Privacy Policy

Last updated: February 18, 2026

1. Introduction

NROL.ai (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our AI-driven university application platform.

2. Data We Collect

2.1 Information You Provide

  • Account data: name, email address, country, password
  • Academic data: school reports, transcripts, grades, teacher comments
  • Profile data: interests, extracurricular activities, preferences
  • Application data: university shortlists, application notes, documents
  • Assessment data: personality and interest assessment responses

2.2 Data We Generate

  • AI-computed strength profiles and insights
  • University match scores and recommendations
  • Personality trait analysis from teacher comments
  • Benchmark comparisons against national/global data

2.3 Automatically Collected Data

  • IP address (used for country detection only)
  • Browser type and device information
  • Usage patterns and feature engagement

3. How We Use Your Data

We use your data to:

  • Parse and analyse your academic reports using AI
  • Generate personalised university matches and recommendations
  • Provide benchmark comparisons against national/global standards
  • Track application progress and deadlines
  • Send important notifications (account security, application updates)
  • Improve our AI models and recommendation algorithms

4. AI Processing

We use Anthropic's Claude AI to process your academic reports and generate insights. Your data is sent to Claude's API for analysis. Anthropic does not use your data to train their models. AI-generated insights are stored securely within your account.

5. Data Sharing

We do not sell your personal data. We share data only with:

  • AI service providers (Anthropic Claude) for report processing
  • Cloud infrastructure (AWS) for hosting and storage
  • Users you invite (parents, counselors) with your explicit consent

We will never share your data with universities without your explicit consent.

6. Data Storage & Security

  • Data is stored on AWS servers in the EU (eu-north-1 region)
  • Documents are encrypted at rest in AWS S3
  • Database connections are encrypted via TLS
  • Passwords are hashed using bcrypt
  • JWT tokens are used for session management
  • Access logs track who views your profile

7. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request a copy of all your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Data portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw consent: Withdraw consent at any time

You can exercise your data export and deletion rights from the Settings page.

8. Data Retention

  • Active accounts: data retained while account is active
  • Deleted accounts: all data permanently removed within 30 days
  • Backup retention: encrypted backups retained for up to 90 days

9. Cookies

We use minimal cookies for authentication (JWT token storage) and theme preference. We do not use tracking cookies or third-party analytics cookies.

10. Children's Privacy

Our Service is designed for students aged 13 and older. Users under 13 must have parental consent. We do not knowingly collect data from children under 13 without parental consent.

11. International Data Transfers

Your data is processed in the EU. If you are accessing the Service from outside the EU, your data will be transferred to and processed in the EU under appropriate safeguards.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. The “Last updated” date at the top indicates the most recent revision.

13. Contact Us

For privacy-related inquiries, contact our Data Protection Officer at privacy@nrol.ai.