Privacy Policy

1. What we collect

When you use Cosign, we collect:

• Phone number — used to create and authenticate your account via SMS
• Howard email address — used to verify your university affiliation
• Profile information — display name, class year, and profile photo (optional)
• Listing content — addresses, descriptions, and photos you submit
• Student ID photos — only if you choose the ID verification path; deleted 30 days after your verification decision
• Usage data — pages visited and actions taken, collected via PostHog analytics (anonymized where possible)

2. How we use it

We use your data to:

• Authenticate your account and verify your affiliation
• Display your profile and listings to other users
• Send transactional messages (OTP codes, email verification links)
• Monitor for errors and improve the platform (Sentry)
• Understand how students use the product (PostHog)

We do not sell your data. We do not use it for advertising.

3. Third-party services

Cosign uses the following third-party services:

• Firebase (Google) — authentication, database, and file storage
• Twilio — SMS delivery for phone verification codes
• Resend — transactional email delivery
• Mapbox — map display and address geocoding
• PostHog — product analytics
• Sentry — error monitoring
• Vercel — hosting and deployments

Each of these services has its own privacy policy. We only share with them what is necessary to operate the platform.

4. Data retention

Your account data is kept for as long as your account is active. Student ID photos used for verification are deleted 30 days after a decision is made. You can request deletion of your account and associated data at any time.

5. Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing us. We will respond within 30 days.

6. Contact

Privacy questions? Email hello@cosign.living.