Privacy Policy
Last Updated: February 6, 2026
Introduction
Welcome to Kotan ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our university community platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App").
Please read this Privacy Policy carefully. By using Kotan, you agree to the collection and use of information in accordance with this policy.
Important: Kotan is an independent platform and is NOT affiliated with any university. See our Terms of Service for more details.
1. Information We Collect
1.1 Information You Provide
| Data Type | Purpose | Required |
|---|---|---|
| Email Address | Account creation, verification, password reset | Yes |
| Display Name | Shown on your profile and posts | Yes |
| University | Community verification and filtering | Yes |
| Major/Course | Profile information | Optional |
| Year of Study | Profile information | Optional |
| Profile Photo | Displayed on your profile and posts | Optional |
1.2 Content You Create
- Posts: Text content, images, and polls you share
- Comments: Responses to posts (can be anonymous)
- Direct Messages: Private conversations with other users
- Events: Campus events you create or register interest in
- Reports: Content you report for moderation
- Support Tickets: Feedback, bug reports, and feature requests
1.3 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| Device Information | App functionality, push notifications |
| Device Token (FCM) | Delivering push notifications |
| Usage Data | Points, streaks, badges (gamification) |
| Login Activity | Streak tracking, last login date |
| IP Address | Security, fraud prevention, audit logging |
| User Agent | Debugging, compatibility |
| OS & App Version | Crash reporting, compatibility, support |
| Crash Data | Improving app stability |
| Performance Data | Improving app performance |
1.4 Anonymous Content
Kotan allows you to post and comment anonymously. When you choose to post anonymously, your identity is hidden from other users and your posts appear as "Anonymous" or "Anonymous #1, #2" etc.
Important Note on Anonymity
Administrators can view the identity behind anonymous posts for moderation and safety purposes. Anonymous posts are NOT truly anonymous to us — we maintain records linking all content to user accounts. See Section 3.5 for when this information may be disclosed.
2. How We Use Your Information
2.1 Provide Core Services
- Create and manage your account
- Verify your university email
- Display your profile to other users
- Enable posting, commenting, and messaging
- Show relevant campus events
2.2 Communication
- Send push notifications (if enabled)
- Notify you of comments, mentions, and messages
- Send event reminders
- Deliver important service announcements
2.3 Safety and Moderation
- Investigate reported content
- Enforce community guidelines
- Prevent spam and abuse
- Protect users from harassment
- Identify users who post harmful or illegal content
Admin Access to Private Content
To maintain a safe community, authorized administrators may access private content (including direct messages) under the following circumstances:
- When investigating a user report of harassment, abuse, or policy violations
- When required by law or valid legal process (court order, law enforcement request)
- When there is a credible threat to user safety
- When debugging critical technical issues (data is accessed in anonymized form when possible)
We do not routinely monitor private messages. Access is logged and limited to authorized personnel only.
2.4 Improve Our Service
- Track gamification (points, streaks, badges)
- Understand feature usage via Firebase Analytics (screen views, interactions)
- Fix bugs and improve performance via Firebase Crashlytics
- Monitor app stability and performance
3. Information Sharing
3.1 With Other Users
| What's Shared | Who Can See |
|---|---|
| Display name, avatar | All users |
| University badge | All users |
| Posts and comments | All users (unless anonymous) |
| Major, year of study | All users (if you add it) |
| Direct messages | Only the recipient (admins may access when investigating reports) |
3.2 With Third-Party Service Providers
We use trusted third-party services to operate Kotan:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Backend infrastructure, database, authentication, file storage | All user data (encrypted) |
| Firebase Cloud Messaging | Push notifications | Device tokens only |
| Firebase Analytics | Usage analytics (screen views, feature usage) | User ID, events, university |
| Firebase Crashlytics | Crash reporting and performance monitoring | User ID, crash logs, device info |
| Google Fonts | Typography | No personal data |
These providers are contractually obligated to protect your data and use it only for the services they provide to us.
