Your Privacy Matters

1. Information We Collect

Personal Information

When you create a Drimmly account, we collect:

• Basic Profile Data: Name, email address, profile picture
• Educational Information: University/school, major, graduation year, academic level
• Authentication Data: Password (encrypted) or OAuth tokens from Google
• Contact Preferences: Communication settings and notification preferences

Career Discovery Data

To provide personalized career guidance, we collect:

• Assessment Results: Personality tests, skills assessments, career interest surveys
• Learning Preferences: VARK learning styles, study preferences
• Career Goals: Desired job roles, industry interests, salary expectations
• Progress Data: Learning path completion, milestone achievements
• Interaction Data: Platform usage, feature engagement, time spent

Technical Information

• Device Information: Browser type, operating system, device identifiers
• Usage Analytics: Pages visited, features used, session duration
• Location Data: General location (country/region) for relevant opportunities
• Cookies: Session management, preferences, and analytics cookies

2. How We Use Your Information

Core Platform Services

• Provide personalized career recommendations and study path guidance
• Generate assessment results and career match scores using AI models
• Connect you with relevant mentors and industry professionals
• Track your learning progress and achievement milestones
• Deliver educational content tailored to your interests and goals

AI-Powered Features

Drimmly uses advanced AI models to enhance your career discovery experience:

• OpenAI GPT Models: For personalized career advice and content generation
• Anthropic Claude: For educational content analysis and recommendations
• Google Gemini: For career matching algorithms and skill assessments
• Data Processing: Your assessment data is processed by these AI services to provide personalized recommendations

Communication & Support

• Send important account updates and security notifications
• Provide customer support and respond to your inquiries
• Share relevant career opportunities and educational resources
• Send optional newsletters and platform updates (with your consent)

Platform Improvement

• Analyze usage patterns to improve our algorithms and recommendations
• Conduct research on career development and educational effectiveness
• Develop new features and enhance existing functionality
• Ensure platform security and prevent fraudulent activity

3. Information Sharing & Disclosure

AI Service Providers

To provide AI-powered career recommendations, we share necessary data with:

• OpenAI: Assessment responses and career preferences for personalized advice
• Anthropic: Educational content and learning preferences for content recommendations
• Google (Gemini): Skills data and career interests for matching algorithms
• Data Protection: All AI providers are bound by strict data processing agreements

With Your Consent

• Mentor Connections: Share relevant profile information with matched mentors
• University Partners: Share aggregated, anonymized data with educational institutions
• Career Opportunities: Share basic profile data with potential employers (opt-in only)

Service Providers

We work with trusted third-party services:

• Google OAuth: For secure authentication (Google's Privacy Policy applies)
• Tally Forms: For assessment delivery (Tally's Privacy Policy applies)
• Supabase: For secure database hosting and authentication
• Vercel: For platform hosting and deployment
• Analytics Services: Anonymized usage analytics for platform improvement

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect the rights, property, or safety of Drimmly, our users, or others
• Investigate potential violations of our Terms of Service
• Prevent fraud or security threats

4. Data Security & Protection

Security Measures

• Encryption: All data is encrypted in transit and at rest using industry-standard protocols
• Access Controls: Strict employee access controls and regular security training
• Regular Audits: Ongoing security assessments and vulnerability testing
• Secure Infrastructure: Cloud hosting with enterprise-grade security features
• AI Data Protection: Secure API connections with OpenAI, Anthropic, and Google

Data Retention

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Data deleted after 3 years of inactivity
• Assessment Results: Retained for 5 years for longitudinal career research
• AI Processing Data: Temporary data sent to AI services is not stored by providers
• Legal Requirements: Some data may be retained longer if required by law

5. Your Privacy Rights

Access & Control

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Correct: Update or correct inaccurate personal information
• Delete: Request deletion of your personal data (subject to legal requirements)
• Export: Download your data in a portable format
• Restrict: Limit how we process your personal information
• AI Opt-out: Request exclusion from AI-powered recommendations

Communication Preferences

• Opt out of marketing communications at any time
• Customize notification settings in your account dashboard
• Choose which types of career opportunities to receive

Account Deletion

You can delete your account at any time through your account settings. Upon deletion, we will:

• Remove your personal information from our active systems
• Anonymize assessment data for research purposes
• Request deletion of your data from AI service providers
• Retain some data if required by law or for legitimate business purposes

6. Cookies & Tracking

Types of Cookies

• Essential Cookies: Required for platform functionality and security
• Preference Cookies: Remember your settings and customizations
• Analytics Cookies: Help us understand how you use our platform
• Marketing Cookies: Deliver relevant content and measure campaign effectiveness

Cookie Management

You can control cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect platform functionality.

7. International Data Transfers

Drimmly operates globally and may transfer your data to countries outside your residence, including:

• United States: For OpenAI and Google AI services
• European Union: For Anthropic Claude processing
• Safeguards: Standard Contractual Clauses and adequacy decisions where applicable
• Security: Appropriate technical and organizational measures in place

8. Children's Privacy

Drimmly is designed for students aged 16 and older. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

For users aged 16-18, we recommend parental involvement in career planning decisions and encourage open communication about platform usage.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Notify you of significant changes via email or platform notification
• Post the updated policy on our website with a new "Last Updated" date
• Provide a summary of key changes when material updates are made

10. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact us:

11. Regulatory Compliance

GDPR (European Union)

For EU residents, we comply with the General Data Protection Regulation. You have additional rights including data portability and the right to object to processing.

CCPA (California)

California residents have specific rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to delete personal information.

FERPA (Educational Records)

When working with educational institutions, we comply with the Family Educational Rights and Privacy Act to protect student educational records.

Spanish Data Protection (LOPDGDD)

As a Spanish company, we comply with the Ley Orgánica de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD) and maintain registration with the Spanish Data Protection Agency (AEPD).