Privacy Policy

Last Updated: May 4, 2026

ScholarFlow (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our academic tracking platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address through Supabase Auth. You may also choose to authenticate via a third-party provider (e.g. Google), in which case we receive the profile information you authorize that provider to share.

1.2 Academic Data

To deliver our core features, we store the data you enter into ScholarFlow:

  • Subject names, grade weightings, and target grades.
  • Individual assessment scores, dates, and grade boundaries.
  • Study session logs, revision topics, and focus-timer records.
  • To-do tasks and checklist items.
  • Dashboard preferences and settings.

1.3 Payment Information

All payments are processed by Stripe, our third-party payment processor. We do not store or have access to your full credit card number, CVC, or bank details on our servers. Stripe provides us with a tokenized reference, your subscription status, and the last four digits of your card for display purposes.

1.4 Usage Data

We automatically collect certain information when you access ScholarFlow, including:

  • Browser type, device information, and operating system.
  • Pages visited, time spent, and navigation paths within the app.
  • IP address and coarse geographic location derived from it.
  • Error logs and crash reports for debugging purposes.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide the ScholarFlow dashboard, analytics, grade calculations, revision tracking, and all core features.
  • Account Management: To authenticate you, manage your subscription, send password-reset emails, and notify you of important account changes.
  • Improvement & Development: To analyze usage patterns, identify bugs, and improve the platform’s performance and user experience.
  • Communication: To respond to your support inquiries and send essential service-related announcements (we do not send marketing emails without your explicit consent).
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. How We Share Your Information

We do not sell, rent, or trade your personal or academic data to third parties. We may share your information only in the following limited circumstances:

  • Service Providers: We rely on trusted third-party services to operate ScholarFlow:
    • Supabase — Database hosting, authentication, and cloud storage.
    • Stripe — Payment processing and subscription management.
    • Vercel — Application hosting and content delivery.
    These providers are contractually obligated to protect your data and use it only as necessary to deliver the services we have engaged them for.
  • Legal Obligations: If required by law, court order, or governmental regulation, we may disclose your information to the relevant authorities.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. You will be notified before your data becomes subject to a different privacy policy.

4. Cookies & Tracking Technologies

ScholarFlow uses cookies and similar technologies to ensure the platform functions correctly. Specifically:

  • Essential Cookies: Session tokens managed by Supabase Auth are stored in your browser to keep you signed in. These are strictly necessary for the service to operate.
  • Analytics: We may use privacy-respecting, self-hosted analytics (such as Vercel Analytics) to understand aggregate usage patterns without fingerprinting individual users.

You can configure your browser to reject cookies; however, doing so may prevent you from signing in or using key features of ScholarFlow.

5. Data Retention

We retain your personal and academic data for as long as your account remains active. If you delete your account, we will permanently delete your data from our systems within 30 days, except for:

  • Transaction records retained as required by tax and accounting laws.
  • Anonymous, aggregated data that cannot be linked back to you.
  • Data retained in encrypted backups for up to 90 days after deletion.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.3.
  • Data at rest is encrypted using AES-256 encryption (via Supabase).
  • Authentication is handled by Supabase Auth, which supports multi-factor authentication.
  • Access to production data is strictly limited and logged.

However, no method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct any inaccurate or incomplete data.
  • Erasure: Request deletion of your data (“right to be forgotten”).
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your data.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@scholarflow.cc. We will respond within 30 days.

8. Children’s Privacy

ScholarFlow is designed for students (including those under 18), but we do not knowingly collect personal information from children under 13 without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

9. International Data Transfers

ScholarFlow is built on Supabase and hosted on Vercel, with servers located in the United States and globally. By using ScholarFlow, you acknowledge that your data may be transferred to and processed in countries outside your own. We take appropriate safeguards to ensure your data remains protected in accordance with this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a prominent notice on ScholarFlow before the changes take effect. The “Last Updated” date at the top of this page indicates when the policy was last revised. Continued use of ScholarFlow after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@scholarflow.cc