Privacy Policy

Last Updated: October 2, 2025

Company: Gradsurge Technologies Private Limited

Platform: AI-Powered Study Abroad Guidance Platform

1. Introduction

Welcome to Gradsurge ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered study abroad guidance platform, including our website, mobile applications, and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

Account Information:

  • Full name, email address, phone number
  • Date of birth, nationality, country of residence
  • Profile photograph (optional)
  • Username and encrypted password

Academic Information:

  • Educational background and transcripts
  • Test scores (GRE, TOEFL, IELTS, SAT, etc.)
  • Academic achievements, certifications, and awards
  • Research experience and publications
  • Extracurricular activities and leadership roles

Career and Personal Preferences:

  • Career goals and interests
  • Personality assessment responses (50+ data points)
  • Course and university preferences
  • Budget constraints and financial information
  • Geographic preferences for study destinations

Application Documents:

  • Resumes/CVs and cover letters
  • Statements of Purpose (SOPs) and essays
  • Letters of recommendation
  • Portfolio materials and project samples
  • Plagiarism detection reports

Financial Information:

  • Scholarship application data
  • Payment information for premium services
  • Financial aid requirements and family income data
  • Banking details for refunds (encrypted)

2.2 Automatically Collected Information

Technical Data:

  • IP address, device ID, and browser information
  • Operating system and device specifications
  • Login times, session duration, and usage patterns
  • Geolocation data (with consent)

AI Interaction Data:

  • Quiz responses and assessment results
  • Recommendation feedback and ratings
  • Search queries and filter preferences
  • Document upload and revision history
  • Time spent on different platform sections

Cookies and Tracking:

  • Essential cookies for platform functionality
  • Analytics cookies for usage optimization
  • Preference cookies for personalized experience
  • Third-party tracking pixels (with consent)

2.3 Third-Party Information

  • Data from Google OAuth integration
  • University application system integrations
  • Reference information from recommenders
  • Verification data from educational institutions

3. How We Use Your Information

3.1 Primary Purposes

Service Delivery:

  • Provide personalized course and university recommendations
  • Generate AI-powered resume and SOP evaluations
  • Match relevant scholarships and funding opportunities
  • Create adaptive test preparation schedules
  • Track application progress and send reminders

AI and Machine Learning:

  • Train and improve our recommendation algorithms
  • Develop predictive admission chance models
  • Enhance resume scoring and ATS simulation
  • Optimize scholarship matching accuracy
  • Personalize user experience and content

Platform Operations:

  • Authenticate users and maintain account security
  • Process payments for premium services
  • Provide customer support and technical assistance
  • Send important service-related notifications
  • Maintain platform performance and security

3.2 Secondary Purposes (With Consent)

Marketing and Communications:

  • Send newsletters and educational content
  • Promote relevant services and features
  • Conduct user surveys and research
  • Share success stories (anonymized)

Analytics and Research:

  • Analyze platform usage patterns
  • Conduct educational outcome research
  • Improve AI model performance
  • Generate anonymized industry insights

4. AI Processing and Algorithmic Decisions

4.1 AI System Transparency

Our AI systems process your data to:

  • Generate course and career fit scores (0-100 scale)
  • Predict university admission chances (percentage likelihood)
  • Score resume compatibility with ATS systems
  • Evaluate SOP quality and provide improvement suggestions
  • Match scholarships based on eligibility criteria

4.2 Automated Decision-Making

We use automated processing for:

  • Initial course and university recommendations
  • Basic scholarship eligibility screening
  • Resume scoring and feedback generation
  • Plagiarism detection in application documents

Important: All AI recommendations are suggestive only. Final decisions regarding applications, course selection, and career choices remain entirely with you.

4.3 Right to Explanation

You have the right to:

  • Request explanation of any AI recommendation
  • Understand the data factors influencing suggestions
  • Request human review of automated decisions
  • Opt-out of specific AI processing while retaining basic services

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with trusted partners for:

Technical Services:

  • Cloud hosting and data storage (AWS, encrypted)
  • Email delivery and communication services
  • Payment processing (PCI DSS compliant)
  • Analytics and performance monitoring

Educational Services:

  • University application system integrations
  • Test preparation content providers
  • Plagiarism detection services
  • Academic verification services

5.2 Educational Institutions

With your explicit consent, we may share:

  • Application documents and academic records
  • Contact information for admissions communication
  • Progress updates and completion certificates
  • Anonymized performance analytics

5.3 Legal Requirements

We may disclose information when legally required:

  • Court orders, subpoenas, or legal process
  • Law enforcement investigations
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

5.4 Business Transfers

In case of merger, acquisition, or sale, your information may be transferred to the successor entity with prior notice and consent options.

We never sell personal information to third parties for marketing purposes.

