Privacy Policy
Effective date: February 15, 2026
CounselorSophie ("we," "our," or "us") is committed to protecting the privacy of our users, including students, parents, and counselors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our college planning platform at counselorsophie.com (the "Service").
1. Information We Collect
Personal Information
When you create an account, we collect:
- Full name and email address
- Account role (student, parent, or counselor)
- Password (stored securely as a hash — we never store plaintext passwords)
Education Records
To provide personalized college planning, students may provide:
- GPA, test scores (SAT/ACT), and AP courses
- Extracurricular activities and competitions
- College preferences and saved college lists
- Summer programs and application timelines
- Narrative and personal statement drafts
Usage Data
We automatically collect:
- Pages visited and features used (via Vercel Analytics)
- Error reports (via Sentry) to improve service reliability
- IP address for rate limiting and security purposes
2. How We Use Your Information
We use collected information to:
- Provide and maintain the Service
- Generate personalized AI-powered college recommendations
- Enable counselor and parent collaboration features
- Send transactional emails (account confirmation, password resets)
- Monitor and improve service performance and security
- Enforce rate limits to prevent abuse
3. Data Sharing and Disclosure
We do not sell your personal information. We share data only in these limited circumstances:
- Linked accounts: When a student links with a parent or counselor, those linked users can view the student's profile and planning data.
- Service providers: We use third-party services to operate the platform (see Section 9).
- Legal requirements: We may disclose information when required by law or to protect our rights.
4. Data Security
We implement industry-standard security measures including encrypted connections (TLS), secure password hashing, Row Level Security (RLS) on our database, CAPTCHA verification, and rate limiting. However, no method of electronic transmission or storage is 100% secure.
5. COPPA Compliance
The Service is intended for high school students, some of whom may be under 13 years of age. In compliance with the Children's Online Privacy Protection Act (COPPA):
- Users under 13 must have verifiable parental consent before creating an account.
- Parents may review their child's information, request deletion, or revoke consent by contacting us.
- We collect only information reasonably necessary to provide the Service.
- We do not condition a child's participation on providing more information than is reasonably necessary.
If you believe a child under 13 has provided us with personal information without parental consent, please contact us immediately and we will delete the information.
6. FERPA Compliance
While CounselorSophie is not an educational institution subject to FERPA, we respect the principles of the Family Educational Rights and Privacy Act:
- Students control their own education records within the platform.
- Education data is only shared with linked parents and counselors at the student's discretion.
- Students and parents may request access to, correction of, or deletion of education records at any time.
- We do not share student education records with third parties for marketing or unrelated purposes.
7. Data Retention
We retain your personal information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. AI recommendation cache data is automatically purged after 24–72 hours.
8. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you.
- Correction — Update or correct inaccurate information via your profile settings.
- Deletion — Request deletion of your account and associated data.
- Data portability — Request your data in a portable format.
9. Third-Party Services
We use the following third-party services to operate the platform:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting and authentication |
| Vercel | Application hosting and analytics |
| Resend | Transactional email delivery |
| Sentry | Error monitoring and performance |
| Upstash | Rate limiting (Redis) |
| Anthropic, Google, OpenAI | AI recommendations (data is not used to train models) |
| Cloudflare | CAPTCHA verification (Turnstile) |
| College Scorecard | Public college data (data.gov) |
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, contact us at privacy@counselorsophie.com.