Privacy Policy

Last updated: January 2025

1. Introduction

UniMapper ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

This policy applies to all users of our platform, including educational institutions, administrators, faculty, and students. We comply with the General Data Protection Regulation (GDPR), the Family Educational Rights and Privacy Act (FERPA), and other applicable data protection laws.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information Provided by Institutions

When educational institutions use our services, they may provide:

  • Institution information (name, address, contact details)
  • Administrator and faculty information (names, email addresses, roles)
  • Course materials and educational content
  • Student data (as permitted by institutional agreements)
  • Academic records and performance data

2.2 Information Collected Automatically

When you use our services, we automatically collect:

  • Usage data (features accessed, time spent, interactions)
  • Device information (IP address, browser type, operating system)
  • Log data (access times, pages viewed, errors)
  • Performance metrics and analytics data

2.3 Student Information

We process student information solely on behalf of educational institutions and in accordance with their instructions. We do not use student data for advertising or marketing purposes.

3. How We Use Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our educational tools
  • Personalization: To customize learning experiences and recommendations
  • Analytics: To generate insights and reports for institutions
  • Support: To provide customer support and respond to inquiries
  • Security: To detect, prevent, and address technical issues and security threats
  • Compliance: To comply with legal obligations and enforce our agreements
  • Product Development: To develop new features and improve existing ones

We process personal data only for the purposes described in this policy and with appropriate legal basis under GDPR (consent, contract performance, legitimate interests, or legal obligation).

4. Information Sharing

We do not sell, rent, or trade your personal information. We may share information only in the following circumstances:

  • With Your Institution: We share data with the educational institution that contracted our services
  • Service Providers: We work with trusted third-party service providers who assist in delivering our services (cloud hosting, analytics, support)
  • Legal Requirements: We may disclose information when required by law, court order, or governmental authority
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred
  • With Consent: We may share information for other purposes with your explicit consent

All third-party service providers are contractually bound to protect your information and use it only for specified purposes.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • End-to-end encryption for data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Incident response and breach notification procedures
  • ISO 27001 and SOC 2 compliance (in progress)

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law or agreed upon with your institution.

  • Active Accounts: Data is retained while your institution's account is active
  • After Termination: Data is retained for 30 days after account termination to allow for data export
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Aggregated Data: Anonymized and aggregated data may be retained indefinitely for analytics

Upon request, we will delete or anonymize personal information, subject to legal and contractual obligations.

7. Your Rights

Under GDPR and other applicable laws, you have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information (subject to legal requirements)
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact your institution or reach out to us directly at privacy@unimapper.app. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies We Use

  • Essential Cookies: Required for basic site functionality and security
  • Performance Cookies: Help us understand how users interact with our services
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Collect information about site usage and performance

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of our services.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • EU-approved Standard Contractual Clauses for transfers outside the EEA
  • Data Processing Agreements with all service providers
  • Compliance with EU-US Data Privacy Framework (when applicable)
  • Regular assessments of data transfer mechanisms

Institutions can request information about specific data transfers and safeguards in place.

10. Children's Privacy

Our services are provided to educational institutions for use with students of all ages. We comply with FERPA, COPPA, and other applicable laws protecting children's privacy.

  • We collect student information only at the direction of educational institutions
  • We do not knowingly collect personal information directly from children under 13 without parental consent
  • Student data is never used for targeted advertising
  • Parents can access and request deletion of their child's information through their institution

Educational institutions are responsible for obtaining necessary consents and complying with applicable laws when providing student information to us.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notifications to institutional administrators
  • Providing in-app notifications for significant changes

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

UniMapper - Data Protection

Email: info@unimapper.app

Data Protection Officer: dpo@unimapper.app

Website: unimapper.app