Privacy Policy
Last updated: March 29, 2026
1. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, phone number, date of birth, nationality.
- Academic Data: Qualification history, test scores (IELTS, TOEFL, PTE), career goals, budget preferences.
- Documents: Passport, transcripts, SOP, LOR, resume, and other uploaded files.
- Usage Data: Pages visited, features used, survey responses, application activity.
- Device Data: Browser type, IP address, device type, operating system.
2. How We Use Your Information
- Provide AI-powered university matching and scholarship recommendations.
- Process and manage your university and loan applications.
- Assign counselors and facilitate consultation sessions.
- Send personalized shortlists via WhatsApp or email.
- Improve our AI models and platform features.
- Communicate important updates about your applications.
- Comply with legal obligations.
3. Data Sharing
We share your data only in these circumstances:
- Universities: Application data and documents when you apply to a program.
- Loan Providers: Financial information when you apply for education loans.
- Assigned Counselors: Profile and application data for personalized guidance.
- Service Providers: Analytics and infrastructure providers (data is anonymized where possible).
- Legal Requirements: When required by law or to protect our rights.
We never sell your personal data to third parties.
4. Data Security
- All documents are encrypted at rest and in transit (AES-256 / TLS 1.3).
- Authentication uses JWT tokens with expiration and secure httpOnly cookies.
- API requests are rate-limited (120 requests/minute) and sanitized against injection.
- Access to student data follows role-based hierarchy (admin, manager, staff).
- Regular security audits and vulnerability assessments.
5. Data Retention
We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Anonymized analytics data may be retained indefinitely for service improvement. Application records may be retained for legal compliance purposes.
6. Your Rights
You have the right to:
- Access: Request a copy of all personal data we hold about you.
- Correction: Update or correct inaccurate information via your profile.
- Deletion: Request deletion of your account and associated data.
- Portability: Export your data in a machine-readable format.
- Restriction: Limit how we process your data in certain circumstances.
- Objection: Opt out of marketing communications at any time.
7. Cookies
We use essential cookies for authentication (session token) and preferences. We use analytics cookies (Vercel Analytics) to understand usage patterns. You can disable non-essential cookies in your browser settings.
8. International Transfers
Your data may be processed in countries outside your residence. We ensure adequate protection through standard contractual clauses and compliance with applicable data protection laws.
9. Children's Privacy
Our Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance.
11. Contact Us
For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer at privacy@origoabroad.com.