Privacy Policy for UniChat

Last Updated: 21.04.2025

1. Data Controller Information

Controller responsible for data processing:
The Uni-Chat
Germany
Email: [email protected]

2. Introduction

This privacy policy explains how UniChat ("we," "us," or "our") collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and German data protection laws. This policy applies to all users of our mobile application.

3. Legal Basis for Processing

We process your personal data based on:

• Your consent (Art. 6(1)(a) GDPR)
• Performance of contract (Art. 6(1)(b) GDPR)
• Compliance with legal obligations (Art. 6(1)(c) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)

4. Information We Collect and Process

4.1 Account Information

• University email address
• Anonymous user ID (automatically generated)
• University affiliation
• Account creation date
• Last login information

4.2 Technical Data

• Device information (platform, type)
• Push notification tokens
• IP address
• App version
• Operating system version
• Device identifiers

4.3 Usage Data

• Chat participation and messages
• Event participation
• Ticket purchases and usage
• Login times and activity timestamps
• User preferences and settings

4.4 User-Generated Content

• Chat messages
• Event-related content
• Profile information
• Uploaded images (for events and profiles)

5. How We Use Your Information

5.1 Essential Services

• User authentication and account management
• Providing chat functionality
• Event management and ticketing
• Push notifications for important updates
• Technical support

5.2 Service Improvement

• Analytics and performance monitoring
• Bug fixing and app optimization
• Service personalization
• Feature development

5.3 Security

• Fraud prevention
• Account security
• Platform integrity maintenance
• Legal compliance

6. Data Sharing and Recipients

6.1 Service Providers

We share data with:

• Firebase (hosting and database services)
• Push notification services
• Analytics providers

All service providers are bound by data processing agreements compliant with Art. 28 GDPR.

6.2 Other Users

• Basic profile information visible to other university users
• Chat messages visible to chat participants
• Event participation visible to event organizers

6.3 Legal Requirements

We may share data if required by:

• Court orders
• Legal obligations
• Government requests
• Protection of legal rights

7. Data Storage and Security

7.1 Storage Duration

• Account data: Maintained while account is active
• Chat messages: Stored until account deletion
• Technical logs: 90 days
• Legal compliance data: As required by law

7.2 Security Measures

• Your conversations remain private
• Secure data transmission (SSL/TLS)
• Regular security audits
• Access controls and authentication
• Regular backup procedures

8. Your Rights Under GDPR

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request data erasure
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at: [email protected]

9. Data Protection for Students

• Special protection for university-related data
• Strict access controls for academic information
• Regular data minimization reviews
• Privacy-by-design principles

10. International Data Transfers

• Data processed primarily within the EU/EEA
• Transfers outside EU/EEA only with adequate safeguards
• Standard Contractual Clauses for international transfers
• Regular assessment of transfer mechanisms

11. Changes to Privacy Policy

• Regular policy reviews and updates
• Notification of significant changes
• User consent for material changes
• Archive of previous versions

12. Contact and Complaints

12.1 Contact Us

For privacy-related queries:
Email: [email protected]

12.2 Supervisory Authority

You have the right to lodge a complaint with:

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen
Arndtstraße 1
27570 Bremerhaven
Email: [email protected]

13. Additional Information

13.1 Cookies and Tracking

• No third-party tracking cookies
• Essential session management only
• Local storage for app functionality

13.2 Age Restrictions

• Service limited to university students
• Minimum age requirement: 18 years
• Verification through university email

13.3 Data Protection Impact Assessment

• Regular assessments conducted
• Risk mitigation measures implemented
• Continuous monitoring and updates

14. Platform-Specific Information

14.1 Mobile App Permissions

• Camera (for QR code scanning)
• Storage (for chat attachments)
• Push notifications
• Internet access

14.2 Third-Party Integration

• Firebase Authentication
• University email verification
• Payment processing (if applicable)
• Analytics tools

15. Closing Provisions

This privacy policy is governed by German law. The English version is authoritative. For any questions about this privacy policy or our data practices, please contact our Data Protection Officer at [email protected].