back

privacy policy

1. introduction

dorm ("we," "us," or "our") is committed to protecting your privacy. this privacy policy explains how we collect, use, disclose, and safeguard your information when you use our voice chat platform. please read this policy carefully. by using dorm, you consent to the data practices described in this policy.

2. information we collect

2.1 information you provide

  • account information: email address (student email), username, password (hashed)
  • profile information: program/major, year of study, university/college name
  • profile picture: optional image you upload (stored securely)
  • user content: reports you submit, feedback, and support requests

2.2 information collected automatically

  • usage data: call frequency, call duration, features used
  • device information: browser type, operating system, device identifiers
  • log data: ip address, access times, pages viewed, referring urls
  • connection data: webrtc connection quality metrics (for troubleshooting)

2.3 information we do not collect

  • voice recordings: we do not record, store, or process the audio content of your calls. calls are peer-to-peer and never pass through our servers.
  • call transcripts: we do not transcribe or analyze your conversations
  • location data: we do not track your precise geographic location

3. how we use your information

we use the information we collect to:

  • create and manage your account
  • verify your student status through email domain validation
  • match you with other users based on your filter preferences
  • display your profile information to users you're connected with
  • process reports and enforce our terms of service
  • send you important notifications (account updates, bans, policy changes)
  • improve and optimize the service
  • detect and prevent fraud, abuse, and security incidents
  • comply with legal obligations

4. how we share your information

4.1 with other users

when you're matched with another user, they can see your username, program, year, university, and profile picture (if uploaded). your email address is never shared with other users.

4.2 with service providers and data processors

we share information with third-party service providers and data processors who help us operate the service. we have entered into data processing agreements (dpa) with all service providers to ensure your data is protected:

  • supabase: database hosting, authentication, and real-time features (DPA in place)
  • openai: profile picture content moderation via vision api (images are analyzed but not stored or retained; DPA in place)
  • resend: transactional email delivery for ban notifications and account updates (DPA in place)
  • vercel: hosting, deployment, and analytics (DPA in place)

these data processors are bound by contractual obligations to protect your data and use it only for the purposes specified in the DPA. we do not allow service providers to use your data for their own marketing or analytics purposes.

4.3 for legal reasons

we may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 we do not sell your data

we do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. data storage and security

your data is stored on secure servers provided by supabase, with data centers located in the united states. we implement industry-standard security measures including:

  • encryption of data in transit (tls/ssl)
  • encryption of sensitive data at rest
  • password hashing using secure algorithms
  • row-level security policies for database access
  • regular security audits and monitoring

while we take reasonable precautions to protect your data, no method of transmission over the internet is 100% secure. we cannot guarantee absolute security.

6. data retention

we retain your information for as long as your account is active. when you delete your account:

  • your profile information is deleted within 30 days
  • your profile picture is deleted from storage
  • reports you've made may be retained for safety purposes (anonymized)
  • ban records may be retained to prevent ban evasion

7. your rights and choices

you have the right to:

  • access: request a copy of your personal data
  • correction: update or correct inaccurate information
  • deletion: request deletion of your account and data
  • opt-out: unsubscribe from non-essential emails
  • blocking: block specific users from matching with you

to exercise these rights, contact us at dormchat@proton.me.

8. cookies and local storage

we use:

  • essential cookies: for authentication and session management (necessary for service operation)
  • local storage: for user preferences (e.g., filter settings, theme) stored in your browser only
  • analytics: vercel analytics for anonymous usage statistics to improve service quality

we do not use advertising cookies or third-party tracking cookies for marketing purposes. you can disable non-essential cookies through your browser settings, though this may affect service functionality.

9. data breach notification

in the event of a data breach or unauthorized access to your personal information, we will notify affected users without unreasonable delay and in compliance with applicable laws, including pipeda, ccpa, and gdpr. notification will include information about the nature of the breach, what data was affected, the date of the breach, and recommended steps to protect yourself. we maintain incident response procedures and conduct post-breach security reviews.

10. pipeda compliance (canadian users)

dorm complies with the personal information protection and electronic documents act (pipeda). under pipeda, you have the right to:

  • access: request access to your personal information held by dorm
  • correction: request correction of inaccurate personal information
  • deletion: request deletion of your personal information (subject to legal requirements)
  • privacy complaint: lodge a complaint with the office of the privacy commissioner of canada (opc) if you believe your rights have been violated

to exercise your pipeda rights or file a complaint, contact us at dormchat@proton.me.

11. children's privacy

dorm is not intended for anyone under 18 years of age. we do not knowingly collect personal information from children under 18. if we discover that a child under 18 has provided us with personal information, we will delete it immediately. if you believe a child has provided us with their information, please contact us at dormchat@proton.me.

12. international users

dorm is operated from canada. if you are accessing the service from outside canada, please be aware that your information may be transferred to, stored, and processed in canada. by using the service, you consent to this transfer. for users in the european economic area or switzerland, your information may be subject to data residency requirements under gdpr; please contact us for details on data localization options if available.

13. california privacy rights

california residents have additional rights under the california consumer privacy act (ccpa), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. as stated above, we do not sell personal information to third parties. california residents may submit privacy requests to dormchat@proton.me.

14. european users (gdpr)

if you are in the european economic area (eea) or switzerland, you have additional rights under the general data protection regulation (gdpr), including:

  • right to access: obtain copies of your personal data
  • right to rectification: correct inaccurate data
  • right to erasure ("right to be forgotten"): request deletion under certain conditions
  • right to restrict processing: limit how we use your data
  • right to data portability: receive your data in a machine-readable format
  • right to object: object to processing based on our legitimate interests
  • right to lodge a complaint: file a complaint with your local data protection authority

our legal basis for processing your data is your consent (for optional features) and our legitimate interests (for operating and securing the service). you may contact us at dormchat@proton.me to exercise these rights or contact your supervisory authority for assistance.

15. governing law and jurisdiction

this privacy policy shall be governed by and construed in accordance with the laws of the province of ontario, canada, without regard to its conflict of law provisions. you irrevocably agree to submit to the exclusive jurisdiction of the courts of ontario, canada.

16. changes to this policy

we may update this privacy policy from time to time. we will notify you of any material changes by email or through the service. the "last updated" date at the top of this page indicates when the policy was last revised. your continued use of the service after changes constitutes your acceptance of the revised policy.

17. contact us and privacy requests

if you have questions or concerns about this privacy policy or our data practices, please contact us at:

email: dormchat@proton.me