This policy explains how ALON collects and uses information
to run school-separated communities, verify accounts,
provide safety tools, support users, and maintain the app.
Information We Collect
- Account details such as name, email, school, role, and profile information.
- Verification materials submitted during account review.
- User content such as posts, comments, listings, photos, reviews, reports, and chats.
- Device, notification, diagnostic, analytics, purchase, and advertising information
- For encrypted private or group chats, encrypted message payloads, encrypted media, device and group key routing information, delivery metadata, timestamps, limited previews used for chat lists or notifications, report metadata, and optional user-attached report images.
How We Use Information
- Authenticate users and separate access by school.
- Operate boards, chat, housing, trade, professor, food, and timetable features.
- Review safety reports and attached report images, prevent fraud, enforce rules, and respond to support requests.
- Improve reliability, measure performance, show ads, and process purchases.
Sharing
We do not sell personal information. We may share information with service providers that help
operate ALON, such as hosting, authentication, storage, analytics, crash reporting, ads,
notifications, payments, and moderation systems.
We may disclose information when required by law, valid legal process, safety needs,
fraud prevention, or enforcement of our terms.
Retention and Security
We keep information only as long as needed for app operations, safety, disputes, legal
obligations, audits, or legitimate business purposes. Verification files may be deleted
or de-identified after review unless retention is necessary.
When a user requests full account deletion, ALON deactivates the account immediately and schedules eligible account and profile data for permanent deletion 7 days after deactivation. Existing community activity may remain in the service but is anonymized as "Deleted User".
We use technical and organizational safeguards, but no online service can guarantee absolute security.
Encrypted Private Chats
In one-to-one chats, ALON applies ALON Protocol, an end-to-end encryption technology based on a cryptographic engine and a Double Ratchet design, to protect users' personal information and the confidentiality of their conversations.
Information collected and stored (metadata): To provide the service, notifications, and routing, ALON stores essential data on its servers, including conversation participants, timestamps, message type, delivery/read state, device-key routing information, limited notification previews, and encrypted payloads.
Items the server cannot view: Message text and chat media are encrypted on the user's device before transmission, so third parties, including ALON servers, cannot read or reconstruct them in plaintext.
Retention period and report handling: Attachments such as photos, voice messages, files, and links may be retained for up to 50 days before expiring or being deleted. Where required for legal requests, report handling, abuse prevention, or system integrity, they may be retained for an additional period under applicable law and internal policy. Even during reports and safety review, the company cannot independently view an entire encrypted conversation. Review is limited to metadata, report reasons, attachments and evidence explicitly submitted by the user from their device, and public render metadata.
Encrypted Group Chats
For supported group chats, ALON applies ALON Mesh Protocol as an optional end-to-end encryption layer. It is designed around group encryption state shared across member devices and uses a Ratchet Tree to manage group keys when members are added, removed, or moved to new devices.
Information collected and stored (metadata): To operate encrypted group chat, ALON may store encrypted group message payloads, group identifiers, participant and device routing metadata, timestamps, delivery/read state, message type, limited notification previews, group key state identifiers, epoch or membership-change records, and recovery-related encrypted backup data where available.
Items the server cannot view: Group message text and protected group media are encrypted on user devices before transmission. ALON servers are not designed to independently decrypt the full encrypted group conversation from server-side data alone.
Retention period and report handling: Group chat photos, voice messages, files, and links may be retained for up to 50 days before expiring or being deleted. Where required for legal requests, report handling, abuse prevention, or system integrity, they may be retained for an additional period under applicable law and internal policy. Even during reports and safety review, review is limited to metadata, report reasons, attachments and evidence explicitly submitted by the user from their device, and public render metadata.