Legal
Privacy Policy
Effective date: May 26, 2026. Last reviewed: May 26, 2026.
Collegefind.ai is operated by DeepCampus Inc. ("we", "us", or "our"). This Privacy Policy explains what personal data we collect when you use our platform, why we collect it, how we process it, and the rights you have over your information. Please read it carefully before creating an account or using any part of the service.
1. Data We Collect
We collect information you provide directly, information generated as you use the platform, and limited technical data from your device and browser.
1.1 Account and identity data
When you register, we collect your name, email address, and (if you use Google OAuth) your Google profile identifier and profile picture. We store a securely hashed version of your password if you register with email and password.
1.2 Academic and profile data
To power our counselling features, we collect the academic and personal information you choose to enter into your profile, including:
- Educational background, institutions attended, and grade point averages
- Standardised test scores (SAT, ACT, GRE, GMAT, TOEFL, IELTS, Duolingo, etc.)
- Extracurricular activities, awards, and honours
- Work experience and internships
- Target universities, intended programmes, and application deadlines
- Financial background information relevant to scholarship matching
- Country of origin and citizenship status
This data is entirely voluntary. You can choose how much you share, and the depth of your profile directly determines the quality of AI-generated recommendations you receive.
1.3 Documents and files
You may upload academic transcripts, diplomas, recommendation letters, personal statements, CVs, resumes, and other application documents. These files are stored in encrypted cloud storage and processed only to provide the features you explicitly request, such as AI feedback or application tracking.
1.4 User-generated content
Essays, statements of purpose, short answers, and other written content you draft or refine using our AI writing tools are stored in your account. This content belongs to you; see Section 7 of our Terms and Conditions for the licence you grant us to process it on your behalf.
1.5 Usage and interaction data
We collect information about how you interact with the platform: pages visited, features used, time spent, clicks, search queries within the platform, AI counsellor messages, and task completion events. This helps us improve the product and personalise your experience.
1.6 Device and technical data
When you access Collegefind.ai, our servers automatically log your IP address, browser type and version, operating system, referring URL, and timestamps. This is standard web infrastructure data used for security, debugging, and aggregate analytics.
1.7 Payment data
We do not store your credit card or bank account details on our servers. All payment transactions are handled by our third-party payment processor (Stripe). We receive a transaction confirmation, subscription status, and a tokenised card identifier from Stripe, but never your raw card number, CVV, or bank credentials.
2. How We Use Your Data
We use your data for the following purposes, each tied to a lawful basis:
2.1 Providing the service
Your account data and profile information are necessary to operate your account, personalise university recommendations, generate AI-powered counselling responses, and power the application tracking, scholarship discovery, resume builder, and task management features. Without this data, the core service cannot function.
2.2 AI processing and personalisation
We pass relevant portions of your profile data and uploaded documents to AI language models to generate counselling advice, essay feedback, shortlist recommendations, and application strategy. These AI outputs are informational only and do not constitute professional admissions advice. See the AI Disclaimer in our Terms and Conditions.
We do not use your personal profile data to train third-party AI models. Any model fine-tuning or improvement we conduct uses aggregated, anonymised, and de-identified data only.
2.3 Analytics and product improvement
Aggregated, de-identified usage data helps us understand which features are useful, identify friction points, and improve the platform over time. We do not build individual behavioural profiles for advertising purposes.
2.4 Communications
We send transactional emails (account confirmations, password resets, billing receipts, subscription renewal notices) and, where you have opted in, product updates and counselling tips. You can unsubscribe from marketing emails at any time via the link at the bottom of each message.
2.5 Security and fraud prevention
Technical and behavioural data is used to detect suspicious login attempts, prevent abuse, enforce rate limits, and protect the integrity of the platform.
2.6 Legal compliance
We may process your data where required to comply with applicable law, respond to lawful requests from government authorities, or enforce our Terms and Conditions.
3. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Full stop.
We share data only in the following limited circumstances:
3.1 Service providers (sub-processors)
We work with carefully selected vendors who process data on our behalf under contractual obligations to protect it. Current categories of sub-processors include:
- Cloud infrastructure: Hosting, database, and object storage providers (e.g., Amazon Web Services, Supabase)
- AI model providers: Large language model APIs used to power counselling and writing features (e.g., Google Gemini, OpenAI). These providers process prompts under their API terms, which include data privacy commitments. We do not pass your full name or government-issued identifiers in prompts.
