Free for students · Ad-free · WCAG 2.1 AA Compliant · Accessibility

Student Data Privacy Notice

Last updated: 2026-05-12

At Shrutam, we are deeply committed to protecting the privacy and security of student data. While we are not a school-contracted vendor and therefore not directly subject to federal laws like FERPA (Family Educational Rights and Privacy Act), we recognize the sensitive nature of the educational records and personal information students entrust to us. We treat all student data with the highest level of care, adhering to the spirit of leading student privacy laws and best practices.

1. Our Core Student Data Privacy Principles

Our commitment to student data privacy is built on these fundamental principles:

  • We DO NOT sell student data. Ever. Your academic achievements, personal interests, and other profile information are yours, and we will never monetize them by selling them to third parties.
  • We DO NOT use student data for targeted advertising. Shrutam does not display advertisements, nor do we use student data to create profiles for advertising purposes.
  • We DO NOT create commercial profiles of students. We use your data solely to provide and improve the Shrutam Service, not to build commercial profiles for external use.
  • We limit the use of student data to providing and improving the Shrutam Service. Any data we collect is used strictly for its intended purpose: to help you find scholarships and research opportunities, provide AI-powered tools, and enhance your educational journey.

2. Our Approach to Student Data Protection

We voluntarily comply with the spirit and intent of key student privacy legislation, even though we are not directly subject to them as a school vendor:

  • Family Educational Rights and Privacy Act (FERPA) Equivalent Care: Although FERPA primarily applies to educational institutions and their direct contractors, we handle student educational records (such as GPA, test scores, and any uploaded transcripts or writing samples) with a level of confidentiality and security equivalent to FERPA standards. We ensure that student data is protected from unauthorized access and disclosure.
  • California Student Online Personal Information Protection Act (SOPIPA): We adhere to the core tenets of SOPIPA, which prohibits operators of online services from using student information for targeted advertising, selling student information, or creating a profile of a student for a non-educational purpose.
  • New York Education Law § 2-d: We comply with the spirit of New York's law regarding the confidentiality and security of student data, ensuring that student information is protected and used only for educational purposes.
  • Illinois Student Online Personal Protection Act (SOPPA): While SOPPA primarily governs contracts between schools and operators, we align our practices with its principles of student data confidentiality and security. Should Shrutam ever enter into direct contracts with schools, we will ensure those contracts explicitly meet SOPPA's requirements.

3. What Student Data We Collect and Why

The student data we collect on Shrutam Research (research.shrutam.com) is specifically designed to help us provide you with the most relevant and personalized scholarship and research program matching. This includes:

  • Personal Identifiers: Email address, first and last name, date of birth (for age verification and COPPA compliance).
  • Demographic Information: Grade level, ZIP code, state, high school name, heritage tags (optional), languages spoken, household income bracket (optional, for need-based matching), first-generation college status (optional).
  • Academic Information: Intended college major, GPA (unweighted + weighted), AP / SAT / PSAT test scores, extracurriculars, achievements, target colleges (free-text).
  • User-Generated Content: Writing samples (for AI voice preservation), AI-drafted cold-email text, AI essay critique, AI application strategy advice, and your answers to AI-asked questions.
  • Computed Data: A 768-dimensional vector embedding of your profile, used solely for semantic matching to opportunities.

For a detailed breakdown of all data collected, please refer to the "Data Collected on research.shrutam.com (Research product)" section of our Privacy Policy.

4. How We Use Student Data

We use student data exclusively to:

  • Provide the Shrutam Research Service: This includes matching you with relevant scholarships and research programs, personalizing your experience, and enabling AI-powered features like essay critique and cold email drafting.
  • Improve the Service: We use aggregated and anonymized data to understand usage patterns and improve our matching algorithms and AI tools.
  • Ensure Account Security: Your email and IP address are used for secure magic-link authentication and fraud prevention.
  • Comply with Legal Obligations: We use date of birth for COPPA compliance and process data as required by law.

We do not use student data for any purpose inconsistent with providing and improving our educational services.

5. Sharing Student Data with Third Parties (Sub-processors)

We do not share student data with third parties for their independent use, marketing, or advertising. We only share data with a limited number of trusted sub-processors who assist us in operating the Service, under strict data processing agreements that ensure your data is protected and used only for the purposes we specify. These include:

  • Resend (transactional email delivery)
  • Google Cloud / Vertex AI (for LLM processing, with specific disclosures about free-tier data usage in our Privacy Policy)
  • Cloudflare (for network services like DNS, CDN, and DDoS protection)

We specifically DO NOT share your student data with scholarship organizations; we only surface opportunities for your discovery, and you apply directly through their official channels.

6. Student and Parental Rights

You and your parents (if you are a minor) have significant rights regarding your student data:

  • Access and Review: You have the right to access and review the personal information we hold about you. We are developing a feature at /students/me/export to allow you to export your data in JSON format.
  • Correction: You can update most of your profile information directly within your Shrutam Research account settings.
  • Deletion: You can request the deletion of your account and all associated personal data at any time by emailing [email protected] or by clicking the unsubscribe link in any email from us. We will hard-delete your data within 7 days (or 30 days for minors if parental consent is withdrawn).
  • Parental Consent (for Minors): Parents of users aged 13-17 have the right to review their child's data, request its deletion, and withdraw consent for further collection or use. Please see our Children's Privacy Notice for full details.

To exercise any of these rights, please contact us at [email protected].

7. Data Retention

We retain student data only for as long as necessary to provide the Service and fulfill the purposes outlined in this notice and our Privacy Policy:

  • Active Accounts: Data is retained as long as your Shrutam Research account is active.
  • Inactive Accounts: If there is no login activity for 24 consecutive months, your account data will be automatically deleted.
  • Deleted Accounts: Upon your request to delete your account, your data will be hard-deleted within 7 days.
  • Backups: Encrypted daily database backups are retained for 30 days.

8. Data Security

We employ robust technical and organizational measures to protect student data, including HTTPS encryption for data in transit, encryption at rest for backups, and secure magic-link authentication (no passwords stored). Access to student data is strictly controlled and limited to authorized personnel.

9. Information for Schools

We welcome inquiries from schools, districts, and educators interested in understanding our student data privacy practices. We are committed to transparency and are happy to discuss how Shrutam protects student information. Please contact us at [email protected].

10. Changes to This Student Data Privacy Notice

We may update this Student Data Privacy Notice periodically to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated notice on this page and revising the "Last updated" date. We encourage you to review this notice regularly.

Questions? Contact us at [email protected].