FeaturesReviewsFAQDownload

Privacy policy

Last updated: 1 February 2026

This privacy policy explains how RHUL Mobile ("we", "us", or "the app") collects, uses, stores, and protects your information. We believe in transparency and want you to understand exactly what data we handle.

Who we are

RHUL Mobile is an independent, student-built app. We are not affiliated with, endorsed by, or officially connected to Royal Holloway, University of London. We simply built a tool we wished existed as students.

Information we collect

We collect the minimum data needed to provide and improve the app. Here's exactly what we collect:

Account information

When you create an account or sign in:

  • Authentication data: If you sign in with Apple or Google, we receive your email address and name from these providers. You can choose to hide your email when signing in with Apple.
  • Profile information: Display name and profile picture that you optionally provide.
  • Anonymous accounts: If you use the app without signing in, we create an anonymous account with a random identifier. No personal information is collected.
  • Phone verification: If you choose to verify your phone number, we store it securely. A one-time SMS code is sent via our authentication provider. Phone verification is optional.

Device information

To ensure app security and prevent abuse, we collect:

  • Device type, model, and brand
  • Operating system and version
  • App version and build number
  • A hashed device fingerprint (used only for security purposes)

This helps us detect banned devices and prevent abuse. The fingerprint is a one-way hash — we cannot reverse it to identify your specific device.

Usage analytics

We use PostHog (hosted in the EU) for privacy-focused analytics:

  • Which screens you view and features you use
  • Content interactions (articles read, events viewed, etc.)
  • App performance metrics and error reports
  • Session recordings with all text inputs automatically masked

Analytics help us understand how to improve the app. Session recordings help us identify and fix bugs. Your typed text is never captured.

User-generated content

If you post on the noticeboard, we store:

  • Your post content (title, description, category, price if applicable)
  • Images you upload
  • Contact information you choose to share (email, phone, Instagram, WhatsApp)

Important: Contact information you add to noticeboard posts is visible to other users. Only share what you're comfortable making public.

Saved items and preferences

We store your:

  • Saved/bookmarked content (news articles, events, bus stops, etc.)
  • App preferences and settings
  • Quick actions order customisation

In-app purchases

If you make in-app purchases (such as bumping a noticeboard post):

  • We do not collect or store your payment details. All payments are processed by Apple (App Store) or Google (Play Store).
  • We use RevenueCat to manage subscriptions and purchases. RevenueCat receives a transaction identifier and associates it with your anonymous user ID.
  • We store a record of your purchase (product type, duration, timestamp) to provide the service.

Your credit card number, billing address, and other payment details are handled entirely by Apple or Google and are never shared with us.

Information we do not collect

  • Your precise location (the map works without tracking you)
  • Your academic records, grades, or student ID
  • Your credit card numbers, billing address, or bank details (payments are handled by Apple/Google)
  • Contacts, calendar, or other personal data from your device
  • Any data protected under FERPA or similar regulations

How we use your information

  • To provide the service: Syncing your saved items, displaying your posts, and personalising your experience.
  • To improve the app: Understanding usage patterns helps us prioritise features and fix problems.
  • To ensure security: Device fingerprinting helps us prevent banned users from creating new accounts and protect the community.
  • To communicate: We may send push notifications about your posts or important app updates (you control these in settings).

Data storage and security

  • Where: Your data is stored on Supabase (our backend provider) with servers in secure data centres.
  • Encryption: All data is encrypted in transit (TLS) and at rest.
  • Access: Only the app developers have access to the database, and we follow the principle of least privilege.
  • Analytics: PostHog data is stored in the EU data centre, in compliance with GDPR.

Third-party services

We use these trusted third-party services:

Service Purpose Privacy policy
Supabase Authentication, database, file storage, SMS verification supabase.com/privacy
PostHog Analytics and session replay posthog.com/privacy
Expo App updates and notifications expo.dev/privacy
Apple Sign In Authentication (if you choose) apple.com/legal/privacy
Google Sign In Authentication (if you choose) policies.google.com/privacy
RevenueCat In-app purchase management revenuecat.com/privacy

Your rights

You have full control over your data:

  • Access: View your profile and saved data any time in the app.
  • Correction: Update your display name, avatar, and preferences in settings.
  • Deletion: Delete your account from within the app. This permanently removes your profile, posts, saved items, and associated data.
  • Portability: Contact us to request an export of your data.
  • Opt-out: You can use the app anonymously without creating an account.

Data retention

  • Active accounts: Data is retained while your account exists.
  • Deleted accounts: All personal data is permanently deleted within 30 days of account deletion.
  • Noticeboard posts: Automatically expire after 30 days unless renewed.
  • Analytics: Retained for 12 months, then automatically deleted.

Children's privacy

RHUL Mobile is intended for university students and is not directed at children under 16. We do not knowingly collect information from anyone under 16. If you believe we have collected data from a child, please contact us immediately.

International data transfers

Your data may be processed in countries outside your residence. Our analytics provider (PostHog) uses EU data centres. We ensure appropriate safeguards are in place for any international transfers.

Changes to this policy

We may update this privacy policy from time to time. Significant changes will be announced through the app. The "Last updated" date at the top shows when this policy was last revised.

Contact us

Questions about this privacy policy or your data? Email us at rhulmobile@shack.solutions.