BusBuddy

Privacy Policy — Anonymous Complaint (Assam University)

Effective: 2025-08-08. This policy describes how BusBuddy handles data for the anonymous complaint submission feature. It is specific to anonymous complaints and overrides conflicting terms in generic privacy docs for this feature.

1. Who we are

This anonymous complaint feature is provided and operated by BusBuddy (“we”, “us”, “our”) for the benefit of Assam University students. For this feature, BusBuddy is the data controller. This policy is modeled on and consistent with BusBuddy’s general privacy posture (see your existing policy for reference) but is tailored to anonymous submissions, which are handled differently and with stricter data minimization.
For the main BusBuddy privacy policy, see https://busbuddy-aus.in/privacy.

2. Scope and summary

Only anonymous complaints are accepted. We do not ask for personal data.
We do not intentionally store IP addresses, user agents, device identifiers, cookies, or analytics.
Attachments are sanitized client-side to remove metadata (EXIF, GPS, timestamps, camera details).
Google reCAPTCHA v2 Invisible is used to protect against spam; tokens are verified server-side.
AI severity shown to students is a suggestion only; final triage is manual.
Default retention: images ≤30 days; complaint text ≤90 days unless law requires longer.

3. What we collect (and intentionally do not collect)

4. How we use the information

Route and triage complaints to appropriate university representatives.
Detect and mitigate spam/abuse via reCAPTCHA verification and rate limiting.
AI severity detection to assist triage. The prediction is a suggestion and does not replace human review.
Maintain system integrity and investigate abuse without compromising anonymity.

5. Third parties and processors

Google reCAPTCHA v2 Invisible — used solely for abuse prevention. Use is subject to Google’s Privacy Policy and Terms. Tokens are short-lived and verified server-side.
Cloud storage (e.g., S3/GCS) — for sanitized images only, stored privately with lifecycle rules for auto-deletion.
Email or ticketing systems (optional) — if configured to notify staff. We do not include images inline, only references or links with limited lifetime.

We do not sell personal data. We avoid sharing any information that could re-identify a student.

6. Retention and deletion

Sanitized images: auto-delete within 30 days by default via storage lifecycle rules.
Complaint text: retained up to 90 days by default for follow-up, then deleted or irreversibly anonymized.
Exceptions: If legal obligations require longer retention, we restrict access and delete as soon as allowed.
If a complaint ID is provided (when shown on submission), you may request deletion referencing that ID. We cannot verify identity for anonymous submissions; requests must include the complaint ID.

7. Security and anonymity

Transport security: HTTPS only, HSTS, and modern TLS ciphers.
Data minimization: we store only what is necessary to triage complaints.
Access controls: least privilege for university staff handling complaints.
Logs: application logs exclude IP addresses, user agents, and raw image data. Infrastructure logs are disabled or anonymized.
Images: sanitized client-side and re-validated server-side before storage.

8. Your choices and rights

Because submissions are anonymous, we generally cannot identify or verify a requester to action typical data-subject rights. Where applicable law grants rights (e.g., access, deletion), we will honor them to the extent feasible using the complaint ID and without compromising the anonymity of others.

You may choose to omit attachments if you prefer not to upload images.
You may override the suggested severity before final submission. Severity is a model suggestion; final triage is manual.

9. International data considerations

Processing may occur in the region where our infrastructure is hosted. We minimize data and avoid personal information to reduce cross-border risk. If cross-border transfer occurs, we rely on appropriate safeguards and contractual protections with processors.

10. Children’s privacy

The complaint feature is intended for university students. We do not knowingly collect personal information from children. As submissions are anonymous, if a complaint appears to include personal data of a minor, we remove it upon detection while preserving necessary non-identifying details for safety concerns.

11. Changes to this policy

We may update this policy to reflect operational, legal, or regulatory changes. We will update the “Effective” date above and, where required, provide additional notice. Archived versions are available upon request.

12. Contact

For questions about this policy or to request deletion using a complaint ID, contact:

BusBuddy, Developer
Email: harshanand.cloud@gmail.com
Subject: “Anonymous Complaint — Privacy”

Reference: This policy draws from BusBuddy’s existing privacy practices and is explicitly tailored to anonymous complaints. It avoids collecting personal data, IPs, or user agents; if these are logged anywhere by default, anonymity is compromised and must be corrected.

Back to Complaint Form