1. Who we are
CampusVerify is a service operated by Vibe Tribe Organisation ("we", "us", "our"). For the personal data described in this notice, Vibe Tribe Organisation acts as the data controller. Our payment processor, Paddle.com Market Limited ("Paddle"), acts as the Merchant of Record and is a separate data controller for payment data it collects directly from you at checkout.
2. What we collect and why
- Account data (email, name, university domain, department, year, interests) — to create and operate your account. Legal basis: performance of a contract.
- Survey data (surveys you create and responses you submit) — to deliver the core service. Legal basis: performance of a contract.
- Credit and transaction metadata (bundle purchased, credits granted, Paddle transaction ID) — to fulfil purchases and prevent fraud. Legal basis: contract and legitimate interests.
- Technical data (IP address, device, basic logs) — to keep the service secure and reliable. Legal basis: legitimate interests.
- Support messages — to respond to you. Legal basis: legitimate interests.
3. Who we share data with
- Supabase — database, authentication, and storage infrastructure.
- Paddle — our Merchant of Record for all paid transactions. Paddle handles billing, tax, invoicing, refund requests, and chargebacks, and receives the personal data needed for those activities (name, email, billing address, payment details). See Paddle's privacy policy.
- Google — for users who choose Sign in with Google.
- Professional advisers and authorities — where required by law.
We do not sell your personal data.
4. Data retention
- Account and profile data — kept while your account is active and deleted within 30 days of account deletion.
- Survey responses — retained for the lifetime of the survey; aggregated, anonymised analytics may be kept indefinitely.
- Transaction records — retained for up to 7 years to meet tax and accounting obligations.
- Support correspondence — retained for up to 2 years.
- Security and access logs — retained for up to 12 months.
5. Security
Row-level security policies restrict data access per user, passwords are hashed by Supabase, and traffic is encrypted in transit. We monitor for suspicious behaviour and flag accounts that appear to abuse the credit system.
6. Your rights
Subject to applicable law (including GDPR for EEA/UK users), you have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, to withdraw consent, and to lodge a complaint with your local data protection authority. You can update profile data inside the app and request export or deletion by contacting support.
7. International transfers
Data may be processed outside your country, including by Supabase and Paddle. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
8. Cookies and local storage
We use local storage to keep you signed in and remember a few UI preferences. We do not use third-party advertising cookies. Paddle may set its own cookies on the checkout overlay.
9. Children
CampusVerify is not directed to anyone under 18.
10. Changes
We'll post updates here and announce material changes in-app.
11. Contact
Privacy questions? Reach Vibe Tribe Organisation through the support channel inside the app.