The details below explain what data we collect, how we store and process it, and what we use it for. Our goal is to keep this policy simple and accessible.
What data we collectWe collect a minimal amount of data during the account creation process–only enough to verify your identity as a user and ensure that we can enforce our platform safety standards. To create an account we ask you to fill out:
- Your name
- Your university email address (We require that you use the email address given to you by your university in order to gain access to your campus’ private Raftr ecosystem)
- Your class year
- A biography
- A profile picture
- Your user handles for other social media platforms
- What rafts you chose to join or users you follow
- Events you are “Interested” in
- Content you create, including
- Messages and votes on messages
- Interactions with posts and events (e.g. comments, votes on comments, and reactions)
- Posts, including content you may upload as part of a post
- What software platform you use the app on (e.g. iOS, Android, browser)
How we use the data we collectAs discussed above, we use the data we collect in the necessary operations of Raftr. This includes things like composing your Posts and Events feeds, populating your Messages tab, and rendering the Explore page. Additionally, we also do some behind-the-scenes data processing in order to improve your experience in the app. This includes things like generating recommendations of content you might be interested in. We generate analytics and metrics data to help us better understand how the app is being used and to prioritize engineering work. This includes things like the number of people who viewed a post, or commented on an event. We do some of this work internally, but we also make use of some third party services such as Google Analytics. See the “How we share the data we collect” section for information on what gets shared with such 3rd party services.
How we store the data we collectOur data storage is done on remote servers located in the United States. As such, any data generated by users located outside of the United States (including users in the European Union) will be transferred to the United States for processing and storage. We retain all personal data we collect for as long as you are a user of the app. This is necessary for us to provide continuity in your experience. You may, at any time, request that we delete your account by contacting us at firstname.lastname@example.org (see also the “Your rights” section below). Upon the deletion of your account we will delete all personal data, with the following possible exceptions:
- Data that we are obligated to keep as part of an ongoing legal investigation
Your rights to the data we collectAs part of the GDPR, you have fairly extensive rights to the data we collect. Those rights include, but are not limited to:
- Asking to see what data we have collected about you
- Asking us to correct any errors pertaining to you in our data record
- The right to have us delete the data we have collected on you
- Note: this is essentially the same as resetting your account. You will lose all content you have created, all raft memberships, and any additional personalization such as updates to your profile, but you will still be able to log in.
- You can also ask us to delete your entire account, which will remove your ability to log in.
- The right to ask us to stop using your data in any of our processing. Note that this is not possible without “freezing” your account, meaning you are not able to use Raftr unless or until you ask us to unfreeze it again.
- The right to obtain a copy of your data and use it as part of your migration to another service
GDPRThe GDPR is the General Data Protection Regulation, a law passed by the European Union that went into effect in May of 2018. We have mentioned the GDPR (or policies relevant to it) at several points throughout this policy, but there are a few additional points that we want to mention:
- The GDPR lays out specific protections for Personally Identifying Information, or “PII”. PII is a subset of “your data” and is covered in the “Your rights to your data” section. The GDPR also lays out additional rules surrounding “special PII”, which includes information about your race, religion, political preferences, and other potentially sensitive subjects (See Article 9 of the GDPR).Raftr does not ask you for any information relating to special PII. However, it is possible that your activity within the app could lead us to collect information relating to special PII. Examples include uploading a photo of yourself (which may divulge information about your race), or joining politically-themed rafts. We make no effort to infer any information about you based on your activity in Raftr.According to the GDPR your consent to us collecting this data is implicit because the actions that would generate such data are publicly visible (Article 9, paragraph 2, section e of the GDPR), but we wanted to explain the situation fully.
- As discussed in the “Data Storage” section of this policy, our data storage servers are located in the US. By using Raftr you are giving your consent for us to transfer your data from the country in which you were located when the data was created to the US for storage.
ProRaftrSome campuses have a paid subscription to a suite of tools and services called ProRaftr. These tools and services are primarily geared towards increasing efficiency for departments that post frequently. Universities with ProRaftr subscriptions will receive copies of flagged content report in the following circumstances:
- If the flagged content was posted on a Pro Raft managed by the university, the university will get a copy of the flag report.