- Payment processing: Stripe Inc. for subscription billing
- Email delivery: Transactional email service providers
- Analytics: Privacy-respecting analytics tools operating on aggregated data
3.2 Legal requirements
We may disclose your information if required by law, subpoena, court order, or governmental authority, or when we believe disclosure is reasonably necessary to protect the rights, property, or safety of Collegefind.ai, our users, or the public.
3.3 Business transfers
If Collegefind.ai is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the platform before your data is transferred and becomes subject to a different privacy policy.
3.4 With your consent
We will share your data with any other party only with your explicit prior consent, which you can withdraw at any time.
4. Data Retention and Deletion
We retain your personal data for as long as your account is active or as needed to provide the service. Specific retention periods:
- Account and profile data: Retained for the duration of your account. If you delete your account, profile data is permanently deleted within 30 days, except where retention is required by law.
- Uploaded documents: Retained until you delete them or delete your account. You can delete individual files at any time from your dashboard.
- AI conversation history: Retained for 12 months to power contextual counselling, after which sessions are purged unless you export them.
- Billing records: Retained for 7 years to satisfy financial and tax compliance requirements.
- Server logs: Retained for up to 90 days for security and debugging purposes.
To request deletion of your account and all associated data, email support@collegefind.ai or use the account deletion option in your settings. We will confirm completion within 30 days.
6. Your Privacy Rights
Depending on where you are located, you may have the following rights regarding your personal data. We honour these rights regardless of jurisdiction.
6.1 Right to access
You can request a copy of the personal data we hold about you. We will provide it in a structured, machine-readable format (JSON or CSV) within 30 days.
6.2 Right to rectification
You can correct inaccurate data at any time through your profile settings. For data you cannot edit directly, contact us and we will update it promptly.
6.3 Right to erasure ("right to be forgotten")
You can request deletion of your personal data. We will comply unless we have a legal obligation to retain specific records (such as billing history).
6.4 Right to data portability
You can request an export of your data (profile, essays, application list, etc.) in a portable format. Use the export function in your account settings or contact us.
6.5 Right to restrict processing
You can ask us to pause processing of your data in certain circumstances, such as while a dispute about accuracy is being resolved.
6.6 Right to object
Where we process data based on legitimate interests, you can object. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
6.7 CCPA rights (California residents)
California residents have the right to know what personal information is collected, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights. To submit a verifiable consumer request, contact support@collegefind.ai.
6.8 GDPR rights (EEA and UK residents)
If you are in the European Economic Area or United Kingdom, the lawful bases we rely on are: performance of a contract (to provide the service you signed up for), legitimate interests (security, fraud prevention, product analytics), legal obligation (billing retention), and consent (marketing emails). You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.
To exercise any of the above rights, email support@collegefind.ai with the subject line "Privacy Request". We will respond within 30 days.
7. Children's Privacy
Collegefind.ai is intended for users who are at least 13 years old in accordance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has created an account, contact us immediately at support@collegefind.ai and we will promptly delete the account and all associated data.
We recognise that many of our users are between 15 and 18 years old, preparing for college applications. For users under 18, we recommend parental awareness of the data shared on the platform. We design our data practices with the sensitivity of this age group in mind: we do not display advertising, and we do not share student profile data with universities or any third party without explicit consent.
8. Security Measures
We take the security of your data seriously. Our technical safeguards include:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest: Database records and uploaded files are stored with AES-256 encryption.
- Password hashing: Passwords are hashed using bcrypt with a per-user salt and are never stored in plaintext.
- Access controls: Internal access to production data is restricted to authorised personnel on a need-to-know basis, with audit logging enabled.
- OAuth security: Google OAuth tokens are validated server-side on every request and expire automatically.
- Vulnerability management: We conduct regular dependency audits and monitor for security advisories in our software supply chain.
No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@collegefind.ai.
9. International Data Transfers
Collegefind.ai is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the United States and possibly other countries where our service providers operate.
Where we transfer data from the EEA, UK, or Switzerland to countries not recognised as having adequate data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives equivalent protection.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address on your account and post an updated version at collegefind.ai/privacy with a revised effective date. Your continued use of the service after a material change constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.
11. Contact Us
For questions, concerns, or requests relating to this Privacy Policy, contact our data team:
We aim to respond to all privacy-related inquiries within 5 business days, and to complete formal data subject requests within 30 days of identity verification.