Privacy Policy

We collect information you provide directly to us, as well as information generated through your use of the Service:

• Account Information: When you register, we collect your name, email address, and password.
• Academic Profile: GPA, standardized test scores (SAT/ACT), class rank, intended major, graduation year, and other academic details you enter during onboarding or in your profile.
• Extracurricular & Essay Data: Activities, honors, awards, and essay drafts you create within the platform.
• Usage Data: Pages visited, features used, session duration, click patterns, and other interaction data collected automatically as you navigate the Service.
• Device & Technical Data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
• Payment Information: Billing details processed by our payment provider, Stripe. We do not store your full credit card number on our servers.

We use the information we collect to:

• Create and maintain your account, and authenticate your identity.
• Provide personalized college recommendations, essay feedback, and AI-driven guidance.
• Process subscription payments and send billing-related communications.
• Monitor and improve platform performance, fix bugs, and develop new features.
• Send you service announcements, product updates, and support messages.
• Detect, investigate, and prevent fraudulent activity or abuse of the Service.
• Comply with applicable legal obligations.

We do not sell your personal information to third parties.

Your data is stored in a PostgreSQL database hosted on Supabase, a backend-as-a-service platform. Supabase stores data on servers located in the United States. Data is encrypted at rest and in transit using industry-standard TLS encryption. Supabase's security practices and certifications are available at supabase.com/security.

User-uploaded files (such as profile images) are stored in Supabase Storage, a secure object storage service. Access to stored files is controlled via row-level security policies.

We work with the following third-party service providers who may process your data:

• Stripe — Payment processing. When you subscribe, your payment details are transmitted directly to Stripe and handled under their Privacy Policy. We receive only a tokenized reference to your payment method.
• PostHog — Product analytics. We use PostHog to understand how users interact with the Service (e.g., which features are used most, funnel drop-off points). PostHog collects anonymized event data. You can opt out via our in-app settings. PostHog's privacy details are at posthog.com/privacy.
• Sentry — Error monitoring. Sentry captures application errors and performance data to help us diagnose and resolve bugs quickly. Error reports may include stack traces and metadata about the action that triggered the error, but we configure Sentry to scrub personally identifiable information from error payloads. See sentry.io/privacy.
• OpenAI / Anthropic — AI features (essay feedback, chat guidance) are powered by large language model APIs. Content you submit to AI features may be processed by these providers. We do not use your data to train third-party AI models beyond what is described in their respective data processing agreements.

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and gather analytics data. You can control cookies through your browser settings. Disabling cookies may affect certain features of the Service, including keeping you logged in.

We retain your personal data for as long as your account is active or as needed to provide you with the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (the "right to be forgotten").
• Portability: Request an export of your data in a machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@collegepilot.app. We will respond to verified requests within 30 days.

The Service is intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you via email or a prominent in-app notice. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

CollegePilot
Email: support@collegepilot.app