Legal

UniPlanner Privacy Policy

Your data security is our priority

Effective: July 28, 2025Last Updated: January 28, 2025

Important Disclosure: Google API Usage

UniPlanner uses Google Calendar API to help you manage your academic schedule. Our use of Google user data is strictly limited and complies with Google's Limited Use requirements.

Limited Use Compliance: UniPlanner's use and transfer to any other app of information received from Google APIs will adhere to the following policies:

What we do: Create calendar events for your academic assignments (only when you request it)

What we don't do: Read your existing calendar, transfer data to third parties, or use data for advertising

1. Introduction

UniPlanner ("we", "us", or "our") is committed to protecting your personal and academic information. This Privacy Policy explains how we collect, use, store, and disclose your data in compliance with applicable privacy laws, including the Family Educational Rights and Privacy Act (FERPA) in the United States and the General Data Protection Regulation (GDPR) in the European Union.

This policy applies to all users of UniPlanner, including student-athletes, advisors, academic administrators, and coaches.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information when you use UniPlanner:

  • Name and email address
  • Role (student-athlete, advisor, coach, admin)
  • Affiliated institution and department
  • Authentication and login metadata

2.2 Academic and Institutional Information

Collected only with explicit user action (e.g., syllabus upload, calendar sync):

  • Course names, schedules, and sections
  • Instructor names, emails (if provided in syllabi)
  • Assignment titles, types, due dates, and estimated workload
  • Uploaded documents, including syllabi and academic schedules
  • Calendar events and workload analytics
  • Feedback or notes added by users

2.3 Automatically Collected Technical Information

For performance and security purposes:

  • IP address and location approximation
  • Browser, device, and OS metadata
  • Session timestamps and usage patterns
  • Cookies and tracking for authentication/session security

2.4 Payment Information (One-Time Passes)

When you purchase a UniPlanner semester or yearly pass:

  • Stripe Processing: Payments are processed securely by Stripe
  • No Stored Cards: We do not store card details (only confirmation metadata)
  • Access Duration: Access is valid until the end of your purchased term (semester or year)
  • Re-purchase Flow: As access nears expiration, you will be given the option to purchase a new pass for the following semester/year
  • Stripe Privacy: Payment data processing is subject to Stripe's privacy policy

Refund Policy

Refunds are processed by Stripe. We store only refund confirmation metadata, never payment details.

  • All refund requests are processed through Stripe's secure payment system
  • We only store confirmation that a refund was processed, not the original payment details
  • Refund processing times are subject to your bank's policies

2.5 Analytics and Usage Data

To improve our service:

  • Google Analytics: We use Google Analytics to understand website usage
  • Aggregated Data: Analytics data is aggregated and does not identify individuals
  • Usage Patterns: Page views, session duration, and user behavior patterns
  • Google Privacy: Analytics data processing is subject to Google's privacy policy

2.6 SMS & Mobile Phone Data

Mobile phone numbers are collected only if you opt in to SMS notifications. We use this information solely for transactional academic and account-related messaging.

  • Phone Number Collection: We collect and store your verified phone number only when you explicitly opt in to receive SMS notifications
  • Verification: Phone numbers are verified via SMS code before notifications are enabled
  • Usage: Mobile phone numbers are used solely for transactional academic and account-related messaging (daily summaries, assignment reminders, schedule alerts)
  • No Sale or Marketing Sharing: We do not sell or share your phone number with third parties for marketing purposes. Phone numbers are only shared with Twilio, our SMS delivery provider, solely for message delivery
  • Notification Preferences: We store your SMS notification preferences (time windows, types, frequency) to customize your messaging experience
  • Opt-Out: You can opt out at any time by replying "STOP" to any SMS or through your account settings. Upon opt-out, your phone number will be removed from our active notification list

2.7 Social and Sharing Data

When using social features:

  • Friend Connections: We store friend relationships and friend request status
  • Course Sharing: When you share a course, we track sharing relationships and recipient information
  • Shared Course Data: Recipients receive copies of shared courses; original sharer information is tracked for attribution
  • Privacy: Friend connections do not grant access to your academic data unless you explicitly share a course

