Diaspora Link — Privacy Policy

Last Updated: January 1, 2025 • Effective: January 1, 2025

1. Introduction

This Privacy Policy describes how Diaspora Link collects, uses, stores, shares, and protects your personal information. By using the Service, you agree to this Policy and our Terms of Service.

IF YOU DO NOT AGREE WITH THIS POLICY, YOU MUST NOT USE THE SERVICE.

Contact Information

  • Email: contact@diaspora-link.com
  • Data Protection: contact@diaspora-link.com

1.2 Children's Privacy

DIASPORA LINK IS NOT INTENDED FOR CHILDREN UNDER 13 YEARS OF AGE.

We do not knowingly collect personal information from children under 13. Users must be at least 13 years old to create an account. Users between 13-17 should have parental or guardian permission.

2. Information We Collect

2.1 Account Information

When you create an account we collect:

  • Email address (required)
  • Password (cryptographically hashed)
  • Full name or display name
  • Phone number (optional)
  • Home country and current location
  • Date of birth (for age verification)

2.2 Profile Information

  • Profile photo/avatar and cover photo
  • Biographical description
  • Skills, experience, and education
  • Employment preferences
  • Resume/CV files (PDF or DOCX, max 25MB)
  • Community memberships

2.3 User-Generated Content

  • Posts: Text, images, videos
  • Job Listings: Title, description, requirements, salary
  • Housing Listings: Property details, photos, addresses
  • Ride-Sharing: Origin/destination, departure time, vehicle info
  • Messages: Direct messages and group chats (encrypted)

2.4 Location Information

  • GPS coordinates (fine location access)
  • City, state, country names
  • Full addresses (for housing listings)
  • Location cached on device for 30 minutes

Location is used to assign you to communities, display nearby listings, and filter content by area.

2.5 Device and Usage Information

  • Device type, model, operating system
  • Unique device identifiers
  • IP address, browser type
  • App version, language, time zone
  • Last active timestamp

2.6 Analytics Data

We use Firebase Analytics to track:

  • Screen views and feature usage
  • Session duration and frequency
  • User actions (creating listings, applying to jobs)
  • Error logs and crash reports

Analytics retention: 14 months. You can opt out in Settings → Privacy.

2.7 End-to-End Encrypted Messaging

We use Virgil E3Kit for end-to-end encryption of messages and group chats.

What is Encrypted

  • Message content (text, emojis)
  • File attachments (up to 10MB)

What is NOT Encrypted

  • Sender and recipient user IDs
  • Chat ID and message timestamp
  • Message type and delivery status
  • Typing indicators

IMPORTANT: Push notification content is sent in plaintext to Expo's servers. Expo (and potentially Apple/Google) can see notification content. Disable push notifications in device settings to avoid this.

Encryption Keys

  • Keys generated on your device and stored securely
  • We cannot access your encryption keys or decrypt your messages
  • If you lose your device, you lose access to message history
  • No automatic key recovery yet

3. How We Use Your Information

3.1 Provide and Maintain Service

  • Create and manage your account
  • Authenticate your identity
  • Enable posts, listings, and interactions
  • Facilitate messaging between users
  • Process job applications and housing inquiries
  • Display location-based content

3.2 Improve and Personalize

  • Recommend relevant jobs based on preferences
  • Suggest communities you might join
  • Show nearby housing and ride-sharing
  • Analyze usage patterns to improve features

3.3 Safety and Security

  • Detect and prevent fraud, spam, and abuse
  • Enforce our Terms of Service
  • Investigate policy violations
  • Respond to legal requests

3.4 GDPR Legal Basis

If you are in the EEA, UK, or Switzerland, we process your data under:

  • Consent: Analytics, marketing, extended location sharing
  • Contractual Necessity: To provide the Service
  • Legitimate Interests: Improve Service, prevent fraud
  • Legal Obligation: Comply with laws

4. Data Storage and Security

4.1 Storage Locations

Data is stored using Firebase (Google Cloud):

  • User profiles → Firebase Firestore → AES-256
  • Messages → Realtime Database → E2E + AES-256
  • Files → Firebase Storage → AES-256
  • Analytics → Google servers → 14 months retention

4.2 Security Measures

  • In Transit: TLS 1.2+ encryption
  • At Rest: AES-256 encryption
  • End-to-End: Virgil E3Kit (256-bit) for messages
  • Passwords: Hashed using Firebase Auth (bcrypt)
  • Firebase Security Rules restrict data access

No security system is 100% secure. You are responsible for keeping your login credentials secure.

