StudySync ("we," "our," or "us") is a mobile application built by Thaw Zin Myo Aung (Student ID: 6731503088) at Mae Fah Luang University as part of the Mobile Application Development course (1305216). StudySync helps university students find compatible study partners, form study groups, coordinate sessions, and track attendance reliability.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have under Thailand's Personal Data Protection Act B.E. 2562 (PDPA) and applicable international data protection standards.
By using StudySync, you agree to the practices described in this policy. If you do not agree, please do not use the application.
Plain language summary: StudySync collects only what is needed to match you with study partners and manage your groups. We do not sell your data. We use Firebase (Google) to store and authenticate. You can delete your account and data at any time by contacting us.
01
Information We Collect
We collect only the minimum data required to provide StudySync's core features. Data collection falls into three categories:
1.1 Information You Provide Directly
| Data | Why We Collect It | Required? |
|---|---|---|
| Full name | Display on your profile and in group lists | Yes |
| Email address (MFU email preferred) | Account creation, authentication, and login via Firebase | Yes |
| Major and year of study | Improving compatibility match accuracy | Yes |
| Enrolled courses (e.g., Engineering Math II) | Finding partners with shared courses (30% of match score) | Yes |
| Weekly availability (time slots per day) | Schedule overlap matching (40% of match score) | Yes |
| Academic goals per course (A/B/Pass) | Goal similarity matching (20% of match score) | Yes |
| Learning style preference | Learning style match (10% of match score) | Yes |
| Profile picture | Display on your profile card | No |
| Discussion board posts and replies | Group coordination within your study groups | When posted |
| Attendance self-reports | Reliability score calculation for you and group members | When attending |
1.2 Information Collected Automatically
- Firebase Authentication tokens — session management, kept securely by Firebase.
- Device push notification token (FCM) — used only to send study session reminders you have scheduled. Never used for marketing.
- App usage data via Firebase Analytics — anonymised crash reports and feature usage patterns to improve app stability. No personally identifiable information is linked to analytics events.
- Timestamps — creation and update times for groups, sessions, discussions, and attendance records.
1.3 Information We Do Not Collect
- Precise GPS location or device location data
- Camera, microphone, or media library access
- Contacts or phone number
- Browsing history or data from other apps
- Payment or financial information
- Biometric data of any kind
02
How We Use Your Information
We use the data we collect only for the purposes listed below. We do not use your data for advertising, profiling outside the app, or any purpose unrelated to study coordination.
Core App Functions
- Compatibility matching — calculating your compatibility score with other users based on schedule overlap (40%), shared courses (30%), academic goal similarity (20%), and learning style (10%).
- Profile display — showing your name, major, year, courses, and reliability score to users who are considering matching with you.
- Study group management — storing group membership, admin permissions, schedules, and recurring session details.
- Discussion coordination — storing posts and replies within your groups so members can coordinate asynchronously.
- Session scheduling and reminders — recording session date, time, and location; sending push notifications 24 hours and 1 hour before sessions you are part of.
- Reliability scoring — calculating your attendance rate (sessions attended ÷ sessions scheduled × 100) and displaying it on your public profile.
Service Improvement
- Diagnosing technical errors and crashes using anonymised Firebase Crashlytics data.
- Understanding which features are used most to guide future development priorities.
Legal Basis (PDPA)
Under Thailand's PDPA, we process your personal data on the following lawful bases: (a) contractual necessity — processing required to deliver the service you signed up for; (b) legitimate interests — improving app stability and security; and (c) consent — for optional data such as profile pictures and push notifications.
03
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. The only third-party services we use are Google Firebase services, which act as a data processor on our behalf:
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Firebase Authentication | Google LLC | Secure account login and session management | Google Privacy Policy |
| Cloud Firestore | Google LLC | Storing user profiles, groups, sessions, discussions, attendance | Google Privacy Policy |
| Firebase Storage | Google LLC | Storing profile pictures (if uploaded) | Google Privacy Policy |
| Firebase Cloud Messaging | Google LLC | Delivering push notifications for session reminders | Google Privacy Policy |
| Firebase Analytics & Crashlytics | Google LLC | Anonymised usage and crash reporting | Google Privacy Policy |
Google processes data in accordance with their Data Processing Addendum and applicable data protection laws. Data may be stored on Google Cloud infrastructure in various regions. We have selected settings to minimise data residency concerns.
