LEGAL

Privacy Policy

Effective date: April 26, 2026

1. Introduction

This Privacy Policy describes how OKO Labs Inc. ("OKO Labs", "we", "us", or "our"), the operator of the WhichFrat mobile application and website at whichfrat.com (the "Service"), collects, uses, and discloses information about you. By creating an account or using the Service you agree to the practices described here.

2. Information We Collect

2.1 Information you provide

  • Account information: name, university email address (.edu), password, profile photo, and role (PNM or chapter officer).
  • Values profile: your responses to the 12-question values assessment, stored as a six-dimensional numerical vector (philanthropy, social, professional, academic, athletics, diversity).
  • Campus and chapter data: the campus you select and, if you are a chapter officer, your chapter's name, mission, value priorities, and recruitment status.
  • Interest signals: which chapters you express interest in.
  • Messages: content of in-app messages you send.
  • Contact information: if you grant permission, contact phone numbers are hashed (SHA-256) on your device before transmission. We never receive plaintext phone numbers.

2.2 Information collected automatically

  • Device information: device type, operating system, and unique device identifiers.
  • Usage data: pages viewed, features used, timestamps, and interaction patterns.
  • Crash and performance data: error reports and stability metrics from Sentry.
  • Push notification tokens: Firebase Cloud Messaging tokens used to deliver notifications you opt into.

2.3 Information from third parties

  • Google Sign-In: if you sign in with Google, we receive your name, email, and profile photo from Google.
  • Firebase Authentication: session and identity tokens managed by Firebase Authentication.

3. How We Use Your Data

  • Matching: compute compatibility scores between PNMs and chapters using our value-alignment algorithm.
  • Service delivery: power the discovery feed, CRM pipeline, messaging, and core features.
  • Communications: send push notifications about new messages, CRM updates, and chapter activity you opt into.
  • Safety and integrity: verify .edu email addresses, enforce content policies, prevent abuse and fraud.
  • Service improvement: analyze usage patterns to improve the Service.
  • Legal compliance: comply with applicable laws, regulations, and lawful requests.

4. Third-Party Services

We use the following third-party processors. Each processes your data only on our behalf under contractual obligations:

  • Firebase Authentication, Firestore, Storage, Cloud Functions, Cloud Messaging (Google) — identity, database, file storage, server logic, push notifications.
  • Sentry — error and performance monitoring.
  • Stripe — payment processing for chapter subscriptions.
  • Vercel — website hosting and serverless functions.

We do not sell your personal information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (fraud prevention, billing records, tax records). Anonymized and aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

6. Your Rights

You have the right to access, correct, export, or delete your personal data.

  • Account deletion: from the app's Settings screen. Deletion is permanent.
  • Access and portability: email privacy@whichfrat.com for a machine-readable export within 30 days.
  • Correction: update your profile in-app, or email us for changes you cannot make yourself.
  • Push notifications: disable in your device settings any time.
  • Contacts permission: revoke in your device settings any time.

California residents (CCPA) have the right to know, delete, opt out of sale (we do not sell), and not be discriminated against for exercising these rights. EEA, UK, and Swiss users (GDPR) have rights of access, rectification, erasure, restriction, and portability; legal bases are consent (account creation) and legitimate interests (service improvement, security).

7. Chapter Officer & Roster Data Special Protections

Chapter rosters, candidate notes, and CRM records are sensitive recruitment data. We apply additional protections:

  • CRM records and roster data are visible only to officers of the chapter that owns them — never to other chapters or to PNMs.
  • When a PNM signals interest, only the PNM's name, profile photo, match score, and a snapshot of their values vector are shared with that chapter. Officers cannot see the PNM's activity with other chapters.
  • Officers may export their own chapter's candidate data on request. They may not export data about PNMs who have not expressed interest.
  • Access is enforced at the database layer with role-based rules (Firestore Security Rules) — not just in the client.

8. Children's Privacy

The Service is intended for users aged 13 and older. We do not knowingly collect personal information from anyone under 13. If we learn that we have collected data from a user under 13, we delete that information promptly. If you believe a child under 13 has provided us with personal data, contact privacy@whichfrat.com.

9. Security

We use industry-standard safeguards: TLS for data in transit, role-based access control enforced at the database layer, server-side input validation in Cloud Functions, and on-device hashing of contact data. No method of electronic storage is 100% secure, and we cannot guarantee absolute security.

10. International Transfers

OKO Labs Inc. is based in the United States. If you access the Service from outside the U.S., your data may be transferred to and processed in the U.S. and other countries where our service providers operate. We rely on standard contractual clauses and equivalent safeguards where required by applicable law.

11. Changes

We may update this Privacy Policy from time to time. We will post the updated policy with a new effective date and, for material changes, notify you in-app or by email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Cookies

The whichfrat.com marketing site uses only strictly necessary cookies for session and security purposes. The mobile app does not use third-party advertising cookies. We do not run cross-site tracking pixels.

13. Contact

OKO Labs Inc. — privacy questions and requests: privacy@whichfrat.com. Legal notices: legal@whichfrat.com. General support: support@whichfrat.com.