UniPlanner Privacy Policy
Your data security is our priority
Important Disclosure: Google API Usage
UniPlanner uses Google Calendar API to help you manage your academic schedule. Our use of Google user data is strictly limited and complies with Google's Limited Use requirements.
Limited Use Compliance: UniPlanner's use and transfer to any other app of information received from Google APIs will adhere to the following policies:
- Google Workspace APIs:Limited Use requirements for Workspace APIs
- Google Photos APIs:Limited Use requirements for Photos APIs
What we do: Create calendar events for your academic assignments (only when you request it)
What we don't do: Read your existing calendar, transfer data to third parties, or use data for advertising
1. Introduction
UniPlanner ("we", "us", or "our") is committed to protecting your personal and academic information. This Privacy Policy explains how we collect, use, store, and disclose your data in compliance with applicable privacy laws, including the Family Educational Rights and Privacy Act (FERPA) in the United States and the General Data Protection Regulation (GDPR) in the European Union.
This policy applies to all users of UniPlanner, including student-athletes, advisors, academic administrators, and coaches.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information when you use UniPlanner:
- Name and email address
- Role (student-athlete, advisor, coach, admin)
- Affiliated institution and department
- Authentication and login metadata
2.2 Academic and Institutional Information
Collected only with explicit user action (e.g., syllabus upload, calendar sync):
- Course names, schedules, and sections
- Instructor names, emails (if provided in syllabi)
- Assignment titles, types, due dates, and estimated workload
- Uploaded documents, including syllabi and academic schedules
- Calendar events and workload analytics
- Feedback or notes added by users
2.3 Automatically Collected Technical Information
For performance and security purposes:
- IP address and location approximation
- Browser, device, and OS metadata
- Session timestamps and usage patterns
- Cookies and tracking for authentication/session security
2.4 Payment Information (Preorder)
When you place a preorder for UniPlanner:
- Stripe Processing: Payment data is processed securely by Stripe
- Payment Confirmation: We store payment confirmation and account creation data
- No Stored Cards: We do not store your actual payment card information
- Stripe Privacy: Payment data processing is subject to Stripe's privacy policy
2.5 Analytics and Usage Data
To improve our service:
- Google Analytics: We use Google Analytics to understand website usage
- Aggregated Data: Analytics data is aggregated and does not identify individuals
- Usage Patterns: Page views, session duration, and user behavior patterns
- Google Privacy: Analytics data processing is subject to Google's privacy policy
3. Google User Data and OAuth Integration
3.1 Google Calendar Integration
UniPlanner offers optional integration with Google Calendar to help users manage their academic schedules more efficiently. When you choose to connect your Google Calendar account, we access and use your Google user data as follows:
Data We Access:
- Calendar Permissions: We request permission to create new calendar events via the Google Calendar API
- No Reading: We do not read, access, or modify existing events in your calendar
How We Use Google User Data:
- Event Creation: Create calendar events for assignment deadlines and study sessions
- Academic Planning: Add events to your calendar based on assignments entered in UniPlanner
- No Conflict Detection: We do not access existing calendar data to detect scheduling conflicts
Google Workspace API Limited Use Compliance
UniPlanner's use and transfer to any other app of information received from Google APIs will adhere to the following policies:
- Google Workspace APIs:Limited Use requirements for Workspace APIs
- Google Photos APIs:Limited Use requirements for Photos APIs
Our use of Google Calendar API data is strictly limited to:
- Providing or improving user-facing features that are prominent from the requesting app's user interface
- Creating calendar events for academic assignments and study sessions as requested by the user
- No transfer to third parties - We do not transfer Google user data to any third parties
- No advertising - We do not use Google user data for advertising purposes
For more information about Google's Limited Use requirements, please visit theGoogle Workspace API User Data and Developer Policy andGoogle Photos API User Data and Developer Policy.
