Privacy Policy
Last updated: July 6, 2026
Short version: We don’t sell your data. Raw files never leave your device — only the text you provide is analysed. We use your information only to run the service. You can delete everything at any time.
1. Who we are
IvyscoreAI ("we", "us", "our") operates the IvyscoreAI platform at ivyscoreai.com, including our website, mobile app, and API. We help students understand and improve their college application competitiveness using AI analysis.
If you have questions about this policy, contact us at privacy@ivyscoreai.com.
2. What information we collect
Account information: When you create an account, we collect your name, email address, hashed password, and role (student, parent, counselor).
Profile & survey information: To personalize your analysis, we may collect academic and planning details you choose to provide — such as your grade level, GPA, intended major, dream schools, and what you're most concerned about in the admissions process. Providing this is optional, but it improves the quality of your results. Because our service is used by high-school students, some of this information may belong to users under 18; we handle it with the same care described in the FERPA and Children's Privacy sections below, and you can delete it at any time by deleting your account or the associated results.
Application materials: If you upload documents, only the text content is transmitted to our servers for AI analysis — never raw PDF or Word files. We do not permanently store this text beyond your analysis session unless you are a signed-in user with history enabled.
Analysis results: We store your IvyScore results (scores, tips, college chances) so you can view your history. Free plan results are deleted after 7 days; Pro results after 1 year. You can delete any result at any time.
Usage data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. These are used for security, debugging, and understanding how our product is used. Logs are retained for 90 days.
Payment data: Payments are processed by Stripe. We never see or store your full credit card number. We receive a customer ID and subscription status from Stripe.
3. How we use your information
We use your information to:
• Provide and improve the IvyscoreAI service
• Personalise your analysis and recommendations
• Send you account-related emails (receipts, password resets, plan changes)
• Send you the weekly digest and milestone alerts if you have enabled them (Family plan)
• Respond to support requests
• Detect and prevent fraud and abuse
• Comply with legal obligations
We do not use your application materials or transcript content to train AI models. Analysis is performed on-demand using Anthropic's API and results are not retained by Anthropic beyond their standard API terms.
4. FERPA notice
IvyscoreAI is designed to be FERPA-aware. We treat transcript content and educational records with particular care:
• Raw transcript files are never uploaded to our servers
• Only text you provide is transmitted
• We do not share educational record content with third parties for advertising or analytics
• Students (or parents of students under 18) may request deletion of any stored educational record content at any time by emailing privacy@ivyscoreai.com
If you are a school or educational institution using IvyscoreAI under a School plan, additional data processing agreements may apply. Contact us to discuss.
5. Who we share your information with
We share your information only as necessary to operate the service:
Anthropic (AI analysis): Extracted text from your application materials is sent to Anthropic's Claude API for analysis. Anthropic processes this data under their API terms of service and privacy policy. We do not send your name, email, or account information to Anthropic — only the document text.
Stripe (payments): Your email and payment information are processed by Stripe under their privacy policy. We receive only subscription status and a customer ID.
Hosting infrastructure: Our application is hosted on cloud infrastructure. Hosting providers process data only to the extent necessary to operate the service.
We do not sell, rent, or trade your personal information to any third party. We do not use your data for targeted advertising. We do use Google Analytics for aggregate usage statistics — see the Cookies section below.
6. Your rights
Depending on your location, you may have the following rights:
• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Request your analysis history in a machine-readable format
• Objection: Object to certain processing activities
• Withdrawal: Withdraw consent where processing is based on consent
To exercise any of these rights, email privacy@ivyscoreai.com. We will respond within 30 days. California residents have additional rights under CCPA — see Section 9 below.
7. Data retention
Account data: Retained while your account is active, plus 30 days after deletion to allow for account recovery.
Analysis results: Free plan — 7 days. Pro plan — 1 year. Family/School — 2 years. Deleted immediately on request.
Application text: Not stored after analysis unless history is enabled. Deleted with your analysis results.
Payment records: Retained for 7 years as required by financial regulations.
Server logs: 90 days.
8. Security
We implement appropriate technical and organisational measures to protect your data:
• All data in transit is encrypted using TLS
• Passwords are hashed using bcrypt — we cannot recover your password
• Authentication uses short-lived JWT tokens in httpOnly cookies, preventing XSS access
• We enforce rate limiting on sensitive endpoints
• Regular security reviews and dependency updates
• Access to production data is restricted to authorised team members only
No security system is perfect. If you discover a vulnerability, please report it responsibly to privacy@ivyscoreai.com.
9. California residents (CCPA)
California residents have the right to:
• Know what personal information is collected and how it is used
• Request deletion of personal information
• Opt out of the "sale" of personal information — we do not sell personal information
• Non-discrimination for exercising CCPA rights
To make a CCPA request, email privacy@ivyscoreai.com with the subject "CCPA Request".
10. Children's privacy (COPPA)
IvyscoreAI is intended for students aged 13 and older. If you are under 13, please do not create an account or submit personal information.
For students aged 13-17, we encourage parents to review this privacy policy. The Family plan is designed specifically to allow parents to create and oversee student accounts.
If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly. Contact us at privacy@ivyscoreai.com if you believe this has occurred.
11. Cookies
We use cookies in two categories:
Strictly necessary: Authentication cookies stored as httpOnly, Secure cookies. These are required for the service to function and cannot be turned off.
Analytics: We use Google Analytics to understand how visitors use the site — which pages are viewed, how people navigate, and aggregate device and approximate location data. Google Analytics sets cookies and processes this data under Google's own terms and privacy policy. This data is used only to improve the product; we do not use it for advertising, and we do not sell it. We do not use advertising cookies or advertising trackers.
You can opt out of Google Analytics using Google's browser add-on (tools.google.com/dlpage/gaoptout) or by blocking cookies in your browser.
12. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by email (if you have an account) and by posting the updated policy with a new "Last updated" date. Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.