Privacy Policy

Last updated: July 12, 2026

1. What this policy covers

ScrollConnect is a student network for discovering college events, joining clubs, writing blogs, and earning verifiable certificates. This policy explains exactly what data we collect, why we collect it, where it goes, and the choices you have. It applies to scrollconnect.com and all ScrollConnect services.

2. Data you give us directly

When you create an account or use our services, we collect:

  • Identity: your full name, username, gender, and date of birth.
  • Contact: your mobile number (verified by one-time password) and email address.
  • Academic profile: your institute, department, current year, and enrollment number, used to connect you with your campus community and verify student-only events.
  • Event data: registration form answers, team names and members, and any custom questions an organizer asks.
  • Documents: if an organizer requires it (e.g. a college ID or resume), the file you upload for that registration.
  • Content: blogs, event listings, club pages, and other material you publish.

3. Data from sign-in providers

If you continue with Google, Google shares your name and email address with us. If you sign in by phone, verification is handled by Firebase Authentication; we receive confirmation that you control the number, never your SMS inbox. We never receive or store your Google password.

4. Payments: what we never see

Paid event tickets are processed by our payment partners (Razorpay and Cashfree). Your card number, UPI PIN, and banking credentials go directly to the payment gateway and never touch our servers. We store only payment metadata: an order ID, the amount, the payment status, and a gateway payment reference. That is enough to confirm your seat and help resolve disputes.

5. Data collected automatically

  • Session token: a signed login token kept in your browser’s local storage so you stay signed in. We don’t use third-party advertising cookies.
  • Server logs: IP address, request time, and endpoint, kept briefly for security, debugging, and rate limiting (abuse prevention).
  • Check-in records: when an organizer scans your ticket QR at an event, we record the time of check-in.

6. How we use your data

  • To create and secure your account and verify you are a real student.
  • To process event registrations, payments, team formation, and attendance.
  • To issue certificates you earn, including blockchain-verifiable credentials.
  • To send notifications you’d expect, such as registration confirmations, approval updates, and event reminders, by email and in-app.
  • To keep the platform safe: fraud prevention, rate limiting, and abuse detection.

We do not sell your personal data, and we do not use it for third-party advertising.

7. Who can see your data

  • Event organizers: when you register for an event, its organizers see your name, username, contact details, your answers to their registration questions, payment status, and any document the event required. They may use it only to run that event.
  • Other users: your public profile (username, name, institute, blogs) is visible on the network. Your phone number, email, DOB, and documents are never public.
  • Service providers: we use trusted processors to run ScrollConnect: Firebase (phone verification), Google (OAuth), Razorpay/Cashfree (payments), Cloudinary (image and document storage), and email delivery providers. Each receives only what it needs to do its job.
  • Legal requests: we may disclose data when required by law or to protect users from harm.

8. How we protect it

  • All traffic is encrypted in transit with TLS (256-bit encryption).
  • Sessions use signed tokens; phone login requires OTP verification.
  • Uploaded documents are access-controlled and served through short-lived signed URLs available only to you and the event’s organizers.
  • Payment verification uses cryptographic signature checks with our gateways.
  • Rate limiting protects against automated abuse.

9. Retention & deletion

We keep your data while your account is active. Abandoned, unpaid event registrations are discarded automatically. If you delete your account, we remove your personal data within 30 days, except records we must keep for legal or accounting reasons (e.g. payment records) and content you explicitly published to others.

10. Your rights

You can access and correct most of your data from your profile settings at any time. You can also email us to request a copy of your data, correction of inaccurate data, or deletion of your account. We respond within 30 days.

11. Age requirement

ScrollConnect is intended for college students and campus communities. You must be at least 16 years old to create an account.

12. Changes & contact

If we make material changes to this policy, we’ll notify you in-app or by email before they take effect. Questions or requests: hello@scrollconnect.com.