4.3 Data Retention

  • Most data: Retained until you delete it
  • Messages: Retained indefinitely unless deleted
  • Ride listings: Auto-archived 30 days after ride
  • Analytics: Retained 14 months, then auto-deleted
  • Crash logs: Retained 90 days

5. How We Share Your Information

5.1 Information Visible to Other Users

  • Profile: Name, photo, bio, home country, current city
  • Posts/Comments: Visible in your community
  • Job/Housing Listings: Details visible to all users
  • Reputation score and feedback

5.2 Third-Party Service Providers

We share data with:

  • Firebase (Google): Infrastructure, auth, analytics
  • Virgil Security: End-to-end encryption
  • Expo: Push notifications (plaintext content)
  • SendGrid: Email delivery
  • Google Maps/Mapbox: Map display and geocoding

5.3 When Required by Law

We may disclose your information in response to:

  • Valid legal process (subpoena, court order)
  • Law enforcement requests
  • National security requirements
  • Regulatory investigations

5.4 What We Do NOT Do

WE DO NOT:

  • Sell your personal information to third parties
  • Share your message content with advertisers
  • Rent or lease your email to marketing companies

7. Your Privacy Rights

7.1 All Users

  • Access: Download your data (Settings → Privacy → Download My Data)
  • Correct: Update profile in Settings → Edit Profile
  • Delete: Delete account (Settings → Account → Delete Account)
  • Opt-Out: Disable analytics (Settings → Privacy)

7.2 California Residents (CCPA)

Additional rights:

  • Right to know what data we collected
  • Right to delete your personal information
  • Right to correct inaccurate information
  • Right to non-discrimination

We do not sell your personal information.

7.3 European Residents (GDPR)

Additional rights:

  • Right of Access: Request copy of personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion
  • Right to Data Portability: Receive data in structured format
  • Right to Object: Object to processing for direct marketing
  • Right to lodge complaint with data protection authority

7.4 Account Deletion Process

Comprehensive GDPR-compliant deletion system that permanently removes all your data.

5-Step Deletion Process

  1. Navigate to Settings → Account → Delete Account
  2. See detailed warnings about permanent loss
  3. Enter password to confirm identity
  4. Final confirmation with explicit warnings
  5. Watch real-time deletion progress

What Gets Deleted (Permanent)

  • All profile information and photos
  • All posts, comments, likes, reactions
  • All job listings, applications, resumes
  • All housing and ride-sharing listings
  • All files and media
  • Your message copies (recipients keep theirs)
  • Authentication account (cannot log back in)
  • Activity data and notification preferences

What Is NOT Deleted

  • Other users' copies of messages you sent
  • Data in backups (removed within 90 days)
  • Data subject to legal holds
  • Anonymized/aggregated analytics

ACCOUNT DELETION IS PERMANENT AND CANNOT BE UNDONE.

Timeline

  • Immediate: Profile hidden, authentication disabled
  • Within 24 hours: All data permanently deleted from databases
  • Within 90 days: All data removed from backups

10. Data Breach Notification

In the event of a data breach:

  • Investigate within 72 hours
  • Notify affected users within 72 hours (GDPR)
  • Notification via email and/or in-app
  • Notify authorities as required by law

What you should do:

  • Change your password immediately
  • Monitor accounts for suspicious activity
  • Review your privacy settings

11. Changes to this Privacy Policy

When we make material changes:

  • Effective 30 days after posting (CCPA requirement)
  • Notification via email and/or in-app notice
  • "Last Updated" date updated

Continued use after the effective date constitutes acceptance.

16. Contact Us

For questions or requests:

  • Email: contact@diaspora-link.com
  • GDPR Requests: contact@diaspora-link.com
  • CCPA Requests: contact@diaspora-link.com
  • Response Time: 5 business days (inquiries), 30-45 days (requests)
Last Updated: January 1, 2025
By using Diaspora Link, you acknowledge that you have read and understood this Policy.
END OF PRIVACY POLICY