Google Limited Use Requirements Compliance:
We comply fully with Google's Limited Use requirements:
- No Advertising: We do not use Google user data for advertising or analytics purposes
- No Human Access: No human accesses your Google user data unless required for security or legal compliance
- No Sharing: We do not share Google user data with third parties
- Limited Use: We use Google user data only to add events to your calendar based on your assignments in UniPlanner
UniPlanner complies with Google's Limited Use requirements for data obtained through OAuth scopes. We do not use user data for advertising or model training purposes.
Data Usage:
UniPlanner uses the Google Calendar scope only to create calendar events that reflect assignments and deadlines entered in the platform.
- We do not access or read existing calendar data
- We do not use your Google Calendar to detect scheduling conflicts or availability
Your Control Over Google Data:
- You can revoke access at any time through your Google Account settings
- You can disconnect your Google Calendar integration at any time
- You can request deletion of all Google user data we have stored
4. How We Use Your Information
We process your data for:
- Delivering core services: assignment tracking, calendar sync, workload heatmaps, reminders
- Email communications: deadline alerts, advisor reports, weekly summaries
- Personalized recommendations: study planning and time management suggestions
- Advisor dashboards: viewing aggregated academic progress of assigned athletes
- Compliance with FERPA and GDPR obligations
- System monitoring and performance improvements
We do not use your academic data for advertising, profiling, or any form of third-party monetization.
5. FERPA Compliance Statement
We understand the sensitivity of student educational records and are fully committed to FERPA compliance.
🔒 Our Commitments:
- Educational Record Protection: Academic data such as grades, assignments, course materials, and advisor feedback are treated as FERPA-protected educational records.
- School Official Role: When authorized by your institution, UniPlanner acts as a "school official" under FERPA, providing services in a legitimate educational interest.
- Access Control: Only authorized personnel (e.g., linked advisors/coaches) can access student academic records.
- No Unauthorized Disclosure: We do not share academic records with unauthorized third parties, including parents, without prior written consent or institutional authority.
- Data Processing Agreements: We will enter into written agreements with institutions, if required, to define our FERPA-compliant responsibilities.
- Data Audit Logs: All access to sensitive student data is logged and auditable by the institution upon request.
Institutions using UniPlanner may request a signed FERPA Data Sharing Agreement (DSA) upon onboarding.
6. GDPR and International Rights
If you reside in the EU or UK, you have rights under the General Data Protection Regulation (GDPR), including:
- Right to access and data portability
- Right to rectification and deletion
- Right to restrict or object to processing
- Right to withdraw consent at any time
- Right to lodge a complaint with your local Data Protection Authority (DPA)
To exercise your rights, contact: privacy@uniplanner.ai
7. Data Storage and Security
Your data is encrypted in transit and at rest using industry-standard protocols (TLS 1.3, AES-256).
We use:
- Role-based access control (RBAC)
- Regular security audits
- Comprehensive audit logging
- Secure cloud infrastructure (Supabase)
- Automatic session expiration
- Failed login attempt monitoring
8. Data Breach Response and Incident Management
8.1 Incident Detection and Response
We maintain comprehensive monitoring and incident response procedures to protect your data:
Automated Monitoring
- Security alerts for failed login attempts
- Data access monitoring and unusual patterns
- System health and performance monitoring
- Regular audit log analysis
Manual Detection
- User reports of security concerns
- Staff observations of suspicious activity
- Third-party security researcher reports
8.2 Incident Response Timeline
Immediate Response
- • Assess impact and scope
- • Contain threat
- • Preserve evidence
- • Notify response team
Short-term Response
- • Investigate root cause
- • Remediate vulnerabilities
- • Notify stakeholders
- • Document actions
Long-term Response
- • Restore operations
- • Post-incident review
- • Update security measures
- • Submit compliance reports
8.3 Notification Requirements
FERPA Compliance: We follow strict notification requirements in the event of a data breach:
Required Notifications
- Educational Institutions: Within 72 hours of confirmed breach
- Affected Students: Within 72 hours of confirmed breach
- Department of Education: As required by law
- Law Enforcement: If criminal activity suspected
Notification Content
- Description of the incident
- Types of data potentially affected
- Steps taken to contain and remediate
- Contact information for questions
9. Data Retention Policy
9.1 Retention Periods
We retain your data for specific periods to provide our services while ensuring compliance with FERPA and other privacy regulations:
| Data Type | Retention Period | Notes |
|---|---|---|
| Active User Data | Duration of account + 180 days | Assignments, courses, syllabi, advisor notes |
| Calendar Credentials | Until user disconnects | Deleted immediately upon disconnection |
| Audit Logs | 12 months minimum | For compliance and security monitoring |
| Inactive Accounts | 180 days after last activity | Automatic cleanup of expired data |
9.2 Data Lifecycle Management
Active Users
- Data is retained while the account is actively used
- Last activity is tracked to determine retention periods
- Retention expiration dates are calculated automatically
Inactive Users
- Data expires 180 days after last activity
- Expired data is automatically deleted weekly
- All deletions are logged for compliance purposes
9.3 Institutional Override
Educational institutions may set custom retention periods for their users to comply with institutional policies or legal requirements.
