abroad

Privacy Policy

Effective Date: July 24, 2025
Last Updated: January 28, 2026

1. Introduction

Welcome to AbroadSocial ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our mobile application, or engage with our services (collectively, the "Service"). Your privacy is important to us, and we are committed to protecting your personal information and being transparent about our data practices.

This Privacy Policy applies to all users of our Service. By using our Service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Register for an account: Name, email address, username, password, university affiliation, graduation year, study abroad city, interests, and profile information
  • Create your profile: Profile photos, bio, academic information, location preferences, social media links, and other optional profile details
  • Verify your student status: University email address, student ID (if applicable), enrollment documentation
  • Create events: Event details, location, date and time, descriptions, photos, attendance limitations
  • Communicate with us: Contact information and messages when you reach out for support or feedback

2.2 Information Collected Automatically

When you access or use our Service, we automatically collect certain information about your device and usage patterns:

  • Device Information: Device type, operating system, browser type and version, screen resolution, device identifiers
  • Usage Data: Pages visited, time spent on pages, click paths, features used, search queries, interaction patterns
  • Network Information: IP address, internet service provider, connection type, network performance data
  • Performance Data: Error logs, crash reports, performance metrics, response times

2.2.1 Mobile Tracking Technologies and SDKs

When you use our mobile application, we collect additional information through tracking technologies and software development kits (SDKs):

  • Device Identifiers: Unique device identifiers, advertising IDs (where applicable), and app instance IDs
  • Push Tokens: Device tokens for push notification delivery
  • Crash Logs: Crash reports and diagnostic information to improve app stability
  • Performance Metrics: App performance data, load times, and technical metrics
  • Analytics SDKs: Sentry for crash reporting and performance monitoring
  • These technologies are used for product analytics, performance monitoring, and service improvement, not for targeted advertising

2.3 Location Information

Location data collection and usage:

  • Precise Location: GPS coordinates are collected only when you explicitly grant permission through your device settings. Precise location is optional and permission-based. You can disable precise location sharing at any time through your device settings or in-app controls
  • Approximate Location: We may derive approximate, city-level location from your IP address for content personalization and security purposes
  • Location Preferences: Study abroad cities, preferred event locations, and travel plans you choose to share in your profile
  • Location History: We store location history for the past 12 hours for user app purposes, after which it is deleted
  • Real-Time Location: We store real-time location data for app purposes (e.g., displaying your location on a map). This data is deleted after 24 hours
  • You can control location sharing through your device permissions (e.g., "while using app" or "always") and in-app settings. You can disable location sharing at any time
  • Location information can reveal sensitive information about where you live, work, or spend time. Please use caution when sharing location data

2.4 Social and Communication Data

  • Social Connections: Friend lists, connection requests, blocked users, interaction history
  • Messages: Direct messages, event discussions, group communications
  • Content: Posts, comments, photos, event reviews, reported content

2.5 Messaging and Message Retention

We process message content to deliver messaging services between users. Important information about message retention:

  • Messages are encrypted in transit and at rest for security
  • If a message is reported or flagged for safety concerns, we may retain limited copies for longer periods to support safety investigations, enforcement actions, appeals, and legal compliance
  • Moderation systems may access message content to detect policy violations and ensure platform safety
  • Messages are visible to participants in the conversation and may be subject to automated and human review for safety purposes

2.6 Payment and Subscription Information

  • Billing Information: Payment method details (processed securely by our payment processors)
  • Transaction History: Subscription payments and premium feature purchases
  • Financial Data: Currency preferences, billing address

2.7 Content Moderation and Safety Processing Data

To help maintain a safe community, we may collect and generate additional information when we review user-generated content for safety, trust, and policy compliance, including:

  • Moderation signals and outcomes: classifier results, risk scores, labels, and enforcement actions (for example removed, restricted, queued for review)
  • Context for review: relevant content excerpts, content type, report reason, timestamps, and account identifiers
  • Appeal and resolution records: appeal submissions, reviewer notes, and final decisions

3. How We Use Your Information

3.1 Service Provision and Improvement

  • Provide, operate, and maintain our Service and all its features
  • Personalize your experience with relevant content, events, and connections
  • Facilitate social connections between students and local communities
  • Enable event creation, discovery, and attendance management
  • Provide location-based services and recommendations

3.2 Communication and Support

  • Send important service announcements, updates, and security notifications
  • Respond to your inquiries, provide customer support, and resolve issues
  • Send promotional communications about new features (with your consent)
  • Facilitate communication between users through our messaging system