3.3 We Do NOT:
- Sell your personal information
- Share data with advertisers
- Track you across other apps
- Use your data for targeted advertising
- Share your data with data brokers
3.4 Legal Requirements
We may disclose your information if required by law, court order, or government request, valid legal process (subpoenas, court orders), or the need to protect the safety of our users or the public.
3.5 Disclosure to Authorities
In certain circumstances, we may be required or compelled to share user information with authorities:
Law Enforcement
- When served with valid legal process (court order, subpoena, search warrant)
- When there is a credible, imminent threat to life or safety
- When required to report illegal content under applicable laws
Other Authorities
- In response to valid legal requests from government agencies
- When cooperating with official investigations into serious criminal matters
What We May Disclose
- Account information (email, display name, university)
- Content posted by the user (including anonymous posts)
- IP addresses and access logs
- Direct messages (only pursuant to valid legal process)
What We Will Do
- We will notify affected users of such disclosures unless prohibited by law or court order
- We will only respond to legally valid requests
- We do NOT proactively share user data with universities or other institutions for routine matters
Important: If you post defamatory, harassing, or illegal content — even anonymously — your identity may be disclosed pursuant to legal process, and you may be held legally responsible.
4. Data Storage and Security
4.1 Where Your Data is Stored
Your data is stored on secure servers provided by Supabase. Data may be processed in the United States or other countries where our service providers operate.
4.2 Security Measures
We implement industry-standard security measures including:
- Encrypted data transmission (HTTPS/TLS)
- Encrypted data at rest
- Row-level security in our database
- Secure authentication with email verification
- Regular security updates
4.3 Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Posts and comments | Until deleted by you or removed by moderation |
| Direct messages | Until deleted or account deletion |
| Device tokens | Until you logout or uninstall |
| Audit logs | 90 days |
| IP address logs | 90 days |
5. Your Rights and Choices
5.1 Access and Update
You can access and update your personal information anytime through Profile Settings (edit name, photo, major, year) and Notification Settings (control what notifications you receive).
5.2 Delete Your Data
You have the right to delete your data:
- Delete Posts/Comments: Remove content you've created
- Delete Account: Permanently delete your account and all associated data
To delete your account, go to Profile → Settings → Delete Account.
5.3 Control Notifications
You can manage push notifications through in-app notification settings or your device's notification settings.
5.4 Anonymous Posting
You can choose to post anonymously to protect your identity from other users. However, remember that anonymous posts can still be traced by administrators and may be disclosed pursuant to legal process.
5.5 Block Users
You can block users to prevent them from messaging you.
6. Children's Privacy
Kotan is intended for university students (typically 17 years and older). We do not knowingly collect information from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.
7. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the app
- Updating the "Last Updated" date
- Sending a notification for significant changes
Your continued use of Kotan after changes are posted constitutes your acceptance of the updated policy.
8. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at support@kotan.app or through the in-app Help & Support feature.
9. For Malaysian Users
If you are located in Malaysia, your data is processed in accordance with the Personal Data Protection Act 2010 (PDPA). You have the right to:
- Access your personal data
- Correct inaccurate data
- Withdraw consent for data processing
- Lodge complaints with the relevant authorities
Your use of this platform is also subject to the Communications and Multimedia Act 1998 and the Defamation Act 1957.
10. Summary
| Question | Answer |
|---|---|
| Do we sell your data? | No |
| Do we show ads? | No |
| Do we track you across other apps? | No |
| Do we collect analytics? | Yes (to improve the app) |
| Can you delete your account? | Yes |
| Can you post anonymously? | Yes |
| Who can see anonymous posts' real identity? | Admins only (for safety) |
| Can admins read my DMs? | Only when investigating reports or legal requests |
| When may data be shared with authorities? | Only pursuant to valid legal process |
| What third parties have access? | Supabase (backend), Firebase (notifications, analytics, crash reports) |
By using Kotan, you acknowledge that you have read and understood this Privacy Policy.
Kotan - Connecting University Students