Privacy Policy

1.Who we are and what this covers

MyBITS is a student-led platform for BITS Pilani campuses. It is not an official BITS Pilani application and is not operated by the Institute. This policy explains what personal data we collect when you use mybitsapp.com and its campus subdomains (such as goa.mybitsapp.com), how we use it, and the choices and rights you have.

By using MyBITS, you agree to the practices described here. If you do not agree, please do not sign in or use the platform.

2.Information we collect

We collect the minimum needed to run a verified, campus-only platform:

• Identity from institutional sign-in — when you sign in with Google using your BITS email, we receive your name, institutional email address, and profile picture. From the email we derive your campus and admission year.
• Content you create — marketplace listings, forum posts and replies, course selections, trip pools, and messages you send through the platform.
• Usage and device data — pages viewed, features used, approximate session activity, and basic device/browser information, collected through privacy-friendly product analytics to improve the product.
• Communications — anything you send us when you contact support or submit a partnership or feedback form.

3.How we use your information

We use your data only to operate and improve MyBITS:

• To verify you are a current student and route you into the correct campus workspace.
• To display your listings, posts, and trip pools to other verified peers on your campus.
• To keep the platform safe — preventing fraud, spam, harassment, and abuse.
• To understand which features are useful and to fix problems, using aggregated analytics.
• To send essential service messages (for example, important account or safety notices).

4.Our legal basis

We process your personal data under India's Digital Personal Data Protection Act, 2023 (DPDP Act). We rely on your consent, given when you sign in and use the platform, and on the legitimate need to provide a service you have asked for and to keep it secure. You may withdraw consent at any time by closing your account, after which we stop processing your data except where retention is legally required.

5.Per-campus workspace isolation

Your data lives inside a logically isolated, per-campus workspace. Every request is scoped to your campus, which is derived from your verified email and re-checked against your signed session. A listing or post made on one campus is not shown to, or queryable from, another campus. This boundary is enforced on the server, not just in the interface.

6.Sign-in and credentials

We use Google's secure OAuth sign-in. We never see or store your Google or university password. We receive only the basic profile fields you authorize during sign-in. You can review and revoke MyBITS's access from your Google Account's connected-apps settings at any time.

7.Cookies and analytics

We use a small number of strictly necessary cookies to keep you signed in and to keep the platform secure. We also use product analytics to measure feature usage and diagnose issues. We do not run third-party advertising trackers and we do not sell your data to advertisers.

8.Service providers and sharing

We share data only with the service providers that make the platform work — our hosting provider, Google for authentication, and our analytics provider — and only to the extent each needs to perform its function. We do not sell, rent, or trade your personal data. We may disclose data if required by law or to protect the safety of the campus community.

9.Confidentiality of messages and trades

Marketplace conversations and coordination logs are private to the participants and are not used for advertising. Chat logs tied to a listing are automatically purged 30 days after the seller marks the item as sold or deactivated.

10.Pseudonyms and accountability

Campus forums let you post under a pseudonym so peers cannot see your institutional identity. To prevent harassment and abuse, the platform retains a securely mapped verification signature that is accessible only to designated student moderators, and only in line with the campus disciplinary process.

11.Data retention

We keep your data for as long as your account is active. Marketplace chat logs are purged 30 days after an item is sold or deactivated. When your institutional email stops validating — for example, after graduation — your listings, forum history, and profile associations are archived or deleted. You can also request deletion at any time.

12.Your rights

As a Data Principal under the DPDP Act, you can request access to the personal data we hold about you, ask us to correct or complete it, ask us to erase it, and raise a grievance about how it is handled. To exercise any of these rights, email us using the address below and we will respond within a reasonable time.

13.Security

Data is transmitted over encrypted connections (TLS) and access is restricted to the systems and people who need it to run the service. No online system can be guaranteed perfectly secure, but we work to protect your information and to respond promptly to any issue.

14.Students and minors

MyBITS is intended for enrolled students with a valid institutional email. If you are under 18, you may use the platform only with the consent of a parent or guardian as required by the DPDP Act. We do not knowingly collect data from anyone outside the verified student community.

15.Changes to this policy

We may update this policy as the platform evolves. We will revise the "last updated" date above and, for significant changes, provide a notice within the platform. Continued use after an update means you accept the revised policy.

16.Contact

For privacy questions, data requests, or grievances, contact our privacy team using the email below. We aim to acknowledge and resolve requests promptly.