3.3 Safety and Security

  • Verify user identity and prevent fraudulent accounts
  • Monitor for and prevent spam, abuse, and harmful content
  • Investigate and respond to reported safety concerns
  • Provide safety features like blocking, reporting, and location sharing controls
  • Comply with legal obligations and respond to lawful requests

3.4 Analytics and Research

  • Analyze usage patterns to improve our Service and develop new features (product analytics and performance monitoring only)
  • Conduct research on study abroad trends and student needs (aggregated data only)
  • Generate insights to help educational institutions and businesses serve students better
  • We do not use analytics for targeted advertising or cross-context behavioral advertising

3.5 Business Operations

  • Process payments and manage subscriptions
  • Manage business partnerships and integrations
  • Comply with tax, accounting, and regulatory requirements
  • Protect our rights and enforce our Terms of Service

3.6 Content Moderation and AI Processing

To maintain a safe community environment, we use automated content moderation systems including third-party AI services, combined with human review.

OpenAI API Moderation

We use OpenAI's Moderation endpoint to automatically review user-generated text content (posts, comments, and messages) for potential policy violations including:

  • Harassment and hate speech
  • Violence and threats
  • Sexual content
  • Self-harm content
  • Spam and scams

How this works:

  • Text content you submit (posts, comments, and messages) is sent to OpenAI's moderation endpoint for analysis
  • Note: We review text content only; image content may be subject to separate moderation processes
  • OpenAI returns classification results and/or scores used to help detect potential policy violations
  • Flagged content may be automatically filtered, restricted, or queued for human review
  • Content moderation involves both automated systems and human reviewers
  • We retain moderation logs to improve safety, prevent repeat abuse, handle appeals, and comply with legal obligations
  • Moderation logs for messages align with our 15-day message deletion policy, except for reported content which may be retained longer for safety investigations, enforcement, appeals, and legal compliance

4. Legal Basis for Processing (GDPR/UK GDPR)

For users in the European Union and United Kingdom, we process your personal information based on the following legal bases:

  • Contractual Necessity: Processing necessary to provide our Service under our Terms of Service
  • Legitimate Interests: Improving our Service, preventing fraud, ensuring security
  • Consent: Marketing communications, optional features, precise location data
  • Legal Compliance: Responding to legal requests, tax obligations, safety requirements

Your Rights:

  • You can withdraw consent at any time through your account settings or by contacting us
  • You have the right to object to processing based on legitimate interests
  • You can exercise your privacy rights as described in Section 7.3

International Transfers:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard international data transfers
  • These safeguards ensure your personal data receives adequate protection when transferred outside the EU/UK

5. Information Sharing and Disclosure

5.1 No Targeted Advertising, No Selling, No Sharing for Behavioral Advertising

We do not run targeted advertisements on our Service. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Your personal data is not a product we sell or trade.

5.2 What Other Users Can See

When you use our Service, certain information is visible to other registered users:

  • Profile Information: Your profile picture, name, university affiliation, study abroad city, and other profile fields you choose to make visible are visible to registered users
  • Event Details: Public events are visible to all registered users. Private events are visible only to invited attendees. You control whether your events are public or private
  • Location Sharing: Location information is shared only with users you choose (e.g., friends, event attendees) based on your privacy settings. You can disable location sharing at any time through device settings or in-app controls
  • Messages: Direct messages are visible only to participants in the conversation. Messages may be subject to automated and human moderation for safety purposes
  • You can control the visibility of your profile information, events, and location sharing through your account settings

5.3 Service Providers and Partners

We share information with trusted third-party service providers who help us operate our Service:

  • Cloud Infrastructure: Supabase for database and authentication services
  • Payment Processing: Stripe for secure payment processing
  • Mapping Services: Mapbox for location and mapping features
  • Communication Tools: Email and SMS service providers for notifications
  • Analytics: Service providers for usage analytics and performance monitoring
  • Safety and Moderation: Third-party providers (including OpenAI) to support automated content moderation and platform safety

5.4 User-Directed Sharing

  • Information you choose to share publicly in your profile
  • Profile Pictures: Your profile picture is visible to all registered users of the platform
  • Event information when you create or attend public events
  • Messages and content you share with other users
  • Location information when you enable location sharing features

5.5 Legal and Safety Requirements

  • When required by law, court order, or government request
  • To protect the safety of our users or the public
  • To investigate fraud, security breaches, or violations of our Terms
  • To protect our legal rights and property

5.6 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Security and Protection

6.1 Security Measures

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict employee access controls and authentication requirements
  • Infrastructure Security: Secure cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring for security threats and unusual activity
  • Regular Updates: Frequent security updates and vulnerability assessments

6.2 Your Security Responsibilities

  • Use strong, unique passwords and enable two-factor authentication
  • Keep your account information current and secure
  • Report suspicious activity or security concerns immediately
  • Log out of shared devices and secure your mobile device

6.3 Data Breach Procedures

In the unlikely event of a data security incident, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of discovery.

