Privacy Policy

Effective: October 2025

What We Collect

• Email fingerprint. One-way hash (SHA-256 + secret pepper) of your .edu email — not the raw email.
• Product data. Posts, reactions, and event logs for reliability and abuse prevention.
• Payments. Processed by Stripe; we receive status + minimal metadata only.

How We Use Data

• Operate themove.social and prevent abuse.
• Enable cross-device access to your board via EmailAccess hashes.
• Process payments, refunds, and chargebacks.

Cookies

Essential cookies only (session/access). Blocking them may break the app.

Retention

Boards reset daily on the front end. Backend records (hashes, payments, logs) are kept up to 90 days then deleted or anonymized.

Sharing

No selling of user data. Limited sharing with vendors who operate the service (e.g., Stripe, hosting).

Data Location

Hosted in the United States. Lawful basis: legitimate interest in operating a student network.

Your Rights

Request access/correction/deletion via support@themove.social.

Incident Response

We’ll issue a notice if we learn of unauthorized access and notify affected users when possible.