2.8 UniCore Data

When using the UniCore feature:

  • Chat History: We store your conversations with UniCore to provide context and improve recommendations
  • Context Data: UniCore accesses your courses, assignments, and study preferences to generate personalized advice
  • Third-Party AI: Chat messages may be processed by third-party AI services (e.g., OpenAI, Anthropic) to generate responses
  • No Training: Your chat data is not used to train AI models without your explicit consent
  • Deletion: You can request deletion of your UniCore chat history at any time

3. Google Sign-In and OAuth Integration

3.1 Google Sign-In Authentication

UniPlanner offers Google OAuth sign-in as a convenient authentication method. When you sign in with Google, we collect and use the following information:

Data Collected

  • Email Address: Your Google email address is used as your UniPlanner account identifier
  • Name: Your Google display name is used to populate your UniPlanner profile
  • Profile Picture: If available, your Google profile picture may be used for your account

How We Use This Data

  • Account Creation: To create and manage your UniPlanner account
  • Authentication: To verify your identity when you sign in
  • Email Verification: Google email addresses are considered verified and do not require additional verification
  • No Advertising: We do not use Google sign-in data for advertising or analytics

Your Control

  • You can revoke Google sign-in access at any time through your Google Account settings
  • Revoking access will require you to use email/password authentication or create a new account
  • Your Google account information is subject to Google's privacy policy

4. Google Calendar Integration

4.1 Google Calendar Integration

UniPlanner offers optional integration with Google Calendar to help users manage their academic schedules more efficiently. When you choose to connect your Google Calendar account, we access and use your Google user data as follows:

Data We Access:

  • Calendar Permissions: We request permission to create new calendar events via the Google Calendar API
  • No Reading: We do not read, access, or modify existing events in your calendar

How We Use Google User Data:

  • Event Creation: Create calendar events for assignment deadlines and study sessions
  • Academic Planning: Add events to your calendar based on assignments entered in UniPlanner
  • No Conflict Detection: We do not access existing calendar data to detect scheduling conflicts

Google Workspace API Limited Use Compliance

UniPlanner's use and transfer to any other app of information received from Google APIs will adhere to the following policies:

Our use of Google Calendar API data is strictly limited to providing or improving user-facing features that are prominent from the requesting app's user interface, and creating calendar events for academic assignments and study sessions as requested by the user.

  • No transfer to third parties - We do not transfer Google user data to any third parties
  • No advertising - We do not use Google user data for advertising purposes

Your Control Over Google Data:

  • You can revoke access at any time through your Google Account settings
  • You can disconnect your Google Calendar integration at any time
  • You can request deletion of all Google user data we have stored

5. How We Use Your Information

We process your data for:

  • Delivering core services: assignment tracking, calendar sync, workload heatmaps, reminders
  • Email communications: deadline alerts, advisor reports, weekly summaries
  • Personalized recommendations: study planning and time management suggestions
  • Advisor dashboards: viewing aggregated academic progress of assigned athletes
  • Compliance with FERPA and GDPR obligations
  • System monitoring and performance improvements

We do not use your academic data for advertising, profiling, or any form of third-party monetization.

Service-Related Communications

We may send you service-related emails including:

  • Assignment reminders and deadline alerts
  • Weekly summaries and progress reports
  • Reminders when your pass is nearing expiration
  • Important service updates and security notifications

Opt-out: You can opt out of non-essential communications at any time through your account settings or by contacting support@uniplanner.ai.

SMS Notifications

If you opt into SMS notifications, we use your phone number to send:

  • Daily workload summaries with assignments due that day
  • Assignment reminders (24h, 48h, or 1 week before due date)
  • Overdue assignment alerts
  • Optional weekly summaries (if enabled)

Opt-out: Reply "STOP" to any SMS or disable in account settings. Standard message and data rates may apply.

