Legal
Privacy Policy
Last updated 26 June 2026
Constella (“Constella”, “we”, “us”) operates Campus Pulse, an anonymous, verified campus question-and-answer community, and a public map of people described by their skills, work, intent, and location. This policy explains what we collect, why, how long we keep it, and the rights you have. In campus spaces your posts are shown to others without your name; if you add a public map dot, that dot is public by design — please only add information you are comfortable showing to anyone.
Data we collect
- Profile data you provide: name or alias, bio, skills and skill details, intent, languages, availability, links, and your city/region (and the approximate latitude/longitude of that city).
- Account & contact data: email address, and optionally a phone number, used for sign-in, verification, and notifications. Contact details are never shown publicly; accepted Synergies open a private chat.
- Campus verification data: if you request access to a campus space, a photo of your student/college ID. It is used only to confirm campus membership, is visible only to that campus’s admins, and is deleted when you leave the campus, delete your account, or ask us to remove it. Posts in campus spaces are shown to others without your name.
- Usage & analytics data: technical data needed to run the service (e.g. requests handled by our hosting providers) and first-party product-analytics events (such as which screens and features are used), tied to a random identifier and, if you are signed in, your account. We use these only to operate and improve Constella — there are no third-party advertising or tracking networks, and we do not sell your data or use it for behavioural advertising.
How we use it
To run Campus Pulse and place any public dot on the map, power discovery and matching, deliver notifications you opt into, verify accounts, prevent abuse, understand and improve how the product is used, and operate and secure the service. We do not sell your personal data.
Legal bases for processing
For users in India, we process your personal data under the Digital Personal Data Protection Act, 2023: primarily on your consent — which we request with notice at the point of collection and which you may withdraw at any timeby deleting your data in your settings or contacting our Grievance Officer — and for the Act’s legitimate uses where applicable, such as providing a service you requested, security, and preventing misuse. Where other laws apply to you (for example GDPR or CCPA), we also rely on consent, performance of a contract, and legitimate interests as relevant.
Processors we use
- Supabase — database, authentication, and storage.
- Vercel — application hosting and content delivery.
- Cloudflare — edge delivery, bot protection, and our email-notification worker.
- Resend — delivery of transactional and notification email.
These providers process data on our behalf under data-processing terms. Some process data outside India (our database is hosted in Japan; our hosting, edge, and email providers operate from the United States). Under the Digital Personal Data Protection Act, 2023, such transfers are permitted except to countries the Government of India may restrict; where required we rely on appropriate safeguards for international transfers.
Retention
We keep your profile while your dot is live. When you delete your dot, the profile and its associated records (skills, links, synergy requests, and similar) are removed by cascade. Backups and logs may persist for a limited period before rotation.
Posts you made in campus spaces (questions, answers, discussions, polls) are kept after account deletion but fully anonymized — your name and the link to your account are removed — so campus threads stay intact for other students. To remove a specific post, contact our Grievance Officer.
Your rights
As a Data Principal under India’s Digital Personal Data Protection Act, 2023, you may: access a summary of the personal data we hold and how we process it; request correction or completion; request erasure; withdraw consent; nominate another person to exercise your rights; and seek grievance redressal. You can download a copy of your data or delete your account directly from your settings; for a complete copy of your personal data or to exercise any other right, contact our Grievance Officer — we aim to acknowledge within 24 hours and resolve within 15 days. If you are covered by other laws (for example GDPR or CCPA), you have equivalent rights of access, correction, portability, restriction, objection, and deletion. You can also reach us at privacy@joinconstella.com.
Children
Constella is intended for adults. You must be 18 or older to use Constella, and we ask you to confirm that you are 18 or older when you join a campus. We do not knowingly collect personal data from anyone under 18.
Under India’s Digital Personal Data Protection Act, 2023, a person under the age of 18 is a “child”, and processing a child’s personal data requires verifiable parental consent. Because Constella does not offer a parental-consent flow, the service is restricted to users who are 18 or older. If you believe someone under 18 has provided us personal data, contact our Grievance Officer (named in our Terms) and we will delete it.
Changes & contact
We will update this policy as the product evolves and revise the date above. Questions or requests: privacy@joinconstella.com.