or incomplete personal data
  • Right to erasure ("right to be forgotten") under certain circumstances
  • Right to restrict processing of your personal data
  • Right to data portability
  • Right to object to processing and withdraw consent

CCPA Rights (California Users)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (not applicable as we don't sell data)
  • Right to non-discrimination for exercising these rights

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

  • Essential Cookies: Required for basic Service functionality and security
  • Performance Cookies: Help us understand how users interact with our Service
  • Functionality Cookies: Remember your preferences and personalize your experience
  • Analytics Cookies: Provide insights into Service usage and performance

8.2 Cookie Management

  • You can control cookies through your browser settings
  • We provide cookie preference controls in our Service
  • Disabling certain cookies may limit Service functionality

8.3 Third-Party Analytics

We use analytics services to understand user behavior and improve our Service. These services may use cookies and similar technologies to collect information about your use of our Service and other websites.

9. Data Retention and Deletion

9.1 Retention Periods

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Event Data: Retained for 2 years after event completion for safety and analytics
  • Messages: Retained for 1 year or until account deletion
  • Usage Analytics: Aggregated data retained indefinitely, personal identifiers removed after 2 years
  • Safety Reports: Retained for 3 years for safety and legal compliance
  • Moderation Logs: Retained for up to 3 years to support safety enforcement, trend analysis, and appeals

9.2 Deletion Procedures

  • Account deletion removes personal identifiers within 30 days
  • Some data may be retained for legal, safety, or fraud prevention purposes
  • Backups are securely deleted according to our retention schedule

9.3 Legal and Safety Exceptions

We may retain certain information longer when required by law, for safety investigations, or to protect our legal rights and those of our users.

10. International Data Transfers

AbroadSocial operates globally, and your personal information may be transferred to, stored, and processed in countries other than your own. We ensure that international transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where available
  • Appropriate safeguards to protect your privacy rights

Our primary data processing occurs in secure facilities within the United States and European Union, with appropriate security measures in place.

11. Children's Privacy

Our Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 18. If we discover that we have collected personal information from a child under 18, we will delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Notify you by email (if you have provided an email address)
  • Post a prominent notice in our Service
  • Update the "Last Updated" date at the top of this policy
  • Provide at least 30 days notice for material changes affecting your rights

Your continued use of our Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@abroadsocial.com

Response Time: We aim to respond to privacy inquiries within 30 days, or as required by applicable law.

Supervisory Authority: If you are in the EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.