Privacy Policy

1. Introduction

Welcome to BrightAccess ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our scholarship management platform and related services (the "Service").

This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the General Data Protection Regulation (GDPR) for EU/UK users, and other applicable global privacy laws.

2. Information We Collect

We collect information that identifies, relates to, describes, or could reasonably be linked with you ("Personal Data").

A. Information You Provide

• Account Information: Name, email address, password, and role (Student, Reviewer, Foundation Admin).
• Profile Data: Demographics (optional), education history, location, and field of study.
• Application Materials: Essays, video submissions, transcripts, and other documents uploaded for scholarship applications.
• Communications: Content of messages sent to us or through the platform.

B. Information Collected Automatically

• Usage Data: Log files, device information, browser type, and pages visited.
• Keystroke Dynamics: For our "Cheat-Proof Certification," we collect typing patterns (speed, rhythm, flight time) to verify authorship. This data is anonymized and used solely for verification purposes.
• Cookies & Tracking: We use cookies to maintain your session and analyze platform performance.

3. How We Use Your Information

We use your Personal Data for the following purposes:

• Service Delivery: To process scholarship applications, facilitate reviews, and manage awards.
• AI Features:
  • To provide "AI Scholarship Matching" recommendations.
  • To analyze essays for "Writing Analytics" feedback.
  • To detect potential fraud or plagiarism using our verification systems.
  • To generate summaries and insights for Foundation reports.
• Communication: To send transactional emails (status updates, password resets) and platform announcements.
• Security: To detect and prevent fraud, unauthorized access, and abuse.
• Compliance: To fulfill legal obligations and enforce our Terms of Use.

4. Data Protection & Compliance (SOC2 Aligned)

We implement enterprise-grade security measures aligned with SOC2 Type II standards to protect your data.

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Control: Strict role-based access controls (RBAC) ensure only authorized personnel and users can access specific data.
• Data Segregation: Tenant data is logically isolated to prevent unauthorized cross-access.
• Regular Audits: We conduct regular security assessments and vulnerability scans.

5. Data Sharing & Disclosure

We do not sell your Personal Data. We share data only in the following circumstances:

• With Scholarship Foundations: When you apply for a scholarship, your profile and application materials are shared with the respective foundation and their reviewers.
• Service Providers: With trusted third-party vendors (e.g., AWS for hosting, Firebase for auth, Resend for email) who assist in operating our platform.
• Legal Requirements: If required by law, court order, or government regulation.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, primarily the United States and Canada. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) for transfers from the EU/UK.

7. Your Rights

Depending on your location (Canada, EU, UK, etc.), you have specific rights regarding your data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion ("Right to be Forgotten"): Request deletion of your account and associated data, subject to legal retention requirements.
• Portability: Request your data in a structured, commonly used format.
• Withdraw Consent: Withdraw consent for processing where applicable.

To exercise these rights, please contact our Data Protection Officer at privacy@brightaccess.com.

8. Data Retention

We retain Personal Data only as long as necessary to fulfill the purposes outlined in this policy.

• Active Accounts: Data is retained while your account is active.
• Scholarship Applications: Retained for a period determined by the Foundation's audit requirements (typically 7 years for financial records).
• Inactive Accounts: We may anonymize or delete data from accounts inactive for over 24 months.

9. AI & Automated Decision Making

Our platform utilizes Artificial Intelligence (AI) to enhance the user experience.

• Transparency: We clearly label AI-generated content and insights.
• Human Oversight: Critical decisions, such as scholarship awards, are always made by human reviewers. AI scores are provided as decision-support tools only.
• Fairness: We regularly test our AI models for bias to ensure equitable treatment of all applicants.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: