Legal

Privacy Policy

Campus Whispers is built on anonymity. This policy explains what minimal data we collect, why we collect it, and how we protect it.

Last updated: February 2026

01

Information We Collect

Anonymous credentials and minimal technical signals only.

When you create an account on Campus Whispers, we collect your chosen anonymous username and a securely hashed version of your password. We do not collect your real name, email address, phone number, or any other personally identifiable information. Your identity is never linked to your activity on this platform.

Technical data collected includes:

  • The text content of posts and comments you create (associated with your anonymous username)
  • Your IP address — used exclusively for rate limiting and abuse prevention. It is never stored against your account and is not used for tracking or profiling.
  • Session timestamps and activity logs used for platform integrity.
  • Temporary abuse-attempt logs stored in Redis (e.g., banned-word detections). These expire automatically within 1 hour.
02

How We Use Your Information

Strictly to operate and protect the platform. Nothing else.

We use collected information exclusively to run and secure Campus Whispers. Specifically:

  • Authenticate your session using secure, httpOnly cookies
  • Enforce rate limiting to prevent spam and coordinated abuse
  • Apply content moderation rules that keep communities safe
  • Generate aggregate platform statistics like Campus Pulse indicators

We do not use your data for advertising, profiling, targeting, or any commercial purpose ever.

03

Data Storage & Security

Bcrypt hashing, signed JWTs, encrypted databases.

Your password is hashed using bcrypt before being stored and cannot be recovered in plain text under any circumstances. Session authentication uses signed JWT tokens stored in httpOnly cookies, which are completely inaccessible to client-side scripts.

All account data is stored on encrypted PostgreSQL databases. Rate limiting records are held temporarily in Redis and expire automatically within minutes. No unencrypted sensitive data is ever written to disk.

04

Data We Do Not Collect

A firm list of things that never touch our systems.

Campus Whispers is built around the principle of minimal data. The following are never collected, stored, or processed:

  • Real names or legal identities
  • Email addresses
  • Phone numbers
  • Precise location data
  • Device identifiers or browser fingerprints
  • Social media profiles or linked accounts
  • Financial information of any kind
05

Third-Party Sharing

We do not sell, share, or rent your data. Period.

We do not sell, rent, or share your data with any third party for any purpose. We do not use third-party analytics services, advertising networks, or social tracking pixels.

Data may only be disclosed if compelled by applicable law or to prevent imminent, demonstrable harm to users or the platform and only to the minimum extent legally required.

06

Content You Create

Posts are tied to your anonymous handle, not your identity.

Posts, comments, and whispers you create are associated with your anonymous username. Content is permanent once posted you cannot edit or delete your own posts. Content removal is handled through the community reporting and moderation system.

All content is text-only. No images, files, or media are accepted or stored on Campus Whispers.

07

Cookies

One essential authentication cookie. Nothing else.

Campus Whispers uses a single essential cookie for authentication your signed JWT session token. This cookie is httpOnly, meaning it is inaccessible to JavaScript and cannot be read by client-side scripts or browser extensions.

We do not use analytics cookies, tracking cookies, advertising cookies, or any third-party cookie services.

08

Data Retention

Minimal data, minimal retention windows.

Account credentials are retained as long as your account exists. Rate limiting records expire automatically within minutes. Moderation data (reports, bans) is retained indefinitely for platform integrity. If you stop using Campus Whispers, no further data is collected.

09

Your Rights

Because we hold minimal data, your burden is minimal too.

Because Campus Whispers holds almost no personal data, exercising data rights is straightforward. You may simply stop using the platform at any time no deletion request needed for most data, since most data we hold cannot be attributed to you as an individual.

Content associated with your username will remain on the platform as part of public community discussions after you leave. If you require account deletion for specific reasons, contact the platform administrator.

10

Changes to This Policy

We will be transparent when things change.

We may update this privacy policy as the platform evolves. The revision date at the top of this page will always reflect the most recent changes. Continued use of Campus Whispers after a policy update constitutes your acceptance of the revised policy.

Have questions? Reach out via the Contact Admin button on the homepage.

Read Terms of Service