Visibility Within the App
Some of your data is visible to other StudySync users as part of the core matching and group features:
- Your name, major, year, enrolled courses, availability, academic goals, learning style, and reliability score are visible to other users during the matching process.
- Your discussion posts are visible to members of the group in which you post.
- Your attendance status (attended / not attended) is visible to your group's admin.
Your email address is never displayed to other users within the app.
Legal Disclosure
We may disclose your data if required by Thai law, court order, or a valid legal process. We will notify you of any such request unless prohibited from doing so by law.
04
Data Retention
We keep your data only as long as your account is active or as required to provide the service:
- Account data (name, email, profile) — retained until you request account deletion.
- Group and session data — retained for 12 months after a group becomes inactive (no sessions scheduled), then automatically deleted.
- Discussion posts — retained while the group exists; deleted with the group.
- Attendance records and reliability scores — retained until account deletion to preserve historical accuracy.
- Anonymised analytics — retained for up to 14 months per Firebase Analytics defaults.
When you delete your account, all personally identifiable information is permanently removed from Firestore within 30 days. Anonymised, aggregated data that cannot be linked back to you may be retained for statistical purposes.
05
Your Rights Under PDPA
As a data subject under Thailand's Personal Data Protection Act B.E. 2562 (PDPA), you have the following rights:
- Right to access — request a copy of all personal data we hold about you.
- Right to rectification — correct any inaccurate or incomplete data. Most profile data can be updated directly in the app.
- Right to erasure ("right to be forgotten") — request deletion of your account and all associated personal data.
- Right to data portability — request your data in a structured, machine-readable format.
- Right to restrict processing — ask us to pause how we use your data while a complaint is being investigated.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — for optional features (e.g., push notifications, profile picture), you can withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at the address listed in Section 10. We will respond within 30 days of receiving a verified request.
How to delete your account: Email 6731503088@lamduan.mfu.ac.th with the subject line "Account Deletion Request — StudySync" and your registered email. We will confirm deletion within 30 days.
06
Data Security
We implement reasonable technical and organisational measures to protect your personal data:
- Firebase Security Rules — Firestore rules ensure users can only read their own profile, their group data, and public match fields. No user can access another user's email or attendance records outside their shared groups.
- Encrypted transmission — all data is transmitted over HTTPS/TLS between the app and Firebase servers.
- Authentication — passwords are hashed and managed by Firebase Authentication; we never store plaintext passwords.
- Keystore security — the app is signed with a securely stored upload key, ensuring only authorised builds can be distributed.
- No hardcoded secrets — API keys, Firebase configuration, and credentials are managed through environment variables and are never committed to version control.
Despite these measures, no system is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant authority within the timeframes required by applicable law.
07
Children's Privacy
StudySync is designed for university students aged 18 and older. We do not knowingly collect personal data from anyone under the age of 18. If you believe a person under 18 has provided us with personal information, please contact us immediately at 6731503088@lamduan.mfu.ac.th and we will delete that data promptly.
08
Push Notifications
StudySync uses Firebase Cloud Messaging (FCM) to send push notifications for:
- Study session reminders — 24 hours and 1 hour before a scheduled session.
- New discussion posts in your groups (optional, enabled by default).
- Match requests and acceptance notifications.
You can disable push notifications at any time through your device's notification settings (Settings → Apps → StudySync → Notifications). Disabling notifications does not affect your ability to use any other app features. We do not use push notifications for marketing or promotional purposes.
09
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the app's features, legal requirements, or our data practices. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send a push notification to all active users informing them of the change.
- Display an in-app notice the next time you open the app.
Continued use of StudySync after the effective date of any revised policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you may delete your account as described in Section 5.
10
Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, please contact: