Privacy Policy

We at MoonGate Technology II, Inc. ("CheckIn," "we," "us," "our") know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our Privacy Policy. By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Remember that your use of CheckIn's Services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.

What Does This Privacy Policy Cover?

This Privacy Policy covers our treatment of personally identifiable information ("Personal Information") that we gather when you are accessing or using our Services, including the CheckIn mobile application (available on iOS and Android) and our website at checkin.college. This Policy also covers information that our partners, including schools and universities ("Partner Organizations"), provide to us about their students and other users. This Policy does not apply to the practices of companies or institutions we don't own or control, or people that we don't manage.

We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information internally in connection with our Services, including to personalize, provide, and improve our services, to create your account and allow you to use our application, to contact you and allow other users and Partner Organizations to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.

Children's Privacy

The Services are not directed to children under the age of 13. We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal information about yourself to us. No one under age 13 may provide any personal information to us or through the Services.

If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at info@checkin.college.

Lawful Basis for Processing Personal Information

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your Personal Information under the following legal bases:

• Performance of a contract: Processing is necessary to create your account and provide our Services to you;
• Legitimate interests: Processing is necessary for the purposes of our legitimate business interests, such as improving our services, providing analytics to Partner Organizations, and ensuring platform security — where these interests are not overridden by your rights;
• Legal obligation: We need to comply with a legal obligation such as a subpoena, court order, or tax requirements;
• Data processor role: We are acting as a data processor for a Partner Organization that has proper authorization to share your data with us; and
• Consent: You have given us explicit consent for a specific purpose, such as marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Will CheckIn Ever Change This Privacy Policy?

We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time as well, but we will alert you to material changes by placing a notice on our website, by sending you an in-app notification or email, and/or by some other means. Please note that if you've opted not to receive legal notice emails from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes. We will update the "Effective date" at the top of this page when changes are made.

What Information Does CheckIn Collect?

Information You Provide to Us

Through the registration process and/or through your account settings, we may collect Personal Information such as:

• Name (first and last)
• Email address
• Phone number
• School affiliation / university
• Student ID
• Profile photograph
• Intended major, career preferences, activities, and interests

If you've given us your email address, we may send you promotional email offers on behalf of ourselves or Partner Organizations, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. You may unsubscribe from these communications at any time by following the unsubscribe link in any email or by contacting us at info@checkin.college.

Information Collected Through Your Use of the Services

As you use our Services, we collect information about your engagement and activity within the platform, including:

• Badge progress and completion data
• Task completion records
• Reward earning and redemption history
• Cohort participation and group membership

This information helps us provide personalized progress tracking and helps your institution support your success.

Information Stored Only on Your Device

Certain features of CheckIn store data locally on your device and do not transmit it to our servers. This includes your daily mood/vibe check-in responses and any optional notes you provide. This data remains on your device, is not shared with CheckIn, your Partner Organization, or any third party, and is deleted when you uninstall the application or clear app data.

Information Collected Automatically

Whenever you interact with our Services, we automatically receive and record information from your browser or device, which may include:

• Internet protocol ("IP") address
• Device type, model, and operating system
• Browser type and version
• App version
• General usage data (screens viewed, features used, session duration)
• Crash logs and diagnostic data

We use this information to maintain service security, diagnose technical issues, and improve our Services.

We use token-based authentication (not browser cookies) for session management in our mobile application. Device information (such as device type and operating system) is stored with your active session to help detect unauthorized access and maintain account security. This session data is deleted when you log out or when your session expires. We use our own built-in analytics dashboard to understand general usage patterns and improve the Services.

Information We Do Not Collect

CheckIn does not collect precise GPS location data, contacts, calendar data, health data, financial information (such as credit card numbers), or biometric data. We do not access your device's camera or microphone except when you voluntarily upload a profile photo.

Do Not Track / Cross-App Tracking

Our mobile application does not track you across third-party websites or services. We do not use cross-app tracking or advertising identifiers (such as IDFA or Google Advertising ID). Our marketing website respects standard Do Not Track browser signals where technically feasible.

How Does CheckIn Use Your Information?

We use your Personal Information for the following purposes:

• Provide, maintain, and improve our Services, including tracking your badge progress and delivering personalized content;
• Process your engagement activities and deliver rewards you have earned;
• Send you technical notices, security alerts, and account-related messages;
• Respond to your comments, questions, and requests and provide customer service;
• Communicate with you about products, services, offers, and events offered by us and Partner Organizations;
• Monitor and analyze trends, usage, and activities in connection with our Services;
• Help your Partner Organization understand student engagement and provide support resources;
• Detect, investigate, and prevent fraudulent transactions and other illegal activities and protect the rights and property of CheckIn and others; and
• Fulfill any other purpose for which you provide information.

University Integration

CheckIn may in the future integrate with your institution's student information systems when authorized by your Partner Organization. If and when such integrations are enabled, they may sync activity data such as campus event attendance, course enrollment verification, and other institutional events to automatically update your badge progress within CheckIn. Your institution controls what data is shared through any such integrations. We will update this Privacy Policy before any integrations are activated.

Social Networking Services

CheckIn allows you to create an account and log in using your credentials from third-party social networking services such as Facebook. When you connect your account through a social networking service, we may access information from that service, such as your name, email address, and profile picture, in accordance with the authorization procedures determined by that service.

The manner in which social networking services use, store, and disclose your information is governed by the policies of those third parties, and CheckIn shall have no liability or responsibility for the privacy practices or other actions of any third-party site or service. You should consult the respective privacy policies of these social networking services for more information.

Push Notifications and Communications

CheckIn currently communicates with you through in-app notifications and email. We plan to introduce push notifications in a future update to provide service updates, reminders about badge progress, reward availability, and other engagement-related information. When implemented, push notifications will be delivered through platform-standard services (Apple Push Notification Service for iOS; Firebase Cloud Messaging for Android).

When push notifications are available, you will be able to opt out at any time through your device settings. Opting out of push notifications will not affect your ability to use the Services.

If you provide your mobile phone number, you consent to receive text message alerts from CheckIn containing service information or updates that may be sent using automated dialing systems. Message frequency varies. Standard message and data rates may apply. You may opt out of text messages at any time by replying "STOP" to any message or by contacting us at info@checkin.college.

Will CheckIn Share Any of the Personal Information It Receives?

We do not rent or sell your Personal Information in personally identifiable form to anyone. We do not share your Personal Information with third parties for their direct marketing purposes. We may share your Personal Information with third parties only as described in this section:

Partner Organizations (Universities and Institutions)

Your Partner Organization may use your account information and engagement data to provide targeted support, outreach, and communications. Your profile information, badge progress, and task completion activity may be visible to authorized administrators at your Partner Organization through the CheckIn admin dashboard. This sharing is essential to CheckIn's purpose of helping institutions support student success.

De-Identified and Aggregated Information

We may de-identify your Personal Information so that you are not identified as an individual and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services. De-identified and aggregated data is not considered Personal Information under this policy.

Service Providers

We employ other companies and services to perform tasks on our behalf and need to share your information with them to provide products or services to you. Our service providers include:

• Cloud hosting: Google Cloud Platform (data storage and processing)
• Image storage: Cloud-based image storage for profile photos
• Push notifications (planned): Firebase Cloud Messaging (Android), Apple Push Notification Service (iOS)
• Email delivery: SendGrid (transactional emails and account notifications)

Our service providers are contractually obligated to use your Personal Information only as necessary to provide services to us and are prohibited from using it for their own purposes.

Business Transfers

We may share and/or transfer customer information in connection with the evaluation of and entry into business transactions such as a merger, acquisition, sale of assets, or bankruptcy. If such a transaction occurs, we will notify you by email and/or a prominent notice in the application of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Protection of CheckIn and Others

We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of CheckIn, our employees, our users, or others.

FERPA Compliance

CheckIn is designed with the Family Educational Rights and Privacy Act (FERPA) in mind. When we receive student education records from Partner Organizations, we act as a "school official" with a legitimate educational interest under FERPA. We use such records only for the purposes for which they were disclosed to us and do not re-disclose them except as permitted by FERPA. Partner Organizations maintain ownership and control of their student education records at all times.

Data Retention

University-Affiliated Users

If your account is associated with a Partner Organization, your data is owned and managed by that institution. Retention periods are determined by your institution in accordance with their own policies and applicable law (including FERPA). CheckIn retains university-affiliated data as directed by the Partner Organization.

Independent Users

For users not affiliated with a Partner Organization, we retain your Personal Information as follows:

• Account and profile data: Retained while your account is active and for up to 5 years of inactivity;
• Engagement data (badge progress, task completions): Retained while your account is active and for up to 5 years of inactivity;
• Usage and diagnostic data: Aggregate or de-identified usage data may be retained indefinitely for service improvement, as it cannot be used to identify you;
• Communications records: Retained for up to 5 years for customer service and compliance purposes.

Upon account deletion, all of your Personal Information is permanently deleted. We do not retain any personally identifiable data after your account has been deleted.

Is Personal Information About Me Secure?

