Privacy Policy — Research Rendezvous
Last updated: May 22, 2026
This Privacy Policy describes how Research Rendezvous (“we”, “the app”) collects, uses, and shares your information when you use the iOS app distributed via the Apple App Store. It is intended to match the App Privacy disclosures we make in App Store Connect and the PrivacyInfo.xcprivacy manifest bundled with the app.
Who we are
Research Rendezvous is a research-collaboration app built by the Research Rendezvous Team in partnership with the Statistics Lab at CMC. For privacy questions or data-deletion requests, contact us at info@statslabatcmc.com.
Data we collect
We collect the following categories of information. None of it is used for tracking across apps or websites owned by other companies, and we do not share it with data brokers.
| Data type | Why we collect it | Linked to your identity |
|---|---|---|
| Email address | To create and sign you into your account, and to display the email associated with your messages and posts to the other party in a conversation. | Yes |
| Name | To populate your profile (first / last name, display name) and show it to other users in posts, messages, and profile screens. | Yes |
| User content | The cards, posts, and messages you create are stored so we can show them to you and to the recipients/audience you chose. | Yes |
| Device ID | We use Firebase Cloud Messaging tokens to deliver push notifications about new messages. The token is a device identifier; we use it only to route a notification to the right device. | Yes |
We do not collect: precise location, contacts, photos, health data, financial data, advertising identifiers, browsing history, search history, purchase history, or audio/video recordings.
How we use your data
- Account creation and sign-in. Email and name are used to identify you. We support Sign in with Apple, Sign in with Google, and email + password.
- In-app messaging and posts. Cards, posts, and messages you send are stored on our servers and shown to the recipients/audience you chose.
- Push notifications. When another user messages you, we send a push notification to your device using your FCM device token.
- Moderation and safety. When you submit a report, we store the report along with your account email and the reported user’s identifier so we can take action. When you block a user, we store the block on our server so it persists across devices.
- App functionality only. We do not use any of the above for advertising, tracking, profiling, or sale to third parties.
Where your data lives
- Account data and posts are stored in PostgreSQL on Railway (hosting provider) in the United States.
- Messages and conversations are stored in Google Firebase Firestore.
- Push notifications are delivered via Apple Push Notification service (APNs) and Firebase Cloud Messaging.
- Authentication uses Firebase Authentication.
All transport is encrypted with HTTPS / TLS.
Third-party services
We use the following sub-processors, each of which has their own privacy policy:
- Firebase (Google) — Authentication, Firestore, Cloud Messaging, Installations, Analytics. See firebase.google.com/support/privacy.
- Apple Push Notification service — message delivery.
- Railway — backend hosting.
- Sign in with Apple — sign-in. If you use Hide My Email, your account email is the Apple relay address and we never see your real email.
- Google Sign-In — sign-in.
- Semantic Scholar API — paper search (you send a query string; we do not send your account identity to Semantic Scholar).
Sharing your data
We do not sell or rent your data. We share data only with the sub-processors listed above to operate the app, or when required by law.
Your choices and rights
- Edit your profile — Profile → Edit Profile.
- Block another user — open their profile and tap “Block”.
- Report another user or message — long-press a message, or use the overflow menu on a profile.
- Delete your account — Profile → Delete Account. Deletion is permanent and irreversible; it removes your profile, your posts and drafts, and your conversations. To request deletion out-of-band, email info@statslabatcmc.com.
Children
Research Rendezvous is not directed to children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
Security
We use industry-standard measures including TLS encryption in transit, hashed passwords (bcrypt), Firebase ID-token authentication on all writes, and least-privilege backend access. No system is perfectly secure, but we take reasonable measures to protect your data.
International users
The app is operated from the United States. By using the app from outside the US you consent to your data being transferred to and stored in the US.
Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top will change. Material changes will be surfaced in-app on next launch via the Terms of Use & Community Guidelines screen.
Contact
Questions, data requests, or moderation concerns: info@statslabatcmc.com.