Privacy Policy
Last Updated: May 4, 2026
ScholarFlow (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our academic tracking platform.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your name and email address through Supabase Auth. You may also choose to authenticate via a third-party provider (e.g. Google), in which case we receive the profile information you authorize that provider to share.
1.2 Academic Data
To deliver our core features, we store the data you enter into ScholarFlow:
- Subject names, grade weightings, and target grades.
- Individual assessment scores, dates, and grade boundaries.
- Study session logs, revision topics, and focus-timer records.
- To-do tasks and checklist items.
- Dashboard preferences and settings.
1.3 Payment Information
All payments are processed by Stripe, our third-party payment processor. We do not store or have access to your full credit card number, CVC, or bank details on our servers. Stripe provides us with a tokenized reference, your subscription status, and the last four digits of your card for display purposes.
1.4 Usage Data
We automatically collect certain information when you access ScholarFlow, including:
- Browser type, device information, and operating system.
- Pages visited, time spent, and navigation paths within the app.
- IP address and coarse geographic location derived from it.
- Error logs and crash reports for debugging purposes.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide the ScholarFlow dashboard, analytics, grade calculations, revision tracking, and all core features.
- Account Management: To authenticate you, manage your subscription, send password-reset emails, and notify you of important account changes.
- Improvement & Development: To analyze usage patterns, identify bugs, and improve the platform’s performance and user experience.
- Communication: To respond to your support inquiries and send essential service-related announcements (we do not send marketing emails without your explicit consent).
- Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
3. How We Share Your Information
We do not sell, rent, or trade your personal or academic data to third parties. We may share your information only in the following limited circumstances:
- Service Providers: We rely on trusted third-party services to operate ScholarFlow:
- Supabase — Database hosting, authentication, and cloud storage.
- Stripe — Payment processing and subscription management.
- Vercel — Application hosting and content delivery.
- Legal Obligations: If required by law, court order, or governmental regulation, we may disclose your information to the relevant authorities.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified before your data becomes subject to a different privacy policy.
4. Cookies & Tracking Technologies
ScholarFlow uses cookies and similar technologies to ensure the platform functions correctly. Specifically:
- Essential Cookies: Session tokens managed by Supabase Auth are stored in your browser to keep you signed in. These are strictly necessary for the service to operate.
- Analytics: We may use privacy-respecting, self-hosted analytics (such as Vercel Analytics) to understand aggregate usage patterns without fingerprinting individual users.
You can configure your browser to reject cookies; however, doing so may prevent you from signing in or using key features of ScholarFlow.
5. Data Retention
We retain your personal and academic data for as long as your account remains active. If you delete your account, we will permanently delete your data from our systems within 30 days, except for:
- Transaction records retained as required by tax and accounting laws.
- Anonymous, aggregated data that cannot be linked back to you.
- Data retained in encrypted backups for up to 90 days after deletion.
6. Data Security
We implement industry-standard security measures to protect your data:
- All data in transit is encrypted using TLS 1.3.
- Data at rest is encrypted using AES-256 encryption (via Supabase).
- Authentication is handled by Supabase Auth, which supports multi-factor authentication.
- Access to production data is strictly limited and logged.
However, no method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct any inaccurate or incomplete data.
- Erasure: Request deletion of your data (“right to be forgotten”).
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to certain processing of your data.
- Withdraw Consent: Withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at support@scholarflow.cc. We will respond within 30 days.
8. Children’s Privacy
ScholarFlow is designed for students (including those under 18), but we do not knowingly collect personal information from children under 13 without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
9. International Data Transfers
ScholarFlow is built on Supabase and hosted on Vercel, with servers located in the United States and globally. By using ScholarFlow, you acknowledge that your data may be transferred to and processed in countries outside your own. We take appropriate safeguards to ensure your data remains protected in accordance with this policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a prominent notice on ScholarFlow before the changes take effect. The “Last Updated” date at the top of this page indicates when the policy was last revised. Continued use of ScholarFlow after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: support@scholarflow.cc