Back to Profile

Privacy Policy

Last Updated: December 2025

1. Introduction

OffCampus Housing ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.

2. Information We Collect

Personal Information

  • Account Information: Name, email address, phone number, user type (landlord/tenant)
  • Profile Information: Profile picture, college affiliation
  • Listing Information: Property details, photos, pricing (for landlords)
  • Communication Data: Messages between users

Payment Information

  • Payment Cards: We use Stripe for payment processing. Stripe collects payment information including card details via secure, encrypted channels.
  • Important: Card information is never stored on our servers and is transmitted directly to Stripe's PCI-compliant infrastructure.
  • Device Information: Stripe may collect device information and use cookies for fraud prevention.

Automatically Collected Information

  • Usage Data: App features used, search queries, viewing history
  • Device Information: Device type, operating system, unique device identifiers
  • Location Data: With your permission, to show nearby listings

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our services
  • Process transactions and send transaction notifications
  • Respond to customer service requests
  • Send administrative information
  • Prevent fraudulent transactions and protect against criminal activity
  • Improve and personalize user experience
  • Comply with legal obligations

4. Payment Processing

Stripe Integration

We use Stripe for payment processing services. When you make a payment:

  • Your payment information is encrypted and sent directly to Stripe
  • We receive only a token representing your payment method
  • We may store the last 4 digits of your card and card type for your reference
  • Stripe's privacy policy is available at https://stripe.com/privacy

PCI Compliance

  • Our payment processing is PCI DSS compliant through Stripe
  • We follow industry best practices for payment security
  • Card verification may temporarily hold funds ($0 authorization)

5. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 3 years after account deletion for legal and business purposes
  • Messages: Retained for 2 years after the conversation ends or until you delete your account
  • Property Listings: Retained while active and for 1 year after removal
  • Payment Records: Retained for 7 years as required by tax and financial regulations
  • Usage Logs: Retained for 90 days for security and analytics purposes

You may request deletion of your data at any time by contacting us or through your account settings. Some data may be retained longer if required by law.

6. Information Sharing

We may share your information with:

  • Service Providers: Including Stripe for payments, Supabase for data storage
  • Other Users: Profile information and listings are visible to other app users
  • Legal Requirements: When required by law or to protect rights and safety
  • Business Transfers: In connection with any merger or acquisition

We do NOT:

  • Sell your personal information to third parties
  • Share payment card details with third parties (except Stripe)
  • Use your information for unrelated marketing

7. Data Security

We implement appropriate technical and organizational measures:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Regular security assessments and penetration testing
  • Limited access to personal information on a need-to-know basis
  • Secure authentication mechanisms including JWT tokens
  • Row-level security on database tables
  • PCI DSS compliant payment processing
  • Rate limiting to prevent abuse

8. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and associated data
  • Opt-out of non-essential communications
  • Remove saved payment methods
  • Export your data in a portable format
  • Opt-out of the sale of personal information (see Do Not Sell My Information)

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You can opt out of the sale of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please visit our Do Not Sell My Personal Information page or contact us at [email protected].

10. Children's Privacy

Our services are intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: [email protected]

Website: searchoffcampus.com

By using OffCampus Housing, you agree to this Privacy Policy.