Skip to main content

Legal

Privacy Policy

Last updated: May 26, 2026

Scholar Track (“we,” “us,” or “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have. It applies to all users of our website and platform (collectively, the “Service”), including students, parents, guardians, and coaches.

This policy is designed to comply with the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), the General Data Protection Regulation (“GDPR”) where applicable, and the Children's Online Privacy Protection Act (“COPPA”).

1. Data We Collect

We collect the following categories of personal information:

Account & Identity Data

  • Name, email address, and password (hashed — we never store your plain-text password).
  • Account role (student, parent/guardian, or coach).
  • Date of birth (used for age verification and COPPA compliance).

Student Profile Data

  • Academic information: GPA, SAT/ACT scores, class rank, graduation year, intended major.
  • Athletic information: sport, position, competition level, athletic achievements, recruiting video links.
  • Demographic and eligibility data relevant to scholarship matching: state of residence, citizenship or residency status, financial-aid-relevant household information voluntarily provided.

Scholarship & Application Activity

  • Scholarships saved, started, submitted, or dismissed.
  • Application tracking status and notes.
  • Documents uploaded (e.g., transcripts, recommendation letters) stored securely in our database.

AI-Generated Essay Content

  • Essay prompts you submit and AI-assisted draft text we generate for you.
  • Edited versions of essays you save to your account.

Usage & Technical Data

  • Log data: IP address, browser type, operating system, pages visited, timestamps, referral URLs.
  • Device identifiers and session tokens.
  • Feature usage and interaction events (e.g., which search filters you apply).

2. How We Use Your Data

We use the information we collect to:

  • Provide and personalize the Service — match your profile to relevant scholarships, grants, and financial aid, and rank results by fit score.
  • Operate AI-assisted features — send essay prompts and profile context to our AI provider to generate draft content at your request.
  • Send product and account communications — deadline reminders, match alerts, account notifications, and service updates via email.
  • Process payments — handle subscription billing and payment verification through our payment processor.
  • Improve the Service — analyze usage patterns, diagnose bugs, and develop new features.
  • Comply with legal obligations — respond to lawful requests from public authorities and enforce our Terms of Service.

We do not sell your personal information to third parties. We do not use your data to display third-party advertisements.

3. Data Sharing & Processors

We share data only with service providers (“processors”) who help us operate the Service, under written data processing agreements. Current processors include:

  • Supabase — our primary database and authentication provider. Your account, profile, scholarship, and document data are stored on Supabase-managed infrastructure (PostgreSQL, encrypted at rest).
  • Anthropic— our AI provider. When you use essay-drafting or AI-suggestion features, the relevant prompt text and profile context are sent to Anthropic's API to generate a response. Anthropic's use of data is governed by its own data processing terms.
  • SendGrid (Twilio) — our transactional and marketing email provider. Your email address and the content of emails we send you are processed by SendGrid to deliver those messages.
  • Stripe — our payment processor. When you purchase a subscription, Stripe collects and processes your payment card information. We do not store full card numbers; we receive only a tokenized reference from Stripe.
  • Vercel— our hosting and infrastructure provider. Request logs and static assets pass through Vercel's network.

We may also disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect our rights, or prevent fraud or harm.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account & profile data is retained until you request deletion or your account is closed, plus a 30-day grace period to allow for recovery.
  • Payment records are retained for up to 7 years to comply with financial regulations.
  • Usage and log data is retained for up to 12 months, then aggregated or deleted.
  • AI-generated essay drafts are retained as long as you keep them saved in your account; you can delete them at any time.

5. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information. To exercise any right, email us at support@sportscholar.app.

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate or incomplete information.
  • Deletion. Request that we delete your personal information, subject to certain legal exceptions (e.g., financial record-keeping).
  • Data Portability. Request your data in a structured, machine-readable format.
  • Restriction. Ask us to limit how we process your data in certain circumstances.
  • Opt-Out of Sale / Sharing (CCPA). We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide an opt-out mechanism.
  • Non-Discrimination. We will not discriminate against you for exercising your privacy rights.

We will respond to verified requests within the time period required by applicable law (45 days for CCPA; one month for GDPR, extendable by two additional months where necessary).

6. Cookies & Tracking Technologies

We use two categories of cookies and similar technologies:

  • Essential cookies. Required for the Service to function — session tokens, authentication state, and security cookies. You cannot opt out of these while using the Service.
  • Analytics cookies. Used to understand how users interact with the Service so we can improve it. These are first-party analytics only; we do not currently embed third-party advertising trackers. You may opt out by adjusting your browser settings to block or delete cookies.

7. Security Measures

We implement industry-standard security measures to protect your personal information, including:

  • Encryption at rest and in transit. All data stored in our database is encrypted at rest. All data transmitted between your browser and our servers uses TLS/HTTPS encryption.
  • Row-level security (RLS).Our database enforces row-level security policies so that users can only access their own data, not other users' records.
  • Hashed credentials. Passwords are never stored in plain text; they are hashed using a strong, modern hashing algorithm.
  • Access controls. Employee access to production data is restricted to those who need it to perform their job functions.

No system is completely secure. While we work hard to protect your data, we cannot guarantee absolute security.

8. Children's Privacy (COPPA)

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any personal information to us.

If you are between 13 and 17 years old, you may use the Service only with the involvement of a parent or legal guardian who agrees to our Terms of Service on your behalf.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as quickly as possible. Parents or guardians who believe we may have collected such information can contact us at support@sportscholar.app.

9. Data Breach Notification

In the event of a data breach that is reasonably likely to result in a risk to your rights and freedoms, we will:

  • Notify affected users by email within 72 hours of becoming aware of the breach, where technically feasible and as required by applicable law.
  • Notify the appropriate supervisory authority within the timeframes required by applicable law.
  • Provide information on the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it.

10. International Data Transfers

Scholar Track is operated from the United States. If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. By using the Service, you consent to this transfer.

Where required by law (e.g., for EEA users under GDPR), we rely on approved transfer mechanisms such as Standard Contractual Clauses to legitimize cross-border data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify you by email or in-app notification where required. We encourage you to review this page periodically. Your continued use of the Service after any change constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our privacy team at:

support@sportscholar.app