6. Data Security and Retention

6.1 Security Measures

  • Encryption: AES-256 encryption for data at rest and in transit
  • Authentication: JWT-based secure login with multi-factor options
  • Access Control: Role-based permissions and regular access audits
  • Monitoring: 24/7 security monitoring and incident response
  • Compliance: SOC 2 Type II and ISO 27001 security standards

6.2 Data Retention Periods

  • Active Accounts: Data retained while account is active plus 2 years
  • Inactive Accounts: Deleted after 3 years of inactivity
  • Application Documents: Retained for 5 years for reference purposes
  • Financial Records: 7 years as required by law
  • Analytics Data: Anonymized and retained indefinitely

6.3 Data Minimization

We implement data minimization principles:

  • Collect only necessary information for stated purposes
  • Regular data audits and unnecessary data deletion
  • Automated data lifecycle management
  • Purpose limitation enforcement

7. Your Privacy Rights

7.1 Access and Portability

  • Data Access: Download all your personal data in JSON/CSV format
  • Data Portability: Export data for use with other platforms
  • Account Dashboard: Real-time view of all collected information
  • Processing History: Log of all data processing activities

7.2 Correction and Update

  • Profile Management: Update personal and academic information
  • Document Replacement: Upload new versions of application materials
  • Preference Changes: Modify course and university preferences
  • Contact Updates: Change email, phone, or address information

7.3 Deletion and Opt-Out

  • Account Deletion: Complete removal within 30 days of request
  • Selective Deletion: Remove specific documents or data categories
  • AI Opt-Out: Disable AI processing while retaining basic features
  • Marketing Opt-Out: Unsubscribe from promotional communications

7.4 Consent Management

  • Granular Controls: Feature-specific privacy settings
  • Consent Withdrawal: Revoke consent for specific data uses
  • Third-Party Controls: Manage integrations and data sharing
  • Cookie Preferences: Customize tracking and analytics settings

7.5 Rights for EU Residents (GDPR)

Additional rights under GDPR:

  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to lodge complaints with supervisory authorities

7.6 Rights for California Residents (CCPA)

  • Right to know about personal information collection
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising privacy rights

8. International Data Transfers

8.1 Data Localization

  • Primary Storage: India-based servers for Indian users
  • EU Storage: EU-based servers for European users
  • Global CDN: Distributed content delivery for performance
  • Data Residency: Compliance with local data residency requirements

8.2 Transfer Safeguards

  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate protection
  • Binding Corporate Rules: Internal data transfer protocols
  • User Consent: Explicit consent for necessary transfers

9. Children's Privacy (COPPA)

9.1 Age Requirements

  • Minimum Age: 13 years old (16 in EU)
  • Parental Consent: Required for users under 18
  • Verification: Age verification during account creation
  • Educational Use: Special protections for school-sponsored accounts

9.2 Enhanced Protections

  • Limited Data Collection: Minimal necessary information only
  • No Behavioral Advertising: Prohibited for minor users
  • Parental Access: Parents can review and delete child's data
  • Educational Purpose: Data use strictly limited to educational services

10. Cookies and Tracking

10.1 Cookie Categories

Essential Cookies (Always Active):

  • Authentication and session management
  • Security and fraud prevention
  • Basic platform functionality
  • User preference storage

Analytics Cookies (Optional):

  • Usage statistics and performance monitoring
  • Feature usage analysis
  • Error tracking and debugging
  • Platform optimization insights

Marketing Cookies (Opt-In Required):

  • Personalized content delivery
  • Advertising effectiveness measurement
  • Social media integration
  • Third-party marketing platforms

10.2 Cookie Management

  • Cookie Banner: Clear opt-in/opt-out choices
  • Preference Center: Granular cookie controls
  • Browser Settings: Instructions for browser-level management
  • Regular Review: Annual cookie audit and updates

11. Updates to Privacy Policy

11.1 Notification Process

  • Email Notification: 30 days advance notice for material changes
  • Platform Notification: In-app alerts and banners
  • Version History: Previous policy versions available for review
  • Consent Renewal: Re-consent required for significant changes

11.2 Change Categories

  • Minor Updates: Technical corrections and clarifications
  • Material Changes: New data uses, sharing practices, or rights
  • Emergency Updates: Security-related immediate changes
  • Legal Updates: Compliance with new regulations

12. Contact Information

12.1 Privacy Officer

Email: info.gradsurge@gmail.com

Name: Gradsurge Technologies Private Limited

12.2 Data Protection Requests

Email: info.gradsurge@gmail.com

Response Time: 30 days maximum

Verification Required: Identity verification for all requests

12.3 Complaints and Concerns

Email: info.gradsurge@gmail.com

Phone: +91 9892604962

Escalation: CEO office for unresolved issues

13. Governing Law

This Privacy Policy is governed by the laws of India and applicable international data protection regulations. Any disputes shall be subject to the exclusive jurisdiction of Mumbai courts.

Effective Date: October 2, 2025

Version: 1.0

Next Review: April 2026

By using Gradsurge services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.