Collegefind.ai
Log InSign Up

Legal

Privacy Policy

Effective date: May 26, 2026. Last reviewed: May 26, 2026.

Collegefind.ai is operated by DeepCampus Inc. ("we", "us", or "our"). This Privacy Policy explains what personal data we collect when you use our platform, why we collect it, how we process it, and the rights you have over your information. Please read it carefully before creating an account or using any part of the service.

1. Data We Collect

We collect information you provide directly, information generated as you use the platform, and limited technical data from your device and browser.

1.1 Account and identity data

When you register, we collect your name, email address, and (if you use Google OAuth) your Google profile identifier and profile picture. We store a securely hashed version of your password if you register with email and password.

1.2 Academic and profile data

To power our counselling features, we collect the academic and personal information you choose to enter into your profile, including:

  • Educational background, institutions attended, and grade point averages
  • Standardised test scores (SAT, ACT, GRE, GMAT, TOEFL, IELTS, Duolingo, etc.)
  • Extracurricular activities, awards, and honours
  • Work experience and internships
  • Target universities, intended programmes, and application deadlines
  • Financial background information relevant to scholarship matching
  • Country of origin and citizenship status

This data is entirely voluntary. You can choose how much you share, and the depth of your profile directly determines the quality of AI-generated recommendations you receive.

1.3 Documents and files

You may upload academic transcripts, diplomas, recommendation letters, personal statements, CVs, resumes, and other application documents. These files are stored in encrypted cloud storage and processed only to provide the features you explicitly request, such as AI feedback or application tracking.

1.4 User-generated content

Essays, statements of purpose, short answers, and other written content you draft or refine using our AI writing tools are stored in your account. This content belongs to you; see Section 7 of our Terms and Conditions for the licence you grant us to process it on your behalf.

1.5 Usage and interaction data

We collect information about how you interact with the platform: pages visited, features used, time spent, clicks, search queries within the platform, AI counsellor messages, and task completion events. This helps us improve the product and personalise your experience.

1.6 Device and technical data

When you access Collegefind.ai, our servers automatically log your IP address, browser type and version, operating system, referring URL, and timestamps. This is standard web infrastructure data used for security, debugging, and aggregate analytics.

1.7 Payment data

We do not store your credit card or bank account details on our servers. All payment transactions are handled by our third-party payment processor (Stripe). We receive a transaction confirmation, subscription status, and a tokenised card identifier from Stripe, but never your raw card number, CVV, or bank credentials.

2. How We Use Your Data

We use your data for the following purposes, each tied to a lawful basis:

2.1 Providing the service

Your account data and profile information are necessary to operate your account, personalise university recommendations, generate AI-powered counselling responses, and power the application tracking, scholarship discovery, resume builder, and task management features. Without this data, the core service cannot function.

2.2 AI processing and personalisation

We pass relevant portions of your profile data and uploaded documents to AI language models to generate counselling advice, essay feedback, shortlist recommendations, and application strategy. These AI outputs are informational only and do not constitute professional admissions advice. See the AI Disclaimer in our Terms and Conditions.

We do not use your personal profile data to train third-party AI models. Any model fine-tuning or improvement we conduct uses aggregated, anonymised, and de-identified data only.

2.3 Analytics and product improvement

Aggregated, de-identified usage data helps us understand which features are useful, identify friction points, and improve the platform over time. We do not build individual behavioural profiles for advertising purposes.

2.4 Communications

We send transactional emails (account confirmations, password resets, billing receipts, subscription renewal notices) and, where you have opted in, product updates and counselling tips. You can unsubscribe from marketing emails at any time via the link at the bottom of each message.

2.5 Security and fraud prevention

Technical and behavioural data is used to detect suspicious login attempts, prevent abuse, enforce rate limits, and protect the integrity of the platform.

2.6 Legal compliance

We may process your data where required to comply with applicable law, respond to lawful requests from government authorities, or enforce our Terms and Conditions.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Full stop.

We share data only in the following limited circumstances:

3.1 Service providers (sub-processors)

We work with carefully selected vendors who process data on our behalf under contractual obligations to protect it. Current categories of sub-processors include:

  • Cloud infrastructure: Hosting, database, and object storage providers (e.g., Amazon Web Services, Supabase)
  • AI model providers: Large language model APIs used to power counselling and writing features (e.g., Google Gemini, OpenAI). These providers process prompts under their API terms, which include data privacy commitments. We do not pass your full name or government-issued identifiers in prompts.
  • Payment processing: Stripe Inc. for subscription billing
  • Email delivery: Transactional email service providers
  • Analytics: Privacy-respecting analytics tools operating on aggregated data

3.2 Legal requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or when we believe disclosure is reasonably necessary to protect the rights, property, or safety of Collegefind.ai, our users, or the public.

