Privacy Policy

1. Overview

UniAtlas (operated by UniAtlas AI, Inc.) is an AI-powered technology platform that helps students discover universities, explore career paths, find scholarships, and plan academic applications. We process personal data to provide these services and to improve your experience.

Key principles that guide our approach to privacy:

• Transparency: We clearly explain what data we collect and how we use it
• Minimization: We collect only the data necessary to provide our services
• Security: We implement appropriate technical and organizational safeguards
• Control: We give you meaningful choices about your data
• No sale of personal data: We do not sell your personal information to third parties

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using the Service, including:

• Account information: Name, email address, password, and profile details
• Academic profile: GPA, test scores, intended major, education level, and academic interests
• Content you create: University reviews, essay drafts, saved lists, comparison selections, and application checklists
• Communication data: Messages you send to our support team or feedback you submit
• Payment information: If you subscribe to a paid plan, your payment details are processed by our third-party payment processor; we do not store your full payment card numbers

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical and usage information:

• Device information: Browser type, operating system, device type, and screen resolution
• Usage data: Pages visited, features used, search queries, time spent on pages, and click patterns
• Log data: IP address, access times, referring URLs, and error logs
• Location data: Approximate geographic location inferred from your IP address (we do not collect precise GPS location)

2.3 Information from Third Parties

We may receive information from third-party sources, including:

• Authentication providers: If you sign in using Google, Microsoft, or other OAuth providers, we receive your name and email from that service
• Public data sources: We aggregate university data, scholarship information, and career statistics from publicly available government databases, institutional websites, and research repositories

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Operate your account, deliver search results, generate comparisons, display scholarship matches, and provide personalized recommendations
• Power AI features: Process your inputs through AI models to provide essay assistance, eligibility assessments, career coaching, and admission insights (see Section 4)
• Improve the Service: Analyze usage patterns to fix bugs, optimize performance, develop new features, and improve the overall user experience
• Communicate with you: Send service-related notifications, respond to support requests, and provide updates about your account or subscription
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access to the Service
• Comply with legal obligations: Meet our legal, regulatory, and compliance requirements

We process your personal data based on one or more of the following legal bases: your consent, the performance of our contract with you, our legitimate interests (such as improving the Service and ensuring its security), and compliance with legal obligations.

4. AI Data Processing

UniAtlas uses third-party artificial intelligence providers (including OpenAI, Anthropic, and Microsoft Azure AI) to power certain features. This section explains how your data is handled in connection with AI-powered features.

4.1 What Data Is Sent to AI Providers

When you use AI features, the following data may be transmitted to third-party AI providers for processing:

• Text you enter into AI chat or essay assistant fields
• Academic profile information (GPA, test scores) used for eligibility or admission assessments
• Career preferences and skills for career coaching analysis
• Search queries submitted to AI-powered search

4.2 How AI Providers Handle Your Data

• We use API agreements with AI providers that prohibit them from using your data to train their models
• AI providers process your data only to generate a response to your specific request
• We do not send your name, email address, or other directly identifying information to AI providers unless it is part of the content you explicitly submit (such as an essay draft that includes your name)

4.3 AI Usage Tracking

We track AI feature usage (number of requests, tokens consumed, and associated costs) for billing, rate-limiting, and service improvement purposes. This tracking data is associated with your account but does not include the content of your AI interactions.

5. Information Sharing

We do not sell your personal information. We share your information only in the following circumstances:

• Service providers: We share data with trusted third-party providers who help us operate the Service (hosting, payment processing, email delivery, analytics). These providers are contractually obligated to protect your data and use it only as directed by us.
• AI providers: As described in Section 4, certain data is transmitted to AI providers to power AI features.
• Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Safety and rights protection: We may share information to protect the rights, property, or safety of UniAtlas, our users, or the public.
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
• With your consent: We may share your information with third parties when you explicitly consent to such sharing.

Publicly shared content (such as university reviews) is visible to all users of the Service and may be indexed by search engines.

6. Cookies and Tracking Technologies

6.1 What We Use

We use the following technologies to collect information:

• Essential cookies: Required for the Service to function (authentication, session management, security). These cannot be disabled.
• Preference cookies: Remember your settings such as language, theme (light/dark mode), and display preferences.
• Analytics cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-focused analytics that do not track users across websites.
• Advertising cookies: We use Google AdSense to display advertisements on some pages. Google AdSense uses cookies to serve ads based on your prior visits to this site and other sites. Google's use of advertising cookies enables it and its partners to serve ads based on your visit to our site and/or other sites on the Internet. You may opt out of personalised advertising by visiting Google Ads Settings.
• Local storage: We use browser local storage and session storage to maintain application state (such as saved universities, comparison tray, and authentication tokens).

6.2 Your Cookie Choices

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly. We honor Do Not Track (DNT) browser signals. Premium subscribers see no third-party advertising cookies as ads are not shown to subscribed users.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure password hashing (bcrypt)
• JWT-based authentication with token expiration
• Role-based access controls and principle of least privilege
• Regular security assessments and monitoring
• Secure hosting on Microsoft Azure with enterprise-grade infrastructure

While we take reasonable measures to protect your data, no system is completely secure. We cannot guarantee the absolute security of your information. If we become aware of a security breach that affects your personal data, we will notify you in accordance with applicable law.

8. Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service and maintain your account
• Comply with legal, accounting, or reporting requirements
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention). Anonymized or aggregated data that can no longer identify you may be retained indefinitely for analytics and service improvement.

AI interaction content (your prompts and AI responses) is not stored long-term. It is processed in real-time and discarded after the response is delivered, unless you explicitly save the content (such as essay drafts).

9. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We respect these rights regardless of where you are located, to the extent practicable.

9.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your data based on legitimate interests
• Withdrawal of consent: Withdraw consent where processing is based on consent

9.2 European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal bases for processing are described in Section 3.

9.3 California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the "sale" or "sharing" of personal information (note: we do not sell your data)
• Non-discrimination for exercising your privacy rights

9.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@uniatlas.org or use the data management tools in your account settings. We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law).

10. Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13 without parental consent, we will promptly delete that information.

Users between 13 and 16 years of age may use the Service with parental or guardian consent. If you are a parent or guardian and believe your child has provided personal information without your consent, please contact us at privacy@uniatlas.org.

11. International Data Transfers

UniAtlas is operated from the United States, and our servers and service providers are located in the United States and other countries. If you are accessing the Service from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions that may have different data protection laws than your country of residence.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. By using the Service, you consent to the transfer of your information as described in this section.

12. Third-Party Services

The Service may contain links to third-party websites, applications, and services. This Privacy Policy applies only to the UniAtlas Service. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

Key third-party services we use include:

• Microsoft Azure: Cloud hosting and infrastructure
• AI providers (OpenAI, Anthropic, Azure AI): AI feature processing
• Analytics: Privacy-focused usage analytics
• Payment processing: Secure payment handling (we do not store card details)

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Effective Date" at the top of this page and notify you through the Service or via email. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

• Privacy inquiries: privacy@uniatlas.org
• General legal: legal@uniatlas.org
• Support: Help Center

We aim to respond to all privacy-related inquiries within 30 days. For urgent matters related to data breaches or security concerns, please include "URGENT" in your email subject line.