Privacy Policy

Introduction

PeerStudy ("we," "our," or "us") provides a closed-network, peer-to-peer academic collaboration platform. While the PeerStudy application is publicly available for download, account creation and platform access are strictly restricted to verified students of licensing partner universities. This Privacy Policy explains how we collect, use, and protect student information. PeerStudy provides services as an independent third-party contractor designated by the licensing University as a "School Official" with a "legitimate educational interest" under the Family Educational Rights and Privacy Act (FERPA) [34 CFR § 99.31(a)(1)(i)(B)].

Information We Collect & Device Permissions

We practice strict data minimization. We only collect the data necessary to facilitate academic networking and campus safety.

User-Declared Data

First Name, Last Name, University Email Address (.edu), Academic Major, and optional Bio (limited to 150 characters). Because this is a manual-entry platform, PeerStudy does not sync with official University databases; students are responsible for the accuracy of their profiles.

Platform Activity Data

User-added classes, study session schedules, Study Pool (group) invitations, 1-on-1 study requests, Club memberships and Club-related activity, and user-to-user safety reports.

User-Generated Content

Text messages, photos, documents, and voice messages sent within the application, including messages sent within Club lounge chats and in-call text chats during voice or video calls. Additionally, Club photos uploaded by Club creators and profile photos uploaded by users.

System Data

We collect temporary Verification Codes (to validate .edu enrollment), unique Device Push Tokens (used strictly to route incoming private Video/Voice call notifications), active user status, and session logs.

Device Permissions (User-Granted)

To facilitate core features, the app requests temporary access to the device Camera and Microphone (for live video/voice calls and voice messages) and the Photo Gallery (for sharing study materials, profile photos, and Club photos). These permissions are strictly opt-in. Geolocation is not tracked, collected, or logged.

How We Use the Information

Data is used strictly to provide the PeerStudy service to the student body.

Prohibited Uses

We DO NOT sell, rent, or lease student data. We DO NOT use student data for targeted advertising, marketing, or non-educational profiling.

Safety & Moderation

To protect the campus community, PeerStudy utilizes an automated keyword-flagging system. If text communications in any conversation type — including individual chats, group chats, and Club lounge chats — contain high-risk language (e.g., threats of violence or self-harm), the system automatically flags the content and forwards it to a secure University Admin Portal for review by authorized school officials.

Profile Photo Moderation

Profile photos uploaded by users are automatically screened using Google Cloud Vision SafeSearch Detection to prevent the upload of inappropriate content (e.g., adult, violent, or explicit imagery). Photos that do not pass moderation are automatically removed and are not stored.

Clubs

Students may create and join university-scoped community groups ("Clubs") within the platform. Club data — including Club name, description, category, membership, and lounge chat content — is scoped to the student's verified university and is subject to the same safety monitoring and moderation as all other platform communications.

Children's Privacy

PeerStudy is restricted to verified university students aged 17 and older. Access requires a valid .edu email from a licensing partner university. We do not knowingly collect personal information from children under 13 in compliance with COPPA. PeerStudy does not use student data to train artificial intelligence or machine learning models.

Third-Party Subprocessors

To provide real-time functionality, we utilize industry-standard, secure infrastructure partners. These partners act strictly as subprocessors and are prohibited from using student data for their own purposes:

Firebase

Secure database hosting, data storage, user authentication, file storage (profile photos, Club photos, chat attachments, and voice messages), and serverless backend logic.

Agora.io

Real-time routing for Voice and Video Calling features (no cloud recording enabled).

SendGrid

Delivery of secure login verification codes.

Render

Backend logic and secure token generation for voice and video calls.

Google Cloud Vision

Automated profile photo moderation via SafeSearch Detection API.

Expo Push Notification Service

Delivery of push notifications including new messages, study requests, incoming calls, Club activity, and session reminders.

Institutional Oversight & Section 230

PeerStudy acts solely as the technology provider and is a passive provider under 47 U.S.C. § 230. The licensing University retains full ownership of the student education records. Authorized University administrators only gain access to chat data if: (1) a message triggers an automated high-risk keyword flag, or (2) a user manually reports a communication. This applies equally to individual chats, group chats, and Club lounge chats. The University — not PeerStudy — is solely responsible for reviewing flagged content in the Admin Portal and determining if emergency, disciplinary, or law enforcement notification is required.

PeerStudy will enter into a Data Processing Agreement (DPA) with each licensing partner university upon contract execution, outlining data handling obligations, security requirements, and FERPA compliance responsibilities.

Data Security & NJ Breach Notification

All data is encrypted in transit and at rest using industry-standard protocols (AES-256, SSL/TLS).

In the event of an unauthorized disclosure or security breach compromising student Personally Identifiable Information (PII), PeerStudy will formally notify the University's designated security official within 48 hours of discovery, ensuring compliance with the New Jersey Student Data Privacy Act and N.J. Stat. § 56:8-163. In accordance with state law, PeerStudy will also report qualifying breaches to the New Jersey Division of State Police as required.

Student Rights (FERPA & Manual Data Management)

Under FERPA, students maintain the right to inspect, review, and request amendments to their educational records. Because PeerStudy is not linked to official university mainframe systems, students must correct or delete their Name, Major, Bio, or Course data directly within the app settings. Changes in PeerStudy do not reflect on official university transcripts. Students may request a full export of their personal data in a portable format or instantly delete their accounts and associated PII (Personally Identifiable Information) via the in-app "Delete Account" function. Upon account deletion, all Club memberships are removed and any Clubs where the deleted user was the sole remaining member are automatically deleted along with their associated data.

Data Retention, Anonymization & De-Identified Analytics

Upon account deletion or termination of the University's contract, PII (Personally Identifiable Information) (Name, Email, Classes, Bio) is securely purged. Message content remains but is anonymized (displaying as "Deleted User") to maintain conversation context for remaining participants. This applies to messages in individual chats, group chats, and Club lounge chats. Safety Reports (filed by or against the deleted user) are retained in their original form within the University Admin Portal for investigative and legal purposes. Flagged chat records are retained for 30 days after administrative deletion before being permanently purged. PeerStudy reserves the right to retain fully de-identified and aggregated usage data (e.g., "1,500 total study hours logged") to demonstrate platform ROI. PeerStudy commits to not attempting to re-identify this data.

Contact Information

For privacy inquiries, data deletion requests, or FERPA compliance questions, please contact PeerStudy: peerstudyapp@gmail.com

Changes to this Policy

We will notify the University and its authorized students of any material changes to this Privacy Policy via in-app notification or email prior to the changes taking effect. Continued use of the platform after such notice constitutes acceptance of the updated terms.