UniCore Service

When you use UniCore, we use your data to:

  • Generate personalized study recommendations based on your courses and assignments
  • Provide time management and study planning advice
  • Maintain conversation context for better assistance
  • Improve the UniCore service based on usage patterns (aggregated, anonymized data)

Course Sharing & Social Features

When you use social features, we use your data to:

  • Facilitate course sharing between users
  • Manage friend connections and friend requests
  • Display shared course counts and social context
  • Track sharing relationships for attribution and management

6. FERPA Compliance Statement

We understand the sensitivity of student educational records and are fully committed to FERPA compliance.

Educational Record Protection: Academic data such as grades, assignments, course materials, and advisor feedback are treated as FERPA-protected educational records.

School Official Role: When authorized by your institution, UniPlanner acts as a "school official" under FERPA, providing services in a legitimate educational interest.

Access Control: Only authorized personnel (e.g., linked advisors/coaches) can access student academic records.

No Unauthorized Disclosure: We do not share academic records with unauthorized third parties, including parents, without prior written consent or institutional authority.

Data Processing Agreements: We will enter into written agreements with institutions, if required, to define our FERPA-compliant responsibilities.

Data Audit Logs: All access to sensitive student data is logged and auditable by the institution upon request.

Institutions using UniPlanner may request a signed FERPA Data Sharing Agreement (DSA) upon onboarding.

Parent/Admin Account Access

Parent/Admin accounts can only view student-linked academic data with the explicit consent of the student account owner.

  • Students must explicitly grant permission for parent/admin access
  • Access can be revoked by the student at any time
  • Parent/admin accounts are limited to view-only access of linked student data
  • All access is logged and auditable by the student account owner

7. GDPR and International Rights

If you reside in the EU or UK, you have rights under the General Data Protection Regulation (GDPR), including:

  • Right to access and data portability
  • Right to rectification and deletion
  • Right to restrict or object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local Data Protection Authority (DPA)

To exercise your rights, contact: privacy@uniplanner.ai

8. Data Storage and Security

Your data is encrypted in transit and at rest using industry-standard protocols (TLS 1.3, AES-256).

We use:

  • Role-based access control (RBAC)
  • Regular security audits
  • Comprehensive audit logging
  • Secure cloud infrastructure (Supabase)
  • Automatic session expiration
  • Failed login attempt monitoring

9. Data Breach Response and Incident Management

9.1 Incident Detection and Response

We maintain comprehensive monitoring and incident response procedures to protect your data:

Automated Monitoring

  • Security alerts for failed login attempts
  • Data access monitoring and unusual patterns
  • System health and performance monitoring
  • Regular audit log analysis

Manual Detection

  • User reports of security concerns
  • Staff observations of suspicious activity
  • Third-party security researcher reports

9.2 Incident Response Timeline

0-1h: Immediate Response

  • • Assess impact and scope
  • • Contain threat
  • • Preserve evidence
  • • Notify response team

1-24h: Short-term Response

  • • Investigate root cause
  • • Remediate vulnerabilities
  • • Notify stakeholders
  • • Document actions

1-30d: Long-term Response

  • • Restore operations
  • • Post-incident review
  • • Update security measures
  • • Submit compliance reports

9.3 Notification Requirements

FERPA Compliance: We follow strict notification requirements in the event of a data breach:

Required Notifications

  • Educational Institutions: Within 72 hours of confirmed breach
  • Affected Students: Within 72 hours of confirmed breach
  • Department of Education: As required by law
  • Law Enforcement: If criminal activity suspected

Notification Content

  • Description of the incident
  • Types of data potentially affected
  • Steps taken to contain and remediate
  • Contact information for questions

10. Data Retention Policy

10.1 Retention Periods

We retain your data for specific periods to provide our services while ensuring compliance with FERPA and other privacy regulations:

