Privacy Policy — CampusBus

CampusBus provides live bus locations, ETAs, route maps, schedules and optional in-app game features. This policy explains what we collect, why, how long we keep it, and how you can access or delete your data.

• Account credentials: email and password. We never store plaintext passwords.
• user_id: unique auth identifier used to link your account to app data.
• Optional profile fields: full_name, profile photo — only if you provide them.
• Driver / bus locations: real-time GPS coordinates for buses (ingested via HiveMQ/MQTT).No location is stored.
• Student device location: only if you explicitly enable it in-app. Not stored persistently unless you request it.
• Uploads: photos or media you attach to reports/feedback (retention window below).
• Diagnostics: crash logs, IP addresses, timestamps and basic device metadata for security and debugging.

• Provide live bus location & ETA features.
• Show route maps, schedules and driver/bus info.
• Store leaderboard & gameplay scores (optional).
• Accept and investigate feedback/reports (with optional photos).

We use third parties to operate the app. They process data on our behalf under contract:

• Mapbox — map tiles and routing.
• HiveMQ / MQTT — real-time bus telemetry ingestion.
• Supabase — authentication and database hosting.

We do not sell personal data. We only share the minimum necessary with these providers to deliver the service.

We keep data only as long as necessary and provide clear user controls to delete or export data.

Deletion timeline

• Immediate deactivation: upon request we deactivate your account within 24 hours (you cannot sign in).
• Primary deletion: profile & account records (email, profile, user_id, optional name/phone) are removed from live databases within 90 days.
• Uploaded files: photos/media removed within 30 days from active mails.
• Backups & logs: backups and diagnostic logs are purged or irreversibly anonymized within 90 days (shorter where operationally possible).
• Bus telemetry: No location is stored.

Verification (to prevent abuse)

To process deletion requests we may ask for basic verification (confirm the account email and user_id) or reply to the account's registered email. We will not ask for sensitive credentials (password) via email.

You can request a copy of your personal data (account info, optional profile, leaderboard scores, submitted reports). To request an export:

1. Use email rishcrets@gmail.com with your account email and user_id; we will provide the export within 7 business days.

Exports exclude other users' personal data and only include data tied to your account.

• All network traffic uses TLS/HTTPS.
• Supabse Auth manages the Passwords & We never store Password in plaintext.
• Access to production data is limited to authorized personnel; API keys and secrets are stored server-side and rotated periodically.
• We use standard industry measures to protect data, but no system is perfectly secure — report incidents to rishcrets@gmail.com.

CampusBus is intended for college/university students and staff. We do not knowingly collect personal information from children under the applicable legal age (for example, under 13 in the U.S.). If you believe we have collected a child's data, contact rishcrets@gmail.com and we will promptly investigate and remove the data where required.

We may update this policy; material changes will be posted here with a new “Last updated” date and (where practical) announced in-app. Non-material clarifications may also be made without notice.

Data controller / developer: Aditya Barman

Contact email: rishcrets@gmail.com