We collect: (a) your college email address for verification — it is never shown to other users; (b) your chosen username and password (hashed, never stored in plain text); (c) your profile bio and avatar if you add them; (d) messages you send and posts you create; (e) basic usage metadata (timestamps, join dates). We do not collect device identifiers, location data, or third-party profile information.
How We Use Your Data
Your data is used solely to operate and improve HushHall. Email is used only for one-time verification and critical account notices — no marketing emails. Your identity is never sold or shared with advertisers.
Anonymity Model
Posts you create inside halls appear anonymous to other users — no username is displayed. However, posts are linked to your account internally for safety moderation purposes. Direct messages (Whispers) show your username to the recipient only.
Data Retention
Your data is retained while your account is active. You may request deletion at any time via Settings → Request account deletion. Upon deletion, your account, posts, and messages are removed within 7 days.
Third-Party Services
We use Railway for hosting and database storage (data is stored in servers located in the region you are served from). We use Resend for transactional emails. Neither service receives your posts, messages, or profile details — only the minimum needed for delivery.
Security
Passwords are stored using bcrypt hashing. Communication is encrypted via HTTPS. Authentication uses short-lived JWT tokens stored in httpOnly cookies, inaccessible to scripts.
Children's Privacy
HushHall is not intended for users under 18. We do not knowingly collect data from minors.
Your Rights
You have the right to access, correct, or delete your personal data. Contact us at privacy@hushhall.com or use the in-app deletion request. We will respond within 7 days.
Changes
We may update this policy. Significant changes will be communicated via app notice. Continued use constitutes acceptance.