3.3 Business transfers

If Collegefind.ai is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the platform before your data is transferred and becomes subject to a different privacy policy.

3.4 With your consent

We will share your data with any other party only with your explicit prior consent, which you can withdraw at any time.

4. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide the service. Specific retention periods:

  • Account and profile data: Retained for the duration of your account. If you delete your account, profile data is permanently deleted within 30 days, except where retention is required by law.
  • Uploaded documents: Retained until you delete them or delete your account. You can delete individual files at any time from your dashboard.
  • AI conversation history: Retained for 12 months to power contextual counselling, after which sessions are purged unless you export them.
  • Billing records: Retained for 7 years to satisfy financial and tax compliance requirements.
  • Server logs: Retained for up to 90 days for security and debugging purposes.

To request deletion of your account and all associated data, email support@collegefind.ai or use the account deletion option in your settings. We will confirm completion within 30 days.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the platform and understand how it is used. We do not use advertising cookies or sell data to ad networks.

5.1 Essential cookies

These cookies are required for the platform to function. They maintain your authenticated session, remember your language preference, and protect against cross-site request forgery (CSRF). You cannot opt out of essential cookies while using the service.

5.2 Analytics cookies

We use privacy-respecting analytics (with IP anonymisation enabled) to measure aggregate traffic patterns, feature adoption, and performance. These cookies do not track you across external websites. You can opt out via your browser's Do Not Track signal or by adjusting your cookie preferences in your account settings.

5.3 Managing cookies

Most browsers allow you to refuse or delete cookies. Disabling essential cookies will prevent you from remaining logged in. Disabling analytics cookies has no effect on your access to features.

6. Your Privacy Rights

Depending on where you are located, you may have the following rights regarding your personal data. We honour these rights regardless of jurisdiction.

6.1 Right to access

You can request a copy of the personal data we hold about you. We will provide it in a structured, machine-readable format (JSON or CSV) within 30 days.

6.2 Right to rectification

You can correct inaccurate data at any time through your profile settings. For data you cannot edit directly, contact us and we will update it promptly.

6.3 Right to erasure ("right to be forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain specific records (such as billing history).

6.4 Right to data portability

You can request an export of your data (profile, essays, application list, etc.) in a portable format. Use the export function in your account settings or contact us.

6.5 Right to restrict processing

You can ask us to pause processing of your data in certain circumstances, such as while a dispute about accuracy is being resolved.

6.6 Right to object

Where we process data based on legitimate interests, you can object. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.

6.7 CCPA rights (California residents)

California residents have the right to know what personal information is collected, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights. To submit a verifiable consumer request, contact support@collegefind.ai.

6.8 GDPR rights (EEA and UK residents)

If you are in the European Economic Area or United Kingdom, the lawful bases we rely on are: performance of a contract (to provide the service you signed up for), legitimate interests (security, fraud prevention, product analytics), legal obligation (billing retention), and consent (marketing emails). You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data lawfully.

To exercise any of the above rights, email support@collegefind.ai with the subject line "Privacy Request". We will respond within 30 days.

7. Children's Privacy

Collegefind.ai is intended for users who are at least 13 years old in accordance with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has created an account, contact us immediately at support@collegefind.ai and we will promptly delete the account and all associated data.

We recognise that many of our users are between 15 and 18 years old, preparing for college applications. For users under 18, we recommend parental awareness of the data shared on the platform. We design our data practices with the sensitivity of this age group in mind: we do not display advertising, and we do not share student profile data with universities or any third party without explicit consent.

8. Security Measures

We take the security of your data seriously. Our technical safeguards include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Database records and uploaded files are stored with AES-256 encryption.
  • Password hashing: Passwords are hashed using bcrypt with a per-user salt and are never stored in plaintext.
  • Access controls: Internal access to production data is restricted to authorised personnel on a need-to-know basis, with audit logging enabled.
  • OAuth security: Google OAuth tokens are validated server-side on every request and expire automatically.
  • Vulnerability management: We conduct regular dependency audits and monitor for security advisories in our software supply chain.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@collegefind.ai.

9. International Data Transfers

Collegefind.ai is operated from the United States. If you access the service from outside the US, your data will be transferred to and processed in the United States and possibly other countries where our service providers operate.

Where we transfer data from the EEA, UK, or Switzerland to countries not recognised as having adequate data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives equivalent protection.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at the address on your account and post an updated version at collegefind.ai/privacy with a revised effective date. Your continued use of the service after a material change constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.

11. Contact Us

For questions, concerns, or requests relating to this Privacy Policy, contact our data team:

DeepCampus Inc.

Data Privacy Inquiries

support@collegefind.ai

We aim to respond to all privacy-related inquiries within 5 business days, and to complete formal data subject requests within 30 days of identity verification.

Collegefind.ai
FeaturesProcessPricingFAQPrivacy PolicyTerms