Privacy.

KONNECT is a minimal people-discovery directory for educational ecosystems. It is not a social media feed, messaging platform, advertising product, or content publishing tool.

The service exists to help people discover each other's professional and social identity inside an institute, with user-controlled visibility.

Google sign-in data: name, email address, Google account identifier, profile image if provided, OAuth state, and session metadata.

Profile data: institute, full name, course or program, joining year, visibility mode, and social links the user chooses to add.

Social-link data: platform, label, handle or URL, normalized external URL, and display order.

Technical data: essential cookies, CSRF tokens, route logs, user agent, request metadata, error events, rate-limit counters, IDs, and timestamps needed to run and secure the service.

KONNECT does not ask for phone numbers, postal addresses, payments, government IDs, precise location, private messages, posts, comments, or feed content.

KONNECT does not request Gmail, Google Drive, Google Calendar, Google Contacts, or other Google product data. Google is used for sign-in identity only.

Users should not add sensitive data, emergency details, private addresses, medical information, financial data, or confidential institute records to profile fields or custom links.

To create and secure accounts, keep users signed in, and protect routes from unauthorized access.

To show discoverable profile cards and profile pages according to visibility settings.

To support search and filters by name, institute, course, and joining year.

To let users update details, manage links, change privacy settings, logout, and delete accounts.

To prevent abuse, debug errors, maintain reliability, comply with applicable law, and enforce product rules.

Visible to everyone: signed-in KONNECT users can discover and open the profile.

Same institute only: only signed-in users from the same institute can discover and open the profile.

Same joining year only: only signed-in users with the same joining year can discover and open the profile.

Hidden profile: the profile is not shown in discovery to other users. The user can still access their own account and settings.

Social links lead to external services controlled by the user or third parties. Those services have their own privacy policies.

KONNECT uses Google OAuth only to authenticate users and receive basic identity information required for account access.

KONNECT's use and transfer of information received from Google APIs is intended to comply with the Google API Services User Data Policy, including Limited Use requirements.

KONNECT does not sell Google user data, use it for advertising, or transfer it except as needed for authentication, security, storage, legal compliance, or user-requested functionality.

Users can revoke access from their Google Account permissions page. Revocation may prevent future Google login until access is granted again.

KONNECT uses essential cookies and related browser storage for authentication sessions, OAuth callback state, CSRF protection, and security.

KONNECT does not use advertising cookies. If analytics are added later, they should be privacy-preserving and disclosed here.

The current production-ready architecture uses Vercel hosting, Neon/PostgreSQL storage, Prisma database access, and Google OAuth.

Production secrets must be kept in secure environment variables and must not be committed to source control.

Profile data is shared with other signed-in KONNECT users only according to the user's visibility setting.

KONNECT may use service providers for hosting, database storage, authentication, monitoring, security, and infrastructure operations.

KONNECT may disclose data if required by law, lawful process, institute governance obligations, security investigation, fraud prevention, user safety, or protection of rights and systems.

KONNECT does not sell personal data or provide profile data to advertisers or data brokers.

Profile data is retained while the account remains active.

Users can delete their account in Settings. Deletion removes the user record, social links, sessions, and linked authentication records from the KONNECT database.

Some technical logs, backups, provider records, or security records may persist for a limited period if needed for debugging, security, legal compliance, or disaster recovery.

External social platforms are separate services. Deleting a KONNECT account does not delete content hosted on those platforms.

Depending on applicable law, users may request access, correction, completion, update, deletion, withdrawal of consent, grievance redressal, or information about data processing.

Most controls are available directly in the app: edit profile details, remove links, change visibility, logout, or delete account.

For requests that cannot be completed in the app, email epigram.debsoc@sju.edu.in. KONNECT may verify account ownership before acting.

Users should provide accurate information, avoid impersonation, avoid adding another person's data without permission, and use the product lawfully.

KONNECT is intended for students and people in educational ecosystems. It is not designed for children below the age at which they may consent to digital services under applicable law.

If KONNECT learns that an account cannot lawfully use the service without verified guardian consent, KONNECT may restrict or delete the account.

Parents, guardians, or institute representatives may contact epigram.debsoc@sju.edu.in about suspected underage or unauthorized accounts.

KONNECT may update this policy when the product, infrastructure, law, or data practices change.

Material changes should update the effective date and, where appropriate, be communicated in the app or by email.

For privacy requests, deletion issues, security concerns, or complaints, email epigram.debsoc@sju.edu.in.

Before a large public launch, this policy should be reviewed against the final deployment and applicable legal requirements.