Your account is protected via token-based authentication for your privacy and security. We implement the following security measures:

• All data is encrypted in transit using HTTPS/TLS;
• Passwords are cryptographically hashed and never stored in plain text;
• We use industry-standard cloud infrastructure (Google Cloud Platform) with appropriate security controls;
• Access to user data is restricted to authorized personnel on a need-to-know basis; and
• We regularly review our security practices.

We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. It is your responsibility to protect the security of your login information.

In the event of a data breach that affects your Personal Information, we will notify you and any applicable regulatory authorities as required by applicable law. If you discover or suspect a security breach, please report it immediately to info@checkin.college.

Account Deletion

Independent Users (Not Affiliated with a Partner Organization)

If you are using CheckIn independently (not through a university or institution), you may delete your account and all associated data at any time through the account settings in the CheckIn mobile application. You may also request account deletion by contacting us at info@checkin.college.

Upon account deletion:

• Your profile data (name, email, phone, student ID, profile photo) will be permanently deleted;
• Your engagement data (badge progress, task completions) will be permanently deleted;
• Deletion requests are processed within 30 days; and
• Deletion is permanent and cannot be undone.

University-Affiliated Users

If your account is associated with a Partner Organization (university or institution), your account data is owned and managed by that institution. To request account deletion, please contact your university administrator directly. Your institution may delete your account and data through the CheckIn admin dashboard in accordance with their own data retention policies and applicable law (including FERPA).

What Personal Information Can I Access?

Through your account settings in the CheckIn mobile application, you may access and, in some cases, edit or delete the following information you've provided to us:

• Name
• Email address
• Phone number
• Student ID
• Profile photograph
• School affiliation

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at info@checkin.college.

Your Rights Regarding Your Personal Information

Depending on your location, you may have the following rights regarding your Personal Information:

All Users

• Access and review the Personal Information we hold about you;
• Request correction of inaccurate information;
• Request deletion of your account and personal data;
• Opt out of promotional communications; and
• Request a copy of your data in a portable format.

European Economic Area and United Kingdom Residents (GDPR)

If you are located in the EEA or UK, you additionally have the right to:

• Request restriction of processing of your Personal Information;
• Object to processing based on legitimate interests or for direct marketing;
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal;
• Not be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you; and
• Lodge a complaint with a supervisory authority (such as the Information Commissioner's Office in the UK, or your local data protection authority in the EEA).

We will respond to GDPR rights requests within 30 days. This period may be extended by an additional 60 days for complex requests, in which case we will notify you of the extension.

California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request that we disclose what categories of Personal Information we have collected about you, the categories of sources, the business purpose for collecting it, the categories of third parties with whom we share it, and the specific pieces of Personal Information we have collected about you;
• Right to Delete: You may request that we delete your Personal Information, subject to certain exceptions;
• Right to Correct: You may request that we correct inaccurate Personal Information;
• Right to Opt-Out of Sale/Sharing: We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising;
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information collected in the past 12 months: Identifiers (name, email, phone, student ID); education information; internet or electronic network activity information (usage data, device info); and inferences drawn from the above (badge progress, engagement analytics).

Categories of Personal Information sold in the past 12 months: None. We do not sell Personal Information.

Categories of Personal Information disclosed for a business purpose in the past 12 months: Identifiers and education information (shared with Partner Organizations); internet activity information (shared with service providers for hosting and analytics).

We will respond to CCPA/CPRA rights requests within 45 days. This period may be extended by an additional 45 days if reasonably necessary, in which case we will notify you.

To submit a CCPA/CPRA request, contact us at info@checkin.college. You may also designate an authorized agent to submit a request on your behalf.

International Data Transfers

CheckIn is based in the United States and our Services are hosted on Google Cloud Platform in the United States. If you are accessing the Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your country.

For transfers of Personal Information from the EEA or UK to the United States, we rely on Standard Contractual Clauses approved by the European Commission, or other appropriate legal mechanisms, to ensure adequate protection of your data.

What Choices Do I Have?

You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.

• You may add, update, or delete your profile information through your account settings at any time;
• You may opt out of promotional email communications by using the unsubscribe link in any email;
• When push notifications become available, you may opt out through your device settings;
• You may opt out of text messages by replying "STOP" to any message;
• Independent users may delete their account through the app settings. University-affiliated users should contact their university administrator to request account deletion; and
• You may request a copy of your data by contacting us.

Contact Information

If you have any questions or concerns regarding our privacy policies, or to exercise any of your rights described above, please contact us at:

MoonGate Technology II, Inc.
Email: info@checkin.college
Website: https://checkin.college

We will try to resolve your concerns promptly. If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.