SudoCollege Logo

    SudoCollege Privacy Notice

    Last Updated: 2026-03-04

    This Privacy Notice explains how SudoCollege AI, Inc. (or its affiliates) ("SudoCollege", "we", "us", "our") collects, uses, discloses, and protects information about you when you visit or use our website, mobile/desktop experiences, and related services (collectively, the "Services").

    This notice is designed to be readable and specific to our current product build. Some features in the Services may be in beta or mock form; we will update this notice as features mature.

    1. Information We Collect

    We collect information in three main ways: (a) information you provide, (b) information we collect automatically, and (c) information from third parties (limited).

    1.1 Information you provide

    • Account and contact information: name, email address, username, password (stored as a one-way hash), and optionally phone number.
    • Student profile and planning information: grade, GPA, SAT/ACT (if provided), course counts (e.g., AP/Honors), extracurriculars, awards, leadership roles, languages, location/region preferences, and other planning preferences you choose to enter.
    • Content you submit to receive feedback or recommendations: essays you paste or upload, and other documents you upload (for example PDF/Word/image files) to help us generate planning outputs.
    • Communications: messages you send through our contact form, support requests, beta program sign-ups, and other communications.
    • Internship / careers submissions: name, email, and resume file when you apply for roles through our careers form.

    1.2 Information collected automatically

    • Device and usage data: IP address, browser type, operating system, pages viewed, referring/exit pages, timestamps, and interaction data.
    • Cookies and similar technologies: we use cookies/local storage for authentication, language preference, security, and to help the Services function. We may also use analytics cookies as we scale.

    1.3 Information from third parties

    • Service providers that help us operate the Services (e.g., email delivery providers) may provide limited logs (delivery status, bounce events).
    • If we add payment processing, our payment processor may provide us with transaction status and limited billing metadata (we do not intend to store full card numbers on our servers).

    2. How We Use Information

    • Provide, maintain, and improve the Services (including creating your account, verifying your email, and delivering outputs such as school lists, planning steps, and writing feedback).
    • Personalize your experience (for example, by using your profile inputs to tailor recommendations).
    • Communicate with you (support, updates, administrative messages, security alerts).
    • Safety, security, and fraud prevention (rate limiting, abuse detection, account protection).
    • Research and development (to measure performance and improve features). Where we use personal information for model training, we will obtain explicit consent.
    • Comply with legal obligations and enforce our terms.

    3. AI, Model Outputs, and Training

    Our Services may use machine learning and large language model (LLM) techniques to generate guidance and feedback. You should treat outputs as informational and not as guarantees of admission outcomes.

    • Training data sources: Our admissions data layer is built primarily from publicly available institutional records (for example, publicly posted admissions documentation).
    • No sale of personal data: We do not sell your personal information.
    • No model training on your personal content without consent: We do not use your essays or profile information to train models unless you give explicit permission (for example, via an opt-in setting or a separate consent flow).

    4. How We Share Information

    We share information only as necessary to operate the Services, and as described below.

    4.1 Key Service Providers (Examples)

    We use reputable third-party service providers to help us operate the Services. Below are examples of providers we currently use (this list may change):

    • Resend (email delivery) – sends verification codes and operational emails.
    • MongoDB (database hosting) – stores account and application data you submit through the Services.
    • Vercel (application hosting) – hosts parts of our web application.
    • AWS (cloud infrastructure) – may host storage, compute, logs, and security services.
    • OpenAI (LLM provider) – processes certain inputs to generate AI-assisted outputs.

    When we send requests to an LLM provider such as OpenAI, we strive to minimize the personal information included in the request and transmit only what is needed to generate the output. Please avoid including highly sensitive information (e.g., government IDs, financial account numbers) in your submissions.

    • Service providers: We share information with vendors who provide services on our behalf (hosting, database, email delivery, customer support tooling). They are authorized to use the information only as needed to provide services to us.
    • Email delivery: We use a third-party email provider to send verification codes and operational emails. This involves sharing your email address and the content of the email.
    • Careers applications: Internship applications submitted through our form are sent to our HR inbox with your resume attached via our email provider; we do not store your resume in our database by default.
    • Legal and compliance: We may disclose information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect rights, safety, and security.
    • Business transfers: If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction (subject to reasonable safeguards).
    • With your direction: We share information when you ask us to or consent to a specific sharing request.

    5. Payments

    If we offer paid plans (for example, credits or subscriptions), payments will be processed by PCI-compliant third-party providers. We do not intend to store full payment card numbers on our servers. We may store limited transaction records for accounting, support, and fraud prevention.

    6. Data Retention

    We retain personal information only as long as reasonably necessary to provide the Services and for legitimate business and legal purposes. Retention periods may vary by data type (for example, account data is retained while your account is active; verification codes expire quickly; security logs may be retained longer).

    Account deletion: If you request account deletion (or close your account where the feature is available), we will delete or de-identify your personal information from our active systems within approximately 30 days, unless we need to keep certain information for legal, security, or fraud-prevention purposes. Backup copies may persist for a limited period (typically up to 90 days) before being overwritten, consistent with standard backup practices.

    7. Security

    We use administrative, technical, and physical safeguards designed to protect your information. Examples include password hashing, access controls, and rate limiting. No system is perfectly secure, and we cannot guarantee absolute security.

    8. Children and Student Users

    The Services are designed for high school students and families. We comply with applicable child privacy laws, including COPPA where relevant.

    • The Services are not intended for children under 13 without verified parental/guardian consent.
    • If you believe a child under 13 has provided personal information without appropriate consent, please contact us so we can take appropriate steps.

    9. Your Choices and Rights

    • Account information: You may review and update certain profile information within your account.
    • Marketing communications: If we send marketing emails, you can opt out using the unsubscribe link (transactional/service emails may still be sent).
    • Cookies: You can control cookies via browser settings; some features may not work without certain cookies.
    • Data requests: Depending on your location, you may have rights to access, delete, or correct personal information. You can request this by emailing us.

    10. International Users

    If you access the Services from outside the United States, your information may be processed in the United States and other jurisdictions where our service providers operate.

    11. Changes to This Privacy Notice

    We may update this Privacy Notice from time to time. We will revise the "Last Updated" date and, where appropriate, provide additional notice (for example, via the Services).

    12. Contact Us