Privacy Policy
Last updated: February 19, 2026
MBM - College Super App ("we", "our", "the App") is built for students of MBM University (formerly MBM Engineering College), Jodhpur, Rajasthan, India. This privacy policy explains how we collect, use, and protect your information.
1. Information We Collect
- Account Information: Name, email address, phone number, roll number, branch, and year of study — provided during registration.
- Face Photo: A single face photo captured during registration for identity verification by the admin. This photo is stored securely on Google Drive and is only accessible to app administrators.
- Chat Messages: Messages sent through the in-app chat feature are stored in our database to enable real-time communication between students.
- User-Generated Content: Issues (मुद्दा), exchange posts, trip plans, and other content you create within the app.
- Device Information: Firebase Cloud Messaging token for push notifications, device type for analytics.
2. How We Use Your Information
- To verify your identity as a student of MBM University.
- To provide app features: chat, issue reporting, marketplace, event registration, digital library, and trip planning.
- To send push notifications about messages, broadcasts, and important updates.
- To send automated emails to college authorities when campus issues reach voting thresholds.
- To improve app performance and fix crashes via Firebase Crashlytics and Analytics.
3. Data Storage & Security
- Data is stored on Supabase (PostgreSQL database) with Row-Level Security (RLS) enabled on all tables.
- Files (photos, PDFs, images) are stored on Google Drive with restricted access.
- All API communications use HTTPS encryption.
- Authentication secrets and API keys are stored server-side in Edge Functions — never in the app.
- Google OAuth 2.0 is used for secure sign-in.
4. Third-Party Services
We use the following third-party services:
- Supabase: Database, authentication, real-time messaging, file storage.
- Firebase (Google): Push notifications (FCM), crash reporting (Crashlytics), analytics.
- Google Sign-In: OAuth 2.0 authentication.
- Google Drive API: File storage for user uploads.
- Google ML Kit: Face detection during registration (processed on-device only, no data sent to Google).
- Cloudflare: CDN caching for file delivery.
5. Data Sharing
We do not sell, trade, or share your personal data with third parties for marketing purposes. Data is only shared:
- With college authorities — only when a campus issue (मुद्दा) reaches the voting threshold, an automated email is sent containing the issue details (not your personal information).
- With other students — your name and profile avatar are visible in chat, exchange posts, and issue submissions.
6. Data Retention
Your data is retained as long as your account is active. If you wish to delete your account and all associated data, please contact us using the information below.
7. Your Rights
You have the right to:
- Access your personal data stored in the app.
- Correct inaccurate information in your profile.
- Delete your account and all associated data by contacting us.
- Withdraw consent for data processing at any time.
8. Children's Privacy
This app is intended for college students (typically 17+ years). We do not knowingly collect data from children under 13.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.