Play Video

Facebook never accesses your RoomSync data

RoomSync is a Facebook application however data that we store is housed on our servers, not Facebook's. Facebook never has access to any matching data that occurs inside of the RoomSync application. Data that RoomSync generates and stores is non-sensitive in nature and includes:

  • Facebook User ID which is publicly available and anyone can access
  • Lifestyle preferences of our users (a 1-5 score on how the user ranks themselves for specific preferences like cleanliness and bedtime)
  • Personal E-Mail address (to give notifications to users when they receive a matching request)
  • Gender which is also publicly available
  • Associations between users (this facebook ID is rooming with this facebook ID)


How the Data is Stored

We store the above information in a secured MySQL database with RackSpace. The server is behind a secured hardware firewall and only administrators have access to the data. We do not store anything sensitive in nature.

We realize that a student ID is generally too sensitive and we usually will not accept these from University clients.  Instead, we require a unique ID of any kind to identify the student for matching purposes. The client can generate this and it is impossible for outsiders to interpret these IDs since clients are the only ones that know which IDs are linked to which users. Should any data security issues occur, only a random ID number that is unidentifiable to anyone but you would be at risk.

 

Facebook Profile Information Accessed

The specific information that we access on users' Facebook profiles includes:

  • 'About Me' section
  • Activities
  • Interests
  • Likes
  • Online Presence

 

Unique Access Codes

RoomSync takes privacy and security very seriously. To that end, clients can optionally choose to limit access to university matching networks so that only current students can mingle online with their peers. One-time-use access codes are used to implement this policy. When an app user attempts to join a protected network, he or she is prompted for their one-time-use access code. Without such a code, the user is denied entry to the school’s matching network and directed to the housing office. After a student successfully uses his or her code, it is removed from the database. Even if someone were to later find the paper or email in which the code was provided, it would now be useless.

RoomSync refuses to use Social Security numbers or university ID numbers that are treated as private, protecting students from identity theft issues like those seen with the PSN (PlayStation Network) incident.  Instead of Social Security numbers or university ID numbers, RoomSync allows the school to generate an access code made up of 20 alphanumeric characters.
 

To further protect user information, the one-time-use access codes are generated by the school and sent to RoomSync via FTP over SSL (FTPS).  The RoomSync FTP server will deny requests for FTP transfers that do not come from registered FTPS clients, and each university is registered using their static IP address as a unique identifier.  Once the access codes are generated by the school and sent to RoomSync the school can then directly distribute the code to the students at an individual level. This ensures that only the students the school specifies will have access to the RoomSync Matching network.

Latest Tweets

101 SE 2nd Place
Suite 201-A
Gainesville, Florida 32601
Phone: 352-327-4061

Copyright ©2010 U-Match, LLC. All Rights Reserved.
RoomSync™ is a trademark of U-Match, LLC
Designed by web design company 352 Media