7. Your Privacy Rights and Choices

7.1 Account Management

  • Access: View and download your personal information through your account settings
  • Update: Modify your profile, preferences, and account information at any time
  • Delete: Delete your account and request removal of your personal data
  • Export: Download a copy of your data in a portable format

7.2 Privacy Controls

  • Profile Visibility: Control who can see your profile and personal information
  • Location Sharing: Enable or disable location features and real-time location sharing
  • Communication Preferences: Choose what notifications you receive and how
  • Event Privacy: Set events as public or private and control attendee visibility

7.3 Regional Privacy Rights

GDPR Rights (EU Users)

  • Right to access your personal data and receive a copy
  • Right to rectify inaccurate or incomplete personal data
  • Right to erasure ("right to be forgotten") under certain circumstances
  • Right to restrict processing of your personal data
  • Right to data portability
  • Right to object to processing and withdraw consent

CCPA/CPRA Rights (California Users)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (not applicable as we do not sell personal information)
  • Right to opt-out of sharing personal information for cross-context behavioral advertising (not applicable as we do not engage in such sharing)
  • Right to non-discrimination for exercising these rights
  • We do not sell personal information and do not share personal information for cross-context behavioral advertising

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

  • Essential Cookies: Required for basic Service functionality and security
  • Performance Cookies: Help us understand how users interact with our Service
  • Functionality Cookies: Remember your preferences and personalize your experience
  • Analytics Cookies: Provide insights into Service usage and performance

8.2 Cookie Management

  • You can control cookies through your browser settings
  • We provide cookie preference controls in our Service
  • Disabling certain cookies may limit Service functionality

8.3 Third-Party Analytics

We use analytics services to understand user behavior and improve our Service. These services may use cookies and similar technologies to collect information about your use of our Service and other websites.

9. Data Retention and Deletion

9.1 Retention Periods

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Event Data: Retained for 2 years after event completion for safety and analytics
  • Messages: Retained as necessary to provide the service, except as described below
  • Reported Messages: If a message is reported or flagged for safety concerns, we may retain limited copies for up to 3 years to support safety investigations, enforcement actions, appeals, and legal compliance
  • Usage Analytics: Aggregated data retained indefinitely, personal identifiers removed after 2 years
  • Safety Reports: Retained for 3 years for safety and legal compliance
  • Moderation Logs: Retained for up to 3 years to support safety enforcement, trend analysis, and appeals. Reported content may be retained longer for safety investigations, enforcement, appeals, and legal compliance

9.2 Deletion Procedures

  • Account deletion removes personal identifiers within 30 days
  • Some data may be retained for legal, safety, or fraud prevention purposes
  • Backups are securely deleted according to our retention schedule

9.3 Legal and Safety Exceptions

We may retain certain information longer when required by law, for safety investigations, or to protect our legal rights and those of our users.

10. International Data Transfers

AbroadSocial operates globally, and your personal information may be transferred to, stored, and processed in countries other than your own. We ensure that international transfers comply with applicable data protection laws through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where available
  • Appropriate safeguards to protect your privacy rights

Our primary data processing occurs in secure facilities within the United States and European Union, with appropriate security measures in place.

11. Children's Privacy

Our Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If we learn that a user is under 18 years old, we will terminate the account and delete personal data in accordance with our Privacy Policy and applicable law, except where retention is required for legal or safety purposes.

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at support@abroadsocial.com so we can take appropriate action.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Notify you by email (if you have provided an email address)
  • Post a prominent notice in our Service
  • Update the "Last Updated" date at the top of this policy
  • Provide at least 30 days notice for material changes affecting your rights

Your continued use of our Service after the effective date of any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@abroadsocial.com

Response Time: We aim to respond to privacy inquiries within 30 days, or as required by applicable law.

Supervisory Authority: If you are in the EU and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.