1. Introduction

Prophytes ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices you have regarding your data.

This Policy applies to all services offered through our website (Prophytes.com), mobile application (Prophytes App), and any related platforms, products, or services, including member verification, direct messaging, chapter management, event creation, Blast Credits, and push notifications. By accessing or using Prophytes, you agree to this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

a. Personal Information

• Name, username, email, phone number, mailing/billing address
• Chapter and organization affiliation details
• Payment information (e.g., credit/debit card details processed via Stripe, billing history, Blast Credits purchase history)

b. Account & Verification Data

• Member verification details (organization, chapter, crossing year, line name, etc.)
• Documents or IDs you provide for membership validation
• Chapter role assignments (Member, Officer, President)

c. Communications Data

• Direct messages sent between verified members on the platform
• Group conversation content and participant lists
• Conversation metadata (timestamps, read status, delivery status)

d. Events & Activity Data

• Events you create, publish, or RSVP to, including title, date, location, and flyer images
• Volunteer role sign-ups and chapter event participation
• Blast Credits purchases and usage history

e. Usage Data

• Log data (IP address, browser type, device type, operating system, date/time of access)
• In-app behavior (pages visited, features used, voting and posting history)

f. Device & Notification Data

• Firebase Cloud Messaging (FCM) device tokens used to deliver push notifications
• Notification preferences and opt-in/opt-out status

g. Cookies & Tracking Data

• Cookies, device identifiers, and similar technologies used for authentication, analytics, personalization, and advertising

h. Third-Party Data

• Demographic, social, or publicly available data that enhances member experience

3. How We Use Your Information

We process your information for the following purposes:

1. Provide & Manage Services: Verify membership, manage your account, process payments via Stripe, deliver platform features including messaging, events, and chapter management
2. Direct Messaging: Enable verified members to send and receive private and group messages; new conversations are initiated as pending and require acceptance by the recipient
3. Events & Chapter Features: Facilitate event creation, RSVPs, volunteer coordination, and chapter event visibility for verified members
4. Blast Credits & Payments: Process credit purchases through Stripe, maintain purchase history, and apply credits to eligible platform features
5. Push Notifications: Deliver timely alerts for messages, event updates, and chapter activity via Firebase Cloud Messaging
6. Personalize Experience: Recommend features, content, and networking opportunities tailored to you
7. Marketing & Communications: Send newsletters, event invites, and promotions (opt-out available at any time)
8. Security & Compliance: Detect fraud, enforce policies, comply with legal obligations
9. Product Development: Improve features, user experience, and member offerings

4. Legal Basis for Processing (GDPR)

If you are located in the EEA, UK, or other regions with GDPR-like laws, we rely on the following legal bases:

• Contract performance (to provide services you request)
• Legitimate interests (to improve and secure our services)
• Consent (for marketing, cookies, and optional data sharing)
• Legal obligations (to comply with applicable laws)

5. How We Share Your Information

We may share your data only in the following situations:

• With Service Providers: Payment processors (Stripe), hosting providers (AWS), push notification services (Firebase/Google), analytics tools, and verification services
• With Other Verified Members: Your profile information, chapter affiliation, and public activity (such as event RSVPs) may be visible to other verified members of the platform
• With Affiliates & Partners: Only to deliver services you opt into (e.g., discounts, verified partner offers)
• For Legal Reasons: To comply with law, enforce agreements, or protect rights and safety
• With Your Consent: If you explicitly authorize sharing beyond the above

We do not sell your personal information to third parties.

6. Messaging & Communication Privacy

Prophytes offers direct messaging between verified members. To protect users:

• New conversations are initiated in a pending state . The recipient must accept before the conversation becomes active
• Only verified members can initiate direct messages
• Message content is stored on our servers and may be reviewed if reported for policy violations
• We do not read or sell your private messages for advertising purposes

7. Payments & Blast Credits

Payment processing for Blast Credits and subscriptions is handled by Stripe, a PCI-DSS compliant payment processor. Prophytes does not store full card numbers or sensitive payment credentials on our servers. We retain:

• Purchase amounts and timestamps
• Stripe customer and payment intent IDs for billing reference
• Blast Credits balances and usage history

For Stripe's privacy practices, visit stripe.com/privacy.

8. Push Notifications

With your permission, we use Firebase Cloud Messaging (FCM) by Google to send push notifications for messages, event reminders, and chapter activity. We store your FCM device token to deliver these notifications. You can opt out at any time through your device notification settings or within the Prophytes app settings.

For Google/Firebase's privacy practices, visit policies.google.com/privacy.

9. Data Retention

We retain your personal data only as long as necessary to:

• Provide services and maintain your account
• Meet legal, tax, or regulatory obligations
• Resolve disputes and enforce agreements

Once data is no longer required, we securely delete or anonymize it.

10. Your Rights

Depending on your location, you may have the following rights:

• Access & Portability: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion ("Right to be Forgotten"): Ask us to erase your data
• Restriction: Limit processing in certain cases
• Objection: Opt out of direct marketing or data use based on legitimate interests
• Withdraw Consent: Revoke consent for marketing or optional features at any time

To exercise these rights, contact us at privacy@prophytes.com.

11. Cookies & Tracking

We use cookies and similar technologies to:

• Keep you signed in and maintain session security
• Remember preferences and settings
• Analyze site traffic and engagement
• Support advertising and marketing

You can manage cookies in your browser settings or opt out of tracking where required by law.

12. Data Security

We use industry-standard security practices, including:

• Encryption of sensitive data (at rest & in transit)
• Firewalls and intrusion detection systems
• Limited employee access on a need-to-know basis
• Regular security reviews and audits
• PCI-DSS compliant payment processing via Stripe (card data never touches our servers)

However, no system is 100% secure, and we cannot guarantee absolute security.

13. International Transfers

If you access Prophytes from outside the United States, your data may be processed and stored in the U.S. or other countries where we or our service providers (including AWS, Stripe, and Google Firebase) operate. We ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place for international transfers.

14. Children's Privacy

Prophytes is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn we have inadvertently collected data from a minor, we will delete it immediately. Contact us at privacy@prophytes.com if you believe we have collected data from a minor.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new effective date, and where appropriate, we will notify you via email or in-app notice. Continued use of Prophytes after changes are posted constitutes acceptance of the updated policy.