Data TypeRetention PeriodNotes
Active User DataDuration of account + 180 daysAssignments, courses, syllabi, advisor notes
Calendar CredentialsUntil user disconnectsDeleted immediately upon disconnection
Phone Numbers (SMS)Until user opts out or deletes accountDeleted immediately upon opt-out or account deletion
UniCore Chat HistoryDuration of account + 90 daysCan be deleted upon user request at any time
Social Data (Friends, Shares)Until user deletes account or removes connectionFriend connections and sharing records deleted upon removal
Audit Logs12 months minimumFor compliance and security monitoring
Inactive Accounts180 days after last activityAccounts without an active pass retain limited access (view-only) until either the user renews or the account is flagged inactive for 180+ days

10.2 Data Lifecycle Management

Active Users

  • Data is retained while the account is actively used
  • Last activity is tracked to determine retention periods
  • Retention expiration dates are calculated automatically

Inactive Users

  • Data expires 180 days after last activity
  • Expired data is automatically deleted weekly
  • All deletions are logged for compliance purposes

10.3 Institutional Override

Educational institutions may set custom retention periods for their users to comply with institutional policies or legal requirements.

  • Institutions can override default retention periods
  • Custom retention policies are applied to institutional users
  • All overrides are logged and auditable

10.4 Data Deletion Process

You have full control over your data and can request deletion at any time:

  1. Automatic Deletion: Expired data is automatically removed during weekly cleanup processes
  2. Manual Requests: Users can request data deletion by emailing support@uniplanner.ai
  3. Identity Verification: All deletion requests require identity verification to protect your data
  4. Confirmation: Users receive confirmation when data is successfully deleted
  5. Audit Trail: All deletions are logged for compliance and security purposes

11. Your Rights Under FERPA and Privacy Laws

11.1 FERPA Rights (United States)

As a student, you have specific rights under the Family Educational Rights and Privacy Act (FERPA):

Right to Access

  • Request access to your educational records
  • Review and inspect your data
  • Request corrections to inaccurate information

Right to Control Disclosure

  • Control who has access to your educational records
  • Provide consent for disclosures not covered by FERPA exceptions
  • Request restrictions on data sharing

11.2 Data Export and Portability

You can request a complete export of your data at any time:

What's Included

  • All your assignments and course data
  • Uploaded syllabi and documents
  • Advisor notes and communications
  • Account and profile information

How to Request

  • Email support@uniplanner.ai
  • Include your name and email address
  • We'll respond within 30 days
  • Data provided in JSON format

11.3 Right to File Complaints

If you believe your privacy rights have been violated, you have the right to file complaints:

FERPA Complaints

Privacy Concerns

12. Data Sharing and Third Parties

We may share limited data only when necessary:

PurposeRecipients
Platform operationsCloud providers, analytics, email APIs (e.g. SendGrid)
SMS deliveryTwilio (phone numbers shared solely for message delivery)
UniCore processingThird-party AI services (e.g., OpenAI, Anthropic) for generating responses
Academic integrationYour educational institution or advisors
Legal complianceAuthorities when required by law

All third-party vendors are contractually bound to not use your data for any other purpose and must maintain data protection standards equivalent to GDPR and FERPA.

We never sell or trade your personal or academic data.

13. Canvas & LMS Integration (Planned)

If you choose to link your Canvas or LMS account (optional), we will request specific OAuth-based permission to:

  • Access assignment titles, due dates, and courses
  • Sync events to your UniPlanner calendar

No grade or private message data is collected or accessed unless explicitly requested and approved.

You may disconnect your LMS integration at any time, and all associated data will be deleted upon request.

14. Children's Privacy

This service is not intended for children under 13. If we discover that personal data has been collected from a child under 13 without verified parental consent, we will delete it immediately.

15. Policy Changes

We may update this Privacy Policy. You'll be notified via email or in-app notifications if changes materially affect your rights or data use.

16. Contact Information

General Support

Email: support@uniplanner.ai

Privacy & Compliance

Privacy Officer: privacy@uniplanner.ai

Data Deletion: support@uniplanner.ai

Response Times

  • General Support: Within 24 hours
  • Privacy Requests: Within 30 days
  • Data Deletion: Within 30 days