- Institutions can override default retention periods
- Custom retention policies are applied to institutional users
- All overrides are logged and auditable
9.4 Data Deletion Process
You have full control over your data and can request deletion at any time:
- 1Automatic Deletion: Expired data is automatically removed during weekly cleanup processes
- 2Manual Requests: Users can request data deletion by emailing support@uniplanner.ai
- 3Identity Verification: All deletion requests require identity verification to protect your data
- 4Confirmation: Users receive confirmation when data is successfully deleted
- 5Audit Trail: All deletions are logged for compliance and security purposes
10. Your Rights Under FERPA and Privacy Laws
10.1 FERPA Rights (United States)
As a student, you have specific rights under the Family Educational Rights and Privacy Act (FERPA):
Right to Access
- Request access to your educational records
- Review and inspect your data
- Request corrections to inaccurate information
Right to Control Disclosure
- Control who has access to your educational records
- Provide consent for disclosures not covered by FERPA exceptions
- Request restrictions on data sharing
10.2 Data Export and Portability
You can request a complete export of your data at any time:
What's Included
- All your assignments and course data
- Uploaded syllabi and documents
- Advisor notes and communications
- Account and profile information
How to Request
- Email support@uniplanner.ai
- Include your name and email address
- We'll respond within 30 days
- Data provided in JSON format
10.3 Right to File Complaints
If you believe your privacy rights have been violated, you have the right to file complaints:
FERPA Complaints
- U.S. Department of Education:File a complaint online
- Our Privacy Contact:privacy@uniplanner.ai
Privacy Concerns
- Privacy Officer:privacy@uniplanner.ai
- Response Time: We investigate all complaints within 30 days
11. Data Sharing and Third Parties
We may share limited data only when necessary:
| Purpose | Recipients |
|---|---|
| Platform operations | Cloud providers, analytics, email APIs (e.g. SendGrid) |
| Academic integration | Your educational institution or advisors |
| Legal compliance | Authorities when required by law |
All third-party vendors are contractually bound to not use your data for any other purpose and must maintain data protection standards equivalent to GDPR and FERPA.
We never sell or trade your personal or academic data.
12. Canvas & LMS Integration (Planned)
If you choose to link your Canvas or LMS account (optional), we will request specific OAuth-based permission to:
- Access assignment titles, due dates, and courses
- Sync events to your UniPlanner calendar
No grade or private message data is collected or accessed unless explicitly requested and approved.
You may disconnect your LMS integration at any time, and all associated data will be deleted upon request.
13. Children's Privacy
This service is not intended for children under 13. If we discover that personal data has been collected from a child under 13 without verified parental consent, we will delete it immediately.
14. Policy Changes
We may update this Privacy Policy. You'll be notified via email or in-app notifications if changes materially affect your rights or data use.
15. Contact Information
General Support
📧 Email: support@uniplanner.ai
Privacy & Compliance
Privacy Officer: privacy@uniplanner.ai
Data Deletion: support@uniplanner.ai