🎓
MascotAI

Privacy Policy (Beta)

Last Updated: December 17, 2025

Introduction

Welcome to MascotAI. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection and usage while our platform is in beta.

What Data We Collect

We collect the following types of information:

  • Account Information: Email address, name, password (encrypted), and role (student, parent, counselor)
  • Profile Information: Academic history (GPA, test scores, coursework), extracurricular activities, honors, hometown, graduation year, and college preferences
  • Usage Data: Pages visited, features used, time spent on platform, and interactions with our services
  • Communication Data: Messages between students, parents, and counselors

How We Use Your Data

  • Account Creation & Authentication: To create and maintain your account
  • University Matching: To recommend universities that fit your profile and preferences
  • Counselor Connections: To facilitate connections between students and counselors
  • Product Improvement: To improve features and user experience (anonymized data)
  • Communication: To send important updates about your account or the service

AI-Powered Features

🤖 Use of Claude AI: MascotAI uses Claude (by Anthropic) to power certain features, including university matching, profile analysis, and content assistance. Your profile data may be processed by Claude to provide personalized recommendations and insights.

We do not use your data to train AI models, and we do not share personally identifiable information with AI providers beyond what is necessary to deliver our services.

Data Security

We take security seriously:

  • Encryption: Passwords are encrypted using industry-standard bcrypt hashing
  • HTTPS: All data transmission is encrypted using SSL/TLS
  • Access Control: Only authorized personnel can access user data
  • MongoDB Security: Database is secured with authentication and network restrictions

Beta Notice: While we implement security best practices, MascotAI is in beta. We recommend not submitting highly sensitive personal information during this testing phase.

Who Can See Your Data

  • You: Full access to all your profile information
  • Your Counselors: Can view and edit your profile (with your permission)
  • Your Parents: Can view your profile in read-only mode (if linked)
  • Your Organization: Organization admins can see basic info of members
  • MascotAI Team: Limited access for support and system maintenance only

We NEVER sell your personal data to third parties.

Your Rights (GDPR & CCPA)

  • Access: Request a copy of all data we have about you
  • Correction: Update or correct your personal information
  • Deletion: Request deletion of your account and all associated data
  • Portability: Request your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing emails

To exercise any of these rights, email us at pranrosh@gmail.com. We will respond within 30 days.

Cookies & Tracking

MascotAI currently uses minimal tracking:

  • Authentication Token: Stored in localStorage to keep you logged in
  • Session Data: Basic session management for security

We do not currently use third-party analytics or advertising cookies. If this changes, we will update this policy and notify users.

Children's Privacy (COPPA)

MascotAI is intended for users aged 13 and older. We comply with the Children's Online Privacy Protection Act (COPPA):

  • We require age verification during registration
  • We do not knowingly collect data from children under 13
  • Parents can link to their student's account to monitor activity
  • If we discover a user is under 13, we will delete their account

If you believe a child under 13 has created an account, please contact us immediately at pranrosh@gmail.com.

Data Retention

During Beta: We retain your data for as long as your account is active. After account deletion, most data is permanently removed within 30 days.

Beta Notice: Data retention policies may change as we transition from beta to production. We will provide advance notice of any significant changes.

Third-Party Services

We integrate with the following third-party services:

  • Google OAuth: For optional login/registration (governed by Google's privacy policy)
  • Claude AI (Anthropic): For AI-powered features (data processing only, not training)
  • MongoDB Atlas: Cloud database hosting with encryption and security

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through a prominent notice on the platform. The "Last Updated" date at the top of this policy reflects when changes were last made.

Contact Us

Privacy Contact

Email: pranrosh@gmail.com

We typically respond to privacy requests within 30 days.

By using MascotAI, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.